Debian EC2 AMI

After working on my FC6 AMI I started thinking about how small of an AMI I could create. The goal would be to have a 10 meg or less image that is very specialized for doing something like serving images with lighttpd or apache. I started very very small but the lack of console access on EC2 makes it hard to debug errors so I moved on to try and find a reasonable sized distro that I was more sure would work. I managed to find a Debian image that is pretty small and decided to see if I could make it work for EC2.

While looking around I found this Debian 3.1 Xen image pretty much ready to go. I downloaded it and wrote the following script that can be used to update the image so that it will work as an EC2 AMI.

I assume here that you have downloaded the image from the above site and that the name of the image is still debian.3-1.20061221.img.tar.bz2, if it is not you can modify the script to use the newly named file.


tar xvjf debian.3-1.20061221.img.tar.bz2
rm -f debian.3-1.xen2.cfg
rm -f debian.3-1.xen3.cfg
rm -f debian.swap

mount -o loop debian.3-1.img /mnt

cat <<EOL > /mnt/etc/fstab
/dev/sda1       /       ext3    errors=remount-ro       0       1
proc            /proc   proc    defaults                0       0
/dev/sda2       /mnt    ext3    errors=remount-ro       0       2
/dev/sda3       none    swap    sw                      0       0

sed -i -e 's/PermitRootLogin no/#PermitRootLogin no/g' /mnt/etc/ssh/sshd_config

cat <<EOL >> /mnt/etc/ssh/sshd_config
UseDNS  no
PermitRootLogin without-password

cat <<EOL > /mnt/etc/init.d/
if [ ! -d /root/.ssh ] ; then
        mkdir -p /root/.ssh
        chmod 700 /root/.ssh
# or fetch public key using the file in the ephemeral store:
if [ -e /mnt/ ] ; then
        cat /mnt/ >> /root/.ssh/authorized_keys
        chmod 600 /root/.ssh/authorized_keys

chmod +x /mnt/etc/init.d/

cd /mnt/etc/rcS.d
ln -s ../init.d/ S41aws-auth
cd -

touch /mnt/.firstrun

cat <<EOL > /mnt/etc/init.d/
if [ -f "/.firstrun" ] ; then
  dd if=/dev/urandom count=50|md5sum > /tmp/p.out
  POUT=\`cat /tmp/p.out | cut -d" " -f1-1\`
  rm -f /tmp/p.out
  /usr/sbin/usermod -p \$POUT root
  rm -f /.firstrun

chmod +x /mnt/etc/init.d/

cd /mnt/etc/rcS.d
ln -s ../init.d/ S39firstrun
cd -

umount /mnt

After running the script you will have 45 meg image that is ready to run on EC2. Compared to any of the currently available public AMIs this is very small.

I plan on trying to see if I can get an even smaller image before I start creating images for each application I have in mind.

Tags: , ,

4 thoughts on “Debian EC2 AMI

  1. carson Post author

    The public AMI is available now: ami-8db95ce4

    It turns out the script had an error in the way it reset the root password as well. I have updated it to fix that problem.

Leave a Reply

Your email address will not be published. Required fields are marked *