Skip to content

Instantly share code, notes, and snippets.

@kennwhite

kennwhite/Launch_Alpine_Linux_3.3.x_on_AWS.md

Last active December 15, 2017 14:57
Show Gist options
  • Save kennwhite/d89174749ce468f7c455 to your computer and use it in GitHub Desktop.
Save kennwhite/d89174749ce468f7c455 to your computer and use it in GitHub Desktop.
Download ZIP
Launch Alpine Linux 3.3.x on Amazon Web Services
Raw
Launch_Alpine_Linux_3.3.x_on_AWS.md

Launch_Alpine_Linux_3.3.x_on_AWS.md

Create a local VM of Alpine Linux, eg: https://gist.github.com/kennwhite/959d47a77070d365ad60

  • On your workstation open a terminal and create a new ssh keypair:

    ssh-keygen -t rsa -b 4096 -C "alpine@example.com"

    • Set a meaningful keypair base file name when prompted, eg: alpine-test

  • On the Alpine VM, login as root

    • If you've not yet already done it, set a proper, strong root password
    • Add the public key (e.g. alpine-test.pub) to the Alpine /root/.ssh/authorized_keys file

  • Launch a new EC2 Amazon Linux micro instance: EBS-backed, PV (I haven't tested HVM yet), 2GB EBS root is fine. At the time of this writing, the AMI is: amzn-ami-minimal-pv-2015.09.2.x86_64-ebs (ami-b0f4deda)

  • Create a new 1GB EBS volume (make sure to set the same Availability Zone), attach it as: /dev/xvdf in the control pannel to that instance

  • On the new EC2 instance, login as ec2-user

    • Sudo root and create a stub boot volume for Alpine:
    sudo su -
cd /root
mke2fs -t ext4 /dev/xvdf
# Note: Do not partition it - just format the whole volume
curl -sLO http://wiki.alpinelinux.org/cgi-bin/dl.cgi/v3.3/releases/x86_64/alpine-3.3.1-x86_64.iso
openssl dgst -sha256 alpine-3.3.1-x86_64.iso 
# Compare this to the current hash:
#  0c6be63cbeab562e805b0e337edbc363e8f1291f67e6f9cb0f2daf6695587157  alpine-3.3.1-x86_64.iso

mkdir target
mkdir source
mount /dev/xvdf target
mount -o loop alpine-3.3.1-x86_64.iso source
cp -av source/boot target
cp -av source/apks target
umount source
mkdir -p target/boot/grub

cat - >target/boot/grub/grub.conf <<EOF 
default=0
timeout=3
hiddenmenu
title Alpine Linux
root (hd0)
kernel /boot/vmlinuz-grsec alpine_dev=xvda1:ext4 modules=loop,squashfs,sd-mod,ext4 console=hvc0 pax_nouderef BOOT_IMAGE=/boot/vmlinuz-grsec
initrd /boot/initramfs-grsec
EOF

cat /root/target/boot/grub/grub.conf 
cd target/boot/grub
ln -sf ./grub.conf ./menu.lst

  • On the Alpine Linux VM, as root force server-side keys to be regenerated on boot, then use the Alpine lbu local backup tool to bundle bootstrap files:

    rm /etc/ssh/*key* 
lbu include root/.ssh
lbu package amazon.apkovl.tar.gz
    • Copy the amazon.apkovl.tar.gz file from the Alpine VM to the EC2 instance /root/target
      • (This is a total hack, but works in a pinch if you don't want to move keys)
    base64 amazon.apkovl.tar.gz > amazon.apkovl.tar.gz.b64
    md5sum amazon.apkovl.tar.gz.b64
    cat amazon.apkovl.tar.gz.b64
  • Copy base64 contents (about 7K) to the paste buffer
  • On the EC2 instance:
    echo "[paste]" | base64 -id  > amazon.apkovl.tar.gz
    md5sum amazon.apkovl.tar.gz
    # (Assuming checksums match)
    tar -xzvf amazon.apkovl.tar.gz -C /root/target
  • On the EC2 instance, unmount the filesystem, then the volume umount /root/target
  • In the EBS Volume console, detach the new EBS volume (tag the volume name as "Alpine root" for sanity)
  • Stop the EC2 instance (don't temrinate), then detach the original root volume (maybe tag volume name as "Old root")
  • Attach the EBS volume as the root volume: /dev/sda1 (*note must be /dev/sda1 not /dev/sda)
  • Startup the instance
  • If you have trouble, check the ec2 console boot log from the Instance/Actions/Instance Settings menu
  • Getting stuck here see attached ec2 console log, showing startup, but not networking/dhcp/sshd
Raw
log-ec2-boot-no-network-or-sshd.log
System Log: i-xxxxxx (alpine-dev)
[Refresh]
Xen Minimal OS!
start_info: 0xae2000(VA)
nr_pages: 0x26700
shared_inf: 0x7ead9000(MA)
pt_base: 0xae5000(VA)
nr_pt_frames: 0x9
mfn_list: 0x9ae000(VA)
mod_start: 0x0(VA)
mod_len: 0
flags: 0x0
cmd_line: root=/dev/sda1 ro 4
stack: 0x96d840-0x98d840
MM: Init
_text: 0x0(VA)
_etext: 0x7dc7d(VA)
_erodata: 0x9a000(VA)
_edata: 0x9fce0(VA)
stack start: 0x96d840(VA)
_end: 0x9ade40(VA)
start_pfn: af1
max_pfn: 26700
Mapping memory range 0xc00000 - 0x26700000
setting 0x0-0x9a000 readonly
skipped 0x1000
MM: Initialise page allocator for c1f000(c1f000)-26700000(26700000)
MM: done
Demand map pfns at 26701000-2026701000.
Heap resides at 2026702000-4026702000.
Initialising timer interface
Initialising console ... done.
gnttab_table mapped at 0x26701000.
Initialising scheduler
Thread "Idle": pointer: 0x2026702050, stack: 0x26660000
Thread "xenstore": pointer: 0x2026702800, stack: 0x26670000
xenbus initialised on irq 1 mfn 0xcca5c2
Thread "shutdown": pointer: 0x2026702fb0, stack: 0x26680000
Dummy main: start_info=0x98d940
Thread "main": pointer: 0x2026703760, stack: 0x26690000
"main" "root=/dev/sda1" "ro" "4"
vbd 2049 is hd0
******************* BLKFRONT for device/vbd/2049 **********
backend at /local/domain/0/backend/vbd/22219/2049
Failed to read /local/domain/0/backend/vbd/22219/2049/feature-barrier.
Failed to read /local/domain/0/backend/vbd/22219/2049/feature-flush-cache.
2097152 sectors of 512 bytes
**************************
Press `ESC' to enter the menu... 2
Press `ESC' to enter the menu... 1
Press `ESC' to enter the menu... 0  Booting 'Alpine Linux'
root (hd0)
Filesystem type is ext2fs, using whole disk
kernel /boot/grsec alpine_dev=UUID=UUID=bd8695f8-9b42-4284-acad-49d9f1ee6d68:ex
t4 modules=loop,squashfs,sd-mod,ext4 console=hvc0 pax_nouderef BOOT_IMAGE=/boot
/grsec
initrd /boot/initramfs-grsec
============= Init TPM Front ================
Tpmfront:Error Unable to read device/vtpm/0/backend-id during tpmfront initialization! error = ENOENT
Tpmfront:Info Shutting down tpmfront
close blk: backend=/local/domain/0/backend/vbd/22219/2049 node=device/vbd/2049
[ 0.000000] PAT configuration [0-7]: WB WT UC- UC WC WP UC UC
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 4.1.15-2-grsec (buildozer@build-3-3-x86_64) (gcc version 5.3.0 (Alpine 5.3.0) ) #3-Alpine SMP Tue Jan 5 11:27:22 GMT 2016
[ 0.000000] Command line: alpine_dev=UUID=UUID=bd8695f8-9b42-4284-acad-49d9f1ee6d68:ext4 modules=loop,squashfs,sd-mod,ext4 console=hvc0 pax_nouderef BOOT_IMAGE=/boot/grsec
[ 0.000000] ACPI in unprivileged domain disabled
[ 0.000000] Released 0 page(s)
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] Xen: [mem 0x0000000000000000-0x000000000009ffff] usable
