- 论坛徽章:
- 0
|
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
Normal
0
0
2
false
false
false
EN-US
JA
X-NONE
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:標準の表;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0mm 5.4pt 0mm 5.4pt;
mso-para-margin:0mm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Century","serif";}
Amazon
Elastic Compute Cloud
摘自:
http://docs.amazonwebservices.com/AWSEC2/latest/GettingStartedGuide/
Following is an example of how to set this environment
variable in Linux and UNIX.
$ export JAVA_HOME=
Following is an example of the syntax in Windows.
C:\> set JAVA_HOME=
You can confirm this by running $JAVA_HOME/bin/java
-version and checking the output.
$ $JAVA_HOME/bin/java -version
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard
Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Client VM (build
1.5.0_09-b03, mixed mode, sharing)
The syntax is different on Windows, but the output is
similar.
C:\> %JAVA_HOME%\bin\java -version
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard
Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Client VM (build
1.5.0_09-b03, mixed mode, sharing)
Signing up for Amazon S3
Signing up for Amazon EC2
Access Key Identifiers Process
1
Point to the button labeled Your Web Services Account
and select the View Access Key Identifiers link on the menu that appears.
2
Click Create New in the Your X.509 Certificate section
to create a new X.509 certificate.
3
Save the certificate and private key. You'll need this
when you set up our command line tools (see
Setting up the Tools
).
4
Create a .ec2
directory in your home directory, and save these files to it with the
filenames offered by your browser. You should end up with a PEM-encoded X509
certificate and a private key file named as shown in the following examples.
The following is an example of a PEM encoded signed
X.509 certificate.
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
The following is an example of an unencrypted, PEM
encoded RSA private key that corresponds to the preceding X.509 certificate.
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
This X.509 certificate is associated with your account
until you generate or upload a new certificate. If you have an existing
certificate that you prefer to use, you can return to the Access Key
Identifiers upload it later.
5
Finally, you'll need to look up your AWS account ID.
You should use this value whenever you need to provide an Amazon EC2
user ID. From the AWS portal page, point to Your Web Services Account and
select the Account Activity link on the menu that appears. At the top of this
page, locate your the Account Number which is a hyphenated number that looks
similar to 4952-1993-3132.
This number, with the hyphens removed, is your AWS account ID. In this
example, it is 495219933132.
Setting up the Tools
On Linux and UNIX, you can set this environment variable as
follows.
$ export EC2_HOME=
On Windows the syntax is slightly different.
C:\> set EC2_HOME=
In addition, to make your life a little easier, you
probably want to add the tools' bin directory to your system PATH. The rest of this guide assumes is done.
On Linux and UNIX, you can update your PATH as follows.
$ export PATH=$PATH:$EC2_HOME/bin
On Windows the syntax is slightly different.
C:\> set PATH=%PATH%;%EC2_HOME%\bin
Telling the Tools Who You Are
The command line tools need access to the private key and
X.509 certificate you generated after signing up for the Amazon EC2
service (see
Setting up an Account
).
Since there's nothing stopping you from having more than
one AWS account, you need to identify yourself to the command line API tools so
they know which credentials to use for requests. It's possible, but tedious, to
provide this information on the command line every time you invoke the tools.
But it's far simpler to set up some environment variables and be done with it.
Two environment variables are supported to make this
possible. They can be set to point at your private key and certificate. If these
environment variables are set, the tools use their values to find the relevant
credentials. The environment variable EC2_PRIVATE_KEY should reference your private key file, and EC2_CERT should reference your X509
certificate.
On Linux and UNIX, you can set these environment variables
as follows.
$ export
EC2_PRIVATE_KEY=~/.ec2/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
$ export
EC2_CERT=~/.ec2/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
On Windows the syntax is slightly different.
C:\> set EC2_PRIVATE_KEY=c:\ec2\pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
C:\> set
EC2_CERT=c:\ec2\cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
Changing the Region
By default, the Amazon EC2
tools use the Eastern United States region (us-east-1) with the us-east-1.ec2.amazonaws.com service endpoint. This section describes how to specify a differnt
region.
