How to export an EBS based Linux VM from AWS EC2

Exporting an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance that is making use of Amazon Elastic Block Store (EBS) data volumes is not possible using the standard AWS Command Line Interface (CLI) command “ec2-create-instance-export-task”. The limitations are described a the bottom of this page.

As a workaround you can use the following procedure which requires a number of VMware solutions:

  • VMware vCenter Converter Standalone 6.0.0
  • VMware ESX Server 5.5.0
  • VMware Workstation 10.0.7

The procedure described below should work with the versions of the VMware software mentioned above, but other combinations might also work fine. The EC2 instance being exported was based on a RHEL 7.0 Amazon Machine Image (AMI).

Step 1) First make sure you can login to your active Linux EC2 instance using a username and password. This is disabled by default in the Linux AMIs, but can be enabled by setting the following option in both /etc/ssh/ssh_config and /etc/ssh/sshd_config:

PasswordAuthentication yes

Next restart the ssh daemon:

Step 2) Create an account with root permissions and a known password as the standard user “ec2-user”

Step 3) Run VMware vCenter Converter (make sure you always run this utility “as Administrator” under Windows) and select “Convert machine” from the menu at the top. Select “Powered-on machine” from the “Select source type” drop down list and specify the address, user name, password and O.S. Family (Linux) for the remote machine on AWS. In the next step of the wizard indicate to which VMware ESX server the Linux EC2 instance has to be exported. Just follow the rest of the wizard and wait for the conversion task to finish.

Note that you need version 6.0.0 or higher of VMware vCenter Converter to be able to convert RHEL 7.0 AMIs. If you use a lower version, you might receive the following error:

Step 4) At 97% completion the VMware vCenter Converter might run into the following exception:

Due to this exception you won’t be able to boot your VM. If you try to boot the VM, you will see the following error (Operating System not found):

To solve this issue, proceed as follows (based on this knowledge base article for a similar problem):

Step 5) Boot your VM in rescue mode. Typically you won’t have a rescue disk for an AWS AMI based EC2 instance, but you can simply use the standard installation .iso files which you can download from the Red Hat website. Just use the evaluation copies you can download for free. When you have downloaded the installation boot or dvd .iso, connect it to your VM via the CD/DVD hardware device. Next you will need to change the BIOS of your VM so that it boots the CD/DVD first. I used VMware Workstation to perform these steps, so first I had to convert the VM from our ESX server to a VMware workstation compatible format using VMware vCenter Converter Standalone. From VMware Workstation you can access the BIOS by selecting VM -> Power -> Power On to BIOS from the menu.

BIOS boot CD-ROM Drive

When the VM boots from the boot or installation .iso file, hit ‘Tab’ to change the boot command and append “rescue” to the end of the command so that it looks something like this:

Boot RHEL 7.0 Rescue Mode

The rescue environment will attempt to find your Linux installation, but in my case that didn’t work and you shouldn’t worry about that, as long as you get a command prompt where you can enter the following commands to fix the BIOS boot partition:

First, determine the name of the disk that contains your Linux O.S. and /boot folder:

AWSEC2fdisk-l

Then create a primary partition where you can install grub. Make sure this partition is created in front of your existing Linux partition:

AWSEC2parted

Next update the UUID in the /etc/fstab file:

  1. Run the blkid command and identify the new UUID for the boot disk. Also, note the UUIDs of additional disk devices, if any.
  2. Edit the /etc/fstab file using a text editor
  3. Replace the UUIDs of the boot disk with the correct UUIDs identified in Step 1.
AWSEC2blkid

Now reboot again in rescue mode. The rescue procedure should be able to find your system and will mount it under /mnt/sysimage. Then perform the following commands to reinstall grub:

AWSEC2grubreboot

If you now reboot the server from your disk (make sure to disconnect the CD-ROM from your VM first), the “Operating System not found error” should be gone. You will be asked to create a user and accept the license agreement. Once you have accepted this, enter q, the setup will complete and you can login using your ec2-user.

Author: Kristof Lievens

blogger

blogger

Curious to know more about this topic?

Working at i8c

i8c is a system integrator that strives for an informal atmosphere between its employees, who have an average age of approx 30 years old. We invest a lot of effort in the professional development of each individual, through a direct connection between the consultants and the management (no multiple layers of middle management). We are based in Kontich, near Antwerp, but our customers are mainly located in the triangle Ghent-Antwerp-Brussels and belong to the top 500 companies in Belgium (Securex, Electrabel, UCB, etc…).

Quality Assurance

i8c is committed to delivering quality services and providing customer satisfaction. That’s why we invested in the introduction of a Quality Management System, which resulted in our ISO9001:2000 certification. This guarantees that we will meet your expectations, as a reliable, efficient and mature partner for your SOA & integration projects.

i8c - ISO9001-2015

Also worth reading

AWS AppFlow: Streamlining SaaS Integrations with AWS Services

In today’s digital world, organizations are constantly looking for ways to streamline their workflows and improve their data management processes. One of the key challenges that organizations face is integrating their various software as a service (SaaS) applications with their data management systems. This is

Read More »

Apigee Scope Validation using OpenAPI Specification

In API security and management, we often use a lot of different security mechanisms to protect the requested resource behind the API Gateway. One of these mechanisms is the validation of scopes to authorize a client on a specific sub-resource of the API. Most of

Read More »