Creating new a instance-store AMI for Amazon AWS EC2

This is a HOWTO build your own instance-store backed AMI image which is suitable for creating a Paid AMI. The motivation for doing this HOWTO is simple: I tried it, and it has a lot of little gotchas, so I want some notes for myself. This HOWTO assumes you’re familiar with launching EC2 instances, logging into them, and doing basic command line tasks.

Choosing a starting AMI

There’s a whole ton of AMIs available for use with EC2, but not quite so many which are backed by instance-store storage. Why’s that? Well, EBS is a lot more flexible and scalable. The instance-store images have a fairly limited size for their root partition. For my use case, this isn’t particularly important, and for many use cases, it’s trivial to mount some EBS volumes for persistant storage.

Amazon provides some of their Amazon Linux AMIs which are backed by EBS or instance-store, but they’re based on CentOS, and frankly, I’ve had so much troubles with CentOS in the past, that I just prefer my old standby: Ubuntu. Unfortunately, I had a lot of trouble finding a vanilla Ubuntu 12.04 LTS instance-store backed image through the AWS Console. They do exist, however, and they’re provided by Canonical. Thanks  guys!

Here’s a list of all the 12.04 Precise official AMIs:
http://cloud-images.ubuntu.com/releases/precise/release/

Conveniently, there’s a Launch button right there for each AMI instance. Couldn’t be easier!

Installing the EC2 Tools

Once you’ve got an instance launched and you’re logged in and sudo‘d to root, you’ll need to install the EC2 API and AMI tools provided by Amazon. The first step is, of course, to download them. Beware! The tools available through the Ubuntu multiverse repositories are unfortunately out of date.

The latest EC2 API tools can be found here:
http://aws.amazon.com/developertools/351

The latest EC2 AMI tools can be found here:
http://aws.amazon.com/developertools/368

I like to copy the download link and use wget to download them rather than scp‘ing them from my client machine.

sudo su
mkdir -p /tmp/ec2-tools
cd /tmp/ec2-tools
wget -O ec2-api-tools.zip 'http://www.amazon.com/gp/redirect.html/ref=aws_rc_ec2tools?location=http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip&token=A80325AA4DAB186C80828ED5138633E3F49160D9'
wget -O ec2-ami-tools.zip 'http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip'

Before we can install the EC2 tools, we need to install a few packages that our vanilla Ubuntu is lacking, namely zip and Java.

apt-get install zip
apt-get install openjdk-6-jre-lib
apt-get install ruby

Once we have those installed, we need to unzip our packages and install them to the /usr/local directory.

unzip "*.zip"
find . \( -name bin -o -name lib -o -name etc \) | \
    xargs -I path cp -r path /usr/local

Lastly we have to set the EC2_HOME and the JAVA_HOME environment variables for the EC2 tools to work properly. I like to do this by editing /etc/bash.bashrc so anyone on the machine can use the tools without issue.

echo -e "\nexport EC2_HOME=/usr/local\nexport JAVA_HOME=/usr\n" >> /etc/bash.bashrc

Once we log out and back in, those variables will be set, and the EC2 tools will be working.

# exit
$ sudo su
# ec2-version
1.6.7.4 2013-02-01

Customizing Your AMI

At this point, your machine should be all set for you to do whatever customization you need to do. Install libraries, configure boot scripts, create users, get your applications set up, anything at all. Once you’ve got a nice, stable (rebootable) machine going, then you can image it.

Bundling, Uploading and Registering your AMI

This is actually pretty easy, but I’ll still go through it. The Amazon documentation is fairly clear, and I recommend following along with that as well, as it explains all the options to each command.

