Creating a Just enough OS (JeOS) EC2 Image for Oracle Enterprise Linux
Posted by Rohit Amarnath on Mon, 12/22/2008 - 03:41
I have always been a fan of stripped down "just what you need" OS installations of Windows and Linux. Which is why we use nLite for creating custom XP builds and gentoo for general purpose linux machines. For Oracle applications we use a base installation of Oracle Enterprise Linux.
The advantage of a these minimal builds are:
- Better Performance
- Smaller Footprint
- More secure (in theory)
This has worked well for us - our hosted instances boot in a minute or less.
I learnt that there is a whole movement around this called JeOS or "Just the OS" builds for various ubuntu builds. Now Oracle has released a JeOS build for Oracle Enterprise Linux. The purpose behind the release is to help folks to package VMs for Oracle's virtualization product. In fact even Microsoft is releasing a JeOS.
Since I was creating a new build for Essbase and EPM 11.1 for our hosted platform, I decided to try using the JeOS for our base build. It worked out quite well. The image boots up in under a minute (compared to 7 or 8 minutes with the stock EC2 image provided by Oracle). The base installation (without the apps) is under 1GB. Here are the steps to create the image:
Start the Oracle Enterprise Linux AMI: ami-cecb2fa7.
Download the JeOS rpms from Oracle here. Also download the Oracle Enterprise Linux 5 DVD images and copy all the rpms to /mnt/OEL/Server. I suggest using the wget trick mentioned in this post to download the files directly to the EC2 instance. Install the rpms:
rpm -ivh ovm-modify-jeos-1.0.1-10.el5.noarch.rpm rpm -ivh ovm-el5u2-xvm-jeos-1.0.1-5.el5.i386.rpm rpm -ivh ovm-template-config-1.0.1-5.el5.noarch.rpm
Create a directory on the ephemeal storage (/mnt)
mkdir /mnt/jeos mkdir -p /mnt/jeos/image mkdir -p /mnt/jeos/rpms
Download some packages needed to simplify installing the rest of the packages on the image:
cd /mnt/jeos/rpms wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/smart-0.52-1.el5.rf.i3... wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6... wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm cd .. ls rpms/ > addrpm.lst
Create the JeOS image using the modifyjeos utility that the rpms from oracle supplied:
modifyjeos -i EL52_i386_PVM_jeos \ -n MyOracleDBTemplate \ -p apt.lst \ -a addrpm.lst \ -m /mnt/jeos/rpms \ -mem 4096 -cpu 2 -S 3072 -I 2048 \ -R 9728 -l /mnt/OEL/ -nogpg
This create a System.img file. Lets mount it:
$ mount -o loop -t ext3 System.img /mnt/jeos/image/ mount: wrong fs type, bad option, bad superblock on /dev/loop6, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so
hmm, the file seems to have multiple partitions, lets check:
$ file System.img System.img: x86 boot sector; partition 1: ID=0x83, active, starthead 1, startsector 63, 64197 sectors; partition 2: ID=0x83, starthead 0, startsector 64260, 22539195 sectors; partition 3: ID=0x82, starthead 254, startsector 22603455, 6313545 sectors, code offset 0x48
Yup. We can mount it by using an offset calculated by the block size times starting sectors:
$ fdisk -lu System.img last_lba(): I don't know how to handle files with mode 81a4 You must set cylinders. You can do this from the extra functions menu. Disk System.img: 0 MB, 0 bytes 255 heads, 63 sectors/track, 0 cylinders, total 0 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System System.img1 * 63 64259 32098+ 83 Linux System.img2 64260 22603454 11269597+ 83 Linux Partition 2 has different physical/logical endings: phys=(1023, 254, 63) logical=(1406, 254, 63) System.img3 22603455 28916999 3156772+ 82 Linux swap / Solaris Partition 3 has different physical/logical beginnings (non-Linux?): phys=(1023, 254, 63) logical=(1407, 0, 1) Partition 3 has different physical/logical endings: phys=(1023, 254, 63) logical=(1799, 254, 63)
So 512*64260 gives us the offset:
mount -o loop,offset=32901120 System.img image/
Now I use the following script to setup the machine. Note that you will need your private key and certificate files for bundling and uploading to AWS, the last part of the script. Thanks to Tim Dysinger's blog for the basis of the script. I have made this image available if you want to use a JeOS version of Oracle Enterprise Linux - search for cubeflex or full360 amis.
