Skip to content

Moving a Paravirtualized EC2 legacy instance to a modern HVM one

I had to try a few things before I could get this right, so I thought I'd write about it. These steps are what ultimately worked for me. I had tried several other things to no success, which I'll list at the end of the post.

If you have Elastic Compute Cloud (EC2) instances on the "previous generation" paravirtualization based instance types, and want to convert them to the new/cheaper/faster "current generation", HVM instance types with SSD storage, this is what you have to do:

You'll need a donor Elastic Block Store (EBS) volume so you can copy data from it. Either shutdown the old instance and detach the EBS, or, as I did, snapshot the old system, and then create a new volume from the snapshot so that you can mess up without worrying about losing data. (I was also moving my instances to a cheaper data center, which I could only do by moving snapshots around). If you choose to create a new volume, make a note of which Availability Zone (AZ) you create it in.

Create a new EC2 instance of the desired instance type, configured with a new EBS volume set up the way you want it. Use a base image that's as similar to what you currently have as possible. Make sure you're using the same base OS version, CPU type, and that your instance is in the same AZ as your donor EBS volume. I mounted the ephemeral storage too as a way to quickly rollback if I messed up without having to recreate the instance from scratch.

Attach your donor EBS volume to your new instance as sdf/xvdf, and then mount them to a new directory I'll call /donor
mkdir /donor && mount /dev/xvdf /donor


Suggested: Mount your ephemeral storage on /mnt
mount /dev/xvdb /mnt
and rsync / to /mnt
rsync -aPx / /mnt/
If something goes wrong in the next few steps, you can reverse it by running
rsync -aPx --delete /mnt/ /
to revert to known working state. The rsync options tell rsync to copy (a)ll files, links, and directories, and all ownership/permissions/mtime/ctime/atime values; to show (P)rogress; and to not e(x)tend beyond a single file system (this leaves /proc /sys and your scratch and donor volumes alone).

Copy your /donor volume data to / by running
rsync -aPx /donor/ / --exclude /boot --exclude /etc/grub.d ...
. You can include other excludes (use paths to where they would be copied on the final volume, not the path in the donor system. The excluded paths above are for an Ubuntu system. You should replace /etc/grub.d with the path or paths where your distro keeps its bootloader configuration files. I found that copying /boot was insufficient because the files in /boot are merely linked to /etc/grub.d.

Now you should be able to reboot your instance your new upgraded system. Do so, detach the donor EBS volume, and if you used the ephemeral storage as a scratch copy, reset it as you prefer. Switch your Elastic IP, or change your DNS configuration, test your applications, and then clean up your old instance artifacts. Congratulations, you're done.

Notes:
Be careful of slashes. The rsync command treats /donor/ differently from /donor.

What failed:
Converting the EBS snapshot to an AMI and setting the AMI virtualization type as HVM, then launching a new instance with this AMI actually failed to boot (I've had trouble with this with PV instances too with the Ubuntu base image unless I specified a specific kernel, so I'm not sure whether to blame HVM or the Ubuntu base images.
Connecting a copy of the PV ebs volume to a running HVM system and copying /boot to the donor, then replacing sda1 with the donor volume also failed to boot, though I think if I'd copied /etc/grub.d too it might have worked. This might not get you an SSD backed EBS volume though, if that's desirable.

Web Site Hosting Advice

Turbogears Occasionally friends, relatives, and clients ask me what they should do about creating and hosting a web site. When this happens, I find myself repeating, well, myself; so I thought I would put my thoughts on virtual paper for future reference. I will post a notice on this entry if my recommendations change at some future date. If you would like to consult with me about your particular setup, please contact me for consulting rates and availability.

Ok, you want a web site, good. First, get an idea of what your website will contain, how big it will be, what kind of content you will serve, and how much traffic it will receive. Will it DO something or SHOW something. If you're just starting out, or have no idea, any of the recommended plans will let you scale size and traffic for additional monthly fees, so don't worry too much about it.

