How to set up FreeBSD 8.2 RELEASE i386 server in Amazon Cloud

vand777 said:
You can set up ssh to listen on an external IP, remove the firewall rule in AWS Console (SSH to this external IP) but keep the relevant PF rule active. In this case nobody will be able to connect to your external IP unless you add the relevent firewall rule in AWS Console (which you will do only if something goes wrong with ssh listening internal DNS/IP).

I always do this on my servers in EC2. Just in case...

I was wrong. The above will not help.

What happens when you perform the following actions?
  • Reboot - When you perform a reboot, the same virtual machine instance is rebooted. The original virtual machine instance that was provisioned to you is never returned back to Amazon. The public IP address will not change.
  • Assign, reassign, remove an Elastic IP address - An instance can only have one public IP address at any given time. When an instance is assigned an Elastic IP, the EIP becomes its new public IP address and its previous public IP address (if one has already been assigned to it) will be released. For example, if you launch an instance and later assign an Elastic IP to it, the original public IP address of the instance will be replaced by the Elastic IP address. Later, if you disassociate the Elastic IP from the instance, a new public IP address will be assigned to the instance. The original public IP address will not be reassigned to the instance again.
  • Relaunch - When you relaunch a server, the running instance is terminated and a new instance is launched in its place. The new instance will have new and different public and private IP addresses than its predecessor because it's a different virtual machine that's been allocated to you.
  • Stop and Restart - When you stop a server, the associated instance is actually terminated. Therefore, when you restart the server, another virtual machine instance will be provisioned to you, so it will have new and different public and private IP addresses.
 
In order to protect from the problems caused by change in the internal IP, I'm planning to re-configure my Amazon server as follows:
  • I'll add IP 192.168.102.1/24 to my lo0 interface.
  • ssh will listen on this IP address only.
  • I'll add the following redirect rule in my PF configuration:
    Code:
    local_host = "192.168.102.1"
    ...
    rdr on $ext_if proto tcp to ($ext_if) port ssh -> $local_host port ssh
In theory it should work and be a bullet-proof solution.
 
Dont forget you need more storage

dave @ http://forums.freebsd.org/archive/index.php/t-254.html
So, once you create an EBS Volume and attach it to your running instance, tail your /var/log/messages and you will see the device name assigned by the kernel:

Code:
Jun 10 15:55:37 yourhost kernel: xbd2: 10240MB <Virtual Block Device> at device/vbd/2080 on xenbusb_front0
Jun 10 15:55:37 yourhost kernel: xbd2: attaching as da2
Jun 10 15:55:37 yourhost kernel: GEOM: new disk da2

..in this case, it's /dev/da2, So...

Code:
# newfs /dev/da2
# mkdir /ebs
# mount /dev/da2 /ebs

...now you have new storage you can access at /ebs.

Don't forget to add an entry in /etc/fstab if you want to mount it at boot:

Code:
/dev/da2 /ebs ufs rw 0 2
 
vand777,

Thanks for the guide -- I've been following it for the last day or so as I set up my first FreeBSD EC2 instance running 9.0-RELEASE, and I have a couple of questions:

- Even though I can't really take advantage of 64-bit with only 640MB of RAM, I decided to go with amd64 anyway. Should I be building with kernconf=XENHVM?

- I'm missing something with the references to /boot/grub in fstab and in the kernel installation. I don't have that directory on my instance, and fstab only lists root.

Thanks again!
Roddie
 
roddie said:
- Even though I can't really take advantage of 64-bit with only 640MB of RAM, I decided to go with amd64 anyway. Should I be building with kernconf=XENHVM?

I'm running a custom kernel in EC2 so I do not remember the answer to your question. However, it is very easy to check [cmd=]# uname -a[/cmd]

If the output shows XENHVM as the kernel, then the answer to your question is "yes".
 
roddie said:
- I'm missing something with the references to /boot/grub in fstab and in the kernel installation. I don't have that directory on my instance, and fstab only lists root.

Same on my instance. It's OK.
 
Back
Top