Here’s the official Amazon documentation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-snapshot-s3-linux.html

  1. Create an S3 bucket. This is where you’ll upload your AMI images. If you already have a bucket, you can use that.
  2. Download your AWS security certificates and copy your API keys. They can be found here: https://portal.aws.amazon.com/gp/aws/securityCredentials
  3. Copy your credentials to the instance you’re going to image. First, create a directory to store them in on your instance:
    mkdir -p /tmp/cert
    chmod 777 /tmp/cert
  4. Then copy them from the place you downloaded them on your client machine, to your instance:
    scp -i <keypair_name> pk-*.pem cert-*.pem ubuntu@<host_name>:/tmp/cert
  5. Bundle your instance image. The actual image bundle and manifest will end up in /tmp.
    cd /tmp/cert
    ec2-bundle-vol -k <private_keyfile> -c <certificate_file> \
        -u <user_id> -e <cert_location>
    cd /tmp
  6. Upload your bundled image. Note that <your-s3-bucket> should include a path that is unique to this image, such as my-bucket/ami/ubuntu/my-ami-1, otherwise things will get very messy for you, because an image consists of an image.manifest.xml file and many chunks which compose the image itself, which are generically named by default when you use this tool.
    ec2-upload-bundle -b <your-s3-bucket> -m <manifest_path> \
        -a <access_key> -s <secret_key>
  7. Register your new AMI.
    ec2-register <your-s3-bucket>/<path>/image.manifest.xml -n <image_name> \
        -O <your_access_key> -W <your_secret_key>

That’s it! You should be all set with a new AMI, which should also show up in the AWS Console.

About the Author: Jake Alheid

Jake is a Python evangelist and is a developer at about.me in San Francisco. He is also the creator of pyconfig and a code contributor on github.

Nexus 1000v in a Hyper-V 2012 Environment (Part 1)

In the next few posts I will be going over some of the basics on how to get the Nexus 1000v setup and working in a Hyper-V environment.  I must warn readers ahead of time, this product was just released (as of a week or two ago) and the Cisco documentation is seriously lacking.  What documentation that does exist is thoroughly confusing so it may take some time to work through all of the issues.  Just as much if not more irritating, the Hyper-V way of doing things is just as confusing.  Taking on a project like this will surely improve your skills and abilities with virtualization, especially network virtualization.  I must admit, this stuff can get very confusing at first so it is important to realize that you might not understand everything at first, just be patient, it will eventually start making more sense.

First I need to lay some ground work.  I think it’s important not only in this example but a good habit in general to spec out a project and figure out all of the requirements in order to make sure you have everything lined up that you might need before tackling a project.  A few important considerations when working with the 1000v are to make sure the networking and NIC’s on the Hyper-V hosts are set correctly, Virtual Machine Manager (SCVMM) is installed and configured, the network is configured (LACP port channels, trunk ports, correct VLAN assignment, etc) and that configuring all of these pieces won’t cause any downtime or other issues with your production network.  Ideally, all of this would be thought of and set up ahead of time.  Luckily I have a test environment as well as SCVMM in my test environment to test this with and do not have to worry about any real world down time or production issues.

One of the most important things to get established is getting the underlying Hyper-V network stack configured properly.  I try to mimic a production type environment as much as possible so this configuration is a typical design you may see in the real world.  So let’s lay out the structure of the design.

  • Management VLAN(s)
  • DMZ VLAN(s)
  • Inside VLAN(s)
  • Live Migration VLAN(s)

It is common to break these out through different physical connections, so as an example you might see 4 different NIC’s on the Hyper-V host connecting to a switch that has 4 different VLAN’s configured.  If you want redundancy you can add NIC teaming into this scenario (which is native in Server 2012 now, which is nice).  I have limited resources so I am using a single NIC for management, DMZ and live migration traffic, and teaming the inside connection with 2 NIC’s.  Here is a crude example of how this is setup.

Hyper-V architecture

If you are setting this up in a clustered environment, you would want these settings to be identical across all Hyper-V hosts.  Once this is setup correctly make sure you have SCVMM installed and configured. That is a separate process and therefore is out of the scope of this post, I’d be happy to answer any questions you have, I’m just not discussing it here.  You will need to grab the Cisco Nexus 1000v for Hyper-V.  To download the files necessary for installation (let me know if you don’t have one) you will need a valid Cisco ID.  Cisco also provides some documentation as well as some installation videos links but I have found them to be less than helpful to be honest, there is some useful information to be sure, I just want to walk you through the process myself because there were a few caveats and the documentation creates a lot of unnecessary confusion.

There is some basic terminology to be familiar with when getting the 1000v up and going that helps to understand how and why different parts work the way that they do when running through the installation.

