View source | Discuss this page | Page history | Printable version   
Main Page
Upload file
What links here
Recent changes

PDF Books
Add page
Show collection (0 pages)
Collections help


Migrating Amazon Instance


Intro To The Topic

I have covered this topic as we moving large Amazon instances to small one's, but this not the only case that comes in to mind.

Migration can be as a response to

1) Shifting from 32 bit system to 64 bit or vice-versa.
2) Shifting to smaller or larger instance.
3) Process of replicating an instance.
4) etc.

Basic steps

1. start a small instance of any linux distro.
2. install gentoo in a chroot
3. rebundle that chroot into an AMI.
4. replicate packages from issues large to issues small.
5. replicate config.
6. testing.
7. announcements.
8. change the elastic ip. announce again.

Building Gentoo system in "chroot" environment

Preparation for chroot

Make a separate directory

mkdir /mnt/gentoo

Download the required base system needed to boot.

cd /mnt/gentoo

Untar gentoo stage3 tarball and mount other required drives.

tar jxpvf stage3-i686-2009.06.23.tar.bz2
cp -r /lib/modules/`uname -r` /mnt/gentoo/lib/modules/`uname -r`
mount -o rbind /proc /mnt/gentoo/proc
mount -o rbind /dev /mnt/gentoo/dev
mount -o rbind /sys /mnt/gentoo/sys
cat /proc/mounts > /mnt/gentoo/etc/mtab

chroot into the directory

chroot /mnt/gentoo /bin/bash

Building Packages

Setting up the environment

Update the environment with these commands.

source /etc/profile
export PS1="(<hostname>) $PS1"
depmod -a
modprobe loop
echo 'loop' >>/etc/modules.autoload.d/kernel-2.6

Setup base system

Set password for root user

passwd root

Set Timezone and other configurations

cp /usr/share/zoneinfo/Europe/Madrid /etc/localtime

Edit /etc/conf.d/clock to look like this


Set locale

Edit /etc/locale.gen to look like this

en_US.UTF-8 UTF-8

Edit /etc/env.d/02locale to look like this


Editing other system configuration files

Edit /etc/make.conf to look like this

CFLAGS="-O2 -pipe -march=i686 -mno-tls-direct-seg-refs"
USE="-ipv6 -gdbm -acl apache2 ldap vhosts"

Edit /etc/fstab to look like this

/dev/sda1 /        ext3  user_xattr          0 1
/dev/sda2 /mnt     ext3  user_xattr          0 2
/dev/sda3 swap     swap  sw                  0 0
shm       /dev/shm tmpfs nodev,nosuid,noexec 0 0

Edit /etc/inittab to disable all the terminals except the 1st one (c1). They'll never be used.

 c1:12345:respawn:/sbin/agetty 38400 tty1 linux
#c2:2345:respawn:/sbin/agetty 38400 tty2 linux
#c3:2345:respawn:/sbin/agetty 38400 tty3 linux
#c4:2345:respawn:/sbin/agetty 38400 tty4 linux
#c5:2345:respawn:/sbin/agetty 38400 tty5 linux
#c6:2345:respawn:/sbin/agetty 38400 tty6 linux

* Note: This is only a part of the full file.

Rebuild packages

emerge --sync
emerge -auDvNe world

As a measure of security we will restrict ssh to public key login only and not root ssh.

useradd <user>
passwd <user>
mkdir -p /home/<user>/.ssh

* Add user to wheel group to give "su" access.

Copy public key of your system to /home/<user>/.ssh/authorized_keys, so that you can login to this system later. And set the permissions of the home directory for error free login.

chown <user>:<user> /home/<user> -R
chmod 700 /home/<user>/.ssh
chmod 400 /home/<user>/.ssh/authorized_keys

Edit /etc/ssh/sshd_config to deny root access.

PermitRootLogin yes
PermitRootLogin no

Building new packages

Build necessary packages and make them start at boot up.

emerge -av dhcpcd
emerge -av syslog-ng
emerge -av vixie-cron
rc-update add sshd default
rc-update add vixie-cron default
rc-update add syslog-ng default

Edit /etc/dispatch-conf.conf to ease configuration file updates.

diff="diff -Nu '%s' '%s' | less --no-init --QUIT-AT-EOF"
diff="colordiff -Nu '%s' '%s' | less --no-init --QUIT-AT-EOF"

* Note: This is only a part of the full file.

