EC2 AMIs will be available from snapshot builds

Colin Percival cperciva at
Tue Jun 16 21:06:32 UTC 2015

On 06/16/15 13:33, Collin Forbes wrote:
> On Tue, Jun 16, 2015 at 12:12:26PM -0700, Colin Percival wrote:
>> On 06/16/15 11:47, Collin Forbes wrote:
>>> I was seeing this with ami-53fcb763 over the weekend. That one isn't a
>>> even a snapshot release. It's the AMI for FreeBSD 10.1-RELEASE for current
>>> generation instances on us-west-2. I was trying to use t2.small and
>>> t2.medium instances and had the same behavior.
>> Works for me... takes about 5 minutes before you can SSH in though, since the
>> image downloads security patches first.
> I've attached a copy/paste from the system log of an instance I just
> tried launching.  It was a t2.small with ami-53fcb763 (10.1-RELEASE)
> I have a note about behavior in the middle of the log. It seems to hang at:
>     freebsd-update: Fetching public key from failed.

This isn't a hang... not really.  The EC2 console has the annoying property
of not being real-time; the console gets read a few minutes after the instance
boots, and that gets cached for later console-read requests.

> I waited about 15 minutes and then gave it a reboot command from the AWS
> console. The remaining lines appeared in the log after that. However, the
> instance is not accessible after the reboot and there are no other log
> lines indicating the instance rebooted.

... meanwhile the EC2 instance (slowly) continues on, trying and failing to
contact all the other freebsd-update mirrors, but that output doesn't appear
until the instance is rebooted or shut down (at which point the EC2 console
refreshes itself).

The same thing is going on with Steve's "hanging after 'Fetching EC2
user-data failed'": The thing which happens after that in the boot process
is the pkg bootstrap, which is taking a long time before it fails.

I managed to replicate this problem in two ways:

1. Launching an instance without a public IP address.

2. Launching an instance *with* a public IP address, but into a VPC subnet
which didn't have a route to the rest of the internet.  I have absolutely
no idea how this happened...

In any case, make sure that your EC2 instance has a public IP address and
the VPC subnet it's in has a default route.

Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | | Online backups for the truly paranoid

More information about the freebsd-cloud mailing list