[ 0.000000] Xen: [mem 0x00000000000a0000-0x00000000000fffff] reserved
[ 0.000000] Xen: [mem 0x0000000000100000-0x0000000026efffff] usable
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] DMI not present or invalid.
[ 0.000000] Hypervisor detected: Xen
[ 0.000000] AGP: No AGP bridge found
[ 0.000000] e820: last_pfn = 0x26f00 max_arch_pfn = 0x400000000
[ 0.000000] init_memory_mapping: [mem 0x00000000-0x000fffff]
[ 0.000000] init_memory_mapping: [mem 0x26400000-0x265fffff]
[ 0.000000] init_memory_mapping: [mem 0x20000000-0x263fffff]
[ 0.000000] init_memory_mapping: [mem 0x00100000-0x1fffffff]
[ 0.000000] init_memory_mapping: [mem 0x26600000-0x26efffff]
[ 0.000000] RAMDISK: [mem 0x01a00000-0x03352fff]
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000000001000-0x0000000000ffffff]
[ 0.000000] DMA32 [mem 0x0000000001000000-0x0000000026efffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000001000-0x000000000009ffff]
[ 0.000000] node 0: [mem 0x0000000000100000-0x0000000026efffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000001000-0x0000000026efffff]
[ 0.000000] p2m virtual area at ffffc90000000000, size is 200000
[ 0.000000] Remapped 0 page(s)
[ 0.000000] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
[ 0.000000] e820: [mem 0x26f00000-0xffffffff] available for PCI devices
[ 0.000000] Booting paravirtualized kernel on Xen
[ 0.000000] Xen version: 3.4.3.amazon (preserve-AD)
[ 0.000000] clocksource refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370452778343963 ns
[ 0.000000] setup_percpu: NR_CPUS:32 nr_cpumask_bits:32 nr_cpu_ids:1 nr_node_ids:1
[ 0.000000] PERCPU: Embedded 28 pages/cpu @ffff880026200000 s76120 r8192 d30376 u2097152
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 156878
[ 0.000000] Kernel command line: alpine_dev=UUID=UUID=bd8695f8-9b42-4284-acad-49d9f1ee6d68:ext4 modules=loop,squashfs,sd-mod,ext4 console=hvc0 pax_nouderef BOOT_IMAGE=/boot/grsec
[ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.000000] AGP: Checking aperture...
[ 0.000000] AGP: No AGP bridge found
[ 0.000000] Memory: 580232K/637564K available (3790K kernel code, 690K rwdata, 2216K rodata, 1028K init, 796K bss, 57332K reserved, 0K cma-reserved)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] CONFIG_RCU_FANOUT set to non-default value of 32
[ 0.000000] RCU dyntick-idle grace-period acceleration is enabled.
[ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=1.
[ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[ 0.000000] NR_IRQS:4352 nr_irqs:32 16
[ 0.000000] xen:events: Using 2-level ABI
[ 0.000000] Console: colour dummy device 80x25
[ 0.000000] console [tty0] enabled
[ 0.000000] console [hvc0] enabled
[ 0.000000] clocksource xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[ 0.000000] installing Xen timer for CPU 0
[ 0.000000] tsc: Detected 1799.999 MHz processor
[23309526.368546] Calibrating delay loop (skipped), value calculated using timer frequency.. 3601.99 BogoMIPS (lpj=5999996)
[23309526.368560] pid_max: default: 32768 minimum: 501
[23309526.368612] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[23309526.368622] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[23309526.368963] Initializing cgroup subsys blkio
[23309526.368975] Initializing cgroup subsys memory
[23309526.368993] Initializing cgroup subsys devices
[23309526.369002] Initializing cgroup subsys freezer
[23309526.369011] Initializing cgroup subsys net_cls
[23309526.369020] Initializing cgroup subsys net_prio
[23309526.369101] PAX: PCID detected
[23309526.369115] CPU: Physical Processor ID: 1
[23309526.369121] CPU: Processor Core ID: 0
[23309526.369132] Last level iTLB entries: 4KB 512, 2MB 8, 4MB 8
[23309526.369138] Last level dTLB entries: 4KB 512, 2MB 32, 4MB 32, 1GB 0
[23309526.690129] Freeing SMP alternatives memory: 24K (ffffffff81798000 - ffffffff8179e000)
[23309526.692272] Performance Events: unsupported p6 CPU model 45 no PMU driver, software events only.
[23309526.692582] x86: Booted up 1 node, 1 CPUs
[23309526.692652] NMI watchdog: disabled (cpu0): hardware events not enabled