If your goal is an informational, mostly text, but low volume, web site, just get a BlogSpot.com or other blog hosting account. They are free, minimally annoying, and with free image galleries and video hosting sites, can link to or embed video and photo content too. My Ward (a congregation in the LDS church) has a few of these sites for various extra activities, for example the youth group is presenting a "Fancy Dance" and Dessert Auction on Saturday Feb 19, 2011 to raise money for camp and activities this year, and uses BlogSpot to advertise. By the way, everyone is invited to the dance, and babysitting is provided, see the site for more information.

If your goal is to sell something, sell through the Amazon marketplace or Etsy.com if the products are crafty. Piggyback on top of an existing marketplace to jump start sales. If you're too big for that, I don't really have any advice. I don't have any experience in that space. I think that I would look for a host that provided merchant services (credit card processing for example) as part of the package.

If your goal is to host a medium volume dynamic application, use WebFaction. WebFaction is probably the best Shared Hosting service there is. They're one of the very few hosting providers that embraces Python application hosting, and I've run Pylons, TurboGears and CherryPy applications there. The hosting is cheap, fast, and it stays out of your way if you want it to. I host this blog, my personal e-mail and my business website on the base level account. I also host demo sites for clients when needed. The email service isn't spectacular, but it's functional as long as you have client side spam filtering like what is provided by Thunderbird. I like it because there are no set CPU limitations, the memory allotment is generous (email, OS, and even Database memory usage doesn't count against your quota, though the disk usage does), and the base disk space/bandwidth allocation is substantial. It also helps that WebFaction takes care of all data backups and operating system and hardware maintenance for you. WebFaction has one click installers for a large number of applications, so you don't have to know very much about Linux to get started, but if you do know what you're doing, you have SSH access, and everything that comes standard with a Linux shell account.

If you are planning on building a new application, take a look at Google App Engine. It lets you get going and host up to a certain threshold for free. Scaling up can be done fairly reasonably. Applications developed for App Engine can be run independently of Google, so you are not necessarily locked to Google as your hosting vendor.

I do not recommend any kind of Virtual Private Server hosting that isn't bundled as a Cloud offering. I've used three different VPS services, and two have all been slow and had high network latency (the third, Slice Host was bought and extended into Rackspace's cloud services, which I recommend below). Higher volume sites may do OK, but if the CPU, IO or Memory usage is too high for too long, your VPS can be rebooted or shut off. What this translates to is that you would have to hit a very small sweet spot to get good performance out of a VPS without getting shut down. Better hosting options exist.

If you do need system level access to a server of your own for some reason -- if for example you have an email processing system as part of your application -- or if you have requirements that extend beyond a single host, like high availability, then using a Cloud based VPS is desirable. Cloud computing nodes are designed for high performance application hosting. The overhead of virtualization is minimized by the use of advanced virtualization techniques (paravirtualization, CPU instruction sets, etc.) and by dedicating virtual resources to physical hardware. The management tools are typically excellent and, in the case of my two favorite cloud providers, there is an inherent benefit of a content delivery network (CDN) and Storage Attached to Network (SAN) which can serve as a scalable long term application storage or system backups. These two tools are used by very large websites to deliver content faster and more efficiently, and they're available on the Cloud for even the lowest rate plans. The intro level computing node at Amazon Elastic Compute Cloud (EC2) starts at 3¢/hour. Rackspace however has a node that start as low as $10.95/month (that's about 1.5¢/hour). There aren't as many third party software developers, and no external image providers (as far as I know) for Rackspace, but they have pretty good management tools, and a pretty good selection of base images to get you up and running pretty quickly.

EC2 was built for running short-lived computing (i.e., processor intensive) tasks, and it's pricing model and instance sizes reflect that. The instances and costs are very competitive to people looking at dedicated hosting. Rackspace's cloud is similarly designed, but has smaller instances, so it is cheap enough to use as a substitute for VPS or even shared hosting.

A former coworker of mine recently signed up for EC2 to host his blog using a promotional deal offered by Amazon's EC2. This deal lets you use the Micro instance for up to 750 hours per month for a whole year. Thereafter he's looking at a starting monthly rate of $21.60 plus storage and bandwidth charges. Of course using a Cloud node to host a blog is seriously overkill (as evidenced by his load average) unles he is doing much more with his site than visible at first glance. If he is uncomfortable with a free or even a paid blog hosting account, either WebFaction or Rackspace Cloud would be sufficient to host his site at about half the cost of EC2.

There is also dedicated hosting, but with the price point and performance of EC2 and Rackspace Cloud, you'd have to be very big indeed, or have special criteria not available for cloud nodes for the benefits to outweigh the costs.

Here's what I use for myself and my clients, and why I don't recommend VPS hosting:

As I mentioned above, I currently host my blog, email and business website on a WebFaction Shared Hosting plan. Shared Hosting starts at less than $10/month, with steep discounts for prepayment. I moved all the services off my VPS at Linode and shut it down since WebFaction was working so well. I found Linode to be sluggish and and network traffic to be high latency, but haven't felt that way about Webfaction.

With InMotionHosting's VPS offerings, performance was similar to or worse than Linode's. I had a client on the fully managed VPS plan costing $90/month. The VPS would bog down during traffic peaks and InMotion's system administrators would reboot the box (without any advance warning, without notice after the fact and without explanation of why). When things were peaceful, trying to log in to SSH could take 30-45 seconds, page loads for the main site or core application could take several seconds in spite of caching and being rather lightweight. InMotion always seemed to want to upsell to dedicated hosting when I mentioned the problems to their customer service representatives.

This site/application just passed through its busiest season on a Rackspace Cloud Server instance, and the it never even hiccuped. Final cost for hosting for the month? $24, and plenty of room to scale up if volume increases. I recommended the Rackspace Cloud Server because the application has an email processing system and the client has clients that could have been squeamish if their customers' names and email addresses were available on a shared host's shared database server (even though the database itself was not shared and was password protected).

Better E-mail validation

Turbogears Due to several shortcomings of the stock formencode email validator, I forked it and extended the test suite. This fixes the two most glaring issues I know of, namely the inability to handle unicode strings (international domains), and several problems with input checking (e.g., allowing commas) where invalid e-mail addresses make it through.

I did not write most of the code, I just refined it and added tests to exercise it. Let me know if it's useful to you, and if you find problems with it.

Web Browser Posers

Ok, I'm not a novice when it comes to developing websites: I've been building web pages for close on 15 years. But within the last week, I've come across two browser behaviors (or perhaps they're browser addon behaviors) that make me scratch my head.

First, a request coming from something sending the User-Agent "Mozilla/4.0"-- yes, that's all, no clarifiers or parentheticals-- is lopping off the GET parameters when a popup is launched through a button click via an onclick handler. This site states that this is a Yahoo! search something, but the links are not something that a Bot would come across. On the other hand, there is no referrer sent, whick makes me think it could be some kind of link preloader or some other browser add on. Also, I saw a very similar error today coming from Firefox 3.0, though I'm not sure it's related.

Second, and this is really baffling: Sometimes I'm getting requests from a browser identifying itself as IE 6.x that has the entire URL made lowercase. I'm use nice REST-ful URLs for my application, so when a identifier comes across as lowercase, it throws off the lookup. Of course my own copy of IE 6 doesn't exhibit the behavior. For this particular case, I'm using JavaScript to build a URL, and then sticking it as the src attribute of an embedded iframe that is also being created by JavaScript. I'm seeing other errors in my logs though of IE6 and IE7 browsers going to different links (links that would typically be clicked or pasted from an e-mail) that are all lower case as well. Again, not sure if that's related, or if people are just typing them in (lazily) or if it's a browser bug. The only thing I can seem to find about this is this forum (news?) post from 2005 with no replies.

Of course my Google searching is revealing nothing to help me keep my hair, so I turn to the Lazy Web. :-) Any ideas?

In search of good [flash] help

I'm working on some freelance work to rebuild a website that has a whole bunch of flash v4 movies that need to be moved forward to flash v9 or higher. I received a reference of a guy who does good work on the flash programming side of things, but finding a flash animator who isn't afraid of a little action scripting has proven extremely challenging. Anyone know of someone who is free for a project immediately?

Services, libraries, and consumers "Oh my!"

I've been working on a project for a month or so now where we were told to create a piece of software that did a few tasks, and were instructed to "...make it run as a service". We've been struggling with the idea of creating a remote service that could also be used as a library in some cases (like for our first use case), and we still haven't got it right. We argue about rich objects vs marshalable simple object data structures, and premature optimization vs. marshalling times. Finally I said today, "It's easier to produce a service for a library than it is to consume a service as a library". Write the library, rich objects and all, and while you're doing that, create a sample service and client layers that marshall and unmarshall those rich objects, hopefully with some off the shelf object marshalling utilities. With this you get the added benefit, that if the service/client layers you chose don't work for the consumer, you can create a different set.

I guess in languages where the service layer comes free, or cheap, or where serialization is innate, it's not important to make the distinction, but in Python where service layers are built from scratch, and serialization (cPickle) only works in highly controlled environments it's important to distinguish between libraries that work like import foo; foo.frobinate() and services that work like proxyObject = Proxy(serviceURL); proxyObject.frobinate().

Layers, it's not just good on cakes.

Slice Host and rBuilder Online Images

I host this blog, as well as e-mail for dragonstrider.com and a host of other services on an old PC behind my cable modem at home. This has served me well for the most part, but it requires onsite maintenance when it goes down. This is bad when I'm at work, or vacation, as happened this week. So, I bit the bullet and researched some Virtual Priate Server (VPS) hosting providers.

I ended up choosing Slice Host as a no-frills, just the tech if you please, Linux/Xen-based VPS host. Their entry level plan (slice) gives you 256 MB RAM, 10GB storage, and 100GB of bandwidth for $20/month, and you can scale it with a reboot up to 4GB/160GB/1600GB for $280. /proc/cpuinfo shows that the host for my entry level slice is a two way "Dual-Core AMD Opteron(tm) Processor 2212" operating at 2.0 GHz. There's a separate swap partition (so swap doesn't count against the 10GB limit), as well as web based management tools for rudimentary Name Services, starting, stopping and rebuilding your slice, a web console (in case ssh isn't working for some reason), some statistics and reporting, and my favorite part, a rescue mode.

Rescue mode lets you boot your slice in a rescue environment, mount your root file system in an alternate location, and do what you want (or need) with it. This makes it pretty easy to run your appliance from rBuilder Online on a hosted slice. Here are the steps to get this working. Choose a Xen Appliance Image (32 or 64 bit, though 64 bit is preferred) that is a single file system image.


  • Create a slice (doesn't matter what kind, we're going to blow it away anyway).

  • Reboot your slice into rescue mode

  • SSH or console in using the password mailed to you (yes, rescue mode gets started with a randomized password)

  • wget -O - <link to the rBO image> | tar -xz # This downloads and extracts the filesystem image

  • dd if=<path to filesystem image file> of=/dev/sda1

  • e2fs.ext3 -f /dev/sda1 # This forces a file system check, without this check the next step will fail.

  • resize2fs /dev/sda1 # Resize the file system image to match the available size

  • mount /dev/sda1 /mnt

  • copy the following networking configuration files from your rescue image to your new slice image mounted in /mnt

    • /etc/sysconfig/network /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/resolv.conf

  • Edit /etc/sysconfig/network to fix the hostname to the desired value

  • chroot /mnt

  • passwd # changes the root password since the rBO images ship with root's password blanked



At this point you can do any additional configuration you wish, such as adding additional users, making sure that openssh-server is installed and configured to start on boot, etc.

When that's done, shutdown, exit rescue mode from the Slice Host panel, and log in to your new appliance.

There is quite a bit of noise when the slice boots up with an rPath Linux based appliance because the kernel in the image isn't used for booting, and modules.dep isn't located for the booting kernel, but that seems harmless.

Now to build an appliance to run on the thing... I used the rPL 2 beta 3 text devel image as my image while developing this HOWTO.

PyCon 2008

Turbogears I just returned from PyCon 2008 in Chicago, where I connected up again with a few people I met last year and met a few new people. Rather than write a travelogue, I'll just highlight a few of the main things that I learned/did.

It looks like some of the niceties of Zope2 are going to leave the silo under the Repose project. This means that the zope transaction manager (repoze.tm), retry engine (repoze.retry) and other zope features can be used by your WSGI application. Also it means that Zope can be hosted as a WSGI app.

I learned there are ways to extend _import_ that don't involve rewriting _import_. I don't know if I'll ever need to know this, but it might be useful in a plugin loader of some sort. There's a flow chart in Brett's SVN.

I should probably use more weak references in my Python code. Dr. Tim Couper gave a lucid overview of references weak and strong, and practical ways of dealing with circular references, including how to detect them using unittest. I hope he posts his slides soon.

Kevin Dangoor gave a slick demo of TG 2 and Dojo, and gave a quick introduction to Comet servers. It looks like dojo does pretty much everything that Mochikit does, but adds support for Javascript UI widgets. Comet looks really cool. More about that later.

Tahoe is a nifty looking distributed remote filesystem concept. It needs fuse drivers though before it's really a filesystem rather than a storage mechanism (like S3). It's all RESTy though, which makes some people happy.

There are metrics for measuring code complexity, and python has tools to do that. Basically every branch in a method increases complexity by one. Keep complexity down to 10 or less to make unit testing feasible. More than 10 and the number of unittests required to cover every branch starts to get unmanageable. Apparently there is a PyMetrics module for measuring code complexity. Here are the slides from a very interesting talk.

I held a BoF on i18n'izing web applications, and a few people helped me to brainstorm this problem. The general consensus was that you should do translation as close to the user as prudent; view certainly, controller is ok, but never in the model, if you have messages that are generated by some other process, or that gets cached to the database, the "data" should be stored separately from the operational message. Generally you should avoid sending this kind of data to the end user, and instead abstract it with messages of your own. Barry Warsaw came in to the BoF with a hard problem; usually when you're handling web templates, you filter out the non-element text and build a string table out of that. What about the cases however, where you have <em> or <b> tags? I think that if you had an XML parser that would extract the text elements, and if sub-elements are present lump them with the text. For example, if you had "This text <b>needs</b> to be translated", it would be collected as one string, but if you had "<div><span>Phrase 1</span><span>Phrase 2</span></div>" it would be two phrases.

There are a couple of cool tools that have stemmed from the PyPy project. The first offers a framework for distributed testing. Py.test does stack introspection so that simple "assert" statements can be used instead of the pseudo self.assertEquals().

I got together with some people to talk about Python Packaging. Here are some notes from the meeting, and there's been some additional discussion on the distutils-SIG mailing list. Jeff Rush did a tutorial on Thursday, and his slides and exercises are available. Hopefully something coherent comes out of this, but it looks like more of the same resistance to making application installation reasonable.

I talked briefly with Ivan Krstić and Noah Kantrowitz about python plugin frameworks. Hopefully we'll be able to collaborate some on a generic system for application extensions.

Probably the coolest thing I learned about was a couple of protocols, both implemented by orbited. Orbited's client libraries allow for a user to connect to a orbited server to provide a push mechanism for sending messages to a web browser. The Orbited team was shooting for a 0.4 release after the PyCon Sprints this week. Check out their IRC client demo.

PyCryptoPP was suggested to me as a decent Python based Crypto library, since it's simply python wrappers for Crypto++. PyOpenssl has a new maintainer, and should be getting some much needed attention.

I also enjoyed Raymond Hettinger's talk on "Core Python Containers". It was very helpful in understanding what list, dict, deque and set do behind the scenes, and how to use them most efficiently.

Overall, I had a great experience at PyCon 2008. The venue was big enough for all of us (there were more than 1000 registrants), and there was more than enough room for Open Space/BoF talks.

Chicago style pizza is definitely different from anything I have eaten before. The jury is still out as to whether it's worth the hype.

PyCon 2007

Turbogears Last night I returned home after 3 days at PyCon 2007 in Dallas Texas. I think my brain is full. It was great to meet people to whom I've talked on IRC or email, or whose software I've used. It was also fun to hang out with Mark Ramm, Robert Brewer, Ian Bicking, Ben Bangert, Rob Orsini and Chad Whitacre at Robert and Chad's suite on Friday night. I haven't laughed so hard in a long time.

As Robert mentioned in his blog post, there was some mind melding, er, meeting on the part of Zope, Pylons and CherryPy as well as others. I'll look at the way that sockets are handled and contribute some code. I'm looking forward to this collaboration. In addition to what Robert mentioned another thing we decided was to come up with several "stories" for deployment and help guide users down the right path for them when deploying a Python web application.

For the rest of the conference, most of the keynote and full length talks were good, the lightning plenary talks were great, having several rooms to hold Birdts of a Feather (BoF) or non-scheduled talks provided much enlightenment, owning an 802.11A wireless chipset was a difference maker in connectivity and bandwidth, and lots of Pythonistas have beards (some of which are out of control)

I noted several things that I thought merited additional attention:

  • trac -- I didn't know it could be used with mercurial instead of svn

  • pyjamas -- generate javascript from python code

  • Idea (some kind of testing tool, can't find a link)

  • IPython -- Interactive Python including a replacement for pdb

  • Jack Slocum's YahooUI extensions/datagrid

  • Fitnesse -- A framework for collecting functional and integration tests

  • Zope's TestRunner -- Has something that could be used for memory/object leak detection

  • Monit -- might be used for the same

  • Star Schema -- Data reporting in memory instead of in db

  • Packaging eggs instead of building new setuptools targets for linux packaging systems.

  • zdaemon, supervisor2 and other libraries that may make daemonizing a python program trivial.

  • Lots of cool testing tools: figleaf, twill, scotch



Hopefully I can make it again next year.

Nice and Easy Server Calls (or How to keep your hair when developing rAA plugins)

Previous to last weekend, the process for setting up a rAA plugin to talk to the backend looked like the following:
  1. Set up a schedule object (one time or immediate based on whether you want to block or not).
  2. Set up a table to hold whatever data you need when doing the operation, or more recently use plugin properties.
  3. Link the schedule Id from the schedule object in 1 with the data in 2. For immediate tasks, you needed to do this through a callback.
  4. Implement XMLRPC interfaces on the webside to retrieve the data in 2, and to save the results.
  5. Add a logical branch in your backend doTask method to do the new functionality, making xmlrpc calls as appropriate to retrieve the data for processing, and store the result.
  6. Write a callback method to retrieve the result saved above.


Basically that sucked. Now, the process is as follows.
  1. On the web side, make a call to self.callBackend passing in the method name on the backend to call as well as any arguments to pass.
  2. On the server side, implement that function and return a result.

Notice that no XMLRPC interfaces need designing, no additional tables need creating, and no callbacks are needed to retrieve the data.

This currently only works for synchronous tasks where the page request will block until the results are available, but in the future, there will be another method (called callBackendAsync) that will make longer running tasks easy (in conjunction with the CallbackStatusWidget). I hope that I can get to that soon.