The main goal of this hands-on homework is to become faimilar with the Amazon elastic compute cloud (EC2) platform.
The exercise involves a series of steps. Please follow the instructions carefully to execute these steps. Each step provides familiarity with a certain functionality provided by EC2.
You will need security credentials (certificates and keys) to carry out the assignment. The TA will provide these credentials to you soon.
Please turn in a short (1-2 page) report with your observations and output from some of the key steps in this assignment. You will also required to provide an estimate (approximate estimates are OK) on how much your EC2 operations will cost the instructor. Use Amazon's pricing policy and monitoring data to compute your estimates. Please remember that we are paying actual money to Amazon based on your usage -- so be very careful with the resources you use, and if you are unclear on any aspect, ask us for clarifications.
WARNING: All users in this class will be placed in the same security group - which means that you have privileges to terminate a server started by another fellow student. Please do not abuse these privileges.
We may add further explanations on some of these steps to clarify - we will notify the class by email if we do so.
setenv EC2_BASE0 /courses/cs600/cs677/cs677.s2014/EC2 setenv EC2_HOME ${EC2_BASE0}/ec2api setenv AWS_CLOUDWATCH_HOME ${EC2_BASE0}/cloudWatch set path=( $path $EC2_HOME/bin $AWS_CLOUDWATCH_HOME/bin)
setenv EC2_BASE ~/EC2 setenv EC2_PRIVATE_KEY $EC2_BASE/upen_pk.pem setenv EC2_CERT $EC2_BASE/upen_cert.pem setenv AWS_CREDENTIAL_FILE $EC2_BASE/upen_aws_credential_file setenv JAVA_HOME /usr/lib/jvm/default-java
$ cd ~/; mkdir EC2 $ export EC2_BASE=~/EC2 $ cd $EC2_BASE $ unzip ec2-api-tools.zip $ ln -s ec2-api-tools-1.4.0.2 ec2-api $ export EC2_HOME=$EC2_BASE/ec2-api
$ export PATH=$PATH:$EC2_HOME/bin
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDbH8TXzjL6jDTMC/mYfAb6kyUEbzqeQ/Ww94d3Gi/qwUq4nsL8 rjYBdAJb4H6hyJlHkNf339lr+JKBEzEN5fTXEjRGbSIs8pD3aVEg7DzD8I+vLZZ2 dj/yMmeM2DMaSdp86/W62fq5sXAFMmF7hpd2Yam1/RYJS6HrgRYppsEw7QIDAQAB AoGBAMX5FvRPVRmu0QjFjPUqoXeEt/4grFpPVkxT521BGKfFiUfyEIMQtrRrZrIx ytdKkMnq4GUQNrTpORwrBbfj2mdGDqJmXyVVrCYi+mENmsBWma9cozmdoq/HEe49 [only part of the key is listed for security reasons] -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- MIIDYDCCAsmgAwIBAgIJAIztM80g1y3gMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHQW1oZXJzdDEOMAwGA1UEChMF VU1BU1MxCzAJBgNVBAsTAkNTMQ4wDAYDVQQDEwVDUzY3NzEjMCEGCSqGSIb3DQEJ ARYUcGxlYXNldGVzdEBnbWFpbC5jb20wHhcNMTEwMzA3MjEzOTMxWhcNMTEwNDA2 MjEzOTMxWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcTB0Ft aGVyc3QxDjAMBgNVBAoTBVVNQVNTMQswCQYDVQQLEwJDUzEOMAwGA1UEAxMFQ1M2 NzcxIzAhBgkqhkiG9w0BCQEWFHBsZWFzZXRlc3RAZ21haWwuY29tMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDbH8TXzjL6jDTMC/mYfAb6kyUEbzqeQ/Ww94d3 [only part of the certificate is listed for security reasons] -----END CERTIFICATE-----
KEYPAIR group1 01:f8:73:c5:63:e7:02:50:a3:a9:xx:xx:xx:xx:xx:xx -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAknnSdVJUuO1QBHV3/3eHw4OKUPtJ+fIgjuhxE0b/aMaSYADJh6zhnGoiSWFv rzEqxFjPXW1RlKao6/tj+rrBBYQcYH56YX/seQCPUzbfa3U0y/g/id9VN+thnwomWAHooKlWgJLa foDRpy5TaoS+ouhuV+Zme8qVCOrVd7iCb9ll+s+RrnakusKUYYz8kA6mUf+vGl/lbJZmHQgRMnaV +FyePvd88wbpJwXtweJCnDIuQe5gWHV9G/4EWCgtF0eoSvlbx2abhcwvTkSUeNStn3bEeTES3wAn 5CIwPLrWyZg+c0w/eM6yyM8E18Rygb2I3WuOuk9ZhwP0fyE9Emd4twIDAQABAoIBAFQ8PLz9qP1k dGTsDSNcYTYd2phxuvxDs1eb8xNL/CwMLjeJnFwrHt/t5WPf5fORSe/6xt4KtSTQp0p2muuhJMoA TLVtZwHVKG/503LelqPclo1KaXfneMGc2to0YxKvnlFusPFmAsNHX8pOCOi0CFH1ayeft4YvXX/w [only part of the key is listed for security reasons] -----END RSA PRIVATE KEY-----
AKIKI6YAKCM3UQLHOXJO DvUNt2aXZgGwoPw/2ZJK3TuyE8ZUdmduqZGarOB4 arn:aws:iam::101240882738:user/group1 FIAAI3QY3XPDSCJ2CPXEIYou must create your AWS_CREDENTIAL_FILE mentioned above using the info in this file.
