[9fans] plan 9 in the cloud - amazon ec2

[9fans] plan 9 in the cloud - amazon ec2

[Richard Miller]

I've made a few tweaks to the paravirtualised plan 9 kernel in
/n/sources/xen/xen3 to make it compatible with the xen environment
used in amazon's "elastic compute cloud".  There's an example public
AMI (in zone eu-west-1) named ami-03c9f377 which can be used to
instantiate a cpu server with fossil on a 1GB "elastic block storage"
volume.  This fits within the free usage tier which you get for the
first 12 months after creating an amazon web services account.

When first launched, your server will start with authid = ec2, authdom
and sysname equal to the ec2 instance id, and a randomly generated
password which will be echoed to the system console, where it can be
retrieved - only by the instance's owner - using the Get System Log
function of the aws web interface.  (Be patient; there is often a
delay of some minutes after launching an instance before the console
log becomes available.)

Alternatively, if the "user data" field, which you can create as part
of launching an ec2 instance, contains a shell script (anything
following a line beginning with #!/bin/rc), this will be run from
/bin/cpurc.local at boot time.  You can use this to inject your own
initial authentication details into factotum, by putting something
like this in the user data field:
  #!/bin/rc
  auth/factotum -g 'proto=p9sk1 user=ec2 dom=my.auth.dom !password=XXXX'

The random password or factotum script will allow you to connect to
your server for the first time using cpu, drawterm or ssh1.  (For the
first two, don't forget to open port 17010 or 17013 in the "security
group" firewall.) You'll then want to use auth/wrkey to put new
credentials securely into nvram, and reboot or run 'auth/readnvram
>/mnt/factotum/ctl' so they can take effect.  Afterwards you can delete
the old temporary password from user data, but only when the instance
is stopped.

For the curious, I've set up a plan 9 instance at ec2.hamnavoe.com,
using authentication domain outside.plan9.bell-labs.com so anyone
with a sources account can cpu into it.  I'll leave it running for
a few days (until my monthly free usage tier quota runs out).

Re: [9fans] plan 9 in the cloud - amazon ec2

[Skip Tavakkolian]

Thank you!  very nice.

Are there any hoops to jump through to import a VM? When I last
checked, it didn't seem possible to load a non-sanctioned OS image.

-Skip

On Thu, May 24, 2012 at 12:47 AM, Richard Miller <9fans@hamnavoe.com> wrote:
> I've made a few tweaks to the paravirtualised plan 9 kernel in
> /n/sources/xen/xen3 to make it compatible with the xen environment
> used in amazon's "elastic compute cloud".  There's an example public
> AMI (in zone eu-west-1) named ami-03c9f377 which can be used to
> instantiate a cpu server with fossil on a 1GB "elastic block storage"
> volume.  This fits within the free usage tier which you get for the
> first 12 months after creating an amazon web services account.
>
> When first launched, your server will start with authid = ec2, authdom
> and sysname equal to the ec2 instance id, and a randomly generated
> password which will be echoed to the system console, where it can be
> retrieved - only by the instance's owner - using the Get System Log
> function of the aws web interface.  (Be patient; there is often a
> delay of some minutes after launching an instance before the console
> log becomes available.)
>
> Alternatively, if the "user data" field, which you can create as part
> of launching an ec2 instance, contains a shell script (anything
> following a line beginning with #!/bin/rc), this will be run from
> /bin/cpurc.local at boot time.  You can use this to inject your own
> initial authentication details into factotum, by putting something
> like this in the user data field:
>  #!/bin/rc
>  auth/factotum -g 'proto=p9sk1 user=ec2 dom=my.auth.dom !password=XXXX'
>
> The random password or factotum script will allow you to connect to
> your server for the first time using cpu, drawterm or ssh1.  (For the
> first two, don't forget to open port 17010 or 17013 in the "security
> group" firewall.) You'll then want to use auth/wrkey to put new
> credentials securely into nvram, and reboot or run 'auth/readnvram
>>/mnt/factotum/ctl' so they can take effect.  Afterwards you can delete
> the old temporary password from user data, but only when the instance
> is stopped.
>
> For the curious, I've set up a plan 9 instance at ec2.hamnavoe.com,
> using authentication domain outside.plan9.bell-labs.com so anyone
> with a sources account can cpu into it.  I'll leave it running for
> a few days (until my monthly free usage tier quota runs out).
>
>

Re: [9fans] plan 9 in the cloud - amazon ec2

[Richard Miller]

> Are there any hoops to jump through to import a VM? When I last
> checked, it didn't seem possible to load a non-sanctioned OS image.