To specify a differnt region
1.
View available regions by
entering the following:
PROMPT> ec2-describe-regions
2. 3. REGION us-east-1 us-east-1.ec2.amazonaws.com4. REGION eu-west-1 eu-west-1.ec2.amazonaws.com5.
6.
If you want to change the
service endpoint on Linux and UNIX, set the EC2_URL environment variable as follows:
$ export EC2_URL=
7.
If you want to change the
service endpoint on Windows, set the EC2_URL environment variable as follows:
C:\> set EC2_URL=
You're ready to start using Amazon EC2.
Running an Instance
To find a suitable AMI
Use the ec2-describe-images command.
PROMPT> ec2-describe-images -o self -o
amazon | grep machine
IMAGE
ami-2c5fba45
ec2-public-images/demo-paid-AMI-v1.07.manifest.xml amazon
available public A79EC0DB
i386 machine
IMAGE
ami-bd9d78d4
ec2-public-images/demo-paid-AMI.manifest.xml amazon
available public A79EC0DB
i386 machine
IMAGE
ami-2f5fba46
ec2-public-images/developer-image-i386-v1.07.manifest.xml amazon
available public i386
machine
IMAGE
ami-26b6534f
ec2-public-images/developer-image.manifest.xml amazon
available public i386
machine
IMAGE
ami-f51aff9c
ec2-public-images/fedora-8-i386-base-v1.06.manifest.xml amazon
available public i386
machine aki-a71cf9ce ari-a51cf9cc
IMAGE
ami-2b5fba42 ec2-public-images/fedora-8-i386-base-v1.07.manifest.xml amazon
available public i386
machine aki-a71cf9ce ari-a51cf9cc
IMAGE
ami-f21aff9b
ec2-public-images/fedora-8-x86_64-base-v1.06.manifest.xml amazon
available public x86_64 machine
aki-b51cf9dcari-b31cf9da
IMAGE
ami-2a5fba43
ec2-public-images/fedora-8-x86_64-base-v1.07.manifest.xml amazon
available public x86_64 machine
aki-b51cf9dcari-b31cf9da
IMAGE
ami-a21affcb ec2-public-images/fedora-core-6-x86_64-base-v1.06.manifest.xml amazon
available public x86_64 machine
aki-a53adfccari-a23adfcb
IMAGE
ami-2d5fba44
ec2-public-images/fedora-core-6-x86_64-base-v1.07.manifest.xml amazon
available public x86_64
machine
aki-a53adfccari-a23adfcb
IMAGE
ami-225fba4b
ec2-public-images/fedora-core4-apache-mysql-v1.07.manifest.xml amazon
available public i386
machine
IMAGE
ami-25b6534c
ec2-public-images/fedora-core4-apache-mysql.manifest.xml amazon
available public i386
machine
IMAGE
ami-2e5fba47
ec2-public-images/fedora-core4-apache-v1.07.manifest.xml amazon
available public i386
machine
IMAGE
ami-23b6534a ec2-public-images/fedora-core4-apache.manifest.xml amazon
available public i386
machine
IMAGE
ami-215fba48
ec2-public-images/fedora-core4-base-v1.07.manifest.xml amazon
available public i386
machine
IMAGE
ami-20b65349 ec2-public-images/fedora-core4-base.manifest.xml amazon
available public i386
machine
IMAGE
ami-205fba49
ec2-public-images/fedora-core4-i386-base-v1.07.manifest.xml amazon
available public i386
machine aki-9b00e5f2
IMAGE
ami-255fba4c
ec2-public-images/fedora-core4-mysql-v1.07.manifest.xml amazon
available public i386
machine
IMAGE
ami-22b6534b
ec2-public-images/fedora-core4-mysql.manifest.xml amazon
available public i386
machine
IMAGE
ami-36ff1a5f
ec2-public-images/fedora-core6-base-x86_64.manifest.xml amazon
available public x86_64 machine
IMAGE
ami-235fba4a
ec2-public-images/getting-started-v1.07.manifest.xml amazon
available public
i386 machine
IMAGE
ami-2bb65342
ec2-public-images/getting-started.manifest.xml amazon
available public i386
machine
The command lists your AMIs and Amazon's
public AMIs. The output might not exactly match the preceding example.
