Congratulations to Google on the open sourcing of Google Chrome OS

When Chrome OS was announced in June we saw this as a positive development, bringing choice to the consumer. We considered how open source development is as much about co-operation as it is about competition. Google have made it clear that they are keen to develop Chrome OS openly and we have had the pleasure of hosting a number of the Google team at the Ubuntu Developer Summit in Dallas over the last few days where we have been able to see that openness in action.

In the interest of transparency, we should declare that Canonical is contributing engineering to Google under contract.  In our discussions, Sundar Pichai and Linus Upson made it clear that they want , wherever feasible,  to build on existing components and tools from the open source community without unnecessary re-invention.   This clear focus should benefit a wide variety of existing projects and we welcome it.

On the consumer side, people will ask about the positioning of Chrome OS and Ubuntu. While the two operating systems share some core components, Google Chrome OS will provide a very different experience to Ubuntu.  Ubuntu will continue to be a general purpose OS running both web and native applications such as OpenOffice and will not require specialised hardware.

So 2010 looks set to be a very exciting year. In addition to delivering Ubuntu experiences with both existing and new OEM partners, we will be working with Google on Chrome OS based devices.

Chris Kenyon  VP of OEM Services, Canonical

As Thilo Maier pointed out in comments on my request for UDS input, I have been publishing both server and desktop AMIs for running Ubuntu on EC2 up through Jaunty, but the official Karmic AMIs on EC2 only support server installations by default.

Ubuntu makes it pretty easy to install the desktop software on a server, and NX from NoMachine makes it pretty easy to access that desktop remotely, with near real-time interactivity even over slowish connections.

Here’s a quick guide to setting this up, starting with an Ubuntu 9.10 Karmic AMI on Amazon EC2:

1. Create a user-data script which installs runurl (not on Karmic AMIs by default) and then runs a simple desktop and NX server installation script. Examine the desktop script to see what it’s doing to install the software.

   cat <<EOM >install-desktop
   #!/bin/bash -ex
   wget -qO/usr/bin/runurl run.alestic.com/runurl
   chmod 755 /usr/bin/runurl
   runurl run.alestic.com/install/desktop
   EOM
   

2. Start an instance on EC2 telling it to run the above user-data script on first boot. The following example uses the current 32-bit Karmic server AMI. Make sure you’re using the latest AMI id.

   ec2-run-instances                   \
     --key YOURKEY                     \
     --user-data-file install-desktop  \
     ami-1515f67c
   

3. Connect to the new instance and wait for it to complete the desktop software installation (when sshd is restarted). This takes about 30 minutes on an m1.small instance and 10 minutes on a c1.medium instance. Then generate and set a secure password for the ubuntu user using copy/paste from the pwgen output. Save the secure password so you can enter it into the NX client later.

   ssh -i YOURKEY.pem ubuntu@THEHOST
   tail -f /var/log/syslog | egrep --line-buffer user-data:
   pwgen -s 16 1
   sudo passwd ubuntu
   

   If anybody knows how to use ssh keys with NX, I’d love to do this instead of using passwords.

4. Back on your local system, install and run the NX client. For computers not running Ubuntu, download the appropriate software from NoMachine.

   wget http://64.34.161.181/download/3.4.0/Linux/nxclient_3.4.0-5_i386.deb
   sudo dpkg -i nxclient_3.4.0-5_i386.deb
   /usr/NX/bin/nxclient --wizard &
   

   Point the NX Client to the external hostname of your EC2 instance. Enter the Login “ubuntu” and the Password from above. Choose the “Gnome” desktop.

If all goes well, you should have a complete and fresh Ubuntu desktop filling most of your screen, available for you to mess around with and then throw away.

ec2-terminate-instances INSTANCEID

If you want to have a persistent desktop with protection from crashes, you’ll need to learn how to do things like placing critical directories on EBS volumes.

If you’d like to run KDE on EC2, replace the package “ubuntu-desktop” with “kubuntu-desktop” in the installation script.

For the last year I have been working with Canonical and the Ubuntu server team, helping to migrate over to a more official process what I’ve been doing for the community in supporting Ubuntu on EC2. The Ubuntu 9.10 Karmic EC2 images are a fantastic result of this team’s work: An Ubuntu image running on real Ubuntu kernels with official support available.

For the next two days (Nov 14-15) I will be participating in the Ubuntu Developer Summit (UDS) in Dallas, Texas. Developers from around the world will be gathering this week to scope and define the next version of Ubuntu which will be released in April 2010.

As part of this, I think it would be helpful to gather input from the community. Please use the comment section of this article to share what you would like to see happen with the direction of Ubuntu on EC2 in the coming release(s).

Are there any features which you find missing? Functionality which would be helpful? Problems which keep getting in your way?

