| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Enabling Your Own Linux Kernels
Amazon EC2 allows you to load a paravirtual Linux kernel within an Amazon Machine Image (AMI) or Amazon EBS volume. You have the option to create images that contain a kernel and initrd (initial RAM disk), and behave in a manner that is closer to traditional virtual or physical Linux installations. By enabling you to boot from the kernel within volumes, this feature allows you to seamlessly upgrade the kernel on Amazon EC2 instances. We expect that AMI providers will update their AMIs to use this new feature, and most Amazon EC2 users will be able to begin managing their own kernels when these updated AMIs become available. Your AMI provider can tell you when it plans to support this feature. However, if you want to begin managing your own kernel now, the following section shows how. This process assumes general knowledge of Amazon EC2 AMI bundling and registration, as well as knowledge of how to install kernel packages and configure GRUB on your Linux systems.
PV-GRUB: A New Amazon Kernel Image
To enable user-provided kernels, Amazon has published Amazon Kernel Images (AKIs) that use a system called PV-GRUB. PV-GRUB is a paravirtual “mini-OS” that runs a version of GNU GRUB, the standard Linux boot loader. PV-GRUB selects the kernel to boot by reading /boot/grub/menu.lst from your image. It will load the kernel specified by your image and then shut down the “mini-OS,” so that it no longer consumes any resources. One of the advantages of this solution is that PV-GRUB understands standard grub.conf or menu.lst commands, which allows it to work with most existing Linux distributions.
The following task list describes what you need to do to enable an AMI to use PV-GRUB AKI to run a user-provided kernel.
Enabling an AMI to Run A User-Provided Kernel
Install an Amazon EC2-compatible kernel.
Generate an
initrd
Populate
boot/grub/menu.lst
referencing your kernel.
Select an appropriate AKI ID from the Amazon Kernel Image IDs section that follows.
Bundle the AMI and set the default to your chosen AKI.
Upload and register your new AMI.
For existing AMIs, you can simply specify the appropriate AKI ID when you call RunInstances or when you use the AWS Management Console.
Note: To update an existing AMI to use a user-provided kernel, re-launch the AMI and follow steps 1 through 6 specified in the preceding task list.
For procedures associated with the preceding task list, see Using the User-Provided Kernel.
Configuring the GRUB
In order for PV-GRUB to boot, a GRUB menu.lst file must exist in the image. For most distributions, you have two options for the GRUB configuration:
Option 1: Install GRUB and allow the default kernel installation scripts to handle the installing and updating the GRUB configuration. The steps necessary to install GRUB will vary depending on your Linux distribution, but typically GRUB will be available as a package you can install online.
Option 2: Populate a general /boot/grub/menu.lst. An example of a menu.lst configuration file for booting an AMI with a PV-GRUB AKI follows.
Important
You must modify your own menu.lst for your specific environment.
default 0 timeout 3 fallback 1 title Vanilla EC2 Kernel 2.6.32.10 root (hd0) kernel /boot/vmlinux-2.6.32.10-ACME_SYS_EC2 root=/dev/sda1 initrd /boot/initrd-2.6.32.10-ACME_SYS_EC2 title Ubuntu EC2 2.6.32.302-EC root (hd0) kernel /boot/ubuntu-ec2 root=/dev/sda1 initrd /boot/initrd-ec2
We recommend that you use option two to control the kernel booting for two reasons. First, Amazon EC2 users don’t have interactive control over the boot process because there is no keyboard access. GRUB will proceed without user interaction. Second, and most important for Amazon EC2 instances, you want to protect against distributions that auto-update the default kernel and break your image. By not relying on the auto-update mechanism and explicitly choosing which kernel you run, you reduce the risk of an incompatible kernel becoming the default kernel.
A fallback kernel does not have to be specified in your menu.lst, but we recommend that you have a fallback when you test new kernels. GRUB can fall back to another kernel in the event that the new kernel fails. Having a fallback kernel allows the instance to boot even if the new kernel is not found.
Amazon EBS Volumes on a PV-GRUB-Enabled AMI
There are two special things you should consider when you use a PV-GRUB-enabled image to mount EBS volumes. First, for Amazon EBS volumes the first partition must be a boot partition. Second, if you plan to use a logical volume manager (LVM) with Amazon EBS volumes, you need a separate boot partition outside of the LVM. Then you can create logical volumes with the LVM. PV-GRUB expects to find the menu.lst in /boot/grub. As a result, if the boot partition is mounted in at /boot, menu.lst will be found in /boot/boot/grub.
