1
=========================
2
Bazaar Windows EC2 Server
3
=========================
5
We have an Amazon EC2 virtual machine called Desolation_ for
6
building Windows packages and general testing on Windows. As of
7
2009-02-19, this is just experimental and this is a draft specification,
8
but we aim to use it for the production Windows installer build of 1.13 in
11
See also: `Bazaar Developer Documentation Catalog <index.html>`_.
14
.. _Desolation: http://en.wikipedia.org/wiki/Desolation_Island
20
* The instance is only running (and incurring charges) when it's needed
21
for testing or packaging.
23
* It can be started or stopped by anyone on the team using a
24
straightforward script.
26
* Multiple people can get into the same instance at the same time, e.g.
27
if one person needs to pass work on to some one else.
29
* We keep snapshot of the OS and tool chain so that we can roll back if
32
* bzr branches and similar information are kept on stable storage that
33
survives rollbacks of the OS state, and that can be backed up.
35
Later on we may try automated Windows testing in a similar setup.
41
The working disk and the AMI images are stored in one person's account for
44
Ideally we want to give other people access to run this machine without
45
giving full access to the account. I'm not sure if that's feasible. If
46
it's not, we might need to allow people to launch the image within their
47
own account; this may be problematic if the shared volume is already in
50
I don't think it's possible to have an EBS that's shared across accounts,
51
and they can't be attached to multiple running instances. So for now it's
52
probably best to just ignore the concept and store the working data on the
53
instance's local storage, and to copy things up e.g. to Launchpad as
56
On this machine, ``C:`` should be used only for the Windows system files,
57
``D:`` for installed programs and working directories, and other drive
58
letters can be used later for mounting EBS storage if desired.
60
Through ``ec2-modify-image-attribute`` we can allow nominated users to
61
access an existing image. We need to have their AWS opaque ID.
63
Through ``ec2-bundle-image`` we can make a new snapshot at any point,
64
which will be stored into the current user's S3 account.
66
We'll (probably) have one shared account for running builds which is also
67
an administrator for ease of installing software.
69
You do need to have an RSA keypair to get the initial password for a
70
Windows machine, even though you can't use it to log in later. As a quirk
71
of the tools(?) ``ec2-get-password`` needs the full path to the keypair
72
but ``ec2-add-keypair`` just wants part of the name. I guess this is
73
distinct from the account identifier because the image is relatively
74
untrusted(?). If the password is already set in the image, this shouldn't
77
It would be nice if rdesktop could use private key authentication but
80
Should check how the Launchpad ec2test scripts work.
90
* Be in the bzr core team. If you are interested in helping with
91
Windows packaging, testing or development just ask.
94
`Amazon EC2 API tools`_ (needs-packaging `bug 330930`_)
96
* Create a private key and certificate for yourself.
97
Check these environment variables are set and exported, e.g. by setting
98
them in the file ``~/.aws``. Make sure the files are private.::
100
EC2_PRIVATE_KEY=~/.ec2/pk-XXXXXX.pem
101
EC2_CERT=~/.ec2/cert-XXXXXX.pem
102
EC2_HOME=~/build/ec2-api-tools-1.3-30349
103
AWS_SECRET_ACCESS_KEY=XXXXXXXXX
104
AWS_ACCESS_KEY_ID=XXXXXXXXXXX
105
PATH=$PATH:$EC2_HOME/bin
106
JAVA_HOME=/usr/lib/jvm/java-6-openjdk
108
* Install the rdesktop client, to actually access the machine.
110
* Create an Amazon Web Services account, sign up for S3 and EC2, and do
111
the various steps to create authentication devices
113
* Possibly read some of the `EC2 documentation`_ for background.
115
.. _`bug 330930`: https://bugs.edge.launchpad.net/ubuntu/+bug/330930
116
.. _`Amazon EC2 API tools`:
117
http://developer.amazonwebservices.com/connect/entry.jspa?externalID=368&categoryID=88
118
.. _`EC2 documentation`: http://aws.amazon.com/
120
* Create a security group for your that allows rdesktop access and icmp with::
122
ec2-add-group desolation-group -d 'bzr win32 build machine'
123
ec2-authorize desolation-group -p 3389 -s 1.2.3.4/32
124
ec2-authorize desolation-group -t -1:-1 -P icmp
126
Add your public IP there. You can repeat that command to allow others
130
To start up an instance
131
-----------------------
133
1. Get the right AMI image ID from another developer.
135
1. Start the instance::
137
ec2-run-instances $image_id -g desolation-group
139
This will print out some information including the image id, something
142
1. Actually starting the machine will take a few minutes. Once it's in
143
the *running* state, get the machine's public IP with ::
145
ec2-describe-instances
147
1. and then connect ::
149
rdesktop -g 1200x850 -u Administrator $machine_ip
151
Don't forget to shut it down when you're done, and check with
152
``ec2-describe-instances`` that it did terminate.
155
To save a system snapshot as an image
156
-------------------------------------
158
1. Bundle the current state. *Doing this will reboot the machine.*
159
You need to choose a unique s3 bucket name,
160
typically based on a domain or email address, which can contain
161
any number of images. You also need a name unique within the bucket
162
for this image, like ``desolation-vs2008-20090219``. And finally
163
it needs your AWS S3 access key and secret key, which should be set in
166
ec2-bundle-instance -b ec2.sourcefrog.net \
167
-p desolation-vs2008-2009021 \
168
-o "$AWS_ACCESS_KEY_ID" \
169
-w "$AWS_SECRET_ACCESS_KEY"
171
1. This will take several minutes: You can check progress with ::
173
ec2-describe-bundle-tasks
175
1. Register the files as an image, e.g.::
177
ec2-register ec2.sourcefrog.net/desolation-vs2008-2009021
179
This will give you an AMI id for the image.
181
1. Give access to other team members identified by their Amazon account id::
183
ec2-modify-image-attributes $ami_id -l -a 123412341234