Look for the line containing the public image identified by the ec2-public-images/getting-started.manifest.xml value in the third column and note the
corresponding value in the second column.
This is the AMI ID you need. In this example,
it is ami-2bb65342.
Generating an SSH Key Pair
You will run an instance of a public AMI. Since it has no
password, you need a public/private key pair to login to the instance. One half
of this key pair is embedded in your instance, allowing you to login securely
without a password using the other half of the key pair. After learning to
create your own images, you can choose other mechanisms to allow you to
securely login to your new instances. Every key pair you generate requires a
name. Be sure to choose a name that is easy to remember.
To generate a key pair using gsg-keypair
Enter the following information.
PROMPT>
ec2-add-keypair gsg-keypair
Amazon EC2 returns a key pair, similar
to the key pair in the following example.
KEYPAIR gsg-keypair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----
The private key returned must be saved to a
local file so that you can use it later.
Create a file named id_rsa-gsg-keypair and paste the entire key generated in step 1,
including the following lines.
3. "-----BEGIN RSA PRIVATE KEY-----"
"-----END RSA PRIVATE KEY-----"
Confirm that the file contents looks similar to the following and
save the file.
You can save the file in any directory, but if
you do not put it in your current directory, you should specify the full path
when using commands that require the key pair.
-----BEGIN RSA PRIVATE
KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE
KEY-----
If you're using OpenSSH (or any reasonably paranoid SSH client), you
should set the permissions of this file so it is only readable by you.
On Linux and UNIX, enter the information in
the following example.
$
chmod 600 id_rsa-gsg-keypair ; ls -l id_rsa-gsg-keypair
You receive output similar to the following
example.
-rw-------
1 fred flintstones 1701 Jun 19 17:57 id_rsa-gsg-keypair
Note
If you are using PuTTY in Windows, convert the private
key to PuTTY's format. For more information on using PuTTy with
Amazon EC2, see Appendix:
PuTTY .
Running an Instance
To launch an instance of your AMI
Use the ec2-run-instances command.
PROMPT>
ec2-run-instances ami-235fba4a -k gsg-keypair
Amazon EC2 returns output similar to the
following example.
RESERVATION r-7430c31d 924417782495 default
INSTANCE i-ae0bf0c7 ami-2bb65342 pending gsg-keypair 0
m1.small
2008-03-21T16:19:25+0000
us-east-1a
Look for the instance ID in the second field and write it down.
You use it to manipulate this instance
(including terminating it when you are finished).
It takes a few minutes for the instance to
launch.
The following command displays the launch status of the instance.
PROMPT>
ec2-describe-instances i-ae0bf0c7
RESERVATION r-7430c31d 924417782495 default
INSTANCE i-ae0bf0c7 ami-2bb65342
ec2-67-202-7-236.compute-1.amazonaws.com ip-10-251-31-162.ec2.internal running gsg-keypair 0 m1.small 2008-03-21T16:19:25+0000us-east-1a
Important
After launching an instance, you are billed hourly for
running time. If you leave this tutorial at any time, make sure you terminate
any instances you have started as described in Terminating
Your Instances.
When the instance state in the field just before the key
pair name reads "running" the instance started booting. There might
be a short time before it is accessible over the network, however. The first
DNS name is your instance's external DNS name, i.e. the one that can be used to
contact it from the Internet. The second DNS name is your instance's local DNS
name, and is only contactable by other instances within the Amazon EC2
network. The DNS names of your instances are different than those shown in the
preceding example and you should use yours instead. The examples in this guide
use the public DNS name.
Authorizing Network Access to Your Instances
To authorize access to your instance
Enter the ec2-authorize command.
