From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@9fans.net From: Richard Miller <9fans@hamnavoe.com> Date: Thu, 24 May 2012 08:47:42 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: [9fans] plan 9 in the cloud - amazon ec2 Topicbox-Message-UUID: 950d253a-ead7-11e9-9d60-3106f5b1d025 I've made a few tweaks to the paravirtualised plan 9 kernel in /n/sources/xen/xen3 to make it compatible with the xen environment used in amazon's "elastic compute cloud". There's an example public AMI (in zone eu-west-1) named ami-03c9f377 which can be used to instantiate a cpu server with fossil on a 1GB "elastic block storage" volume. This fits within the free usage tier which you get for the first 12 months after creating an amazon web services account. When first launched, your server will start with authid = ec2, authdom and sysname equal to the ec2 instance id, and a randomly generated password which will be echoed to the system console, where it can be retrieved - only by the instance's owner - using the Get System Log function of the aws web interface. (Be patient; there is often a delay of some minutes after launching an instance before the console log becomes available.) Alternatively, if the "user data" field, which you can create as part of launching an ec2 instance, contains a shell script (anything following a line beginning with #!/bin/rc), this will be run from /bin/cpurc.local at boot time. You can use this to inject your own initial authentication details into factotum, by putting something like this in the user data field: #!/bin/rc auth/factotum -g 'proto=p9sk1 user=ec2 dom=my.auth.dom !password=XXXX' The random password or factotum script will allow you to connect to your server for the first time using cpu, drawterm or ssh1. (For the first two, don't forget to open port 17010 or 17013 in the "security group" firewall.) You'll then want to use auth/wrkey to put new credentials securely into nvram, and reboot or run 'auth/readnvram >/mnt/factotum/ctl' so they can take effect. Afterwards you can delete the old temporary password from user data, but only when the instance is stopped. For the curious, I've set up a plan 9 instance at ec2.hamnavoe.com, using authentication domain outside.plan9.bell-labs.com so anyone with a sources account can cpu into it. I'll leave it running for a few days (until my monthly free usage tier quota runs out).