[23309526.692662] NMI watchdog: Shutting down hard lockup detector on all cpus
[23309526.692762] devtmpfs: initialized
[23309526.693045] clocksource jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370867519511994 ns
[23309526.693170] pinctrl core: initialized pinctrl subsystem
[23309526.693335] NET: Registered protocol family 16
[23309526.693359] xen:grant_table: Grant tables using version 1 layout
[23309526.693377] Grant table initialized
[23309526.693893] ACPI BIOS Error (bug): A valid RSDP was not found (20150410/tbxfroot-243)
[23309526.694876] PCI: setting up Xen PCI frontend stub
[23309526.698175] ACPI: Interpreter disabled.
[23309526.698200] xen:balloon: Initialising balloon driver
[23309526.699231] xen_balloon: Initialising balloon driver
[23309526.699457] vgaarb: loaded
[23309526.699519] usbcore: registered new interface driver usbfs
[23309526.699539] usbcore: registered new interface driver hub
[23309526.699558] usbcore: registered new device driver usb
[23309526.699959] PCI: System does not support PCI
[23309526.699969] PCI: System does not support PCI
[23309526.700222] Switched to clocksource xen
[23309526.700321] pnp: PnP ACPI: disabled
[23309526.703590] NET: Registered protocol family 2
[23309526.703785] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[23309526.703816] TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
[23309526.703846] TCP: Hash tables configured (established 8192 bind 8192)
[23309526.703895] UDP hash table entries: 512 (order: 2, 16384 bytes)
[23309526.703908] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[23309526.703962] NET: Registered protocol family 1
[23309526.704052] Trying to unpack rootfs image as initramfs...
[23309526.740596] Freeing initrd memory: 25932K (ffff880001a00000 - ffff880003353000)
[23309526.740901] platform rtc_cmos: registered platform RTC device (no PNP device found)
[23309526.740936] RAPL PMU detected, API unit is 2^-32 Joules, 3 fixed counters 163840 ms ovfl timer
[23309526.740948] hw unit of domain pp0-core 2^-16 Joules
[23309526.740954] hw unit of domain package 2^-16 Joules
[23309526.740961] hw unit of domain dram 2^-16 Joules
[23309526.741400] futex hash table entries: 256 (order: 2, 16384 bytes)
[23309526.742200] VFS: Disk quotas dquot_6.6.0
[23309526.742221] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[23309526.742524] bounce: pool size: 64 pages
[23309526.742548] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[23309526.742563] io scheduler noop registered
[23309526.742579] io scheduler cfq registered (default)
[23309526.742657] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[23309526.742691] pciehp: PCI Express Hot Plug Controller Driver version: 0.4
[23309526.742713] ERST DBG: ERST support is disabled.
[23309526.743440] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[23309526.746852] brd: module loaded
[23309526.751645] xen_netfront: Initialising Xen virtual ethernet driver
[23309526.753842] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[23309526.753857] ehci-pci: EHCI PCI platform driver
[23309526.753931] i8042: PNP: No PS/2 controller found. Probing ports directly.
[23309527.769557] i8042: No controller found
[23309527.769750] clocksource tsc: mask: 0xffffffffffffffff max_cycles: 0x19f228ab7a2, max_idle_ns: 440795289252 ns
[23309527.791176] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
[23309527.791275] rtc_cmos: probe of rtc_cmos failed with error -38
[23309527.791455] gre: GRE over IPv4 demultiplexor driver
[23309527.791494] Key type dns_resolver registered
[23309527.791825] registered taskstats version 1
[23309527.808821] blkfront: xvda1: barrier or flush: disabled; persistent grants: disabled; indirect descriptors: disabled;
[23309527.890349] hctosys: unable to open rtc device (rtc0)
[23309527.891170] Freeing unused kernel memory: 1028K (ffffffff81697000 - ffffffff81798000)
Alpine Init 3.0.2-r0
* Loading boot drivers: [23309527.918309] loop: module loaded
[23309527.918931] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[23309527.921217] SCSI subsystem initialized
