Home / server / Questions / 319800
Accepted
Bittrance
Asked: 2011-10-09 14:56:52 +0800 CST

Need rpcsec_gss_krb5 and Linux kernel 2.6.35+ on EC2

  • 772

I am trying to do Kerberos-auth:d NFS4 on EC2. In order to do this, it seems one wants a kernel at least 2.6.35 in order to get decent encryption algos. The distro I could find that provides this is Ubuntu/Natty, which has 2.6.38. However, the default images are the -virtual flavour, which lacks rpcsec_gss_krb5. Thus I'm trying to make an image that boots a -generic image, but these seem not to be appreciated by the EC2 pv-grub loader:

    Xen Minimal OS!
  start_info: 0xa01000(VA)
    nr_pages: 0x26700
  shared_inf: 0xbee66000(MA)
     pt_base: 0xa04000(VA)
nr_pt_frames: 0x9
    mfn_list: 0x967000(VA)
   mod_start: 0x0(VA)
     mod_len: 0
       flags: 0x0
    cmd_line:  root=/dev/sda1 ro 4
  stack:      0x946780-0x966780
MM: Init
      _text: 0x0(VA)
     _etext: 0x61e65(VA)
   _erodata: 0x76000(VA)
     _edata: 0x7b6d4(VA)
stack start: 0x946780(VA)
       _end: 0x966d34(VA)
  start_pfn: a10
    max_pfn: 26700
Mapping memory range 0xc00000 - 0x26700000
setting 0x0-0x76000 readonly
skipped 0x1000
MM: Initialise page allocator for b3e000(b3e000)-0(26700000)
MM: done
Demand map pfns at 26701000-36701000.
Heap resides at 36702000-76702000.
Initialising timer interface
Initialising console ... done.
gnttab_table mapped at 0x26701000.
Initialising scheduler
Thread "Idle": pointer: 0x36702008, stack: 0xbf0000
Initialising xenbus
Thread "xenstore": pointer: 0x36702478, stack: 0x26600000
Dummy main: start_info=0x966880
Thread "main": pointer: 0x367028e8, stack: 0x26610000
"main" "root=/dev/sda1" "ro" "4" 
vbd 2049 is hd0
******************* BLKFRONT for device/vbd/2049 **********
backend at /local/domain/0/backend/vbd/1312/2049
Failed to read /local/domain/0/backend/vbd/1312/2049/feature-barrier.
Failed to read /local/domain/0/backend/vbd/1312/2049/feature-flush-cache.
4194304 sectors of 0 bytes
**************************
    [H
    [J  Booting 'Ubuntu Natty (development branch), kernel 2.6.38-11-virtual'
root            (hd0)
 Filesystem type is ext2fs, using whole disk
kernel          /boot/vmlinuz-2.6.38-11-generic root=LABEL=uec-rootfs ro console=hvc0 
initrd          /boot/initrd.img-2.6.38-11-generic

ERROR Invalid kernel: elf_xen_note_check: ERROR: Will only load images built for the generic loader or Linux images
xc_dom_parse_image returned -1

Error 9: Unknown boot failure
Press any key to continue...

I guess my questions are thus:

  1. Is my interpretation of the error message correct that the -generic kernels are not bootable by pv-grub?
  2. Is there any other kernel/package in Ubuntu containing rpcsec_gss_krb5 that are bootable (none relevant found by apt-file, but perhaps there are external repos)?
  3. Is there another community AMI that satisfies my criteria?

Alternatively, what do I need to do to build a pv-grub/EC2 variant of the -generic kernel?

nfs amazon-ec2 linux-kernel

1 Answers

  1. Best Answer

    In the end, brute-forced a kernel image from Debian/unstable. Given a volume from AMI ebs/ubuntu-images-milestone/ubuntu-natty-11.04-beta2-i386-server-20110413.1 (ami-4c906c25) I had to do three things:

    1. Download kernel from Debian repo: linux-image-3.0.0-2-686-pae_3.0.0-5_i386.deb
    2. Force the kernel: dpkg -i --force-all linux-image-3.0.0-2-686-pae_3.0.0-5_i386.deb
    3. Manually generate a ramdisk: update-initramfs -c -k 3.0.0-2-686-pae
    4. Create /boot/grub/menu.lst entry for the new kernel manually. Note that you need to set root=/dev/xvda1 as the generated ramdisk will not contain the label.

    Having done this, AMIs created from snapshots on this volume boots fine using pv-grub kernel aki-805ea7e9.

    UPDATE: Actually having the .deb installed makes apt-get very angry. Rather, just extracting it by dpkg-deb -x linux-image-3.0.0-2-686-pae_3.0.0-5_i386.deb / might be the better option.

    • 0