aws base script
I thought I’d post a quick example of how to use aws and rightscale to setup a basic instance with your local user account. The below is really a mix of our rpm pre- and post- install scripts, although should give you and idea on how to create you own base instance.
The below script installs a few commonly used packages, moves home and opt directories to the ephemeral drive, and creates your user account. The script also adds the user to the sudoers files and gives the root account user a password.
It’s a pretty quick script to setup your local account on aws. Basically we follow a similar path although execute a few of the below commands within our rpm, something like `yum install -y base`. Kind of cool.
here’s the script…
#!/bin/sh yum install -y wget ntp
The below is a rightscale wrapper around the ec2 meta data api that fetches and sets environment variables. In the below example I’m using the script to populate the ip address and then set the hostname.
source "/var/spool/ec2/meta-data.sh" echo "$EC2_LOCAL_IPV4 $HOST_NAME" >> /etc/hosts hostname $HOST_NAME echo "HOSTNAME=$HOST_NAME" >> /etc/sysconfig/network
Next I create a tmp directory on the ephemeral drive and setup the network time protocol. More info here http://www.ntp.org/
mkdir /mnt/tmp chmod 1777 /mnt/tmp modprobe capability /etc/init.d/ntpd start
I then move /opt and /home directories to the ephemeral drive. There are several instance types to choose from on ec2, I typically use a large instance that includes 2×420 GB plus 10 GB root partition.
mv /opt /mnt ln -s /mnt/opt /opt mv /home /mnt ln -s /mnt/home /home
The below are basic commands for creating user accounts. The difference here is that I’m grabbing a few things that are available via rightscale’s rightscripts. First both user password and public key are used to create the user account.
useradd -m -G wheel -p $USER_PASSWORD username mkdir /home/username/.ssh mv $ATTACH_DIR/id_rsa.pub /home/username/.ssh/authorized_keys chown -R username:username /home/username/.ssh chmod 0600 /home/username/.ssh/authorized_keys
Next I grab a sudoers file and disable root login to the instance.
mv $ATTACH_DIR/sudoers /etc/sudoers chmod 0440 /etc/sudoers head --lines=-1 /etc/ssh/sshd_config > /tmp/sshd_config echo "PermitRootLogin no" >> /tmp/sshd_config mv -f /tmp/sshd_config /etc/ssh/sshd_config /usr/sbin/usermod -p $ROOT_PASSWORD root
Finally I restart sshd.
/etc/init.d/sshd restart
The above $USER_PASSWORD should be substituted with actual values. For example, you could use openssl passwd to generate crypted passwords. Rightscale allows you to inspect your script during design and then included as inputs when you spin up your instance. Any feedback is welcome.
Here’s the full script