The AccessKeyId is on the first line and the Secret Key on the second line. Create your credentials file with the following information (using the ids in the ids file):
AWSAccessKeyId=AKIKI6YAKCM3UQLHOXJO AWSSecretKey=DvUNt2aXZgGwoPw/2ZJK3TuyE8ZUdmduqZGarOB4Then put the file where referenced by your environment variables (e.g., in .bashrc/.cshrc):
export AWS_CREDENTIAL_FILE=/home/.../the_file_you_created_above
# group1_pk.pem and group1_cert.pem will be provided to each group by the TA # mkdir $EC2_BASE/keys # cp group1_pk.pem group1_cert.pem $EC2_BASE/keys export EC2_PRIVATE_KEY=$EC2_BASE/keys/group1_pk.pem export EC2_CERT=$EC2_BASE/keys/group1_cert.pem export AWS_CREDENTIAL_FILE=$EC2_BASE/users/group1_aws_credential_file
$ ec2-describe-regions REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
One can create an EC2 instance by specifying an ami-id. But before you create an instance you need to know what kind of ami to use. This is how you would do it
$ ec2-describe-images -o self -o amazon IMAGE ari-96c527ff ec2-public-images/initrd-2.6.21.7-2.ec2.v1.2.fc8xen.i686.ari.manifest.xml amazon available public i386 ramdisk instance-store IMAGE ari-56ce2c3f ec2-public-images/initrd-2.6.21.7-2.ec2.v1.2.fc8xen.x86_64.ari.manifest.xml amazon available public x86_64 ramdisk instance-store IMAGE aki-9b00e5f2 ec2-public-images/vmlinuz-2.6.18-xenU-ec2-v1.0.i386.aki.manifest.xml amazon available public i386 kernel instance-store
ec2-run-instances ami-f8b35e91 -k upen -t m1.small -n 1 RESERVATION r-9ad0a0f7 168263115459 default INSTANCE i-e06b948f ami-f8b35e91 pending upen 0 m1.small 2011-03-19T12:37:18+0000 us-east-1c aki-a71cf9ce ari-a51cf9cc monitoring-disabled instance-store
$ ec2-describe-instances i-e06b948f RESERVATION r-9ad0a0f7 168263115459 default INSTANCE i-e06b948f ami-f8b35e91 ec2-67-202-xx-xx.compute-1.amazonaws.com ip-10-202-xx-x.ec2.internal running upen 0 m1.small 2011-03-19T12:37:18+0000 us-east-1c aki-a71cf9ce ari-a51cf9cc monitoring-disabled 67.202.xx.xx 10.202.xx.xx instance-store paravirtual xenNotice that my key-name (upen) is mentioned in the seventh column.
$ ssh -i upen_pair.pem root@ec2-xx-xx-xx-xx.compute-1.amazonaws.comNote that upen_pair.pem is used to login into the machine; replace the xx with the hostname of your instance.
