bzr branch
http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar
|
4012.2.1
by Martin Pool
Documentation on using EC2 Windows VM |
1 |
========================= |
2 |
Bazaar Windows EC2 Server |
|
3 |
========================= |
|
4 |
||
5 |
We have an Amazon EC2 virtual machine called Desolation_ for |
|
6 |
building Windows packages and general testing on Windows. As of |
|
7 |
2009-02-19, this is just experimental and this is a draft specification, |
|
8 |
but we aim to use it for the production Windows installer build of 1.13 in |
|
9 |
March. |
|
10 |
||
|
4012.2.2
by Martin Pool
ReST syntax fix |
11 |
See also: |
12 |
||
13 |
* `Bazaar Developer Documentation Catalog <index.html>`_. |
|
|
4012.2.1
by Martin Pool
Documentation on using EC2 Windows VM |
14 |
|
15 |
||
16 |
.. _Desolation: http://en.wikipedia.org/wiki/Desolation_Island |
|
17 |
||
18 |
||
19 |
Goals |
|
20 |
===== |
|
21 |
||
22 |
* The instance is only running (and incurring charges) when it's needed |
|
23 |
for testing or packaging. |
|
24 |
||
25 |
* It can be started or stopped by anyone on the team using a |
|
26 |
straightforward script. |
|
27 |
||
28 |
* Multiple people can get into the same instance at the same time, e.g. |
|
29 |
if one person needs to pass work on to some one else. |
|
30 |
||
31 |
* We keep snapshot of the OS and tool chain so that we can roll back if |
|
32 |
we need to. |
|
33 |
||
34 |
* bzr branches and similar information are kept on stable storage that |
|
35 |
survives rollbacks of the OS state, and that can be backed up. |
|
36 |
||
37 |
Later on we may try automated Windows testing in a similar setup. |
|
38 |
||
39 |
||
40 |
Approach |
|
41 |
======== |
|
42 |
||
43 |
The working disk and the AMI images are stored in one person's account for |
|
44 |
billing purposes. |
|
45 |
||
46 |
Ideally we want to give other people access to run this machine without |
|
47 |
giving full access to the account. I'm not sure if that's feasible. If |
|
48 |
it's not, we might need to allow people to launch the image within their |
|
49 |
own account; this may be problematic if the shared volume is already in |
|
50 |
use by someone else. |
|
51 |
||
52 |
I don't think it's possible to have an EBS that's shared across accounts, |
|
53 |
and they can't be attached to multiple running instances. So for now it's |
|
54 |
probably best to just ignore the concept and store the working data on the |
|
55 |
instance's local storage, and to copy things up e.g. to Launchpad as |
|
56 |
required. |
|
57 |
||
58 |
On this machine, ``C:`` should be used only for the Windows system files, |
|
59 |
``D:`` for installed programs and working directories, and other drive |
|
60 |
letters can be used later for mounting EBS storage if desired. |
|
61 |
||
62 |
Through ``ec2-modify-image-attribute`` we can allow nominated users to |
|
63 |
access an existing image. We need to have their AWS opaque ID. |
|
64 |
||
65 |
Through ``ec2-bundle-image`` we can make a new snapshot at any point, |
|
66 |
which will be stored into the current user's S3 account. |
|
67 |
||
68 |
We'll (probably) have one shared account for running builds which is also |
|
69 |
an administrator for ease of installing software. |
|
70 |
||
71 |
You do need to have an RSA keypair to get the initial password for a |
|
72 |
Windows machine, even though you can't use it to log in later. As a quirk |
|
73 |
of the tools(?) ``ec2-get-password`` needs the full path to the keypair |
|
74 |
but ``ec2-add-keypair`` just wants part of the name. I guess this is |
|
75 |
distinct from the account identifier because the image is relatively |
|
76 |
untrusted(?). If the password is already set in the image, this shouldn't |
|
77 |
be necessary. |
|
78 |
||
79 |
It would be nice if rdesktop could use private key authentication but |
|
80 |
apparently not. |
|
81 |
||
82 |
Should check how the Launchpad ec2test scripts work. |
|
83 |
||
84 |
||
85 |
||
86 |
Procedures |
|
87 |
========== |
