Triaging Instance Metadata and User Data for Windows Instances

Follow

Eucalyptus Versions Affected:  3.4 and Higher

Background

Eucalyptus provides each instance launched metadata and user data (this depends on what information is passed using the --user-data-file/--user-data option with the RunInstances API call) just as provided by AWS EC2 Service.  The goal of this article is to show how a cloud administrator can confirm that a given Windows instance on a Eucalyptus cloud is successfully obtaining the instance metadata and user data information.  

Bundling, Uploading and Registering the Windows Image

To get started, make sure there is a Windows EMI available.  To bundle, upload and register a Windows image (created by following the Eucalyptus documentation to create a Windows image), use euca-install-image.  Please note that the image needs to be a raw formatted image file.  For example, below is an example using euca-install-image with the raw image 'windows7_nov14.img':

# euca-install-image --image windows7_nov14.img --bucket windows7-x86_86-qa --name windows7-x86_64 --platform windows --arch x86_64 --privatekey euca-admin --virtualization-type hvm --cert admin-cert.pem --privatekey admin-pk.pem --ec2cert cloud-cert.pem --user 393324938909
.....
emi-42389e47

Please note that the --privatekey option is used here because one is needed for the keypair to use to grab the Windows instance password, and the other is used for bundling the image.  After the image has been bundled, uploaded and registered, there is a base Windows EMI that can be used for the cloud.

Launching a Windows Instance with User Data

Before we launch an instance from the Windows EMI, create a test user data file.  Understand that the Eucalyptus Windows Integration Tool doesn't have the option to set enable accessing and executing information passed via user data like the AWS EC2Config tool. If you would like the instance to process the information passed in the user data and metadata, please use either of the following methods:

  • Install the AWS EC2Config tool when creating the Windows image, and enable the option for User Data execution for next service startup.
  • Add a custom startup script that will process the instance user data and metadata information.

Here is an example file that will be passed using the instance user data:

# cat script.txt
<script>
mkdir c:\test
echo $HELLO >c:\test\echo.txt
ipconfig >c:\test\ifconfig.txt
tree >c:\tree.txt
</script>

Next, launch an instance passing the file using the --user-data-file/-f option:

# euca-run-instances -k euca-admin -t m1.small --user-data-file script.txt emi-42389e47
RESERVATION r-25f38302 393324938909 default
INSTANCE i-556760a9 emi-42389e47 euca-172-18-0-143.eucalyptus.internal pending euca-admin 0 m1.small 2015-02-10T16:07:42.484Z Mastermind windows monitoring-disabled 172.18.0.143 172.18.0.143 instance-store hvm sg-931964fe x86_64

Authorize the RDP ports to access the Windows instance using an RDP client:

# euca-authorize -P tcp -p ms-wbt-server default
GROUP default
PERMISSION default ALLOWS tcp 3389 3389 FROM CIDR 0.0.0.0/0
# euca-authorize -P udp -p ms-wbt-server default
GROUP default
PERMISSION default ALLOWS udp 3389 3389 FROM CIDR 0.0.0.0/0

Confirm the instance is running:

# euca-describe-instances i-556760a9
RESERVATION r-25f38302 393324938909 default
INSTANCE i-556760a9 emi-42389e47 euca-10-104-6-252.eucalyptus.rickross.cs.prc.eucalyptus-systems.com euca-172-18-0-143.eucalyptus.internal running euca-admin 0 m1.small 2015-02-10T16:07:42.484Z Mastermind windows monitoring-disabled 10.104.6.252 172.18.0.143 instance-store hvm sg-931964fe x86_64
TAG instance i-556760a9 euca:node 10.104.1.216

Use a client to RDP into the instance (e.g. Remote Desktop Connection for Mac).  In order to log into the instance, grab the Administrator password using the euca-get-password command:

# euca-get-password -k euca-admin i-556760a9
3Zfivwxc

Confirm Instance Metadata and User Data

After using the password to RDP into the instance, open up any browser available on the Windows instance, and install cURL for Windows.

