This topic explains how to create an Amazon Machine Image (AMI) to run an instance as a project server for an Autodesk Flame Family cloud deployment

You need to create an Open Virtualization Archive (OVA) with only a basic Operating System (OS) installation. You then use this OVA to create the AMI that holds the software to run on an AWS instance. These instructions are only a baseline for you to adapt to your configuration.

• Step 1 (Creating the Base OS OVA) and 2 (Converting the OVA file to AMI) are examples. You can adapt these to your environment.
• Step 3 (Configure the base AMI for a Project Server) contains all the steps required to successfully create an Autodesk Project Server AMI, and shouldn't be edited.
• Step 4 (Create the final AMI) lists the basics to create the AMI.

Prerequisites

To follow the instructions, you must have:

• A fully configured AWS account, with access to an access key.

• A local machine running Linux (from here on referred to as the "local machine").

• The AWS CLI installed and configured on your local machine.

• VirtualBox installed on your local machine.

  The instructions below refer to VirtualBox 6.1.26 (Linux).

Creating an AMI

To create an AMI for a project server, you:

1. Create an OVA file (a virtual machine) of the base OS with VirtualBox.
2. Convert the OVA file to a base AMI through AWS services.
3. Configure the base AMI by installing application-specific packages such as the DKU.
4. Create the AMI you will use to deploy the project server.

Creating the Base OS OVA

When creating an AMI from scratch, the first step is to create a basic OS-only AMI from the Autodesk CentOS 7.6 iso. You then install the application-specific packages on the new image.

You need the Autodesk CentOS 7.6 ISO as the source OS, available from your Autodesk Account.

1. Copy the source iso to your local machine.

2. In VirtualBox Create a new OVA with the following settings.

   1. Name: adsk_flame_project_server_centos_76
   2. Type: Linux
   3. Version: Red Hat (64-bit)

3. Memory Size: Keep as-is.

4. Virtual hard disk:

   1. VDI
   2. Dynamically allocated
   3. Size: 5 GB

5. Storage:

   • Controller: IDE - Optical drive

6. ISO: Autodesk CentOS 7.6

Once the VM is created, finalize the VM settings:

1. Start the VM.

2. Select Install CentOS 7.

3. Partition the disk into /boot (1G) and / (the rest of the disk). Do NOT create a swap partition.

4. Perform the rest of the OS installation normally.

5. When the user creation screen appears, create a user named flameadmin:

   • Full Name: Flame Administrator
   • User name: flameadmin
   • Check Make this user administrator
   • Uncheck Require a password to use this account

6. Once the installation is complete, shut down the VM (File > Close).

7. In Settings > Storage, delete the IDE Controller but keep the SATA Controller.

8. Start the VM.

9. Log in with the user flameadmin.

10. Disable the root password:

    sudo passwd -l root

11. Check if your network interface is enabled:

    ip -br addr show | grep UP

    If an IP address appears next to UP, your network interface is enabled. If there is no IP address run the following command, replacing with the first item from the previous command, like enp0s3:

    sudo ifup <interface>

12. Install cloud support packages and configure keypair login:

    sudo yum install cloud-init cloud-utils-growpart -y
    sudo sed -i 's/name: centos/name: flameadmin/' /etc/cloud/cloud.cfg
    sudo sed -i 's/gecos: Cloud User/gecos: Flame Administrator/' /etc/cloud/cloud.cfg
    echo "preserve_hostname: true" | sudo tee --append /etc/cloud/cloud.cfg
    sudo sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    sudo sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config

13. Shut down the VM.

14. Export the VM. Make sure to disable Write Manifest File.

Converting the OVA file to an AMI

You now import your OVA in AWS and convert it to the AMI format. Follow the instructions, but for more information, see AWS detailed documentation.

1. Upload the OVA file that you created to an AWS S3 Bucket.

2. On your local machine, create a text file with the following content, and save it as vmimport-trust-policy.json:

   {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": { "Service": "vmie.amazonaws.com" },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                "sts:Externalid": "vmimport"
                }
            }
        }
     ]
   }

3. On your local machine, create a text file with the following content, and save it as vmimport-role-policy.json. Make sure to replace <BUCKET_NAME> on lines 16 and 17 with the name of the S3 bucket used in step 1.

   {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:DeleteBucket",
                "s3:DeleteObject",
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::<BUCKET_NAME>",
                "arn:aws:s3:::<BUCKET_NAME>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "iam:CreateRole",
                "iam:PutRolePolicy",
                "sts:AssumeRole",
                "ec2:CancelConversionTask",
                "ec2:CancelExportTask",
                "ec2:CreateImage",
                "ec2:CreateInstanceExportTask",
                "ec2:CreateTags",
                "ec2:DeleteTags",
                "ec2:ImportInstance",
                "ec2:ImportVolume",
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:TerminateInstances",
                "ec2:ImportImage",
                "ec2:ImportSnapshot",
                "ec2:CancelImportTask",
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
            ],
            "Resource": "*"
        }
    ]
   }

4. On your local machine, create a text file with the following content and save it as containers.json. Make sure to edit these placeholders:

   • <DESCRIPTION> on line 3 with a description of the AMI.