$ cd $EC2_BASE $ unzip CloudWatch-2010-08-01.zip $ ln -s CloudWatch-1.0.9.5/ cloudWatch ## you will have to put things in .bashrc for edlab machines $ vi ~/.bash_profile export export AWS_CLOUDWATCH_HOME=$EC2_BASE/cloudWatch export export PATH=$PATH:$EC2_HOME/bin:$AWS_CLOUDWATCH_HOME/bin
$ mon-list-metrics CPUUtilization AWS/EC2 {InstanceId=i-e028d78f} CPUUtilization AWS/EC2 CPUUtilization AWS/EC2 {InstanceType=t1.micro} CPUUtilization AWS/EC2 {InstanceId=i-e06b948f} DiskReadBytes AWS/EC2 {ImageId=ami-8c1fece5} DiskReadBytes AWS/EC2 DiskReadBytes AWS/EC2 {InstanceId=i-e028d78f} DiskReadBytes AWS/EC2 {InstanceType=t1.micro} DiskReadBytes AWS/EC2 {InstanceId=i-e06b948f} DiskReadOps AWS/EC2 {InstanceId=i-e06b948f} DiskReadOps AWS/EC2 {InstanceType=t1.micro} DiskReadOps AWS/EC2 {InstanceId=i-e028d78f} DiskReadOps AWS/EC2 DiskReadOps AWS/EC2 {ImageId=ami-8c1fece5} DiskWriteBytes AWS/EC2 {InstanceId=i-e028d78f} DiskWriteBytes AWS/EC2 {InstanceType=t1.micro} DiskWriteBytes AWS/EC2 {ImageId=ami-8c1fece5} DiskWriteBytes AWS/EC2 {InstanceId=i-e06b948f} DiskWriteBytes AWS/EC2 DiskWriteOps AWS/EC2 {InstanceId=i-e06b948f} DiskWriteOps AWS/EC2 {ImageId=ami-8c1fece5} DiskWriteOps AWS/EC2 DiskWriteOps AWS/EC2 {InstanceType=t1.micro} DiskWriteOps AWS/EC2 {InstanceId=i-e028d78f} NetworkIn AWS/EC2 NetworkIn AWS/EC2 {InstanceType=t1.micro} NetworkIn AWS/EC2 {InstanceId=i-e06b948f} NetworkIn AWS/EC2 {ImageId=ami-8c1fece5} NetworkIn AWS/EC2 {InstanceId=i-e028d78f} NetworkOut AWS/EC2 NetworkOut AWS/EC2 {ImageId=ami-8c1fece5} NetworkOut AWS/EC2 {InstanceId=i-e06b948f} NetworkOut AWS/EC2 {InstanceType=t1.micro} NetworkOut AWS/EC2 {InstanceId=i-e028d78f} VolumeIdleTime AWS/EBS {VolumeId=vol-c97b59a1} VolumeQueueLength AWS/EBS {VolumeId=vol-c97b59a1} VolumeReadBytes AWS/EBS {VolumeId=vol-c97b59a1} VolumeReadOps AWS/EBS {VolumeId=vol-c97b59a1} VolumeTotalReadTime AWS/EBS {VolumeId=vol-c97b59a1} VolumeTotalWriteTime AWS/EBS {VolumeId=vol-c97b59a1} VolumeWriteBytes AWS/EBS {VolumeId=vol-c97b59a1} VolumeWriteOps AWS/EBS {VolumeId=vol-c97b59a1}
$ ec2-monitor-instances i-e06b948f i-e06b948f monitoring-pending
$ mon-get-stats CPUUtilization --period 60 --statistics "Average" --namespace "AWS/EC2" --dimensions "InstanceId=i-e06b948f" 2011-03-19 12:39:00 0.43200000000000005 Percent 2011-03-19 12:44:00 0.0 Percent 2011-03-19 12:49:00 0.088 Percent 2011-03-19 12:54:00 0.0 Percent 2011-03-19 12:59:00 0.176 Percent 2011-03-19 13:04:00 0.0 Percent 2011-03-19 13:09:00 0.088 Percent 2011-03-19 13:15:00 0.0 Percent 2011-03-19 13:16:00 0.0 Percent 2011-03-19 13:17:00 0.0 Percent 2011-03-19 13:18:00 0.0 Percent 2011-03-19 13:19:00 0.0 Percentmore details on using this api are available here
yum install -y perl java-1.6.0-openjdk.i386 firefox
$ mon-get-stats NetworkIn --period 60 --statistics "Average" --namespace "AWS/EC2" --dimensions "InstanceId=i-e06b948f" 2011-03-19 12:39:00 165.2 Bytes 2011-03-19 12:44:00 0.0 Bytes 2011-03-19 12:49:00 0.0 Bytes 2011-03-19 12:54:00 0.0 Bytes 2011-03-19 12:59:00 4672.0 Bytes 2011-03-19 13:04:00 0.0 Bytes 2011-03-19 13:09:00 0.0 Bytes 2011-03-19 13:15:00 0.0 Bytes 2011-03-19 13:16:00 0.0 Bytes 2011-03-19 13:17:00 0.0 Bytes 2011-03-19 13:18:00 0.0 Bytes 2011-03-19 13:19:00 0.0 Bytes 2011-03-19 13:20:00 0.0 Bytes 2011-03-19 13:21:00 0.0 Bytes 2011-03-19 13:22:00 0.0 Bytes 2011-03-19 13:23:00 0.0 Bytes 2011-03-19 13:24:00 0.0 Bytes 2011-03-19 13:25:00 25634.0 Bytes 2011-03-19 13:26:00 9.3764883E7 Bytes