  • vsm – virtual superviser module.  This logically controls the virtual switch and can be thought of as a virtual line card to manage the different VEMs.
  • vem – virtual ethernet module.  This is the piece that actually replaces the virtual switch
  • nsm – network segmentation manager.

Once you have the 1000v downloaded you need to make sure you run the installation for it on the server that is hosting SCVMM.  The installer is hidden in the following location,

\Nexus1000v.5.2.1.SM1.5.1\VSM\Installer_App\Cisco.Nexus1000VInstaller.UI.exe

When you run this executable it should bring up a GUI to install and configure the virtual switch(es).  You will need to use an account that is a member of the SCVMMAdmins group in Active Directory, otherwise the installer will not be able to connect to SCVMM and will not be able to create and configure the VM for the new virtual switch.

Authenticate to SCVMM

The next portion of the installer is where things may get confusing if you don’t know what you are looking for.  I have linked to the sample configuration I used in my lab to help with this.  Since this is what I used in my test environment I know at least at one point this configuration worked.  It would be a good idea to deploy the VSM’s in high availability if you can, otherwise it isn’t a big deal.

  • Choose a meaningful name for VSM name, basically this is the same as the host name.  
  • The ISO linstall location is, \Nexus1000v.5.2.1.SM1.5.1\VSM\Install\nexus-1000v.5.2.1.SM1.5.1.iso.  
  • From the documentation I’ve read the VEM MSI location indicated is a little misleading because it points at the wrong installation file.  It should point at \Nexus1000v.5.2.1.SM1.5.1\VMM\Nexus1000V-VSEMProvider-5.2.1.SM1.5.1.0.msi.  
  • The VSM IP address should be an address in your management network, it can basically be thought of as the address to use to connect to the 1000v virtual switch.  
  • Subnet mask should be fine as 255.255.255.0.
  • Gateway IP should match up with the VSM IP address, essentially they just need to be on the same subnet.
  • Domain ID is an arbitrary number that is associated with the virtual network.  For most use cases you should be able to use one ID, 1000 in my example.
  • Use the VLAN ID that your VSM is on, in my case it is my management ID.
  • Since our management VLAN is that same as the VSM VLAN (typical in most deployments) simply choose “Yes” here.

1000v deployment config

At this point everything should be configured, the installer just needs to go out and create the VM’s and take care of getting everything up and running.  It may take awhile so take a break if needed and come back later.

Wait for the installation to finish

Everything should complete successfully, if not you will need to look at the log file and troubleshoot any errors you may have.

Installation summary

Almost done.  Everything should be out there and running but there is still one very important step left.  If you notice, about halfway down the installation summary page there is a username/password of admin and admin.  This obviously will change once the 1000v gets put into use but there is NOTHING in the documentation that tells you that this will break the configuration in SCVMM!

What you need to do is hop on the SCVMM server and manually configure the credentials that are used to connect to the 1000v switch.  To do this, drill down into the security settings in SCVMM by flipping open the Configuration pane -> Security -> Runas accounts -> Right click your 1000v admin account and select properties.

Updating the admin account in SCVMM

Then you will change the username and password to match the credentials that you have set on the 1000v. This will allow the switch to communicate with the SCVMM server so that 1000v network settings can be managed through Hyper-V.

In Part 2 I will discuss the intricacies of configuring the 1000v as well as how to reflect these settings in your Hyper-V virtual environment.  Since this is a brand new product, there are still some things yet  that need to get worked out, especially the documentation.  And as I mentioned earlier, the network settings in Hyper-V and SCVMM can be extremely confusing the first time you see them.   Working through and troubleshooting these issues will quickly help improve your knowledge and understanding of how Hyper-V and the Nexus 1000v work together to improve virtual networking.  If you have any questions or concerns about any of this I will try to help, but I am not promising anything at this point.

About the Author: Josh Reichardt

Josh is the creator of this blog, a system administrator and a contributor to other technology communities such as /r/sysadmin and Ops School. You can also find him on Twitter and Facebook.

