0

EC2 Ubuntu servers erase all disk contents when being shut down. Following an unfortunate accident, I have decided to prevent the command-live halt, poweroff and shutdown.

  1. What's the best way to do it? I thought about renaming these commands (at /sbin) to something like HALT_RENAMED___ERASES_ALL_DISK_CONTENTS.

  2. Are there any files, other than the three listed above, that needs to be handled?

  3. I've noticed that halt and poweroff are merely links to reboot. Should reboot be renamed, too?

Adam

Adam Matan
  • 13,194
  • 19
  • 55
  • 75

4 Answers4

3

If you're using EC2 instances and you have data that needs to persist, you should be using EBS volumes to hold the data. Otherwise you're responsible for putting together a process to periodically upload to S3 or other backup strategy to have restored upon reboot. I have close to a dozen EC2 instances running and use a combination of both strategies.

The drive mounted for / on EC2 instances is meant to clear when it is shutdown completely which is what halt, shutdown and poweroff do. The drive will remain during a reboot but when the instance is shutdown completely it is destroyed which is exactly as Amazon tells you in the terms of use for EC2 and why they recommend EBS if it needs to persist.

The only other option is to use EBS-backed instances which would then persist but you'll be paying for the storage of the EBS volume. This would but the entire instance on an EBS volume rather than just the data necessary to be persisted.

Jeremy Bouse
  • 11,341
  • 2
  • 28
  • 40
1

I strongly recommend using EBS based instances and periodically creating snapshots of your EBS volume. In the case of a potential hardware issue, EBS based instances can be stopped/started (which causes them to start up on different hardware, unless you are very unlucky)

I recommend snapshots because EBS volumes don't have the same redundancy as S3. They're more reliable than a regular hard drive, but I've had EBS volumes fail and my snapshots have saved the day.

ec2-modify-instance-attribute --instance-initiated-shutdown-behavior stop does not work to non EBS instances.

Michael Jensen
  • 376
  • 2
  • 1
0

You can change the shutdown behavior:

ec2-run-instances                           \
  --instance-initiated-shutdown-behavior stop \

Read more in deap about this here: http://alestic.com/2010/01/ec2-instance-locking

tore-
  • 1,396
  • 2
  • 10
  • 18
-2

There is no way.

SERIOUSLY - you should not rely on an EC2 server to keep state. This is well documented.

You CAN NOT stop a virtual machine from being shut down. What if the server fails? Wont happen - happened already at Amazon. Systems just crash.

Basically you are hunting ghsots here. You can not stop a VM from being shut down.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • Of course I can not completely prevent this from ever happening; I want to eliminate the `sudo halt` scenerio. – Adam Matan Mar 16 '10 at 14:54