EC2: Install ATLAS Software to an EBS volume

In CernVM: local ATLAS Software — the clean solution I proposed to install an ATLAS Software release to an EBS volume. I did it to make it locally available in CernVM running on EC2. The approach allows to move an EBS volume from one EC2 instance to another without losing important components and functionality. Here are some hints (both, CernVM specific and general) to follow before installing the software via pacman..

Start off from a fresh CernVM — migrate to group-atlas

Start a fresh CernVM 1.2.0 instance on EC2 (I used ami-a50cebcc, aki-9b00e5f2). Bootstrap it to the following configuration (via web interface):

  • create the new linux user atlasuser
  • under Virtual Organization Configuration choose ATLAS — keep everything else as No

Log in via ssh, using the new atlasuser account. At first, the necessary system components have to be installed using Conary.

[atlasuser@bla ~]$ sudo conary migrate group-atlas --interactive

You will need the “admin password” you set at bootstrap. If this migration step throws errors for you, consider this blog post: CernVM on Nimbus: kernel problems.

With migration to group-atlas, gcc gets installed. We will need it soon!

Create and attach EBS volume, make file system

Create a new EBS volume within the same availability zone as the CernVM instance just startet up. I chose 15 GB size. This should be enough to hold one ATLAS Software release plus a bit of additional stuff.

Attach this new EBS volume as e.g. /dev/sdh to the CernVM instance.

Regarding CernVM, now e2fsprogs has to be installed to create a filesystem on the fresh block device /dev/sdh. Therefore we need the compiler.
Work as root, download&install:

[root@bla ~]# wget
`e2fsprogs-1.41.6.tar.gz' saved [4422395/4422395]
[root@bla ~]# tar xzf e2fsprogs-1.41.6.tar.gz
[root@bla ~]# cd e2fsprogs-1.41.6
[root@bla e2fsprogs-1.41.6]# ./configure > cfg.log
[root@bla e2fsprogs-1.41.6]# make install > makeinst.log
make[1]: texi2dvi: Command not found
make[1]: [libext2fs.dvi] Error 127 (ignored)
/usr/bin/install: cannot stat `*': No such file or directory
make[1]: [install-doc-libs] Error 1 (ignored)
gzip: /usr/share/info/*: No such file or directory
make[1]: [install-doc-libs] Error 1 (ignored)

The warnings are no problem. Now mkfs.ext3 can be used:

[root@bla e2fsprogs-1.41.6]# /sbin/mkfs.ext3 /dev/sdh
mke2fs 1.41.6 (30-May-2009)
/dev/sdh is entire device, not just one partition!
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 37 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Mount it

Now the mountpoint has to be chosen. The objective is to install everything needed by the ATLAS Software to this EBS volume so that moving around with this volume between different instances (which are running operating systems supporting ATLAS Software) becomes possible.

Keep in mind that an ATLAS Software — once installed to a specific path — should always work under this path. By moving it around, you will get problems, even with new set up scripts. Furthermore, keeping everything necessary under the mountpoint allows to e.g. move an EBS volume from one EC2 instance to another without losing important components and functionality.

I chose the mountpoint /opt/atlas-local. Now and in the future, I will always have to mount the EBS volume to this directory.

Work as root: create mountpoint, mount device and give all rights:

[root@bla opt]# mkdir /opt/atlas-local
[root@bla opt]# mount /dev/sdh /opt/atlas-local
[root@bla opt]# chmod 777 /opt/atlas-local

Now log in as atlasuser and check out the new space:

[atlasuser@bla atlas-local]$ df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1              9293008   1999624   6821316  23% /
none                    890952         0    890952   0% /dev/shm
/dev/sdh              15481840    169592  14525816   2% /opt/atlas-local