PROMPT>
ec2-authorize default -p 22
PERMISSION default
ALLOWS tcp 22
22 FROM CIDR
0.0.0.0/0
PROMPT>
ec2-authorize default -p 80
PERMISSION default
ALLOWS tcp 80
80 FROM CIDR
0.0.0.0/0
Since we didn't specify otherwise, your
instance was launched in your default
group. The first command authorizes network access to instances in your default
group on the standard SSH port (22). Similarly, the second command opens up the
standard HTTP port (80). For more details on controlling network security
groups, see the Amazon EC2 Developer Guide.
Caution
In this example, you enable any IP address to access
port 22 of the instance. Although this might be acceptable for testing
purposes, it is extremely unsafe for production environments. For production
systems, you must obtain your public IP address ranges and grant access to
those ranges only. For example, if your IP address is 123.123.123.123, you
specify 123.123.123.123/32.
Connecting to your Instance
To connect to your instance
Open a web browser and go to http:///, where is your instance's public hostname as
returned by ec2-describe-instances (ec2-67-202-51-223.compute-1.amazonaws.com in the example).
A webpage welcoming you to your instance
displays.
Note
If the website times out, your instance might not have
finished starting up. Wait a couple of minutes and try again.
Whenever you launch a public AMI that you have not rebundled, run the
ec2-get-console-output command and locate the SSH HOST KEY FINGERPRINTS section.
PROMPT>
ec2-get-console-output instance_id
...
ec2: -----BEGIN SSH HOST KEY
FINGERPRINTS-----
ec2: 2048
bc:89:29:c6:45:4b:b3:e2:c1:41:81:22:cb:3c:77:54
/etc/ssh/ssh_host_key.pub
ec2: 2048
fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66
/etc/ssh/ssh_host_rsa_key.pub
ec2: 1024
b5:cd:88:6a:18:7f:83:9d:1f:3b:80:03:10:17:7b:f5
/etc/ssh/ssh_host_dsa_key.pub
ec2: -----END SSH HOST KEY FINGERPRINTS-----
...
Note the fingerprints. You will compare them
in the next step.
Use the following command to login as root and exercise full control
over this instance as you would any host.
PROMPT>
ssh -i id_rsa-gsg-keypair root@ec2-67-202-51-223.compute-1.amazonaws.com
The authenticity of host 'ec2-67-202-51-223.compute-1.amazonaws.com
(216.182.225.42)' can't be established.
RSA key fingerprint is
fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66.
Are you sure you want to continue connecting
(yes/no)? yes
Warning: Permanently added 'ec2-67-202-51-223.compute-1.amazonaws.com'
(RSA) to the list of known hosts.
Last login: Wed Jun 21 08:02:08 2006
root@ec2-67-202-51-223 #
If you are launching a public AMI, verify the
fingerprint matches one of the fingerprints from the output of the ec2-get-console-output command. If it doesn't, someone might be
attempting a "man-in-the-middle" attack.
Preparing for Bundling
Once your system has been suitably modified, a system
snapshot needs to be created and packaged into an AMI by using the ec2-bundle-vol
utility.
ec2-bundle-vol encrypts and signs the image to ensure it cannot be
tampered with and that only you and Amazon EC2 can decrypt it.
Let's assume the private key and X.509 certificate (as
generated and downloaded in Signing
up for Amazon EC2)
are contained in files pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem and cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem. Copy your private key and certificate to the
machine being bundled.
PROMPT> scp -i id_rsa-gsg-keypair
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
root@domU-12-34-31-00-00-05.compute-1.amazonaws.com:/mnt
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 717
0.7KB/s 00:00
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 684
0.7KB/s 00:00
Note
Your machine may have a different name for
the preceding scp command or even use different command line options.
Consult the documentation for your machine or download one of the clients
described in
Accessing Linux and UNIX Instances through SSH Clients
. If you are running Windows, see Appendix:
PuTTY for help on
using PuTTY and pscp (PuTTY's secure copy tool).
Note
It is important that the key and cert files
are uploaded into /mnt to prevent them being
bundled with the new AMI.
Bundling
At this point, the machine image has been modified and
the private key and X.509 certificate uploaded. The AMI can now be bundled,
using your AWS account ID as your username (not your AWS Access
Key ID).