$ ssh -i $EC2_BASE/keys/group1_pair.pem root@ec2-67-202-56-22.compute-1.amazonaws.com
$ yum localinstall ec2-ami-tools.noarch.rpm --nogpgcheck
$ time ec2-bundle-vol -k $EC2_BASE/keys/upen_pk.pem -c $EC2_BASE/keys/upen_cert.pem -u168263115459 --arch i386 --kernel aki-a71cf9ce --ramdisk ari-a51cf9cc -d /mnt Copying / into the image file /mnt/image... Excluding: /sys /proc /dev/pts /proc/sys/fs/binfmt_misc /dev /media /mnt /proc /sys /mnt/image /mnt/img-mnt 1+0 records in 1+0 records out 1048576 bytes (1.0 MB) copied, 0.008404 seconds, 125 MB/s mke2fs 1.39 (29-May-2006) Bundling image file... Splitting /mnt/image.tar.gz.enc... Created image.part.00 Created image.part.01 Created image.part.02 Created image.part.03 [...] Created image.part.68 Generating digests for each part... Digests generated. Unable to read instance meta-data for ancestor-ami-ids Unable to read instance meta-data for product-codes Creating bundle manifest... ec2-bundle-vol complete. real 13m41.641s user 3m1.015s sys 1m6.916s
$ time ec2-upload-bundle --batch -b CS677/upen -m /mnt/image.manifest.xml -a $AWSAccessKeyId -s $AWSSecretKey The specified bucket is not S3 v2 safe (see S3 documentation for details): CS677 Creating bucket... Uploading bundled image parts to the S3 bucket CS677 ... Uploaded image.part.00 Uploaded image.part.01 Uploaded image.part.02 Uploaded image.part.03 [...] Uploaded image.part.68 Uploading manifest ... Uploaded manifest. Bundle upload completed. real 2m33.281s user 0m4.140s sys 0m2.192s
$ time ec2-register -K $EC2_BASE/keys/upen_pk.pem -C $EC2_BASE/keys/upen_cert.pem -n Centos5.4-upen CS677/upen/image.manifest.xml IMAGE ami-2a748643 real 0m9.295s user 0m2.240s sys 0m0.088s
$ ec2-describe-images IMAGE ami-2a748643 168263115459/Centos5.4-upen 168263115459 available private i386 machine aki-a71cf9ce ari-a51cf9cc instance-store
$ ec2-run-instances ami-2a748643 -k upen -t m1.small -n 1 RESERVATION r-a40a79c9 168263115459 default INSTANCE i-36fe0059 ami-2a748643 pending upen 0 m1.small 2011-03-19T15:21:02+0000 us-east-1c aki-a71cf9ce ari-a51cf9cc monitoring-disabled instance-store xen
$ec2-describe-instances RESERVATION r-9ad0a0f7 168263115459 default INSTANCE i-e06b948f ami-f8b35e91 ec2-67-202-56-22.compute-1.amazonaws.com ip-10-202-162-3.ec2.internal running upen 0 m1.small 2011-03-19T12:37:18+0000 us-east-1c aki-a71cf9ce ari-a51cf9cc monitoring-enabled 67.202.56.22 10.202.162.3 instance-store paravirtual xen RESERVATION r-a40a79c9 168263115459 default INSTANCE i-36fe0059 ami-2a748643 ec2-50-17-104-128.compute-1.amazonaws.com ip-10-114-45-185.ec2.internal running upen 0 m1.small 2011-03-19T15:21:02+0000 us-east-1c aki-a71cf9ce ari-a51cf9cc monitoring-disabled 50.17.104.128 10.114.45.185 instance-store paravirtual xen $ ec2-terminate-instances i-e06b948f i-36fe0059 INSTANCE i-36fe0059 running shutting-down INSTANCE i-e06b948f running shutting-down