Thursday, 2nd December 2010 - 22 Comments
Hey - good to see you! If you are new here, you can subscribe to the RSS feed for updates on this topic.
Recently I have had to run a Java app on a server which required a GUI front-end to operate. The majority of my experience with servers in "the cloud" has been via command line SSH connection. For this I tend to use the latest LTS release of Ubuntu Server. Ubuntu Server by design is lean and mean, not possessing any native GUI capabilities and hence I needed to find an alternative. It was suggested to me that I give XVNC a go, but that obviously requires an installation of the X system. After reading many tutorials, it seemed that people had became bogged down in X configuration files with screen resolution and persistent monitor issues. I did not want any part of that so I considered whether I could run Ubuntu Desktop instead.
I will be using Amazon EC2 for this demonstration. I keep threatening to write up a full guide to EC2, but until that day I will assume that you have an Amazon Web Services account. I'll also assume you know how to create new instances from an Amazon Machine Image (AMI), key-pairs and security groups within the AWS Management Console. The most recent LTS version of Ubuntu is 10.04 (Lucid Lynx), which is the version I will use for this tutorial. Here is a list of all Canonical Official AMIs. I will use the daily build of Lucid Lynx 10.04 LTS, 32-bit, EBS-backed, which has an AMI code of ami-9f8573f6.
Connecting to the desktop instance will require a means of sending over the X-Windows screen. We will use the NoMachine NX server, which not only allows remote GUI connections but greatly increases the responsiveness of the desktop even over low bandwidth connections. All of the interaction is handled over the SSH protocol, so we will only need to open port 22 on our server machine in order for NX to function.
The first task is to launch the instance using the Community AMI with code ami-9f8573f6. This AMI is EBS-backed, which means it resides on an Elastic Block Store volume. This ensures that you can Stop/Start the server without losing your data between reboots. Although I still encourage you to backup your data to a service such as S3!
Open up the EC2 management console window and select Launch Instance. You will be presented with the following screen:
Click on Community AMIs and then type in ami-9f8573f6 to the right of the All Images dropdown menu. Be patient as it can take around 10 seconds for Amazon to find the disk image. Once it shows up, click on Select.
The next screen allows you to determine the quantity, type and location of the instance(s) you wish to launch. I am selecting a single small instance in any availability zone. Click on Continue to proceed.
If you wish to modify the kernal or RAM disk, then this is the screen to do it. You may also wish to enable CloudWatch monitoring, but that costs more! I have gone with the defaults. Click on Continue to proceed.
Tagging your instances is a good idea, especially if you have a lot of them. I've added a description with the operating system and version number. You may wish to add more. Once you're happy with your tags, click on Continue to proceed.
If you already have a keypair, and more importantly, know where you originally downloaded it, then select Choose From Existing Keypairs, select your keypair and then continue. If you do not have a keypair, then select Create a new Key Pair, name your keypair and download it. You will need to put it somewhere accessible as we will be modifying the permissions of this file later. Once you have copied the keypair information, click Continue to head to the next screen.
You may already have a security group enabled for your instances. I have chosen to create a new one, which has the rule of only allowing SSH connections (via port 22). You may want to be more restrictive by only allowing a subset or single IP address to access the machine. Adjust the security rules as you see fit, then add your rules. Once they are added make sure to name your security group with something descriptive. I have chosen desktopssh. Click Continue to review your configuration.
All of the configuration looks nominal, so select Launch to fire up your instance. After half a minute or so it will be activated.
The final task is to click on your instance and obtain it's Public IP address, which we will use for the connection. It will be of the form ec2-***-***-***-***.compute-1.amazonaws.com where the asterisks represent the IP address of the instance. Note it down as we will require this later when logging in.
Now that the instance is running, you will need to access it via SSH. I will assume you are usnig a Linux distribution with access to a terminal or equivalently, you can use Putty in Windows.
Earlier we placed the keypair file in the ~/myuser/amazon/ directory. Attempting to use this keypair while logging in will cause SSH to throw an error that the default read permissions on the file are too insecure. Therefore we need to remove the read permissions for groups and others, while retaining it for the user. Thus we change permissions from 644 to 400:
chmod 400 keypair.pem
Now we can SSH into the Amazon instance using the keypair. Remember to replace the asterisks below with your specific host which can be seen from the AWS Management Console:
ssh -i /path/to/keypair.pem ubuntu@ec2-***-***-***-***.compute-1.amazonaws.com
Now that we are logged into the Amazon instance, we need to perform some essential system maintenance, which includes updates, an upgrade and installation of some additional packages. I have chosen to install build-essential and Emacs 2.3. If you are comfortable with another text editor, then you can skip the install of emacs23:
sudo apt-get update sudo apt-get ugrade sudo apt-get install build-essential emacs23
At this stage you have the choice of creating a new user. Canonical AMIs ship with "ubuntu" as a sudo-enabled user by default, but if you wish to create an alternative, then read the following section, otherwise skip to Desktop Installation below.