Install ATLAS Software to this EBS volume

To install a new ATLAS Software Release to a subdirectory of the mountpoint, you can use my following script which automatically checks out pacman and invokes the installing command:

if [ -e ${PACMANDIR} ]; then
    echo --info: ${PACMANDIR} exists
    echo --info: cd ${PACMANDIR}/pacman-*
    cd ${PACMANDIR}/pacman-*
    echo --info: pwd: `pwd`
    echo --info: pacman setup
    echo --info: mkdir -p and cd to ${PACMANDIR}
    mkdir -p ${PACMANDIR}
    cd ${PACMANDIR}
    echo --info: download latest pacman
    echo --info: extract..
    tar xzf pacman-latest.tar.gz
    echo --info: cd pacman-*
    cd pacman-*
    echo --info: pwd: `pwd`
    echo --info: setup pacman..
echo --info: mkdir -p, cd to ${ATLASINSTALLDIR}
echo --info: pwd: `pwd`
echo --info: start installing ATLAS:
echo --info: invoke: pacman -pretend-platform SLC-4 -allow trust-all-caches -get am-IU:15.2.0
pacman -pretend-platform SLC-4 -allow trust-all-caches -get am-IU:15.2.0

With this script, the ATLAS Software 15.2.0 will get installed to /opt/atlas-local/15.2.0 while pacman resides at /opt/atlas-local/pacman. Adjust the version numbers to your needs. I use Indiana University mirror (am-IU). You perhaps want to modify this, too. Additionally, one could use :15.2.0+KV to automatically perform the Kit Validation after installation. This is a good idea for a new platform. But for CernVM 1.2.0 + group-atlas this KV always succeeds.

Furthermore, in CernVM: local ATLAS Software — the clean solution you can read about:

  • how to set up CMT
  • how to create a cmthome directory and a valid requirements file
  • how to set up the runtime environment for an ATLAS Software Release

Have fun and let me know what you think!

  • Jose Luis Vazquez-Poletti

    Hi there!

    First off, great posts about CernVM!

    I’m giving CernVM on EC2 a try but I find that is impossible to perform the bootstrap. You need to access compulsory via web and all the system is designed to be accessed from inside (I even tried “lynx” from another instance in the same zone).

    In your posts you say:

    “Start a fresh CernVM 1.2.0 instance on EC2 (I used ami-a50cebcc, aki-9b00e5f2). Bootstrap it to the following configuration (via web interface):

    * create the new linux user atlasuser
    * under Virtual Organization Configuration choose ATLAS — keep everything else as No”

    How do you do that? Pointing any browser to the instance’s public IP/DNS doesn’t work.

    Best regards and… keep the good work!

    • Hey Jose!

      The CernVM Webinterface is available via http://publicIP:8004 or https://publicIP:8003. You’re right; you cannot access these ports by default, because EC2’s firewall does not allow any connection to your VM by default.

      Hence, you’ve to modify your EC2 security group (the one that you’re starting your VM with) accordingly by allowing external TCP connections to port 8004 and/or 8003 from source Elasticfox is a great tool to do such things with a GUI.

      Then you’re able to use the rPath Appliance Platform Agent (webinterface) of the VM via browser from anywhere in the internet :)

      I hope I got your question right and this is the correct answer :-) Let me know!


  • Jose Luis Vazquez-Poletti

    Hi and thank you very much for your very fast reply!

    I changed the ports (in fact, I’m using ElasticFox too :-D) and it works! I added HTTP and HTTPS allowance to ports 8004 and 8003.

    However, the bootstrap fails after the last step (when choosing the VO). I get a nasty “Task failed to run with error ‘A permanent failure has occurred: Error: Error running ‘/etc/init.d/cernvm start’ stdout: stderr: ‘.” error.

    Probably is it because it can’t access to the software repository because of the security group restrictions?

    Thank you very much again!

    • Hello :-) !

      I think I’ve never seen this error. The cernvm daemon/service does not start up. I can’t tell you the reason for this. But it shouldn’t be the result of any network issue, because a) the repository should not be queried so early and b) if an internet connection is needed (e.g. to connect to CernVM servers to “talk home” and gather some information, which really happens) it should be available, because outgoing connections are allowed by default in your security group (are they?).

      From my experience, it’s very important that you use the correct kernel when starting the VM. The last time I worked with CernVM, it was version 1.2.0. As you can see above, I used the image ami-a50cebcc together with the kernel aki-9b00e5f2.

      When you’re sure that you’re exactly reproducing these steps and the error occurs again, then it’s possibly worth asking on the mailing lists:

      Let me know, if you find out anything interesting ;).

      Have a nice day,


  • Jose Luis Vazquez-Poletti

    Thank you very much again!

    I’ll take a look at everything you mention :-).