[ec2-beta] document: EC2 Ubuntu sudo Guide

Michael Greenly mgreenly at gmail.com
Wed Mar 11 16:17:30 GMT 2009 

On Wed, Mar 11, 2009 at 9:54 AM, Soren Hansen <soren at ubuntu.com> wrote:

>
> Ok. I'm not trying to make the argument that there's never a reason to
> rebundle. Of course there is. I'm just saying that there's plenty of
> situations where rebundling is neither necessary nor the more convenient
> option.


I think we view usages in opposite directions.  There's no way I could know
for sure but maybe you guys could get some statistics from Amazon about how
often public AMI based instances are used vs private AMIs.  There's no
reason to debate if hard evadence is available.



> Example scenario:
>
> You might have a single master MySQL server (running locally or in EC2
> with the DB backed by EBS). Getting that up and running is a simple
> matter of putting in a new mysql config and attaching the EBS volume.
> Certainly less than 10 commands. With an Ubuntu mirror inside EC2, this
> is fast and cheap, and having it install on boot automatically makes
> sure that the packages are up-to-date. In short: I wouldn't bother
> rebundling.


In this scenario it certianly would be more conveient to use rsync to push
that configuration file up as root from the client instead of logging in
sudo su and then pull the configuration file from some where off the
interent that will require authentication.


>
>
> > About half of that time is just waiting for 'apt-get install' with the
> > rest used to build custom packages from source.
>
> Why not build the custom packages outside of EC2 and just install them
> at boot time?


I could, that wasn't the part I was trying to point out.  I already have 15
minutes just waiting for apt to install 60 packages.  The base ami is pretty
empty.  You start pulling in for example the tools to work with XML etc... a
very large number of packages get pulled in.


> > Most people after using EC2 will very quickly realize that the extra 2
> > commands to bundle and register their AMI is completely worth it.  It
> > reduces my 30+ minute restart time down to less than 30 seconds.
>
> It's not just about the commands you need to run. It's also about making
> sure the images are kept up-to-date. It's about the extra space you need
> to use on S3 to store your image. And last but not least, it's about the
> fact that sometimes the base AMI is useful as it is.


That's like $0.15 / mnth ? If that's going to break the bank you can't
afford to use EC2 .... or buy lunch ;-)



>
> I don't think this discussion can usefully continue, unless you either
> accept that people will actually log into these instances and use them
>
as is, or that I reject the idea that anyone will ever, ever do so.


Hardly, I've always accepted that some amount of usage will not require
bunding an AMI but even so you need to push a configuraiton up.


>
> > I guess my request would be a blessed command that enables/disables
> > root logins.
>
> Didn't someone provide a link to something like that in this thread? I'm
> not sure. Besides, Ubuntu has a wiki. Anyone can put anything on there.


There's more to it than just copying ./ssh_authorized keys and deleting it.
The disable root command should make sure that there's no root password,
disable root logins in ssh, etc...  I'm not expert in these areas so I don't
know everything that should be done.  If it was a script in a utnbut-ec2
utility package it would mean many eyeballs get to look at it and tune it so
that it is much more robust.


>
>
> --
> Soren Hansen                 |
> Lead Virtualisation Engineer | Ubuntu Server Team
> Canonical Ltd.               | http://www.ubuntu.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iJsEAQECAAYFAkm30LQACgkQo+Mz6+DAzGzwCgP4x7Bn1uVpAdCmHPB3G5KhAbMP
> 2FBJCKa2Ae2daaDZhSSgSrdg+hLrAhOlzJb5PFn1moNzCO/cXsRLvKA08gE6JNBD
> LAh0nNiccAtg6fmnpMSQ4G3B3rk/WhkTEH9NxJYVz9TIzdypWv7VA/lfRJ8ER6C9
> sTaaJA9JEJmaPB3V5w==
> =eps1
> -----END PGP SIGNATURE-----
>
> --
> Ec2-beta mailing list
> Ec2-beta at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ec2-beta
>
>


-- 
Michael Greenly
http://blog.michaelgreenly.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/mailman/private/ec2/attachments/20090311/92eea8e3/attachment-0002.htm

More information about the Ec2-beta mailing list