Debian EC2 AMI

After working on my FC6 AMI I started thinking about how small of an AMI I could create. The goal would be to have a 10 meg or less image that is very specialized for doing something like serving images with lighttpd or apache. I started very very small but the lack of console access on EC2 makes it hard to debug errors so I moved on to try and find a reasonable sized distro that I was more sure would work. I managed to find a Debian image that is pretty small and decided to see if I could make it work for EC2.

While looking around I found this Debian 3.1 Xen image pretty much ready to go. I downloaded it and wrote the following script that can be used to update the image so that it will work as an EC2 AMI.

I assume here that you have downloaded the image from the above site and that the name of the image is still debian.3-1.20061221.img.tar.bz2, if it is not you can modify the script to use the newly named file.

[code lang=”text”]
#!/bin/sh

tar xvjf debian.3-1.20061221.img.tar.bz2
rm -f debian.3-1.xen2.cfg
rm -f debian.3-1.xen3.cfg
rm -f debian.swap

mount -o loop debian.3-1.img /mnt

cat < /mnt/etc/fstab
/dev/sda1 / ext3 errors=remount-ro 0 1
proc /proc proc defaults 0 0
/dev/sda2 /mnt ext3 errors=remount-ro 0 2
/dev/sda3 none swap sw 0 0
EOL

sed -i -e ‘s/PermitRootLogin no/#PermitRootLogin no/g’ /mnt/etc/ssh/sshd_config

cat <> /mnt/etc/ssh/sshd_config
UseDNS no
PermitRootLogin without-password
EOL

cat < /mnt/etc/init.d/aws-auth.sh
#!/bin/sh
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# or fetch public key using the file in the ephemeral store:
if [ -e /mnt/openssh_id.pub ] ; then
cat /mnt/openssh_id.pub >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
EOL

chmod +x /mnt/etc/init.d/aws-auth.sh

cd /mnt/etc/rcS.d
ln -s ../init.d/aws-auth.sh S41aws-auth
cd –

touch /mnt/.firstrun

cat < /mnt/etc/init.d/firstrun.sh
#!/bin/sh
if [ -f “/.firstrun” ] ; then
dd if=/dev/urandom count=50|md5sum > /tmp/p.out
POUT=\`cat /tmp/p.out | cut -d” ” -f1-1\`
rm -f /tmp/p.out
/usr/sbin/usermod -p \$POUT root
rm -f /.firstrun
fi
EOL

chmod +x /mnt/etc/init.d/firstrun.sh

cd /mnt/etc/rcS.d
ln -s ../init.d/firstrun.sh S39firstrun
cd –

sync
umount /mnt
[/code]

After running the script you will have 45 meg image that is ready to run on EC2. Compared to any of the currently available public AMIs this is very small.

I plan on trying to see if I can get an even smaller image before I start creating images for each application I have in mind.

[tags]EC2, amazon, debian[/tags]

4 thoughts on “Debian EC2 AMI

  1. carson Post author

    The public AMI is available now: ami-8db95ce4

    It turns out the script had an error in the way it reset the root password as well. I have updated it to fix that problem.

Comments are closed.