Getting Python Fabric setup in Windows

This has really turned into a wild goose chase.  Initially my goal when I set out on this project was simply to get Fabric up and running so I could test out some different features on some network gear.  It seems like the Python integration in Windows is very different than it is in the Linux world where everything is all bundled up nice and neatly.  There are several separate, seemingly unrelated pieces that all need to fit together to get Python and Fabric working correctly in a Windows environment, which can be very perplexing at first, hence my need to write a post so I don’t have to remember all this complexity for next time.  I thought I might as well show people how I got this to work instead of picking and choosing different bits of information from the internet.

The following is a list of links that I have found to be helpful in getting everything up and going, flip back to here for the different resources and components:

There’s a few steps for getting up and running.  For basic Python functionality it should be enough to download and install Python via the basic installer in your Windows environment.  Accepting the defaults should be enough.  Also, I recommend going with Python 2.7, rather than 3.3 because it has much better backwards compatibility.  You will also want to double check to make sure you download the correct version for you OS as well, either 32-bit or 64-bit.

Once you have your Python install up and going you will want to get pip installed. You will use this tool to get Python modules because it aids tremendously with downloading, managing and installing useful Python code.

So to get up and running with pip, first make sure that you have the correctly matched version of Python and the pip installed for your environment.  For example the 2.7 pip installer will not work with a 3.3 Python installation.  Second, you will need to make sure you have the Distribute package installed in your Python environment as well.  This is the tool that will allow pip to work.  Once you have these modules installed you will need to switch to the directory where pip is installed (or add it to your ENV path variable).  For me it was located in the following location:

C:\Python27\Scripts\pip.exe

So the command to install Fabric would be as follows:

pip.exe install fabric

You would think that’s all you need to get fabric working right?  Well it turns out that using this method we do not have the correct version of Pycrypto installed.

pycrypto error

So using the link posted above go ahead and get the correct version of Pycrypto downloaded and installed (version 2.1.0).  That still doesn’t fix it though!  It just gets us to a different error.  I used this post and this post as a guide for getting the correct version of Pycrypto installed on the Windows machine.

Okay, so now we should have a fully functioning Python environment with Fabric installed.  The only main issue that remains at this point (to my knowledge at least) is that pip still doesn’t work quite right when attempting to install various Python packages.  To get that part working you will need MinGW32 installed (reference above for links).  But that is basically out of the scope of this post, I will write another post about it if there is any interest or you can ask me if you have issues as always.

The only other piece left then is to get Fabric up and going with our Cisco gear.  Take a look at the docs for basic usage on getting acquainted with Fabric, it is fairly straight forward for the most part.

One thing I was not aware of was the way Cisco CLI and devices would behave when using Fabric to control them remotely.  I was having issues with Fabric flaking out whenever I went into config mode on a Cisco switch.  It turns out that when you enter into config mode you are essentially dropped into a new shell and Fabric doesn’t have a nice way to deal with that.  So something like this will bomb out,

def test():
	run("conf t", shell=False)
	run("int 1/0/1", shell=False)
	run("no shut", shell=False)
	run("exit", shell=False)

The “conf t” command opens your new shell and the Cisco gear freaks out because it doesn’t know what to do with the next command.  I should also mention the shell=False is somewhat unrelated to this issue but it gets around Fabric trying to use bash as its default shell.  The workaround?  Use the open_shell command in Fabric and escape each command by using \n to escape to a new line.  So a sample command using this format would be something like the following,

def test():
	open_shell("conf t \n"
		   "ip name-server 1.1.1.1 \n"
		   "exit \n"
		   "exit \n"
		   )

Yeah this is sort of hacky, and I’m not sure if it will be able to do everything I am looking for but hey at least it kind of works.  I am currently looking for a more robust and easier way around this limitation so if you have any suggestions let me know.

Credit goes to markmm on reddit for letting me know about this workaround as well as the people who hang out on the #fabric irc channel on freenode.

About the Author: Josh Reichardt

Josh is the creator of this blog, a system administrator and a contributor to other technology communities such as /r/sysadmin and Ops School. You can also find him on Twitter and Facebook.

