Following up on the Amazon OS outside EC2 post, I have now done the same, but in a KVM hypervisor on an Ubuntu 14.04 server.
Before you clone, I recommend change the BOOTPROTO=dhcp to “static”, to avoid a long, 20m+ DHCP timeout. I forgot about this part. Then convert the cloned image to a qcow2 image using
qemu-img convert -f raw -O qcow2 cloned.drive cloned.qcow2
After that, I just used virt-manager to define a new VM with cloned.qcow2 attached as a qcow2 type SATA drive.
The default virtual network adapter is Virtio, and that is supported out of the box with the cloned image (2015.03) so no fiddling with kernel-lt as for Virtualbox.
The cloned image is also configured for console via ttyS0, so with the default config, again, you can attach to the console using
virsh console yourvirtualmachine
I configured the network statically for eth0, and brought that up on br0 in the hypervisor.
Next step is getting a VPN set up to inside AWS for accessing e.g. AWS services or yum packages. Openssh has a tun tunneling built in that we can use, borrowing some ideas from Setting up a Layer 3 tunneling VPN with using OpenSSH (Debian administration)
It’s a little different on CentOS and Amazon Linux though, create a script that runs ssh when we do ifup tun0 on the cloned server:
# /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
IPADDR=192.168.128.2
NETMASK=255.255.255.252
BOOTPROTO=static
UPCMD="ssh -i /root/.ssh/aws_vpn -S /var/run/ssh-myvpn-tunnel-control -M -f -w 0:0 my-aws-server.com true"
Copy /etc/sysconfig/network-scripts/ifup-eth to /etc/sysconfig/network-scripts/ifup-tun and apply this little patch:
@@ -37,14 +37,48 @@
DYNCONFIG=true
fi
+if [ -n “${UPCMD}” ] ; then
+ $UPCMD
+fi
+
# load the module associated with that device
# /sbin/modprobe ${REALDEVICE}
is_available ${REALDEVICE}
We also need some routing:
# /etc/sysconfig/network-scripts/route-tun0
# Static route for packages
54.231.0.0/16 via 192.168.128.1
On my-aws-server.com, terminate the VPN:
# /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
IPADDR=192.168.128.1
NETMASK=255.255.255.252
BOOTPROTO=static
Need some routes here too:
# /etc/sysconfig/network-scripts/route-tun0
# Static route for ssh vpn
192.168.0.0/16 via 192.168.128.2
Need some network address translation:
iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE Perform a service iptables save after modifying the firewall.
Now try it:
[root@cloned-server]# ifup tun0
Determining if ip address 192.168.128.2 is already in use for device tun0...
[root@cloned-server]# Determining if ip address 192.168.128.1 is already in use for device tun0...
[root@cloned-server]# yum clean all ; yum check-update
Loaded plugins: priorities, update-motd, upgrade-helper
Cleaning repos: amzn-main amzn-updates
Cleaning up everything
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest | 2.1 kB 00:00
amzn-main/latest/group | 35 kB 00:00
amzn-main/latest/primary_db | 3.3 MB 00:01
amzn-updates/lates | 2.3 kB 00:00
amzn-updates/latest/group | 35 kB 00:00
amzn-updates/latest/updateinfo | 249 kB 00:00
amzn-updates/latest/primary_d | 879 kB 00:00
[root@cloned-server]# Yay :-)
