3

I have a Windows Server 2008 instance on Amazon EC2 (Amazon's cloud compute platform, which provides VMs in the cloud). It has an external IP, and I have an admin account on the box. I would like to 'bootstrap' this instance remotely i.e. I want to run commands to download, install and configure apps on it, all without having to log on even once. Also, I cannot use psexec on the source computer.

I have figured out how to do this to a remote, domain-joined computer using WMI. However, I have NOT been able to do for a remote computer on EC2. Here are some specific restrictions:

  1. The remote computer is not part of my domain, hence no Kerberos
  2. The remote computer does not have a cert I trust, or vice versa

I am sure I am running into to some auth/trust restriction. Is there any way I can run a single command on the remote, given that I have admin privileges? I'm not tied down to using WMI, but I do need to run a command somehow. Feels like this should be a solved problem.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
Bilal Aslam
  • 131
  • 3

2 Answers2

1

While it's not directly the answer you're looking for, bear in mind that you can build a custom AMI that already contains the appropriate bootstrapping code on the server when it comes online. This is by far the most common solution to the problem you're facing, and is, in fact, the way Amazon expects you to solve this problem.

Simply add a program that, on startup, connects to a server you control and downloads a list of commands for it to run. Alternately, you can add a program that listens for inbound connections which, again, send the server a set of instructions to run. Obviously you can integrate any form of security you want.

There are several tutorials out there on rebuilding AMI images. Here's one from amazon: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/index.html?creating-an-ami-windows.html

tylerl
  • 14,885
  • 7
  • 49
  • 71
  • That works for EC2. How about for providers like Rightscale or Linode? – Bilal Aslam May 08 '10 at 15:09
  • Rightscale is a solutions provider for EC2. Linode also uses Xen. The solution is roughly the same, though the details might change a bit. – tylerl May 10 '10 at 03:28
1

I'm running Windows on EC2 and am able to do a lot of the things you're referring to - you're right this problem has been solved. The best solution being offered by cloud management providers currently for Windows, IMHO, is RightScale's recent addition for Windows support.

I use RightScale's FREE developer account and they enable you to do exactly what you're referring to above. It's a slight shift in tradtional Windows management. They have the concept of Chef Recipes (or scripts) that are downloaded by the instances and run on boot time. These are script that you can use to confgure/install software. It's actually a very compelling tool and surprisingly powerful. If you do not wish to use any cloud management providers like Rightscale or Scalr.net or Kaavo etc, I'd suggest running your own Chef server or use similar tools (Puppet, CfEngine etc), and use that to configure and deploy your cloud instances. Chef's latest release supports Windows clients.

If you're simply looking for a quick win to issue commands remotely from your laptop/desktop to your cloud instance, then the you can simply install Windows Management Framework which comes with Powershell 2.0. Using Powershell 2.0, you can issue remote commands ("Invoke-Command", much like ssh) and have it execute pretty much whatever you want on your instance - single lines commands or entire scripts. Authentication is quite simple w/o a Windows domain. You simply have to create an admin user on your desktop with the same username/password as your instance and Invoke-Command will work.

Ameer Deen
  • 3,598
  • 4
  • 25
  • 27