Conversation history not saving in Outlook 2010

Recently I ran into an issue with a Lync environment (2010) where Lync conversations were not being saved to the “Conversation History” folder in Outlook (2010).  Luckily there is a quick way to fix this issue, through Exchange.  From the reading that I have done it seems like the most common reason this occurs is when a user in your Exchange environment reaches or surpasses 1,000 combined folders and sub folders in their mailbox.  The easiest way to check if a user has reached this threshold is to use the Exchange Management Shell to quickly take a look at their total combined mailbox folders using the following command.

(Get-MailboxFolderStatistics “user”).Count

Easy enough, often times this is enough to determine the cause.  But I have taken this command one step further and wrapped it into a little script that will go through your Exchange environment and record all users that have reached this threshold and place their display name as well as the number of folders/subfolders into a csv file for an easier to reference.  Here is the logic of the script.

$mailboxes = Get-Mailbox
$overlimit = @()

ForEach ($mailbox in $mailboxes) {

$mbxmember = New-Object PSObject
$folders = (Get-MailboxFolderStatistics $mailbox).Count
$mbxmember | Add-Member -MemberType NoteProperty -Name "Display Name" -Value $mailbox.DisplayName
$mbxmember | Add-Member -MemberType NoteProperty –Name “Folder Count” –Value $folders

	If ($folders -gt 1000) {
		$overlimit += $mbxmember
	}
}

$overlimit

That logic right there is very basic but will iterate over all mailboxes in the Exchange environment, grab those with over 1,000 folders/sub folders, place them into an array and output the array.  This will take a while depending on the size of your environment, so feel free to let it run in the background.  It is not a super intensive process, it just takes forever.  To get this into a CSV file use the following Powershell command, I have this script name Get-Folders.ps1 in this example.

.\Get-Folders.ps1 | Export-CSV users.csv

That should be it.  Not everybody will need this obviously but I found that it came in handy.

About the Author: Josh Reichardt

Josh is the creator of this blog, a system administrator and a contributor to other technology communities such as /r/sysadmin and Ops School. You can also find him on Twitter and Facebook.

Evo 4G Customization Goodness

Since my initial rooting and unlocking project last weekend I haven’t been able to stop thinking about the shiny new ROM I have installed and how awesome it is.  So now that I have the taste for flashing custom ROM’s, I wanted to see what else was out there.  I did some digging and learned (to my happy surprise) that the Evo 4G, or the “OG” as community members refer to it as, is still alive and well, with a very talented community and very active user base.  Especially for a device that is nearly 3 years old.

If you missed my original ROM flashing post you can view it here.  That should get you up speed.

Custom ROM’s can be confusing and maybe a bit intimidating at first but once you start to wrap your head around the concept then things get much easier.  If you have any questions let me know and I will do my best to help explain things as best I can (from my own understanding of how it all works at this point).  I am certainly new to this as well but am quickly beginning to understand the power and draw behind custom ROM’s, especially for tinkerers and people that are interested in DIY tech projects, there is really a whole world out there to go explore for this type of stuff.  I would take a look at XDA Developers forum for a good place to get started on many of these topics.

I am working on putting together a list of the latest and greatest ROM’s that I have stumbled across since my initial flash using the MazWoz Jelly Bean ROM last week.  I will also try to offer some perspective and comparisons between these custom ROM’s to help you choose which one will suit your needs and will work best in your use case.  All of the ROM’s that I have been testing are currently all 4.2.x (Jelly Bean) and are all fantastic, so if you are having trouble picking one out I would advise that you just pick one.  More than likely it will be a good fit.  The only difference between many of these are small subtleties such as specific themes, customization options, look and feel and a few packaged apps here and there.  So for example, Slim Bean offers a UI “pie controls” that aren’t built in to some of the other ROM’s.  But for the most part many of these ROM’s are using a lot of the same “stuff” in the background.  There are probably more out there but I will just be covering the most popular and most active ROM’s that I cam across, so let’s go ahead get started.

MazWoz – http://forum.xda-developers.com/showthread.php?t=1947452

This is a great ROM and the first custom ROM that I tried.  Nearly everything is working currently, it is certainly stable enough for every day use IMO.  It did a hot reboot on me once and the camera was a little bit on the glitchy side, there were some strange GUI effect glitches every now and WiMax is broken (which won’t get a fix it doesn’t look like but who cares) but otherwise worked flawlessly, it is very snappy and responsive, it provides a buttery smooth experience.  I would highly recommend giving this ROM a shot since it is both stable and smooth.  It isn’t quite there 100% on all the new Jelly Bean features but it is getting there and is under active development by its creator and maintainer.  The latest release was about a month ago so hopefully there will be an update to provide some of these niceties in the near future.