# ec2-bundle-vol -d /mnt -k
/mnt/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem -c /mnt/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
-u 495219933132 -r i386 -p sampleimage
Copying / into the image file
/mnt/sampleimage.img...
Excluding:
/sys
/dev/shm
/proc
/dev/pts
/proc/sys/fs/binfmt_misc
/dev
/media
/mnt
/proc
/sys
/mnt/sampleimage.img
/mnt/img-mnt
1+0 records in
1+0 records out
mke2fs 1.38 (30-Jun-2005)
warning: 256 blocks unused.
Splitting /mnt/sampleimage.gz.crypt...
Created sampleimage.part.00
Created sampleimage.part.01
Created sampleimage.part.02
Created sampleimage.part.03
...
Created sampleimage.part.22
Created sampleimage.part.23
Generating digests for each part...
Digests generated.
Creating bundle manifest...
Bundle Volume complete.
This command may take several minutes to complete. Once the
bundling process is complete, the AMI, its associated manifest file, and image
parts are in the /mnt directory. You can
confirm this using the command in the following example.
# ls -l /mnt/sampleimage.*
-rw-r--r--
1 root root 1611661312 Jun 20 10:12 /mnt/sampleimage.image
-rw-r--r--
1 root root 10485760 Jun 20
10:12 /mnt/sampleimage.part.00
-rw-r--r--
1 root root 10485760 Jun 20
10:12 /mnt/sampleimage.part.01
-rw-r--r--
1 root root 10485760 Jun 20
10:12 /mnt/sampleimage.part.02
-rw-r--r--
1 root root 10485760 Jun 20
10:12 /mnt/sampleimage.part.03
...
-rw-r--r--
1 root root 10485760 Jun 20
10:12 /mnt/sampleimage.part.22
-rw-r--r--
1 root root 10485760 Jun 20
10:12 /mnt/sampleimage.part.23
-rw-r--r--
1 root root 2970 Jun 20
10:12 /mnt/sampleimage.manifest
Uploading the AMI to
Amazon S3
All AMIs are loaded from Amazon S3 storage. You need
to upload the newly bundled AMI to an existing account on Amazon S3 such
as the one you created in Signing up for
Amazon S3.
Amazon S3 stores data objects in buckets, which are
similar in concept to directories. You'll need to specify a bucket name in the
following example as . Buckets have globally unique names
and are owned by unique users. If you have used S3 before, you can use any of
your existing buckets. The ec2-upload-bundle utility uploads the bundled
AMI to a specified bucket. If the specified bucket does not exist, it creates
it. If the specified bucket belongs to another user ec2-upload-bundle
will fail, and must use a different name.
For this, you'll need your AWS Access Key ID
() and AWS Secret Access Key
(). For information on how to find these keys, see
Signing up for
Amazon S3.
The upload process can be quite lengthy, but
Amazon EC2 provides continuous feedback until the upload completes as
shown in the following example.
# ec2-upload-bundle -b
-m /mnt/sampleimage.manifest.xml -a
-s
Encrypting bundle manifest...
Completed encryption.
Uploading encrypted manifest...
Uploaded encrypted manifest to
https://s3.amazonaws.com//mnt/sampleimage.manifest.xml
Uploading bundled AMI parts to
https://s3.amazonaws.com//sampleimage...
Uploaded sampleimage.part.00 to
https://s3.amazonaws.com//sampleimage.part.00.
Uploaded sampleimage.part.01 to
https://s3.amazonaws.com//sampleimage.part.01.
Uploaded sampleimage.part.02 to https://s3.amazonaws.com//sampleimage.part.02.
Uploaded sampleimage.part.03 to
https://s3.amazonaws.com//sampleimage.part.03.
...
Uploaded sampleimage.part.23 to
https://s3.amazonaws.com//sampleimage.part.23.
Uploaded sampleimage.part.24 to
https://s3.amazonaws.com//sampleimage.part.24.
Upload Bundle complete.
Note
Bear in mind that once the bundle has been
uploaded to Amazon S3, you will be charged for the storage. You may
remove the image from Amazon S3 as described in Removing
Your AMI from Amazon S3.
