Alestic.com - A Personal AWS Blog by Eric Hammond

New updates have been released for the Ubuntu and Debian AMIs (EC2 images) published on:

https://alestic.com

The following improvements are included in this release:

• Ubuntu 9.04 Jaunty now uses an Ubuntu mirror inside of EC2 hosted by RightScale. This dramatically improves the performance of updates and upgrades. Hardy and Intrepid were already using the mirrors inside EC2.

• The Hardy, Intrepid, and Jaunty images have been enhanced to add failover for Ubuntu archive mirror hosts across availability zones (data centers). This change lets an Ubuntu instance perform package updates and upgrades even if one or two of the EC2 availability zones are completely unavailable.

• The denyhosts package is now installed on desktop images for improved security. The Amazon abuse team has identified the Ubuntu desktop images as a source of compromised systems. The cause for this is believed to be unsecure passwords set by users, since the desktop images have PasswordAuthentication enabled by default so that the NX client can connect. The denyhosts package blocks ssh attacks by adding remote systems to /etc/hosts.deny if they keep failing password logins.

  The published Ubuntu and Debian server images continue to have PasswordAuthentication turned off by default for improved security. If you choose to turn this on, I recommend installing a package like denyhosts and using software like the following to generate secure passwords:

    sudo apt-get install pwgen
    pwgen -s 10 1
  

• The EC2 AMI tools have been upgraded to version 1.3-31780.

• All software packages have been updated to versions current as of 2009-06-14.

Community support for Ubuntu on EC2 is available in this group:

http://groups.google.com/group/ec2ubuntu

Community support for Debian on EC2 is available in this group:

http://groups.google.com/group/ec2debian

The 32-bit Debian squeeze images and the 32-bit Debian etch desktop image have not been updated yet due to problems with initial package installation. Images will be released when these issues are resolved.

The following enhancements have been made to the ec2ubuntu-build-ami software which is used to build Ubuntu and Debian images for EC2.

• New --kernel and --ramdisk options have been added to specify AKI and ARI. If you specify a different kernel, you should also specify kernel modules with --package or install them with the --script option.

• Support has been removed for Ubuntu Edgy, Feisty, and Gutsy. These releases have reached their end of life. To improve the clarity of the code this software no longer supports building these images.

• There has been a typo fix for $originaldir for folks who were using the --script option.

• There has been a typo fix for /dev/ptmx though it apparently had no effect given how these images are built.

Thanks to Stephen Parkes and Paul Dowman for submitting patches.

Enjoy!

UPDATE-3: As of 2009-06-16 02:35a, Canonical has restored the Ubuntu mirror for EC2 in the US region. It looks like everything is operating normally now.

UPDATE-2: Canonical has restored the Ubuntu mirror for EC2 in the EU region.

UPDATE-1: The DNS names for the Canonical Ubuntu mirrors on EC2 have been temporarily switched to point to the Ubuntu mirrors outside of EC2. This is a great idea that gets things working again until the EC2 mirrors can be brought back up. If you really want to use mirrors inside EC2 for performance or (minor) cost considerations, you could still switch to the RightScale mirrors.

As I write this, the Ubuntu archive mirrors on EC2 run by Canonical are currently unavailable in both the US and European regions. If you are running the Ubuntu images for EC2 published by Canonical, this prevents you from being able to apt-get update or apt-get upgrade

The Canonical IS team is currently on the job investigating and correcting the issue, but if you need a quick fix in the mean time, you can run the following command on the instance to switch to a Canonical Ubuntu mirror outside of EC2 (standard EC2 network charges apply):

oldarchive='(us|eu)\.ec2\.archive\.ubuntu\.com'
newarchive='$1.archive.ubuntu.com'
sudo perl -pi.orig -e "s/$oldarchive/$newarchive/" /etc/apt/sources.list

This command saves a copy of the original file in /etc/apt/sources.list.orig so that you can copy it back when the outage is over.

Alternatively, you could switch to the Ubuntu mirror in EC2 run by RightScale:

oldarchive='[.\w]+\.archive\.ubuntu\.com'
newarchive='ec2-us-east-mirror.rightscale.com'
sudo perl -pi.orig -e "s/$oldarchive/$newarchive/" /etc/apt/sources.list

Note that RightScale does not mirror the source packages, so you might want to comment out the deb-src lines:

sudo perl -pi -e 's/^(deb-src)/#$1/' /etc/apt/sources.list

The Ubuntu images for EC2 that I publish on https://alestic.com use the RightScale Ubuntu mirrors by default and are not affected by the current outage.

New updates have been released for all* of the Ubuntu and Debian AMIs listed on:

https://alestic.com

The primary enhancements in this release are:

• Ubuntu Hardy and Intrepid have new apt sources.list pointing to the local EC2 mirrors provided by RightScale. Please let me know if you have any problems with updates.

• Debian “lenny” has been released as the new “stable”. Debian “squeeze” is the new “testing”, so the latest Debian mapping is as follows:

  squeeze - “testing” lenny - “stable” etch - “oldstable”

As always, “sid” is “unstable” and I can’t imagine why you would want to run this on EC2 unless you’re a Debian developer in which case you should probably built your own AMIs.

When I run “squeeze” it thinks that it is “lenny” (lsb_release -a). I assume that this is because it has just been branched from lenny but it’s possible that I didn’t build it correctly. Let me know if you have further information on this.

Notes:

• The Ubuntu 6.10 Edgy and 7.04 Feisty AMIs are obsolete, unsupported, and are not updated.

• The AMIs are in the process of being copied to eu-west-1 (Europe). Documentation will be updated soon.