Slim Bean – http://forum.xda-developers.com/showthread.php?t=2217412

Currently testing this ROM out.  So far so good, it is fast and everything I’ve tried seems to be working correctly.  This ROM is designed to be light weight and snappy, so only basic themes, look and feel and apps although I will say that after booting initially it felt a very tiny bit slower than the MazWoz ROM but this slowdown was still very tolerable.  I suspect there may have been issues since it was trying to sync up and download things in the background, because everything has been working much more smoothly after the everything is in sync.  The camera works slightly more fluidly than the MazWoz camera and there do not appear to be any other noticibly odd glicthy behaviors with the GUI.  Other initial findings were that there is no WiMax (again expected) and no front camera.  This ROM is very smooth and there is support for facial recognition and unlock which is pretty slick.  There are some other cool features baked in such that other ROM’s do not offer such as “The Real Dark Slim (TRDS)” which is basically a customization engine for this particular ROM as well as Slim PIE and a few other unique customizations for this ROM which allow for a more fine tuned experience.

Cyanogenmod 10.1 – http://forum.xda-developers.com/showthread.php?t=2244061

This is the defacto for custom ROM’s currently, it easily has the largest user and developer base and its latest version has been ported over to the Evo 4G.  This is pretty much the most complete package as far as custom 4.2.x ROM’s go.  It has basically every standard feature that comes along with this version of Android as well as a ton of tweaks and improvement, including pie controls and speed/optimization improvements and other nice goodies.  There is no official release for this build because this current port literally just happened not more than a few weeks ago but I’m sure the word will spread quickly.  So far I have liked this release for the most part, there are some issues though, such as a little big of glitchiness as with the other releases I have tried, the swype style keyboard doesn’t work all the time, the launcher (trebuchet) crashed ones, no front camera, some of the camera options aren’t perfect either and there is no WiMax support.  These are really just small gripes though and outside of that it is snappy and also probably the smoothest ROM I’ve tried so far.  It has some slick features built in including a custom launcher, file manager and media player, as well as some additional themes and widgets built in which are a really nice touch.  The CyanogenMod is an all around good experience and with all of the little additions and bells and whistles built in has been my favorite ROM so far.

AOKP – http://forum.xda-developers.com/showthread.php?t=2257194

This is one of the newer projects out there but it is gathering steam and the community as well as developers have really worked hard to make this ROM very nice.  The features of this ROM are on par (some may even say better) than Cyanognmod and this ROM certainly delivers so very nice customization options as well as a stable and fast platform.  I have only recently tried this ROM out myself yet so I can’t report on all of the issues that it has other than the standard issues that all of these ROM’s suffer from.  No front camera, no WiMax, some weird camera issues, etc.  Nothing out of the ordinary.  I have really liked the quickness of this ROM so far, I’d say it is on par or better than Slim Bean and offers a really nice experience overall and the ability for a lot of customization.  I would definitely recommend trying this ROM out.  The only caveat for getting this ROM to work correctly is that you need to partition your SD card prior to flashing, otherwise you will suffer from boot loops which caught me originally.  Other than that, it is pretty straight forward to flash and use.

Evervolv – http://forum.xda-developers.com/showthread.php?t=2172323

This one is worth a mention as well but seems to be losing some of its previous favor amongst the community as of late (at least as far as I can tell, I could be totally wrong about this though).  It seems like a lot of ROM’s are built using much of Evervolv’s code but the project itself isn’t quite as popular as it was at one time.  I haven’t tried this ROM out for myself yet, I just found that it was worth a mention because of its support for the Evo 4 G.  I might come back and update this post if I ever switch and try this ROM out, but I just can’t get away from Cyanogenmod right now.

About the Author: Josh Reichardt

Josh is the creator of this blog, a system administrator and a contributor to other technology communities such as /r/sysadmin and Ops School. You can also find him on Twitter and Facebook.