Screen Shot 2015-02-10 at 11.58.51 AM.png

After installing cURL for Windows, open the Command Prompt.  Before running curl.exe, log onto the Cloud Controller (CLC), and use tcpdump to trace port 8773 traffic for the public IP of the instance.  In this example, the public IP of the instance is 10.104.6.252:

# tcpdump -Als0 -i em1 port 8773 and host 10.104.6.252

Next, while keeping the terminal window open to the CLC, switch to the RDP session, and use curl.exe to access the user data passed to the instance:

Screen Shot 2015-02-10 at 12.01.39 PM.png

Back in the terminal window with the ssh session to the CLC, notice the traffic that comes across the wire:

# tcpdump -Als0 -i em1 port 8773 and host 10.104.6.252
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
09:08:41.380248 IP 10.104.6.252.49372 > euare.rickross.cs.prc.eucalyptus-systems.com.8773: Flags [S], seq 525714179, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4C.@....a
h..
h...."E.U........ .k...............
09:08:41.380270 IP euare.rickross.cs.prc.eucalyptus-systems.com.8773 > 10.104.6.252.49372: Flags [S.], seq 888307008, ack 525714180, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
E..4..@.@..&
h..
h.."E..4.}@.U....9.................
09:08:41.380421 IP 10.104.6.252.49372 > euare.rickross.cs.prc.eucalyptus-systems.com.8773: Flags [.], ack 1, win 513, length 0
E..(C.@....l
h..
h...."E.U..4.}AP.............
09:08:41.380640 IP 10.104.6.252.49372 > euare.rickross.cs.prc.eucalyptus-systems.com.8773: Flags [P.], seq 1:97, ack 1, win 513, length 96
E...C.@.....
h..
h...."E.U..4.}AP...%}..GET /latest/user-data/ HTTP/1.1
User-Agent: curl/7.33.0
Host: 169.254.169.254
Accept: */*
09:08:41.380647 IP euare.rickross.cs.prc.eucalyptus-systems.com.8773 > 10.104.6.252.49372: Flags [.], ack 97, win 115, length 0
E..(.n@.@.q.
h..
h.."E..4.}A.U.dP..s....
09:08:41.402693 IP euare.rickross.cs.prc.eucalyptus-systems.com.8773 > 10.104.6.252.49372: Flags [P.], seq 1:203, ack 97, win 115, length 202
E....o@.@.p.
h..
h.."E..4.}A.U.dP..s....HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 117
Connection: close
<script>
mkdir c:\test
echo $HELLO >c:\test\echo.txt
ipconfig >c:\test\ifconfig.txt
tree >c:\tree.txt
</script>
09:08:41.402737 IP euare.rickross.cs.prc.eucalyptus-systems.com.8773 > 10.104.6.252.49372: Flags [F.], seq 203, ack 97, win 115, length 0
E..(.p@.@.q.
h..
h.."E..4.~..U.dP..s....
09:08:41.402986 IP 10.104.6.252.49372 > euare.rickross.cs.prc.eucalyptus-systems.com.8773: Flags [.], ack 204, win 512, length 0
E..(C.@....j
h..
h...."E.U.d4.~.P....\........
09:08:41.404602 IP 10.104.6.252.49372 > euare.rickross.cs.prc.eucalyptus-systems.com.8773: Flags [F.], seq 97, ack 204, win 512, length 0
E..(C.@....i
h..
h...."E.U.d4.~.P....[........
09:08:41.404615 IP euare.rickross.cs.prc.eucalyptus-systems.com.8773 > 10.104.6.252.49372: Flags [.], ack 98, win 115, length 0
E..(..@.@..2
h..
h.."E..4.~..U.eP..s....
^C
10 packets captured
47 packets received by filter
5 packets dropped by kernel

Conclusion

As you can see, the Windows instance successfully queried the CLC for its user data, and the CLC responded with the correct user data information.  Remember, Windows instances by default do not have a tool which will process the instance metadata and user data.  To have that information processed, do either of the following steps:

  • Install the AWS EC2Config tool when creating the Windows image, and enable the option for User Data execution for next service startup.
  • Add a custom startup script that will process the instance user data and metadata information.
Have more questions? Submit a request

Comments

Powered by Zendesk