No, it's simple now - the AMI uses pv-grub (paravirtualised grub) as
the "kernel", which then loads the real kernel from an ext2 partition
on your own virtual disk which you control.

Re: [9fans] plan 9 in the cloud - amazon ec2

[andrey mirtchovski]

> No, it's simple now - the AMI uses pv-grub (paravirtualised grub) as
> the "kernel", which then loads the real kernel from an ext2 partition
> on your own virtual disk which you control.

can't resist to bastardize the guide. "this is obviously some strange
usage of the word simple that I wasn't previously aware of"

Re: [9fans] plan 9 in the cloud - amazon ec2

[Richard Miller]

> some strange
> usage of the word simple

By simple I meant you don't have to ask permission, just do it.

Andrey's right, technically it's a bit more challenging.  But not much.

Re: [9fans] plan 9 in the cloud - amazon ec2

[Skip Tavakkolian]

I'm not able to find that AMI. I only see one EU region (Ireland). Any
direct links?

Thanks,
-Skip

On Thu, May 24, 2012 at 12:47 AM, Richard Miller <9fans@hamnavoe.com> wrote:
> I've made a few tweaks to the paravirtualised plan 9 kernel in
> /n/sources/xen/xen3 to make it compatible with the xen environment
> used in amazon's "elastic compute cloud".  There's an example public
> AMI (in zone eu-west-1) named ami-03c9f377 which can be used to
> instantiate a cpu server with fossil on a 1GB "elastic block storage"
> volume.  This fits within the free usage tier which you get for the
> first 12 months after creating an amazon web services account.
>
> When first launched, your server will start with authid = ec2, authdom
> and sysname equal to the ec2 instance id, and a randomly generated
> password which will be echoed to the system console, where it can be
> retrieved - only by the instance's owner - using the Get System Log
> function of the aws web interface.  (Be patient; there is often a
> delay of some minutes after launching an instance before the console
> log becomes available.)
>
> Alternatively, if the "user data" field, which you can create as part
> of launching an ec2 instance, contains a shell script (anything
> following a line beginning with #!/bin/rc), this will be run from
> /bin/cpurc.local at boot time.  You can use this to inject your own
> initial authentication details into factotum, by putting something
> like this in the user data field:
>  #!/bin/rc
>  auth/factotum -g 'proto=p9sk1 user=ec2 dom=my.auth.dom !password=XXXX'
>
> The random password or factotum script will allow you to connect to
> your server for the first time using cpu, drawterm or ssh1.  (For the
> first two, don't forget to open port 17010 or 17013 in the "security
> group" firewall.) You'll then want to use auth/wrkey to put new
> credentials securely into nvram, and reboot or run 'auth/readnvram
>>/mnt/factotum/ctl' so they can take effect.  Afterwards you can delete
> the old temporary password from user data, but only when the instance
> is stopped.
>
> For the curious, I've set up a plan 9 instance at ec2.hamnavoe.com,
> using authentication domain outside.plan9.bell-labs.com so anyone
> with a sources account can cpu into it.  I'll leave it running for
> a few days (until my monthly free usage tier quota runs out).
>
>

Re: [9fans] plan 9 in the cloud - amazon ec2

[Richard Miller]

> I'm not able to find that AMI. I only see one EU region (Ireland). Any
> direct links?

Go to http://thecloudmarket.com and put "fossil" in the search box.

or launch directly with

https://console.aws.amazon.com/ec2/home?region=eu-west-1#launchAmi=ami-03c9f377

Re: [9fans] plan 9 in the cloud - amazon ec2

[Skip Tavakkolian]

Thank you Richard!

I was able to create an instance of this image -- but curiously only
in eu-west region.

FYI to others, port 567 should also be allowed in for the security group used.

-Skip


On Wed, Jun 6, 2012 at 12:27 AM, Richard Miller <9fans@hamnavoe.com> wrote:
>> I'm not able to find that AMI. I only see one EU region (Ireland). Any
>> direct links?
>
> Go to http://thecloudmarket.com and put "fossil" in the search box.
>
> or launch directly with
>
> https://console.aws.amazon.com/ec2/home?region=eu-west-1#launchAmi=ami-03c9f377
>
>

Re: [9fans] plan 9 in the cloud - amazon ec2

[Richard Miller]

> I was able to create an instance of this image -- but curiously only
> in eu-west region.

That's right, it seems AMIs are local to a region.  Once you've created
an instance, you should be able to clone that into a new AMI of your
own, in whatever region you choose.