# Start rm -rf /mnt/jeos/image/lib/modules/* cp -Rp /boot/* /mnt/jeos/image/boot cp -Rp /lib/modules/* /mnt/jeos/image/lib/modules/ cp /etc/bashrc /mnt/jeos/image/etc/ cp /etc/fstab /mnt/jeos/image/etc/ cat /proc/mounts >/mnt/jeos/image/etc/mtab mount -o rbind /proc /mnt/jeos/image/proc mount -o rbind /dev /mnt/jeos/image/dev mount -o rbind /sys /mnt/jeos/image/sys cat /etc/resolv.conf >/mnt/jeos/image/etc/resolv.conf # Mount the Oracle Enterprise Linux rpms mkdir -p /mnt/jeos/image/mnt/OEL mount -o bind,ro /mnt/OEL/ image/mnt/OEL/
#chroot to the image chroot /mnt/jeos/image /bin/bash
# Hostname echo '127.0.0.1 localhost' >/etc/hosts
# Tidy cd / rm -rf tmp && ln -sf var/tmp tmp rm -rf opt && ln -sf usr/local opt chkconfig --del oraclevm-template chkconfig --level 0123456 lvm2-monitor off
# Locale localedef -i en_US -c -f UTF-8 en_US.UTF-8 echo 'LANG="en_US.UTF-8"' >/etc/default/locale
# Update rm -rf /lib/tls # Network shadowconfig on usermod -p \ `dd if=/dev/urandom count=50 2> /dev/null | md5sum | cut -d " " -f1-1` \ root mkdir /etc/skel/.ssh chmod 600 /etc/skel/.ssh cp -r /etc/skel/.ssh /root cat >/etc/ssh/sshd_config <<\EOF Protocol 2 StrictModes yes MaxStartups 10:30:60 Ciphers aes256-cbc,aes256-ctr PasswordAuthentication no ChallengeResponseAuthentication no Subsystem sftp /usr/lib/openssh/sftp-server UseDNS no EOF
# Boot cat >/etc/rc.local <<\EOF #!/bin/sh -e # Root SSH Public Key mkdir -p /root/.ssh >/dev/null 2>&1 wget -q -O - http://169.254.169.254/2008-02-01/meta-data/public-keys/0/openssh-key \ >/root/.ssh/authorized_keys chmod -R go-rwsx /root
# Userdata Shell Script wget -q -O - http://169.254.169.254/2008-02-01/user-data | sh exit 0 EOF
#Installs (stripped down list from oracle-validated.rpm) cat >mnt/pkg.lst <<\EOF compat-db compat-gcc-34 compat-gcc-34-c++ compat-libstdc++-33 libaio setarch sysstat ruby curl libidn libaio xauth perl ntp symlinks unzip wget rsync EOF
# Setup Smart smart channel --add local-EL-rpms name="Oracle Enterprise Linux RPMs" manual=true type=rpm-dir path=/mnt/OEL/Server/ -y; smart channel --add Dag-Wieers type=rpm-md priority=-5 baseurl=http://apt.sw.be/redhat/el5/en/i386/dag/ -y; smart channel --add VA-Tech-Extras type=rpm-md priority=-5 baseurl=http://mirror.cs.vt.edu/pub/CentOS/5.2/extras/i386/ -y; smart channel --add VA-Tech-Base type=rpm-md priority=-5 baseurl=http://mirror.cs.vt.edu/pub/CentOS/5.2/os/i386/ -y; smart channel --add Dries type=rpm-md priority=-5 baseurl=http://ftp.belnet.be/packages/dries.ulyssis.org/redhat/el5/en/i386/dries/RPMS/ -y; smart channel --add atrpms name="ATrpms Repository" type=rpm-md priority=-5 baseurl=http://dl.atrpms.net/el5-i386/atrpms/stable/ -y; smart install $(cat pkg.lst)
# EC2 tools cd /tmp wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip cd /usr/local unzip /tmp/ec2-ami-tools.zip ln -s `find . -type d -name ec2-ami-tools*` ec2-ami-tools chmod -R go-rwsx ec2* rm -rf /tmp/ec2*
# Cleanup Startup chkconfig --del oraclevm-template chkconfig --del kudzu lvm2-monitor
# Bundle rm -f /bin/sh && ln -s /bin/bash /bin/sh ; # make bash the default for ec2 modprobe loop ; # bundle image needs this cat >/usr/local/sbin/image <<\EOF #!/bin/bash export EC2_PRIVATE_KEY=/mnt/ec2/pk.pem export EC2_CERT=/mnt/ec2/cert.pem export EC2_AMITOOL_HOME=/usr/local/ec2-ami-tools export AMAZON_USER_ID=******** export AWS_ACCESS_KEY_ID=******* export AWS_SECRET_ACCESS_KEY=*********** PATH=$EC2_AMITOOL_HOME/bin:$PATH BUNDLE=oracle-epm-9.3.1.v01 #ec2-bundle-vol -r i386 -u $AMAZON_USER_ID --fstab /etc/fstab \ #-k $EC2_PRIVATE_KEY -c $EC2_CERT -d /mnt --kernel aki-c5e703ac --ramdisk ari-c2e703ab -s 10240 -e /root/.ssh -p $BUNDLE ec2-upload-bundle -b jeos.full360.com -m /mnt/$BUNDLE.manifest.xml \ -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY #rm -rf /mnt/$BUNDLE* /mnt/img-mnt EOF chmod 700 /usr/local/sbin/image symlinks -cdrsv / rm -rf /var/tmp/* ~/.bash_history image
# Register & make the ami public (on another machine) ec2-register jeos.full360.com/oracle-epm-9.3.1.v01.manifest.xml ec2-modify-image-attribute ami-XXXXXXX --launch-permission -a all
Recent blog posts
- Starting From Scratch
- HowTo: Use the Google Authenticator as a virtual MFA Device on the Amazon AWS Console
- More Cloud, More Chef
- The Parallel Cubiverse
- Integrating AWS CloudFormation and Chef
- We Are Hiring! Oracle Hyperion EPM Ninjas
- Does SaaS BI Save Money? Questions you need to ask.
- 2010 Mid-Year Full 360 Update!
- The Agile Data Warehouse™ Trademark Controversy
- Use Cases for the Agile Data Warehouse
Syndicate
Rohit's Tweets!
- RT @RWW: Amazon EC2 Now #42 Supercomputer, IBM BlueGenes in the Dust http://t.co/DS2nOrIi — 11 weeks 4 days ago
- Oracle Buys Enterprise Search And Data Management Company Endeca | TechCrunch http://t.co/743Tx1lZ — 15 weeks 5 days ago
- #ThankYouSteve for changing the way I interact with the world in so many ways. #fb — 17 weeks 3 days ago
- Official Google Blog: Time, technology and leaping seconds http://t.co/a7CiXHla — 20 weeks 1 day ago
- RT @hackernewsbot: Two thousand years in one chart... http://t.co/ZLMdP5B — 20 weeks 5 days ago
- 1 of 148
- ››
Comments
Post new comment