Creating a Cartridge Base Image on EC2

Follow the instructions below to create a cartridge on the EC2 IaaS:

Step 1 - Log in to your EC2 account

To follow this guide, you need an EC2 account. If you do not have an account, create an AWS account. For more information, see Sign Up for Amazon EC2. This account must be authorized to manage EC2 instances (including starting and stopping instances, and creating security groups and key pairs).

Step 2 - Create a security group

Before launching the instance, you need to create the right security group. This security group defines firewall rules for your instances, which are a list of ports that are used as part of the default PPaaS deployment. These rules specify which incoming network traffic is delivered to your instance. All other traffic is ignored. The ports that should be defined are listed in as default ports.

Follow the instructions below to create the security group and configure it:

On the Network and Security menu, click Security Groups.
Click Create Security Group.
Enter the name and description of the security group.
Click Yes, Create.
Click Inbound.
Select Custom TCP rule.
Enter the port or port range.
There are two kinds of ports listed in the default ports, which are namely open for outside access and restricted internal access. You will have to ideally enter each of the ports as separate rules.
Click Add Rule and then click Apply Rule Changes.
Always apply rule changes, as your rule will not get saved unless the rule changes are applied.
Repeat steps 6 to 8 to add all the ports mentioned, as each port or port range has to be added as a separate rule.

Write down the names of your security groups if you wish to enter your user data in the wizard.

Step 3 - Create a key pair

Save your private key in a safe place on your computer. Note down the location, because you will need the key pair to connect to your instance.

Follow the instructions below to create a key pair, download it and secure it:

On the Network and Security menu, click Key Pairs.
Click Create New Key Pair.
Enter a name for your key pair.
Click Create. After the key pair automatically downloads, click Close.
Protect your key pair by executing the following command in your terminal.
By default, your PEM file will be unprotected. Use the following command to secure your PEM file, so that others will not have access to it:
```
chmod 0600 <path-to-the-private-key>
```

Step 4 - Spawn an instance on EC2

Follow the instructions below to spawn an instance on EC2:

Sign in to the Amazon Web Services (AWS) Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click EC2 on the home console.
Select the Region for the instance from the region drop-down list.
Click Launch Instance.
Select Quick Launch Wizard.
Name your instance, for example PPaaSCartridgeInstance.
Select the key pair that you created.
Select More Amazon Machine Images and click on Continue.
On the next page, specify the image.
Click Continue.
Click Edit Details.
Edit the image size.
1. Select the Instance Details option.
2. Change the image type as required.
Select a security group.
1. Select the Security Settings option.
2. Click Select Existing Security Groups.
3. Select the PPaaS security group you created previously.
Click Launch to start the EC2 instance.
Click Close.
This will redirect you to the instance page. It takes a short time for an instance to launch. The instance's status appears as pending while it is launching. After the instance is launched, its status changes to running.

Step 5 - Configure the cartridge base image

Follow the steps given below to configure a base Image:

Start up a virtual machine (VM) instance using a preferred OS, on a preferred IaaS.
Install the Puppet agent.
Install the Puppet agent on Ubuntu
Install the Puppet agent on CentOS
1. Enable dependencies and Puppet labs repository on Master.
2. Install and upgrade Puppet on the agent node.
  # yum install puppet # puppet resource package puppet ensure=latest # /etc/init.d/puppet restart
For more information on installing the Puppet agent on CentOS, see installing Puppet on CentOS.
Open the puppet file, which is in the <PUPPET_AGENT>/etc/default directory and configure it as follows:
```
START=yes
```
Add the following to the puppet.conf file, which is in the <PUPPET_AGENT> /etc/puppet directory:
```
[main]
server=puppet.ppaas.org
```
If you are unsure of the server name, use a dummy hostname. Private PaaS will update the above with the respective server name, when it starts running.
Stop the puppet instance or instances that are running.
```
cd /etc/init.d/puppet
stop
```
- When the Puppet agent is installed as mentioned in step 1, there is a high tendency that a puppet instance will start running. Therefore before creating the base image you need to stop any puppet instances that are running.
- Execute the following command to identify the running puppet instances:
  ps -ef | grep puppet
  The following output will be given, if any Puppet instances are running.
  Example:
  root 1321 1 0 Sep09 ? 00:00:17 /usr/bin/ruby /usr/bin/puppet agent root 12149 12138 0 05:44 pts/0 00:00:00 grep --color=auto puppet
Copy the init.sh script into the <PUPPET_AGENT>/root/bin directory.
You can find the init.sh script for the respective IaaS here.
The init.sh file differs based on the IaaS. If you wish to find the init.sh script for a different IaaS, go to init-scripts. You can find the respective init.sh script by navigating to the init-script/<IAAS>/<OS> path.

Update the /etc/rc.local file.

/root/bin/init.sh > /tmp/puppet_log
exit 0

Execute the following commands:
```
rm -rf /var/lib/puppet/ssl/*
rm -rf /tmp/*
```
By executing the above commands you will be cleaning up the base image, for Private PaaS to install the required certificates and payloads. This is done to avoid any errors that will be given, if Private PaaS starts installing a certificate or payload that already exists in the base image.

Step 4 - Create a snapshot of the instance

Follow the instructions below to create a snapshot of the instance on EC2:

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Make sure the appropriate Region is selected in the region selector of the navigation bar.
Click Instances in the navigation pane.
On the Instances page, right-click your running instance and select Create Image.
Fill in a unique image name and an optional description of the image (up to 255 characters), and click Create Image.

In Amazon EC2 instance store-backed AMIs, the image name replaces the manifest name (such as s3_bucket/something_of_your_choice.manifest.xml), which uniquely identifies each Amazon Amazon EC2 instance store-backed AMI.

Amazon EC2 powers down the instance, takes images of any volumes that were attached, creates and registers the AMI, and then reboots the instance.
Go to the AMIs page and view the AMI's status. While the new AMI is being created, its status is pending.

It takes a few minutes for the whole process to finish.
Once your new AMI's status is available, go to the Snapshots page and get the Snapshot ID of the new snapshot that was created for the new AMI that will be used in the Sample Cartridge Definition JSON file. Any instance you launch from the new AMI uses this snapshot for its root device volume.

After you have finished creating the cartridge base image, make a note of the image ID as you will need this later when creating a cartridge.