|
88 |
||
89 |
Preparation |
|
90 |
----------- |
|
91 |
||
92 |
* Be in the bzr core team. If you are interested in helping with |
|
93 |
Windows packaging, testing or development just ask. |
|
94 |
||
95 |
* Install the |
|
96 |
`Amazon EC2 API tools`_ (needs-packaging `bug 330930`_) |
|
97 |
||
98 |
* Create a private key and certificate for yourself. |
|
99 |
Check these environment variables are set and exported, e.g. by setting |
|
100 |
them in the file ``~/.aws``. Make sure the files are private.:: |
|
101 |
||
102 |
EC2_PRIVATE_KEY=~/.ec2/pk-XXXXXX.pem |
|
103 |
EC2_CERT=~/.ec2/cert-XXXXXX.pem |
|
104 |
EC2_HOME=~/build/ec2-api-tools-1.3-30349 |
|
105 |
AWS_SECRET_ACCESS_KEY=XXXXXXXXX |
|
106 |
AWS_ACCESS_KEY_ID=XXXXXXXXXXX |
|
107 |
PATH=$PATH:$EC2_HOME/bin |
|
108 |
JAVA_HOME=/usr/lib/jvm/java-6-openjdk |
|
109 |
||
110 |
* Install the rdesktop client, to actually access the machine. |
|
111 |
||
112 |
* Create an Amazon Web Services account, sign up for S3 and EC2, and do |
|
113 |
the various steps to create authentication devices |
|
114 |
||
115 |
* Possibly read some of the `EC2 documentation`_ for background. |
|
116 |
||
117 |
.. _`bug 330930`: https://bugs.edge.launchpad.net/ubuntu/+bug/330930 |
|
118 |
.. _`Amazon EC2 API tools`: |
|
119 |
http://developer.amazonwebservices.com/connect/entry.jspa?externalID=368&categoryID=88 |
|
120 |
.. _`EC2 documentation`: http://aws.amazon.com/ |
|
121 |
||
122 |
* Create a security group for your that allows rdesktop access and icmp with:: |
|
123 |
||
124 |
ec2-add-group desolation-group -d 'bzr win32 build machine' |
|
125 |
ec2-authorize desolation-group -p 3389 -s 1.2.3.4/32 |
|
126 |
ec2-authorize desolation-group -t -1:-1 -P icmp |
|
127 |
||
128 |
Add your public IP there. You can repeat that command to allow others |
|
129 |
in. |
|
130 |
||
131 |
||
132 |
To start up an instance |
|
133 |
----------------------- |
|
134 |
||
135 |
1. Get the right AMI image ID from another developer. |
|
136 |
||
137 |
1. Start the instance:: |
|
138 |
||
139 |
ec2-run-instances $image_id -g desolation-group |
|
140 |
||
141 |
This will print out some information including the image id, something |
|
142 |
like ``i-31a74258``. |
|
143 |
||
144 |
1. Actually starting the machine will take a few minutes. Once it's in |
|
145 |
the *running* state, get the machine's public IP with :: |
|
146 |
||
147 |
ec2-describe-instances |
|
148 |
||
149 |
1. and then connect :: |
|
150 |
||
151 |
rdesktop -g 1200x850 -u Administrator $machine_ip |
|
152 |
||
153 |
Don't forget to shut it down when you're done, and check with |
|
154 |
``ec2-describe-instances`` that it did terminate. |
|
155 |
||
156 |
||
157 |
To save a system snapshot as an image |
|
158 |
------------------------------------- |
|
159 |
||
160 |
1. Bundle the current state. *Doing this will reboot the machine.* |
|
161 |
You need to choose a unique s3 bucket name, |
|
162 |
typically based on a domain or email address, which can contain |
|
163 |
any number of images. You also need a name unique within the bucket |
|
164 |
for this image, like ``desolation-vs2008-20090219``. And finally |
|
165 |
it needs your AWS S3 access key and secret key, which should be set in |
|
166 |
``~/.aws``:: |
|
167 |
||
168 |
ec2-bundle-instance -b ec2.sourcefrog.net \ |
|
169 |
-p desolation-vs2008-2009021 \ |
|
170 |
-o "$AWS_ACCESS_KEY_ID" \ |
|
171 |
-w "$AWS_SECRET_ACCESS_KEY" |
|
172 |
||
173 |
1. This will take several minutes: You can check progress with :: |
|
174 |
||
175 |
ec2-describe-bundle-tasks |
|
176 |
||
177 |
1. Register the files as an image, e.g.:: |
|
178 |
||
179 |
ec2-register ec2.sourcefrog.net/desolation-vs2008-2009021 |
|
180 |
||
181 |
This will give you an AMI id for the image. |
|
182 |
||
183 |
1. Give access to other team members identified by their Amazon account id:: |
|
184 |
||
185 |
ec2-modify-image-attributes $ami_id -l -a 123412341234 |
|
186 |
||
187 |
||
188 |
.. |
|
189 |
vim: ft=rst tw=74 ai |