Amazon Kernel Image IDs
Several PV-GRUB AKIs are available depending on the type and location of your instance. There are AKIs for 32-bit and 64-bit architecture types, with each having one AKI for partitioned images and another AKI for partitionless images. You must choose an AKI with "hd0" in the name if you want a raw or unpartitioned disk image (most images). Choose an AKI with "hd00" in the name if you want an image that has a partition table.
Most vendors, such as Fedora, Red Hat, Ubuntu, and Novell, use unpartitioned disk images. This means that they use the hd0 variants of PV-GRUB; almost without exception most users will want to use the hd0 variants.
Note
You cannot use the 64-bit version of PV-GRUB to start a 32-bit kernel or vice versa.
You must not specify an Amazon ramdisk image (ARI) when using a PV-GRUB AKI.
The following AKI IDs should be used by users who are either registering new AMIs or who want to launch existing AMIs using PV-GRUB. Each AKI type is available in all Amazon EC2 Regions:
us-east-1
aki-88aa75e1 pv-grub-hd0_1.03-x86_64.gz
aki-b6aa75df pv-grub-hd0_1.03-i386.gz
aki-b4aa75dd pv-grub-hd00_1.03-x86_64.gz
aki-b2aa75db pv-grub-hd00_1.03-i386.gz
us-west-1
aki-f77e26b2 pv-grub-hd0_1.03-x86_64.gz
aki-f57e26b0 pv-grub-hd0_1.03-i386.gz
aki-eb7e26ae pv-grub-hd00_1.03-x86_64.gz
aki-e97e26ac pv-grub-hd00_1.03-i386.gz
us-west-2
aki-fc37bacc pv-grub-hd0_1.03-x86_64.gz
aki-fa37baca pv-grub-hd0_1.03-i386.gz
aki-f837bac8 pv-grub-hd00_1.03-x86_64.gz
aki-f637bac6 pv-grub-hd00_1.03-i386.gz
eu-west-1
aki-71665e05 pv-grub-hd0_1.03-x86_64.gz
aki-75665e01 pv-grub-hd0_1.03-i386.gz
aki-8b655dff pv-grub-hd00_1.03-x86_64.gz
aki-89655dfd pv-grub-hd00_1.03-i386.gz
ap-southeast-1
aki-fe1354ac pv-grub-hd0_1.03-x86_64.gz
aki-f81354aa pv-grub-hd0_1.03-i386.gz
aki-fa1354a8 pv-grub-hd00_1.03-x86_64.gz
aki-f41354a6 pv-grub-hd00_1.03-i386.gz
ap-southeast-2
aki-3f990e05 pv-grub-hd00_1.03-i386.gz
aki-3d990e07 pv-grub-hd00_1.03-x86_64.gz
aki-33990e09 pv-grub-hd0_1.03-i386.gz
aki-31990e0b pv-grub-hd0_1.03-x86_64.gz
ap-northeast-1
aki-44992845 pv-grub-hd0_1.03-x86_64.gz
aki-42992843 pv-grub-hd0_1.03-i386.gz
aki-40992841 pv-grub-hd00_1.03-x86_64.gz
aki-3e99283f pv-grub-hd00_1.03-i386.gz
sa-east-1
aki-c48f51d9 pv-grub-hd0_1.03-x86_64.gz
aki-ca8f51d7 pv-grub-hd0_1.03-i386.gz
aki-c88f51d5 pv-grub-hd00_1.03-x86_64.gz
aki-ce8f51d3 pv-grub-hd00_1.03-i386.gz
us-gov-west-1
aki-79a4c05a pv-grub-hd0_1.03-x86_64.gz
aki-7ba4c058 pv-grub-hd0_1.03-i386.gz
aki-75a4c056 pv-grub-hd00_1.03-x86_64.gz
aki-77a4c054 pv-grub-hd00_1.03-i386.gz
Distribution Kernels Compatible with EC2
There are a number of Linux distributions that have compatible Amazon EC2 kernels. The following is a brief, non-comprehensive list of kernels that we have worked with the maintainers to test:
Fedora 8-9 Xen kernels
Fedora 13 (2.6.33.6-147 and higher)
Fedora 14 and later
SUSE Linux Enterprise Server
openSUSE 10.x, 11.0, 11.1 Xen
openSUSE 11.x EC2 Variant
Oracle Enterprise Linux
RedHat Enterprise Linux 5.x kernels
RedHat Enterprise Linux 6.x kernels
Ubuntu EC2 Variant kernels
Ubuntu 11.04 and later
CentOS 5.x kernels
CentOS 6.x kernels
It is possible that your specific Linux kernel will not boot using the new PV-GRUB method. If that occurs, select a different kernel or use a non-PV-GRUB AKI to boot your instance.
PV-GRUB Supported File Systems
Since PV-GRUB is a paravirtual version of GRUB 0.97, it has all the limitations of GRUB. Most importantly, this means that it will not work properly for certain disk layouts or file system types. The following are the /boot file systems from which PV-GRUB can boot:
EXT2/3/4
XFS
ReiserFS
BTRFS (beta)
Note
These are the /boot file systems that we have tested and verified. Others could boot from PV-GRUB, but haven’t been tested.
Using the User-Provided Kernel
The following procedure gives an example of how to enable a openSUSE AMI to use the PV-GRUB AKI to run a user-provided kernel by rebundling from a running instance.
Important
The specific details of configuring your AMI to use PV-GRUB will vary depending on your exact Linux environment. The following example is for openSUSE 11.2.
To use the PV-GRUB AKI with an openSUSE AMI
The following procedure uses an instance store-backed AMI, and uploads a bundle from your running instance to Amazon S3. For more information about instance store-backed AMIs, go to Creating Instance Store-Backed Linux/UNIX AMIs .
If your source AMI is EBS-backed, use ec2-create-image to take a snapshot of your AMI and create an image from it. For more information, go to ec2-create-image in the EC2 CLI Tools Reference and Creating Amazon EBS-Backed Linux AMIs.
Install an Amazon EC2-compatible kernel from the command line on your running Linux instance.
#rpm –ivh /tmp/kernel-ec2-2.6.35-rc4.8.1.x86_64.rpm warning: /tmp/kernel-ec2-2.6.35-rc4.8.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID a29f6635 Preparing... ########################################### [100%] 1:kernel-ec2 ########################################### [100%] Kernel image: /boot/vmlinux-2.6.35-rc4-8-ec2 Initrd image: /boot/initrd-2.6.35-rc4-8-ec2 Root device: /dev/sda1 (mounted on / as ext3) Features: block 14807 blocksGenerate an initrd on your running Linux instance.
#mkinitrd Kernel image: /boot/vmlinux-2.6.35-rc4-8-ec2 Initrd image: /boot/initrd-2.6.35-rc4-8-ec2 Root device: /dev/sda1 (mounted on / as ext3) Features: block 14806 blocksPopulate /boot/grub/menu.lst referencing your kernel on your running Linux instance.
Important
Your must modify your own menu.lst for your specific environment.
default 0 timeout 3 title EC2 root (hd0) kernel /boot/vmlinux-ec2 root=/dev/sda1 initrd /boot/initrd-ec2Select an appropriate AKI ID from the Amazon Kernel Image IDs section that follows. For this host, we’ve chosen aki-88aa75e1 because we are bundling an AMI. Do not specify an Amazon ramdisk image (ARI) when using a PV-GRUB AKI.
Bundle the AMI and set the default to your chosen AKI from your running Linux instance. For more information, go to ec2-bundle-vol in the EC2 AMI Tools Reference.
#ec2-bundle-vol -r x86_64 -d /mnt -p openSUSE-11.2-PV-GRUB -u [AWS-ID] -k /mnt/pkey.pem -c /mnt/cert.pem -s 10240 -e /mnt/root/.ssh --kernel aki-88aa75e1Note
To learn more about X.509 (SSL) certificates, such as cert.pem and pkey.pem, go to X.509 Certificates in About AWS Security Credentials.
To obtain X.509 certificates, log into the AWS Management Console (http://aws.amazon.com/console) and select Access Credentials, then select the X.509 Certificates tab.
Register the AMI with the AKI (aki-88aa75e1) from your desktop using ec2-register. For more information, go to ec2-register in the EC2 CLI Tools Reference.
$ec2-register –-name openSUSE-11.2-PVGRUB MyReallyCoolBucketLocation/openSUSE-11.2-PVGRUB.manifest.xml
Amazon Support for PV-GRUB
Amazon supports the use of PV-GRUB to load a kernel of your choice for your AMI. However, we cannot provide support for your kernel itself or failures caused by the use of a kernel that does not meet the requirements of PV-GRUB. Due to the wide and varied kernel landscape, it is impossible for Amazon to provide support for all kernel varieties.
Note
The AP-Southeast-2 region only provides support for PV-GRUB to load a kernel of your choice from the AMI.
Technical Notes for Advanced Users
The following information is provided to assist those who are familiar with compiling kernels. Many Linux distributions provide documentation on how to compile a kernel in kernel source packages. Amazon is unable to offer support for compiling your own kernel.
It is recommended that you use a pyops kernel, release 2.6.39 or later. Release 2.6.39 or later, with pyops and Xen options enabled, will work out of the box.
If you are working with 2.6.32 through 2.6.38, boot with the XSAVE instruction in the guest as shown below.
openSUSE
The openSUSE distribution kernel provides native source code that enables compiling an Amazon EC2-capable kernel. For openSUSE, the configuration options are part of the mainline 11.2 and higher. Please use the following kernel configuration options:
| CONFIG_XEN_COMPAT_00002_AND_LATER=y |
| CONFIG_XEN_COMPAT=0x030002 |
| CONFIG_HOTPLUG_CPU=y |
Patching vanilla or other distribution kernels (PVOps)
For PVOps kernels, you can elect to disable the XSAVE hypercall in the guest. The following patch works against 2.6.32 through 2.6.38 kernels.
---
arch/x86/xen/enlighten.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 52f8e19..6db3d67 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -802,6 +802,7 @@ static void xen_write_cr4(unsigned long cr4)
{
cr4 &= ~X86_CR4_PGE;
cr4 &= ~X86_CR4_PSE;
+ cr4 &= ~X86_CR4_OSXSAVE;
native_write_cr4(cr4);
}
--
1.6.6.1Kernel FAQ
Q: What are user selectable kernels?
Amazon EC2 provides user selectable kernels which enables you to select a kernel when bundling an AMI or launching an instance. User selectable kernels are useful for keeping your instances up to date with security fixes and updates, being able to use functionality provided by new distributions, and for using specialty applications that have unique timing requirements.
Q: How do I find user selectable kernels?
Use ec2-describe-images -o amazon --filter "image-type=kernel". This lists all public kernels that are currently available.
Q: What type of dependencies do kernels have?
Kernels are most likely to require a RAM disk that contains required drivers (for example, Xen drivers, video drivers, and so on). If you launch a kernel without a required RAM disk, it will not work properly.
Q: How do I know a kernel/AMI combination will work together?
If you are concerned about whether the kernel/image combination will work well together, Amazon provides several AMIs that have tested combinations that you can use as a starting point for your AMIs or AMIs that you can use as a foundation for a public AMIs. If you require a certified kernel/ AMI combination, you can find them as paid AMIs through organizations such as RedHat. For more information, see Paid AMIs.
Q: Can I use my own kernel?
Yes. For more information, see Enabling Your Own Linux Kernels.
Q: How do I know which kernels are compatible with PV-GRUB?
For a list of compatible PV-GRUB kernels, see Distribution Kernels Compatible with EC2. Some Linux distributions provide kernels that are not compatible with Amazon EC2. We are working with vendors to ensure that the most popular AMIs provide kernels that work with Amazon EC2, and we have tested a number of these AMIs and found them to be compatible with PV-GRUB. Unfortunately, it is not possible to support every kernel that is or can be compiled. To avoid the situation in which a kernel does not work consistently or at all, we recommend that you use a known good kernel, select a non-PV-GRUB AKI, or seek support from your AMI vendor.
Q: In what runlevel do instances start?
If you use one of the Xen provided kernels to boot your EC2 instance it will default to run level 4. However if you use PV-GRUB to boot your own kernel inside of the instance, the instance will then default to the internally configured run level.
Q: Which PV-GRUB kernel should I use?
It is recommended that you always use the latest version of the PV-GRUB AKI, as not all versions of the PV-GRUB AKI will be compatible with all instance types. Use the following command to get a list of the PV-GRUB AKIs:
$ ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0*"