ok.
* Mounting boot media: [23309528.147492] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: (null)
ok.
* Installing packages to root filesystem: (1/16) Installing musl (1.1.12-r1)
7 0% [ ]8(2/16) Installing busybox (1.24.1-r7)
7 8% [### ]87 21% [######### ]8Executing busybox-1.24.1-r7.post-install
(3/16) Installing alpine-baselayout (2.3.2-r10)
7 23% [######### ]8Executing alpine-baselayout-2.3.2-r10.pre-install
7 23% [######### ]87 23% [########## ]87 24% [########## ]8Executing alpine-baselayout-2.3.2-r10.post-install
(4/16) Installing openrc (0.19-r2)
7 28% [############ ]87 29% [############ ]87 30% [############ ]87 30% [############# ]87 31% [############# ]87 32% [############# ]87 32% [############## ]87 33% [############## ]87 34% [############## ]87 35% [############### ]8Executing openrc-0.19-r2.post-install
(5/16) Installing alpine-conf (3.3.0-r0)
7 38% [################ ]87 39% [################ ]87 39% [################# ]87 40% [################# ]87 41% [################# ]8(6/16) Installing zlib (1.2.8-r2)
7 41% [################# ]8(7/16) Installing libcrypto1.0 (1.0.2e-r0)
7 43% [################## ]87 75% [################################ ]87 77% [################################# ]87 78% [################################# ]87 79% [################################## ]87 80% [################################## ]87 81% [################################## ]87 81% [################################### ]8(8/16) Installing libssl1.0 (1.0.2e-r0)
7 82% [################################### ]8(9/16) Installing apk-tools (2.6.5-r1)
7 89% [###################################### ]8(10/16) Installing busybox-suid (1.24.1-r7)
7 93% [######################################## ]8(11/16) Installing busybox-initscripts (2.3-r1)
7 93% [######################################## ]87 94% [######################################## ]87 95% [######################################## ]8Executing busybox-initscripts-2.3-r1.post-install
(12/16) Installing scanelf (0.9.1-r0)
7 95% [######################################### ]8(13/16) Installing musl-utils (1.1.12-r1)
7 97% [######################################### ]87 97% [########################################## ]87 98% [########################################## ]8(14/16) Installing libc-utils (0.7-r0)
7 99% [########################################## ]8(15/16) Installing alpine-keys (1.1-r0)
7 99% [########################################## ]8(16/16) Installing alpine-base (3.3.1-r0)
7 99% [########################################## ]87100% [###########################################]8Executing busybox-1.24.1-r7.trigger
OK: 6 MiB in 16 packages
ok.
OpenRC 0.19.f96d2c4 is starting up Linux 4.1.15-2-grsec (x86_64) [XENU]
* /proc is already mounted
* Mounting /run ... * /run/openrc: creating directory
* /run/lock: creating directory
* /run/lock: correcting owner
* Caching service dependencies ... [ ok ]
* Remounting devtmpfs on /dev ... [ ok ]
* Mounting /dev/mqueue ... [ ok ]
* Mounting security filesystem ... [ ok ]
* Mounting debug filesystem ... [ ok ]
* Mounting cgroup filesystem ... [ ok ]
* Mounting modloop ... [ ok ]
* Starting busybox mdev ... [ ok ]
* Loading hardware drivers ... [ ok ]
* Loading modules ... [ ok ]
* Checking local filesystems ... [ ok ]
* Remounting filesystems ... [ ok ]
* Mounting local filesystems ... [ ok ]
* Configuring kernel parameters ... [ ok ]
* Migrating /var/lock to /run/lock ... [ ok ]
* Migrating /var/run to /run ... [ ok ]
* Creating user login records ... [ ok ]
* Wiping /tmp directory ... [ ok ]
* Setting hostname ... [ ok ]
* Starting busybox klogd ... [ ok ]
* Starting busybox syslog ... [ ok ]
Welcome to Alpine Linux 3.3
Kernel 4.1.15-2-grsec on an x86_64 (/dev/hvc0)
localhost login:
@cruisemaniac
Copy link

@kennwhite, thanks for the writeup. The entire setup works and I've been able to create an AMI and launch an instance. The problem however is that I'm unable to login! I have my authorized_keys setup but I just get permission denied!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment