Tuesday, June 12, 2012

Create a Larger Boot Disk Amazon Linux AMI

I know these last couple posts don't have a lot to do with sipXecs but I thought I'd share a few of the Amazon AWS tips I've been accumulating.

Sometimes you just need more than the 8 GB EBS volume that Amazon provides with Amazon Linux.  Sure you can just create another volume and attach it somewhere, but sometime it’s just easier to have one big drive.

The following instructions are used to create a 64 bit Amazon Linux AMI with a boot drive up to 1 TB in size.

Servers can then be rapidly deployed from your new custom AMI.

Create Base System

Starting from
AMI:amzn-ami-pv-2012.03.1.x86_64-ebs (ami-e565ba8c)

Launch a new instance.

If you’d like, login and update system
SSH to new Instance with key, login as ec2-user
sudo sh
yum update
shutdown -h now

Build AMI

In EC2 console create a snapshot of the root EBS volume.

Create an ESB volume from that snapshot with the new desired size. (Please ensure it is in the same Availability Zone as the instance)

Detach the root 8 GB EBS volume and attach the newly created EBS volume to /dev/sda1 on the instance.

Start the instance and then login.

Resize the disk to get the rest of the expanded disk
sudo resize2fs /dev/sda1

From the EC2 console, click on the Instance and Create AMI from the running Instance.

There you have it!

Saturday, June 9, 2012

Build your own cloud hosted mail service... Zimbra in AWS

Install Zimbra 7.2 in Amazon Web Services on Amazon Linux (or CentOS 6)


Creating an AWS instance in normal AWS space and stopping and starting a server will have profound repercussions if:
The AMI used is Instance Store - Drive image reset (all data lost)
The Instance is not in VPC - Internal IP assigned to server will change

VPC = Virtual Private Cloud

Setup VPC

Login to the AWS Console

Click on VPC tab.

Click on VPC Dashboard

Create a VPC with Single Public Subnet Only (default option)

VPC Defaults to network space with the server within

Note which availability zone the VPC subnet was created in (in VPC tab, see subnets on left side menu)

To add a server to the VPC, click on Launch EC2 Instances which will take you back to the EC2 tab.  When you create your host following, make sure that it is in the proper availability zone.

Setup VPC Firewall

Allow the following ports to host (create a security group if you don’t have one already).

TCP Ports

80, 443, 22 (restrict from address to known hosts), 25, 110, 143, 993, 995, 7071

Configure DNS

Configure DNS A-Record for your host in your Internet Facing DNS service
elastic.ip.addr.ess    A      mail.yourdomain

Configure MX Record for your mail domain
yourdomain     MX     10    mail.yourdomain

Setup local bind server to resolve ‘yourdomain’ to internal IP addresses.
yum install bind

Modify /etc/named.conf to load a custom zone file:
nano -w /etc/named.conf

Add forwarders section in ‘options’ to forward to AWS DNS servers (typically .2 in your VPC ip range, mine is in my example below and my server is  Just put this as the last line in the options { ... } section:
forwarders {; };     

Add the zone file settings:
zone "yourmaildomain" {
       type master;
       file "yourmaildomain.zone";
       allow-update { none; };

Create zone data file:
nano -w /var/named/yourdomain.zone

Your zone file should look as follows (change yourmaildomain to your email domain, my mail server host name is mail, so fqdn = mail.yourdomain) (also, change the IP to be the IP of your server in the AWS VPC):

$TTL 1800
@       IN     SOA    ns1.yourdomain. root.yourmaildomain. (
                      2012041902 ; serial#
                      1800            ; refresh, seconds
                      1800            ; retry, seconds
                      1800            ; expire, seconds
                      1800 )          ; minimum TTL, seconds

; DNS Servers for 'zimbra.yourmaildomain’'

yourmaildomain.            IN     NS     mail.yourmaildomain.

yourmaildomain.            MX     10       mail.yourmaildomain.

mail.yourmaildomain.       IN      A

Make sure DNS starts on server boot:
chkconfig named on

Reboot server and make sure DNS is started:

ssh back in...

service named status

Configure Server Name

Edit the hosts file:
nano -w /etc/hosts

Add a line that looks like:
ip.addr.ofserver.invpc     fqdn.of.server     hostnameofserver

The fqdn should match what you specified in the external DNS and the hostname is the part of the FQDN before the domain (I used ‘mail’ in the example above)

Edit the network file:
nano -w /etc/sysconfig/network

Modify HOSTNAME=fqdn.of.server

Modify Amazon VPC DHCP

Modify the Amazon VPC setup’s DHCP Server so that the local DNS server is handed out first.

VPC Management -> DHCP Options Sets

Create DHCP Options Set

Set domain-name = your mail domain

Set Domain-name-servers = ip.addr.of.host,amazondnsserver

(in my case the above two values were -,

Your VPCs -> Check mark next to the VPC to modify, Change DHCP Options Set to new options set.

Setup Zimbra Host

Starting from
AMI:amzn-ami-pv-2012.03.1.x86_64-ebs (ami-e565ba8c)
(I’m use the East Region so this is mine... ymmv)

Launch a new instance.

Create a 20 GB EBS Volume (make sure it is created in the same AWS availability zone as the VPC subnet) and then Attach it to new instance (/dev/sdf)

Assign an elastic IP to the new server.

SSH to new Instance
login with ec2-user  and certificate

ssh -i key.pem ec2-user@elasticip

Sudo to sh
sudo sh

Mount new drive, format, copy /var folder to it, then mount it back to /var
mke2fs -F -j /dev/sdf
mkdir /mnt/ec2
mount /dev/sdf /mnt/ec2
cp -a /var/* /mnt/ec2
mount /dev/sdf /var
umount /mnt/ec2

Make system mount this volume every time
nano -w /etc/fstab

Add the following line to the bottom of the file:
/dev/sdf       /var      ext3    defaults    0   0

Continue with Installation & update Amazon Linux:
yum update

Reboot server to pickup updates.

SSH back into system
ssh -i key.pem ec2-user@elasticip

Login as root...
sudo sh

Install Zimbra

It’s important to make sure DNS is working right before this point...
dig yourmaildomain
dig yourmaildomain MX

Make sure this is being resolved locally...  LDAP stuff will mess up during install if you don’t do this.

SSH back into system
ssh -i key.pem ec2-user@elasticip

Login as root...
sudo sh

Change to root folder
cd /root

Download current Red Hat Enterprise Linux 6 RPM from http://www.zimbra.com/downloads/os-downloads.html

Unpack the file
tar xzvf zcs-7.2.0_GA_2669.RHEL6_64.20120410002025.tgz

Change to the directory created
cd zcs-7.2.0_GA_2669.RHEL6_64.20120410002025

Uninstall sendmail
yum erase sendmail

Fix sudoers file
nano -w /etc/sudoers

comment out ‘Defaults requiretty’

# Defaults requiretty

Fix for libstdc++
Create symbolic link to the following file :
ln -s /usr/lib64/libstdc++.so.6 /usr/lib/libstdc++.so.6

Start the Installation
./install.sh --platform-override

Set the admin password (menu option 3, and then menu option 4).

Enter ‘r’ to return to previous menu.

Enter ‘a’ to apply settings.