Richard Miller
2012-05-24 07:47:42 UTC
I've made a few tweaks to the paravirtualised plan 9 kernel in
/n/sources/xen/xen3 to make it compatible with the xen environment
used in amazon's "elastic compute cloud". There's an example public
AMI (in zone eu-west-1) named ami-03c9f377 which can be used to
instantiate a cpu server with fossil on a 1GB "elastic block storage"
volume. This fits within the free usage tier which you get for the
first 12 months after creating an amazon web services account.
When first launched, your server will start with authid = ec2, authdom
and sysname equal to the ec2 instance id, and a randomly generated
password which will be echoed to the system console, where it can be
retrieved - only by the instance's owner - using the Get System Log
function of the aws web interface. (Be patient; there is often a
delay of some minutes after launching an instance before the console
log becomes available.)
Alternatively, if the "user data" field, which you can create as part
of launching an ec2 instance, contains a shell script (anything
following a line beginning with #!/bin/rc), this will be run from
/bin/cpurc.local at boot time. You can use this to inject your own
initial authentication details into factotum, by putting something
like this in the user data field:
#!/bin/rc
auth/factotum -g 'proto=p9sk1 user=ec2 dom=my.auth.dom !password=XXXX'
The random password or factotum script will allow you to connect to
your server for the first time using cpu, drawterm or ssh1. (For the
first two, don't forget to open port 17010 or 17013 in the "security
group" firewall.) You'll then want to use auth/wrkey to put new
credentials securely into nvram, and reboot or run 'auth/readnvram
is stopped.
For the curious, I've set up a plan 9 instance at ec2.hamnavoe.com,
using authentication domain outside.plan9.bell-labs.com so anyone
with a sources account can cpu into it. I'll leave it running for
a few days (until my monthly free usage tier quota runs out).
/n/sources/xen/xen3 to make it compatible with the xen environment
used in amazon's "elastic compute cloud". There's an example public
AMI (in zone eu-west-1) named ami-03c9f377 which can be used to
instantiate a cpu server with fossil on a 1GB "elastic block storage"
volume. This fits within the free usage tier which you get for the
first 12 months after creating an amazon web services account.
When first launched, your server will start with authid = ec2, authdom
and sysname equal to the ec2 instance id, and a randomly generated
password which will be echoed to the system console, where it can be
retrieved - only by the instance's owner - using the Get System Log
function of the aws web interface. (Be patient; there is often a
delay of some minutes after launching an instance before the console
log becomes available.)
Alternatively, if the "user data" field, which you can create as part
of launching an ec2 instance, contains a shell script (anything
following a line beginning with #!/bin/rc), this will be run from
/bin/cpurc.local at boot time. You can use this to inject your own
initial authentication details into factotum, by putting something
like this in the user data field:
#!/bin/rc
auth/factotum -g 'proto=p9sk1 user=ec2 dom=my.auth.dom !password=XXXX'
The random password or factotum script will allow you to connect to
your server for the first time using cpu, drawterm or ssh1. (For the
first two, don't forget to open port 17010 or 17013 in the "security
group" firewall.) You'll then want to use auth/wrkey to put new
credentials securely into nvram, and reboot or run 'auth/readnvram
/mnt/factotum/ctl' so they can take effect. Afterwards you can delete
the old temporary password from user data, but only when the instanceis stopped.
For the curious, I've set up a plan 9 instance at ec2.hamnavoe.com,
using authentication domain outside.plan9.bell-labs.com so anyone
with a sources account can cpu into it. I'll leave it running for
a few days (until my monthly free usage tier quota runs out).