Run dispatch-conf


* Note: This will as few questions, you can select some options as "u" to take the new one. "z" to ignore it, but be carefull and read what it means.

Copy configuration files from old server

Few files need to be either copied or to be referred from the old server for the smooth functioning of the new server.

Update /etc/conf.d/hostname
Update /etc/hosts
Copy /var/lib/portage/world
Copy /etc/portage/package.use
Copy /etc/portage/package.keywords

Building packages present in old server

After coping /var/lib/portage/world from old to new server to install all the packages present in old server just run these commands.

emerge -auDvN world
emerge -a --depclean
revdep-rebuild -- -a

Starting new AMI

Configuring ec2-ami-tools

cd /usr/local/
wget wget
ln -s ec2-ami-tools* ec2-ami-tools

* Copy /usr/local/sbin/image from the old to the new server.
* Edit /usr/local/sbin/image and replace x86_64 with i386 (if changing from 64 to 32 bit system).
* Copy /root/.ec2 too from one to the other.

Running Image script

Image script creates an image (bundle) of the system installed in the chroot environment.

export HOSTNAME=<hostname>

Then this image in un-bundled with the help of Amazon commands to create a new AMI. Basically these commands are used to register the xml manifest which in turn returns the AMI. Specific Configurations

As for issues server we need services like apache, mysql, qmail to be configured properly.

Making apache and mysql to start at boot

rc-update add apache2 default
rc-update add mysql default

Copy configuration

Copy /etc/apache
* Note: Make required changes (eg. change ServerRoot "/usr/lib/apache2" from lib64 in /etc/apache2/httpd.conf)
Copy /var/qmail/control/servercert.cnf

Restart services

/etc/init.d/apache2 restart
emerge --config netqmail

Setting up qmail

useradd openbravo
* Note: openbravo user is added to receive system mails.
cd /var/qmail/alias
echo openbravo > .qmail-root
echo openbravo > .qmail-postmaster
echo openbravo > .qmail-mailer-daemon
rc-update add svscan default
/etc/init.d/svscan start
* Note; This is required to monitor/supervise qmail service.
ln -s /var/qmail/supervise/qmail-send qmail-send

Test Qmail

Test qmail by sending a mail. A sample is here to help you as it helped me ;-)

cat << EOF > /tmp/mail
Subject: testing from issues

This is a test
cat /tmp/mail | /usr/sbin/sendmail -t -f $FROMADDR

For the final step of shifting to new issues we would need access from old server to new through ssh. So enable root access via ssh from new issues to old issues.

* Note: Generate a key for root in new issues, add it to authorized_keys in old and set permitrootlogin to yes in sshd_config. then reload ssh.

Copy apache/mantis data

rsync -avHx --delete /var/www/
/etc/ini.d/apache2 restart

Test Apache

* Note: Check new IP in your browser for Apache to respond.

Setup to enable password less access from

useradd hgbot
passwd hgbot
Copy /home/hgbot/.ssh/ from old to new
* Note: This copying provides password less access, as it includes authorized_keys file.

Few checks

To ensure your system to be exact copy of old system, match the output of few commands on both the servers.

rc-update show default
crontab -l

System Backup

There are two types of backup.

1) entire machine.
2) mantis db, sources, etc.

For 1) copy the old issues /usr/local/sbin/image to the new one and copy the crontab of root from the old to the new.

For 2) (i.e. copy the database and mantis to amazon S3) we have a self-made script in /usr/local/sbin/

Copy /usr/local/s3sync from old server to the new one.
Copy /usr/local/sbin/ from old server to the new one.

End up activities ( specific)

- you send an e-mail to
- we shut down apache in old server.
- we rsync the mysql database (adding --delete this time).
- Change the elastic IP, assigning it to the new instance.
- Announce again daying that it's finished.

Retrieved from ""

This page has been accessed 809 times. This page was last modified on 2 July 2009, at 12:15. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.