Feel free to brainstorm and toss out ideas big and small, even if they are not completely thought through or if they would also take help from Amazon to complete. It may already be too late to start off some of the proposals for the Lucid release cycle, but having ideas to think about for future releases never hurts.

These are my links for November 13th from 11:23 to 12:21:

• Application Lifecycle in the Cloud - Thinking Out Cloud - Cloud computing is having a profound effect on the software application lifecycle.
• www.devco.net - As part of deploying MCollective + ActiveMQ instead of my old Spread based system I need to figure out a multi location setup, the documentation says I'd possible so I thought I better get down and figure it out.

  In my case I will have per-country ActiveMQ's, I've had the same with Spread in the past and it's proven reliable enough for my needs, each ActiveMQ will carry 30 or so nodes.

• Announcing the Public Terabyte Dataset project « Elastic Web Mining | Bixolabs - This is a high quality crawl of top web sites, using AWS’s Elastic Map Reduce, Concurrent’s Cascading workflow API, and Bixolab’s elastic web mining platform.
• Rackspace Cloud Computing & Hosting |  NoSQL Ecosystem - Unprecedented data volumes are driving businesses to look at alternatives to the traditional relational database technology that has served us well for over thirty years. Collectively, these alternatives have become known as “NoSQL databases.”

As part of a new contest sponsored by Engine Yard, Ruby on Rails developers are going to turn Twitter into their own application server. The contest asks developers to program the "Worst App Server Technology Ever" (Waste) using Twitter as the message bus. While much of the contest is being done tongue-in-cheek, it's actually an interesting use case to see if a service like Twitter can take the place of a more traditional message bus like IBM MQ series or AMQP (Advanced Message Queuing Protocol).

Speculation about the need for a web based real time message bus or (ahem) 'cloud'

Still in stealth mode

We would just like to let everybody know that we published the documentation for Access Groups in our help site.

Please go to https://help.landscape.canonical.com/AccessGroups for an overview and a few examples of this new feature, and let us know if you have any questions.

For more NOSQLEast Videos follow this link…

Amazon Web Services (AWS) has a dizzying proliferation of credentials, keys, ids, usernames, certificates, passwords, and codes which are used to access and control various account and service features and functionality. I have never met an AWS user who, when they started, did not have trouble figuring out which ones to use when and where, much less why.

Amazon is fairly consistent across the documentation and interfaces in the specific terms they use for the different credentials, but nowhere have I found these all listed in one place. (Update: Shlomo pointed out Mitch Garnaat’s article on this topic which, upon examination, may even have been my subconscious inspiration for this. Mitch goes into a lot of great detail in his two part post.)

Pay close attention to the exact names so that you use the right credentials in the right places.

(1) AWS Email Address and (2) Password. This pair is used to log in to your AWS account on the AWS web site. Through this web site you can access and change information about your account including billing information. You can view the account activity. You can control many of the AWS services through the AWS console. And, you can generate and view a number of the other important access keys listed in this article. You may also be able to order products from Amazon.com with this account, so be careful. You should obviously protect your password. What you do with your email address is your business. Both of these values may be changed as needed.

(3) MFA Authentication Code. If you have ordered and activated a multi-factor authentication device, then parts of the AWS site will be protected not only by the email address and password described above, but also by an authentication code. This is a 6 digit code displayed on your device which changes every 30 seconds or so. The AWS web site will prompt you for this code after you successfully enter your email address and password.

(4) AWS Account Number. This is a 12 digit number separated with dashes in the form 1234-5678-9012. You can find your account number under your name on the top right of most pages on the AWS web site (when you are logged in). This number is not secret and may be available to other users in certain circumstances. I don’t know of any situation where you would use the number in this format with dashes, but it is needed to create the next identifier:

(5) AWS User ID. This is a 12 digit number with no dashes. In fact, it is simply the previously mentioned AWS Account Number with the dashes removed (e.g., 12345678912). Your User ID is needed by some API and command line tools, for example when bundling a new image with ec2-bundle-vol. It can also be entered in to the ElasticFox plugin to help display the owners of public AMIs. Again, your User ID does not need to be kept private. It is shown to others when you publish an AMI and make it public, though it might take some detective work to figure out who the number really belongs to if you don’t publicize that, too.

(6) AWS Access Key ID and (7) Secret Access Key. This is the first of two pairs of credentials which can be used to access and control basic AWS services through the API including EC2, S3, SimpleDB, CloudFront, SQS, EMR, RDS, etc. Some interfaces use this pair, and some use the next pair below. Pay close attention to the names requested. The Access Key ID is 20 alpha-numeric characters like 022QF06E7MXBSH9DHM02 and is not secret; it is available to others in some situations. The Secret Access Key is 40 alpha-numeric-slash-plus characters like kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct and must be kept very secret.

You can change your Access Key ID and Secret Access Key if necessary. In fact, Amazon recommends regular rotation of these keys by generating a new pair, switching applications to use the new pair, and deactivating the old pair. If you forget either of these, they are both available from AWS.

(8) X.509 Certificate and (9) Private Key. This is the second pair of credentials that can be used to access the AWS API (SOAP only). The EC2 command line tools generally need these as might certain 3rd party services (assuming you trust them completely). These are also used to perform various tasks for AWS like encrypting and signing new AMIs when you build them. These are the largest credentials, taking taking the form of short text files with long names like cert-OHA6ZEBHMCGZ66CODVHEKKVOCYWISYCS.pem and pk-OHA6ZEBHMCGZ66CODVHEKKVOCYWISYCS.pem respectively.

The Certificate is supposedly not secret, though I haven’t found any reason to publicize it. The Private Key should obviously be kept private. Amazon keeps a copy of the Certificate so they can confirm your requests, but they do not store your Private Key, so don’t lose it after you generate it. Two of these pairs can be associated with your account at any one time, so they can be rotated as often as you rotate the Access Key ID and Secret Access Key. Keep records of all historical keys in case you have a need for them, like unencrypting an old AMI bundle which you created with an old Certificate.

(10) Linux username. When you ssh to a new EC2 instance you need to connect as a user that already exists on that system. For almost all public AMIs, this is the root user, but on Ubuntu AMIs published by Canonical, you need to connect using the ubuntu user. Once you gain access to the system, you can create your own users.

(11) public ssh key and (12) private ssh key. These are often referred to as a keypair in EC2. The ssh keys are used to make sure that only you can access your EC2 instances. When you run an instance, you specify the name of the keypair and the corresponding public key is provided to that instance. When you ssh to the above username on the instance, you specify the private key so the instance can authenticate you and let you in.

You can have multiple ssh keypairs associated with a single AWS account; they are created through the API or with tools like the ec2-add-keypair command. The private key must be protected as anybody with this key can log in to your instances. You generally never see or deal with the public key as EC2 keeps this copy and provides it to the instances. You download the private key and save it when it is generated; Amazon does not keep a record of it.

(13) ssh host key. Just to make things interesting, each EC2 instance which you run will have its own ssh host key. This is a private file generated by the host on first boot which is used to protect your ssh connection to the instance so it cannot be intercepted and read by other people. In order to make sure that your connection is secure, you need to verify that the (14) ssh host key fingerprint, which is provided to you on your first ssh attempt, matches the fingerprint listed in the console output of the EC2 instance.

At this point you may be less or more confused, but here are two rules which may help:

A. Create a file or folder where you jot down and save all of the credentials associated with each AWS account. You don’t want to lose any of these, especially the ones which Amazon does not store for you. Consider encrypting this information with (yet another) secure passphrase.

B. Pay close attention to what credentials are being asked for by different tools. A “secret access key” is different from a “private key” is different from a “private ssh key”. Use the above list to help sort things out.

Use the comment section below to discuss what I missed in this overview.

Gavin Clark at the Register recently reported that only 10% of people upgrading to 9.10 had a satisfactory experience. Serdar Yegalup at Information Week then reported that 40% of people upgrading to Ubuntu 9.10 had issues that they considered unfixable. Both of these conclusion were based on a poll on the Ubuntu support forums.

Serdar had the wisdom to point out that the poll is self-selecting (but still reported it). However, and I write this so you heard it here first, I don’t think we will have to wait long for a Microsoft shill to report his figure as fact and reference Information Week as evidence.

So let’s look at this poll. While we don’t have exact figures it is reasonable to assume that hundreds of thousands of people upgraded to 9.10 in the last few days. The quoted poll has a sample of 2158.

The poll is also on a support forum.

I upgraded to 9.10 a while ago. Flawlessly. So I saw little need to go tell a forum. This is where people go when they have problems. Gavin and Serdar were shocked to find people with support issues on a support forum. I have no doubt the help line at Microsoft has taken a lot of calls recently, but I would not extrapolate from that a large percentage of Windows users are having upgrade problems.

Tellingly and almost the last word on this are the polls from our previous releases, none of which were considered or reported as upgrade disasters:

Jaunty Poll

Intrepid Poll `

Hardy Poll

Gutsy Poll

A very useful summary of these findings by Nicholas Ipsen is here. I am linking to these polls not because I want to provide evidence that the Karmic upgrade experience is or was good or bad, there are other more qualified to comment on that, but that there is nothing new here.

All this of course is of little consolation if you are affected by an issue. Which is why we have the forums and Launchpad so that we can gather data, isolate the issues and fix them if they are an issue with Ubuntu or alert someone who can if they are not. We do this all the time with every release and we are doing it with Ubuntu 9.10.

So what we seem to have here is a poll that has existed for some 5 releases being ‘discovered’ and the data used to support a pre-disposed position. As we operate in the open and publish feedback good and bad, this is the risk we take I guess. Gavin and Serdar had some broader points that we could engage on regarding the readiness or otherwise of Linux for mainstream computing. But to base or support their arguments on this poll does little to illuminate and a lot to obfuscate.

Gerry Carr

Head of platform marketing, Canonical

Thanks a lot to everyone that came to Skills Matter tonight for my presentation. I have really appreciated the quality of your questions and hope that my answers were satisfying.

read more

Some people may say that I am a statistics junky... Well that's certainly true! But what do you want, being a product manager for a product that does not require ANY form of user registration, you have a tendancy to cling to any piece of data you may find that shows that you are not working in vain. Indeed, and to the opposite of most, if not all, of our competitors, we have absolutely no way to determine what is our install base.  We don't control our mirors, we don't have any ping back home mechanisms, and we are not considering adding any.  So, here I am, collecting as much information I can from outside sources...

Well, october was not too bad in that sense:

read more

"With the help of Amazon Web Services, we’re building an infrastructure capable of generating beautiful interactive maps quickly. We’re using four Amazon services in this workflow: SQS (job queuing), EC2 (tile generation), S3 (storage), and CloudFront (distribution). The figure below illustrates the design."

It was already dead. In some senses, anyway.

Google announced a couple of days ago that they’re advancing into the business of GPS guided navigation, rather than staying with their widely popular offering of mapping and positioning only. This announcement affected the rest of the industry immediately, and some of the industry leaders in the area have quickly taken a hit on their share value.

As usual, Slashdot caught up on the news and asked the question: Will Google and Android kill standalone GPS?

Let me point out that the way the facts were covered by Slashdot was quite misguided. Google may be giving a hand to change the industry dynamics a bit faster, but both Garmin and TomTom, the companies which reportedly had an impact in their share value, have phone-based offerings of their own, so it’s not like Google suddenly had an idea for creating a phone-based navigation software which will replace every other offering. The world is slowly converging towards a multi-purpose device for quite a while, and these multi-purpose devices are putting GPSes in the hands of people that in many cases never considered buying a GPS.

The real reason why these companies are taking a hit in their shares now is because Google announced it will offer for free something that these companies charge quality money for at the moment, being it in a standalone GPS or not.

"Overall we’ve been very pleased with the new queue-based system – we’ve successfully managed to decouple the user interface from a database that’s starting to get a little sluggish."

WARNING!

Though most Ubuntu 9.04 Jaunty systems can upgrade to 9.10 Karmic in place, this is not possible on EC2 and should not be attempted. If you do try this, your system will become unusable on reboot and there will be no recovery and no access to any of the data on the boot disk or ephemeral storage.

Here’s why:

• Ubuntu 9.10 Karmic has a version of udev which requires a newer kernel than you would be running for Ubuntu 9.04 Jaunty (especially on EC2).

• You cannot upgrade the kernel used by a running instance on Amazon EC2 (not even rebooting).

• When an EC2 instance cannot boot (as in the case of the udev/kernel mismatch) your only option is to terminate it, losing the local storage.

How To Upgrade

In order to upgrade to Karmic you will need to start a new EC2 instance running a fresh copy of the appropriate Karmic AMI. I post the latest AMI ids for Karmic in the second table on http://alestic.com/.

Keep your old instance(s) running while you configure and test the new Karmic instances. EC2 makes it easy to have multiple sets of servers running in parallel instead of upgrading in place. When you are confident your new servers are functioning properly, you can discard the old ones.

The Ubuntu 9.10 Karmic AMIs released by Canonical have a number of differences from the community Ubuntu AMIs which have been published on http://alestic.com.

One of the biggest differences is that you will ssh to ubuntu@ instead of to root@ on your instance. You can then sudo to perform commands as the root user. Back in April I wrote a guide about Using sudo, ssh, rsync on the Official Ubuntu Images for EC2.

The Ubuntu server team has put a lot of work into making Ubuntu 9.10 Karmic function beautifully on Amazon EC2 and it’s been a pleasure to have a small part in the process. I’m already using the Karmic AMIs on EC2 for one of my production processes. Please give these AMIs a spin and give feedback.

Amazon Web Services just announced the release of two new instance types for EC2. These new types have 34.2 GB and 68.4 GB of RAM with a decent amount of CPU capacity on modern CPUs to go along with it.

Others have already done a great job of describing the instance types:

Jeff Barr’s AWS blog

RightScale’s blog

but when it comes to flexing the raw power at my fingertips with AWS, sometimes I can’t help myself. So…

sitting on my couch with my laptop watching an episode of “Lie to me” on TiVo I just typed:

ec2-run-instances            \
  --instance-type m2.4xlarge \
  --key KEYPAIR              \
  --instance-count 19        \
  ami-e6f6158f

and in under a minute and about $45 later, I had ssh access to well over 1 TB (1,000 GB) of free memory. To be sure, it was spread over 19 Ubuntu servers, but still, there’s gotta be something I can do with that, no?

Here are the results on a single one of these servers running Ubuntu 8.04 Hardy:

root@domU-12-31-39-08-7F-51:~# free
             total       used       free     shared    buffers     cached
Mem:      71687580    1521464   70166116          0       2632      17704
-/+ buffers/cache:    1501128   70186452
Swap:            0          0          0

root@domU-12-31-39-08-7F-51:~# free -g
             total       used       free     shared    buffers     cached
Mem:            68          1         66          0          0          0
-/+ buffers/cache:          1         66
Swap:            0          0          0

Wait, I’d better do whatever I’m gonna do quick or I’m going to be charged another $45.60 for the next hour’s worth of fun!

Ok, time to cut my losses:

ec2-describe-instances | 
  egrep m2.4xlarge | 
  cut -f2 | 
  xargs ec2-terminate-instances

In case you didn’t feel like spending $2.40 to find out the CPUs on one of these beasts, here’s one of the ones I ran:

vendor_id   : GenuineIntel
cpu family  : 6
model       : 26
model name  : Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping    : 5
cpu MHz     : 2666.760
cache size  : 8192 KB
bogomips    : 5203.00

And remember that there’s 8 of these on the m2.4xlarge instance size. (Exact CPUs not guaranteed, your results my vary, etc.)

Amazon Web Services seems to keep releasing new features in advance of when our growing startup needs them. As we start to think about whether we are going to need to trim some tables or split up the database, here comes an instance type that will let us grow a lot longer just focusing on our core business challenges instead of on the infrastructure.

We are pleased to announce the availability of Landscape 1.4.0!

This version includes new features such as Eucalyptus cloud management and package activities sceduling as well as some polishing. Read on for details.

New features

In Landscape we always work at the same time in new features as well as in improving existing ones. Here are the new features for this release:

Ubuntu Enterprise Cloud (UEC)

Not only can Landscape interact with Amazon’s EC2 service, you can now use Landscape to handle instances in your own Ubuntu Enterprise Cloud, based on Eucalyptus. All the features that work with EC2 also work with UEC, such as instance start/stop, Elastic Block Storage and others. All you need to do is provide the URL to the UEC endpoint and the cloud credentials:

Scheduling

In this development cycle we started implementing scheduling in Landscape. For now, it’s only available for package activities and reboot and shutdown of computers, but expect this to be improved in the next few minor releases:

Access Groups

Access Groups allow us to restrict the computers to which selected administrators will have access to. Administrators that belong to an access group can only manage the machines in the same access group.

For example, if we had an access group called “devel”, administrators belonging to this group would only be able to manage the machines that also belonged to the “devel” group.

We want to make some last minute improvements to this feature, so it will only be available next week on November 2nd, 2009, but here is a sneak preview:

Ajax

It started small, with just a few icons showing the status of the EC2 instances in the computer page, but now we have Ajax all over the place in the user interface. This improves the user experience and makes Landscape faster and more robust.

Improvements

Landscape is always evolving, and we like to take care of existing features as well as introduce new ones. This time we paid considerable attention to packaging.

Package search

The package search page, which is central to all package activities, now uses a better search algorithm. Exact and more prominent matches are displayed first, and we got rid of the limitation of three characters at a minimum for a filter:

Packaging User Interface

This has been in place already, but we would like to highlight it again. The new package interface can now handle upgrades, downgrades, new installations and removals all at the same time, in one place. Not only that, it also handles different versions of each package per computer and groups them all under the package name.

For example, before, when searching for a package called “postfix” among five different Ubuntu distributions, we would get one result for each version of “postfix”. Now it’s all grouped together under the “postfix” name, making the page much simpler to work with:

Now a task like “install postfix on these four different Ubuntu machines” suddenly became much simpler: instead of 4 clicks (one for each version), it’s just one click away.

Cloud management dominates the theme for Landscape 1.4 with new features that allow you to manage your private Ubuntu Enterprise Cloud (UEC) as easily as you manage your instances on Amazon EC2. Also released are new features that help system administrators be more efficient including time based package updates and role based access. These new features will be available this week on both the Hosted and Dedicated Server Editions of Landscape.

Cloud Computing: UEC Support

Building upon our support for Amazon’s EC2 Cloud, users can now start, stop and manage their private Ubuntu instances on their UEC from within Landscape. Users simply enter their credentials directly through Landscape to start, stop and manage an instance. We’ve designed Landscape to work directly with both Amazon and Eucalyptus console pages so you can manage your instances without having to use any other tools. Landscape securely stores your security credentials making is easy to spin up new instances on UEC or EC2 at anytime. Once the instances are initiated, they all display on the same page allowing you manage all your physical, virtuali and Cloud instances in one place.

New Timed Package Updates

Users can now schedule package updates, system reboots and shutdowns in the future with minute increments. This gives System Administrators the flexibility to schedule activities for systems to occur during planned maintenance windows or low use periods to minimise the impact on the network. Now that we have developed the time / scheduling function, look for us to add this to other areas of Landscape where it it makes sense, like scheduling scripts in the future.

Administrator Roles

As Landscape is deployed in larger enterprises the need to delegate and limit access to systems has become a key need. Now, in addition to having a master admin who can manage all systems within a Landscape account, you can delegate access to systems to other administrators. This builds on our tags function (which allows you to tag computers performing the same function and update them with a single command) to allocate full access to systems by admin. Typically this means sys admins in different areas can be given full access to their local systems, but not to those in another area or country. Like tags, assigning systems to other administrators is completely flexible so you can use what ever criteria you need.

The Landscape 1.4 client is available today and is included with Ubuntu 9.10 server edition. Details are at www.canonical.com/landscape

Ken Drachnik, Landscape Manager

We are hosting a couple of events aimed at large businesses in New York City and London in over the coming weeks. NYC is next Monday and there are still (a few) slots left. Registration is free and it should be a great evening.

The aim is to give an overview of our cloud strategy and introduce businesses to the private cloud and to Ubuntu Enterprise Cloud in particular. Al Gillen of IDC has been kind enough to do the introductory overview. Simon Wardley and John Willis, Canonical’s cloud gurus will give their opinions and, for me, the highlight of the night will be the live demo conducted by Nick Barcet the Ubuntu Server product manager

We have a fantastic audience registered already but if you are free next Monday 26th and working at a business interested in exploring cloud please do join us.

The London event takes place on November 10th in 195 Picadilly. Similar agenda but we are delighted to have James Governor of Redmonk do the introduction. We hope we can accommodate you at that event if you are in the London area.

Gerry Carr, Canonical

The ShipIt program has been at the core of the Ubuntu project since its inception. The goal was to make sure that there are no restrictions, as far as was possible, to people having access to Ubuntu. In the last five years we have shipped millions of CDs and seen Ubuntu’s popularity and reach grow in ways that would be impossible without ShipIt.

And that aim continues. We need to make Ubuntu available to as many people who need it, particularly those for whom the download options are limited. The goal has not been to supply a CD to every Ubuntu user of every version of Ubuntu.  Remember, one of the coolest things about Ubuntu is the way you can upgrade from one version of Ubuntu to another – without the need for a CD!

While these CDs are often referred to as “free CDs”, they are of course not free of cost to Canonical.  We want to continue this programme, but Ubuntu’s growth means that some changes are necessary. Therefore we are adjusting how we handle CD requests to try to find the right balance between availability of CDs and the continued viability of the ShipIt programme.

We will continue to supply CDs to LoCo teams and Ubuntu members.  And we hope to make CDs available to everyone who is just discovering Ubuntu.   And we continue to search for additional ways to make Ubuntu and Ubuntu materials available to everyone. But we are limiting shipments to people that we think have alternative paths of getting Ubuntu.  For instance,

* you can upgrade to the new release without a CD
* you can download your own CD for free
* you will be able to download the CD wallet artwork
* becoming an Ubuntu member by contributing to Ubuntu, and thereby becoming eligible for more CDs
* And finally, you can purchase CDs.

We will change the language on the ShipIt site to make it clearer what we are doing. We hope that you support this effort and realise that the intent is to continue to make Ubuntu available on CD to everyone who needs it.

Jane Silber, Canonical

We're still a week away from releasing Ubuntu 9.10, which I'm sure will be a phenomenal server release, with huge strides in virtualization and cloud hosting. The Ubuntu Enterprise Cloud should be the most complete open source cloud hosting solution in the industry.

But we're also beginning to prepare for the Ubuntu Developer Summit in Dallas, Texas next month. At this summit, we will discuss our plans for Ubuntu Lucid Lynx, which will release in April 2010 as Ubuntu 10.04 LTS. This being an LTS release, UDS is incredibly important, as these decisions will affect the Ubuntu landscape for at least 5 years.

As your maintainer of Ubuntu's virtualization stack supported by Canonical, I'm pleased to invite you to provide feedback on virtualization in Ubuntu in this simple, brief, 6-question survey:


We are eager to hear your feedback on a few particular questions about KVM, QEMU, Virsh, Virt-Manager, Xen, VirtualBox, OpenVZ, VMWare, Parallels, Amazon EC2, Eucalyptus, and other virtualization technologies.

Note: Nick Barcet will be conducting a much more comprehensive Ubuntu Server Survey in the near future. Stay tuned!

Thanks!
:-Dustin

Dear Blog,

I am really sorry, I've been unfaithful. I have been seing another blog lately. Please don't be mad...

I have accepted to write a monthly blog on WorksWithU.  A couple entries already made:

read more

New updates have been released for the Ubuntu and Debian AMIs (EC2 images) published on:

http://alestic.com

The following notes apply to this release:

• The images have been upgraded to use the newest 2.6.21 kernel, ramdisk, and kernel modules from Amazon. This fixes a serious security hole in the previous 2.6.21 kernel.

• The Alestic PPA (personal package archive) has been added to the Ubuntu AMIs. This makes it easy to install software packages listed in this PPA, including ec2-consistent-snapshot.

• The runurl package from the Alestic PPA has been pre-installed on the Ubuntu AMIs. This can be a handy tool for setting up new instances with user-data scripts.

• The EC2 AMI tools have been upgraded to version 1.3-34544.

• The ec2-ami-tools package version has been pinned so it does not get downgraded if the official Ubuntu archives still have older versions.

• All packages have been upgraded to their respective latest versions.

• The Ubuntu Karmic images were not updated and have been removed from the listings at the top of http://alestic.com. If you would like to use Ubuntu Karmic Beta, please test with the AMIs published by Canonical listed a bit lower down on the page.

Please give these new images a spin and let us know if you run into any problems.

Enjoy

Many Ubuntu and Debian images for Amazon EC2 include a hook where scripts passed as user-data will be run as root on the first boot.

At Campus Explorer, we’ve been experimenting with an approach where the actual user-data is a very short script which downloads and runs other scripts. This idea is not new, but I have simplified the process by creating a small tool named runurl which adds a lot of flexibility and convenience when configuring new servers.

Usage

The basic synopsis looks like:

runurl URL [ARGS]...

The first argument to the runurl command is the URL of a script or program which should be run. All following options and arguments are passed verbatim to the program as its options and arguments. The exit code of runurl is the exit code of the program.

The runurl command is a very short and simple script, but it makes the user-data startup scripts even shorter and simpler themselves.

Example 1

If the following content is stored at http://run.alestic.com/demo/echo

#!/bin/bash
echo "$@"

then this command:

runurl run.alestic.com/demo/echo "hello, world"

will itself output:

hello, world

You can specify the “http://” in the URLs, but since it’s using wget to download them, the specifier is not necessary and the code might be easier to read without it.

Example 2

Here’s a more substantial sample user-data script which invokes a number of other remote scripts to upgrade the Ubuntu packages, install the munin monitoring software, install and run the Folding@Home application using origami with credit going to Team Ubuntu. It finally sends an email back home that it’s active.

This sample assumes that runurl is installed on the AMI (e.g., Ubuntu AMIs published on http://alestic.com>). For other AMIs, see below for additional commands to add to the start of the script.

#!/bin/bash -ex
runurl run.alestic.com/apt/upgrade
runurl run.alestic.com/install/munin
cd /root
runurl run.alestic.com/install/folding@home -u ec2 -t 45104 -b small
runurl run.alestic.com/email/start youremail@example.com

Note that the last command passes a parameter to the script, identifying where the email should be sent. Please change this if you test the script.

With the above content stored in a file named folding.user-data, you could start 5 new c1.medium instances running the Folding@Home software using the command:

ec2-run-instances                    \
  --user-data-file folding.user-data \
  --key [KEYPAIR]                    \
  --instance-type c1.medium          \
  --instance-count 5                 \
  ami-ed46a784

You can log on to an instance and monitor the installation with

tail -f /var/log/syslog

Once the Folding@Home application is running, you can monitor its progress with:

/root/origami/origami status

and after 15 minutes, check out the Munin system stats at

http://ec2-HOSTNAME/munin/

Expiring URLs

One of the problems with normal user-data scripts is that the contents exist as long as the instance is running and any user on the instance can read the contents of the user-data. This puts any private or confidential information in the user-data at risk.

If you put your actual startup code in private S3 buckets, you can pass runurl a URL to the contents, where the URL expires shortly after it is run. Or, the script could even delete the contents itself if you set it up correctly. This reduces the exposure to the time it takes for the instance to start up and does not let anybody else access the URL during that time.

Updating

Another benefit of keeping the actual startup code separate from the user-data content itself is that you can modify the startup code stored at the URL without modifying the user-data content.

This can be useful with services like EC2 Auto Scaling, where the specified user-data cannot be dynamically changed in a launch configuration without creating a whole new launch configuration.

If you modify the runurl scripts, the next server to be launched will automatically pick up the new instructions.

Bootstrapping

The runurl tool is pre-installed in the latest Ubuntu AMIs published on http://alestic.com. If you are using an Ubuntu image which does not include this software, you can install it from the Alestic PPA using the following commands at the top of your user-data script:

codename=$(lsb_release -cs)
echo "deb http://ppa.launchpad.net/alestic/ppa/ubuntu $codename main"|
  sudo tee /etc/apt/sources.list.d/alestic-ppa.list    
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BE09C571
sudo apt-get update
sudo apt-get install -y runurl

If you are using a Linux distro other than Ubuntu, you can install runurl using the following commands at the top of your user-data script:

sudo wget -qO/usr/bin/runurl run.alestic.com/runurl
sudo chmod 755 /usr/bin/runurl

The subsequent commands in the user-data script can then use the runurl command as demonstrated in the above example.

SSL

To improve your certainty that you are talking to the right server and getting the right data, you could use SSL (https) in your URLs. If you are talking to S3 buckets, however, you’ll need to use the old style S3 bucket access style like:

runurl https://s3.amazonaws.com/run.alestic.com/demo/echo "hello, mars"

This is probably not as critical when accessing it from an EC2 instance as you’re operating over Amazon’s trusted network.

Caveats

There are a number of things which can go wrong when using a tool like runurl. Here are some to think about:

• Only run content which you control or completely trust.

• Just because you like the content of a URL when you look at it in your browser does not mean that it will still look like that when your instance goes to run it. It could change at any point to something that is broken or even malicious unless it is under your control.

• If you depend on this approach for serious applications, you need to make sure that the content you are downloading is coming from a reliable server. S3 is reasonable (with retries) but you also need to consider the DNS server if you are depending on a non-AWS hostname to access the S3 bucket.

The name run.alestic.com points to an S3 bucket, but the DNS for this name is not redundant or worthy of use by applications with serious uptime requirements. This particular service should be considered my playground for ideas and there is no commitment on my part to make sure that it is up or that the content remains stable.

If you like what you see, please feel free to copy any of the open source content on run.alestic.com and store it on your own reliable and trusted servers. It is all published under the Apache2 license.

Project

I’m using this simple script as an opportunity to come up to speed with hosting projects on Launchpad. You can access the source code and submit bugs at

https://launchpad.net/runurl

You can also use launchpad and bazaar to branch the source into parallel projects and/or submit requests to merge patches into the main development branch.

[Update 2009-10-11: Document use of Alestic PPA]

Sorry for the mix-up.  The post you're looking for is this one.

On Monday, October 3, the San Francisco Cloud Computing Club and Silicon Valley Cloud Computing Club hosted a joint session that was notable for any number of reasons. Someone described it as being involved in a Twitter / Clouderati twitterstorm, but face-to-face. Whatever it felt like, it was a great source of good thought and numerous, mutually respected points of view.

James Watters, of Silcon Angle acted as the MC and moderator for the session, and took it upon himself to capture the spirit of the session. He kindly invited me to add in my take on the meetup and we found ourselves with a jointly authored recollection of the conversation.

Here's a snippet. For the full version, take a look at Silicon Angle's site:

...

Q: What is the impact of internal private clouds on both enterprises and external cloud service providers? (Question submitted by Randy Bias)

James Watters: I got the ’scrunch face’ from Randy Bias, and James Urquhart when I suggested that private clouds need to adhere to public cloud standards to be really useful. I believe this is important because it keeps both the economics and usability innovations of the public cloud proximal to how users evaluate their internal private clouds–or as /Hoff said once, allows public cloud to be the forcing function for change.

If Private or internal clouds get really exotic, with proprietary in-house created management, deployment and consumption functions they won’t play as easily with the coming wealth of interesting solutions created on top of public cloud standards.

The other point is simple: this is what really smart companies already have today. If you sit down with the top investment banking firms in the country many of them have highly sophisticated JeOS optimized application deployment, scaling, patching, and management functions for autonomic computing–but its expensive to create this kind of in-house IP.

Amazon sources tell me that over 40% of their revenues are driven by third party applications built directly atop their API. If you build an internal cloud not compliant to public standards you may be left without access to this increasingly important ecosystem of innovation.

Rich Miller: For better or worse, the adoption of cloud-oriented computing by the Enterprise and Small-Medium Business (SMB) will start as a transition from ‘the way things are done now’ to in-house, on-premise clouds. IT organizations will get religion … in part through the widespread adoption of server virtualization … and start operating their in-house IT organizations like utilities: lots of self-service, pay-as-you-go, multi-tenancy. (Remember: cloud is an operating model, not just a technology model.)

But, in order to get there in an orderly fashion, the path will be evolutionary. And, in order to get there, some of the internal clouds will be mixed-bags of infrastructure-cloud offerings (especially in-house data clouds), platform-cloud offerings and application-cloud offerings.

To your point, James, one way in which coordination and compatibility with public cloud offerings may come about is if the management systems that the enterprise uses for their in-house operations are built to recognized ’standards’… those offered by the most powerful service providers (e.g. Amazon AWS) or technology providers (e.g. VMware). Over a reasonable period of time, the management of an in-house, on-premise cloud will morph easily into managing hybrids (both on- and off-prem). ...

Cloud Computing