At this point your new image is ready to be registered
and launched, and you can log out of your ssh session.
Registering the AMI
Your image must be registered with Amazon EC2, so we
can locate it and run instances based on it.
Note
If you make any changes to the source image stored in
Amazon S3, you must re-register the image.
To register the AMI you uploaded to Amazon S3
Execute the following command:
PROMPT> ec2-register
/sampleimage.manifest.xml
IMAGE ami-2bb65342
Amazon EC2 returns an AMI identifier, the
value next to the IMAGE tag (ami-2bb65342 in the example) that can be used to run
instances.
Running Instances
You can now run an instance of the modified AMI by
specifying the image identifier you received when you registered the image.
To run an instance
Execute the following command, substituting the image identifier with
that received in Registering
the AMI:
PROMPT> ec2-run-instances ami-5bae4b32
RESERVATION r-3d30c354 924417782495 default
INSTANCE i-10a64379 ami-5bae4b32 pending 0
m1.small 2007-07-11T16:40:44+0000 us-east-1a
Amazon EC2 starts a single instance based
on your newly created AMI and provides you with an instance identifier, the
value immediately to the right of the INSTANCE tag, that can be used to monitor the status of the
running instance. For information on confirming the instance is up and running,
see
Running an Instance
,
You now have your very own image starting up and getting
ready. You can monitor its status until it's ready and then connect to it with
your web browser to confirm the changes you had made are actually live. If you
want to ssh in and take a look around, you can do so using the key pair you
created in the Connecting to
your Instance.
The keypair you launched that instance with was included in your new AMI during
the bundling process.
Elastic IPs
取得ip地址
# ec2-allocate-addressADDRESS 75.101.157.145
# ec2-describe-instancesRESERVATION r-f845bd91 xxxxxxxxxxxx defaultINSTANCE i-429a582b ami-be799cd7 ec2-75-101-198-23.compute-1.amazonaws.com domU-12-31-39-00-68-14.compute-1.internal running rx7_server 0 m1.small 2008-04-24T09:38:18+0000 us-east-1b aki-a71cf9ce ari-a51cf9cc
给实例指定ip
# ec2-associate-address -i i-429a582b 75.101.157.145ADDRESS 75.101.157.145 i-429a582b
ip地址释放
# ec2-describe-addressesADDRESS 75.101.157.145 i-429a582b # ec2-disassociate-address 75.101.157.145ADDRESS 75.101.157.145
EBS
$ ec2-describe-instancesRESERVATION r-0c16c265 xxxxxxxxxxxx defaultINSTANCE i-e5fa208c ami-2b5fba42 ec2-75-101-198-177.compute-1.amazonaws.com domU-12-31-39-00-A9-73.compute-1.internal running rx7_server 0 m1.small 2008-08-24T11:28:24+0000 us-east-1b aki-a71cf9ce ari-a51cf9cc $ ec2-create-volume -z us-east-1b -s 5VOLUME vol-5026c339 5 us-east-1b creating 2008-08-24T11:29:52+0000
$ ec2-attach-volume -d /dev/sdc -i i-e5fa208c vol-5026c339ATTACHMENT vol-5026c339 i-e5fa208c /dev/sdc attaching 2008-08-24T11:31:27+0000
Ec2# mkfs.ext3 /sdc
Ec2#mkdir /ebs
Ec2#mount –t ext3 /dev/sdc /ebs
$ ec2-describe-volumesVOLUME vol-5026c339 5 us-east-1b in-use 2008-08-24T11:29:52+0000ATTACHMENT vol-5026c339 i-e5fa208c /dev/sdc attached 2008-08-24T11:31:27+0000
$ ec2-create-snapshot vol-5026c339SNAPSHOT snap-edf41384 vol-5026c339 pending 2008-08-24T11:44:13+0000
$ ec2-describe-snapshotsSNAPSHOT snap-edf41384 vol-5026c339 completed 2008-08-24T11:44:13+0000 100%
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/93831/showart_1889541.html |
|