The first task is to add the user with name myuser (which you can obviously replace with your choice!). Ubuntu provides a handy shortcut which takes care of home directory creation:
sudo adduser myuser
You will be prompted to enter a password. I won't lecture you about password security, but a long (16-20 characters) random string of punctuation, numbers, lower and upper-case letters is your safest bet here. I do not usually bother entering any of the other information unless I am on a multi-user system. The choice is yours.
If you wish the user to gain sudo administrator privileges, then the user and permissions need to be added to the sudoers file. The safest way to carry this out is to use visudo, which performs sanity checking and parsing on the sudoers file after an edit. Naturally, visudo requires sudo privileges to run:
Add the following line below the ubuntu user, then save the file and exit:
myuser ALL=(ALL) ALL
The most secure method for authenticating against this user is to use a keypair for password-less logins. However, if you prefer to use a password login then you will need to modify the SSH daemon configuration to allow it. Open up the sshd_config file:
sudo emacs /etc/ssh/sshd_config
Set PasswordAuthentication to "yes" where it says "no", then save and exit. You will have to restart the SSH daemon for this to take effect:
sudo /etc/init.d/ssh restart
You can continue using the ubuntu user from now on or can exit and log back into the server with the myuser account. If you chose password login then it will prompt you for this upon successful SSH connection, else you will need to use the -i flag with your chosen keypair, as above.
The next step is to install the Ubuntu Desktop functionality. This essentially means install the X window system and the window manager. My personal choice is Gnome, but Ubuntu ships with KDE among others. The first task is to change the environment variable DEBIAN_FRONTEND to noninteractive so that we do not have to enter any commands while installing. We then run a second update to make sure we can see the correct desktop packages. Finally we install the ubuntu-desktop package. Bear in mind that the last command will take around 15-20 minutes, so grab a coffee while waiting.
export DEBIAN_FRONTEND=noninteractive sudo -E apt-get update sudo -E apt-get install -y ubuntu-desktop
You now have a Ubuntu Desktop 10.04 living in the cloud! Although, we can't do much with it yet as we can't connect to it via a GUI remote connection. This is where NoMachine FreeNX comes in.
Installing FreeNX Server
FreeNX is a utility which allows us to connect to the server and start an X session, running a window manager on top. To install it we need to add access to the correct repositories. In Ubuntu 9.10, a handy command line shortcut, add-apt-repository, was added to stop having to poke around in the package universe configuration files. Add the FreeNX repository, update again and install FreeNX via the following commands:
sudo add-apt-repository ppa:freenx-team sudo apt-get update sudo aptitude install freenx
There is some minor maintenance to perform before the software will function correctly. Firstly, a setup file must be downloaded. Change to your designated file downloaded directory and then download the following file:
Unpack the file and move it to the NX installation directory. Finally, change the ownership of the file to the root user and install it:
tar zxvf nxsetup.tar.gz sudo mv nxsetup /usr/lib/nx/nxsetup sudo chown root:root /usr/lib/nx/nxsetup sudo /usr/lib/nx/nxsetup --install
You will be asked if you wish to generate a new user key. Type "N", as we have already created a user above. If you have any difficulty with the above steps, there is a more comprehensive installation guide at the Ubuntu Community FreeNX page.
At this stage the server is configured to allow remote GUI connections using FreeNX and possesses all of the necessary window systems and managers in order to provide a cloud-based desktop experience! The next stage is to install a NX client on your local machine so that you can log into the system.
Installing the NX Client
Thankfully, installing the client is extremely straightforward. I've listed all of the download link hierarchies here, so that you can pick the correct package for your operating system. Visit the NoMachine download page and then click on your preferred operating system. As stated above, I am assuming you are using Ubuntu Desktop on your local box, so head to the download linux client page. Then you can select the .deb package which will take you to the debian package download page. Select Download Package and it will ask you to open it with the Ubuntu Software Centre.
Once the program is installed, it will be in your menu under Applications > Internet > NX Client for Linux > NX Client for Linux. Open it up and then type in your login details, using the username/password combination that you created above. Then type a new session name and hit Configure. Fill in your host name and select the screen resolution that you wish to use. I have selected Gnome as the window manager, but you can change that if you prefer.
Connecting to the Server-Desktop
The final step is to click Save and OK and then Connect. After a brief interlude, you should be presented with a full-fledged Ubuntu Desktop in the cloud!
I've found this to be extremely useful for some applications that I am using. Please let me know in the comments below how you have made use of your desktop in the cloud, as I would be very keen to find new ways of using a setup like this.