   • <BUCKET_NAME> on line 6 with your S3 bucket name.

   • <OVA_FILE_NAME> on line 7 with the file name of the OVA file you created.

   [
    {
        "Description": "<DESCRIPTION>",
        "Format": "ova",
        "UserBucket": {
            "S3Bucket": "<BUCKET_NAME>",
            "S3Key": "<OVA_FILE_NAME>"
        }
    }
   ]

5. Create the required role and policy. On your local machine, run the following commands:

   aws iam create-role --role-name vmimport --assume-role-policy-document file://vmimport-trust-policy.json
   aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://vmimport-role-policy.json

6. Give the vmimport role the necessary permissions. In the AWS Web Console, do the following:

   1. In IAM Management Console > Roles > search for vmimport.

   2. Click vmimport.

   3. Under Permissions, click Add Permissions > Attach Policies.

   4. Attach the AmazonEC2FullAccess and AmazonS3FullAccess policies

7. Import the VM. On your local machine, enter the following command in a shell. Make sure to edit these placeholders:

   • <YOUR_AWS_REGION> with your AWS region identifier, such as us-east-1.

   • <YOUR_DESCRIPTION> with a description of the image.

   aws ec2 import-image --region <YOUR_AWS_REGION> --description "<YOUR_DESCRIPTION>" --disk-containers file://containers.json --role-name "vmimport"

8. The import process can take a while; you can monitor its progress with:

   aws ec2 describe-import-image-tasks

Once the process is "completed", the new AMI is available under EC2 > AMIs.

Configure the base AMI for a Project Server

Main differences between a project server and a Flame AMI:

• No NVIDIA drivers. While the NVIDIA libraries are installed, the driver kernel modules are not installed.
• No Wacom tablet drivers
• No display as this is a headless configuration

To create a project server AMI, we start from the AMI created in the previous step.

1. Upload the DKU and the Flame distribution tar files that you plan on installing to an S3 bucket.

   Note:

   You can also upload the tar files to the instance directly with scp later, but using an S3 bucket means you won't have to re-upload the files again should you need them later.

2. Launch an instance from the base AMI created in the previous section. You don't need an instance with a GPU.

   You must attach two volumes to this instance: one for the OS and software, and another for the project storage. Set the system volume to 20 GB, and the project server volume to 1 GB.

3. From your local machine, connect to the instance through ssh. Use the flameadmin account and the keypair that you selected when you finalized the VM settings.

   ssh -i <keypair> flameadmin@<INSTANCE PUBLIC IP>

4. Create a temporary work folder for later use.

   mkdir -p /tmp/provisioning

5. Apply some basic configuration settings.

   sudo sed -ir 's/SELINUX=\(disabled\|enforcing\|permissive\)/SELINUX=disabled/' /etc/selinux/config
   sudo sed -i 's/GRUB_CMDLINE_LINUX="[^"]*/& net.ifnames=0/' /etc/default/grub
   sudo sed -i '/^GRUB_TERMINAL_OUTPUT=/d' /etc/default/grub
   
   tee --append /etc/default/grub << EOF
   GRUB_TERMINAL="console serial"
   GRUB_SERIAL_COMMAND="serial --speed=115200"
   EOF

6. Set time-related features.

   sudo timedatectl set-local-rtc 0
   
   echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" | sudo tee --append /etc/chrony.conf
   
   sudo systemctl start chronyd
   sudo systemctl enable chronyd

7. Get the list of time zones with the following command.

   timedatectl list-timezones

8. From the list of time zones, locate the one you need such as America/New_York and use it to set the time zone on the instance.

   sudo timedatectl set-timezone <Your-Timezone>

9. Install the required tools:

   cd /tmp/provisioning
   
   sudo yum install wget gcc kernel-devel-$(uname -r) -y
   
   wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   sudo rpm -i epel-release-latest-7.noarch.rpm
   
   curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
   unzip awscliv2.zip
   sudo ./aws/install

10. Set your credentials for the AWS CLI, based on your secret keypair.

    export AWS_ACCESS_KEY_ID=<YOUR KEY ID>
    export AWS_SECRET_ACCESS_KEY=<YOUR SECRET KEY VALUE>
    export AWS_DEFAULT_REGION=<YOUR REGION>

    Warning

    Do not use aws configure or store your credentials on the instance, as this would include your credentials in the final AMI!

11. Install the DKU, replacing <DKU_TAR> with the full path of the tar file uploaded to S3 in step 1.

    cd /tmp/provisioning
    aws s3 cp <DKU_TAR> dku.tar
    tar xf dku.tar
    cd `tar tf dku.tar | head -1 | cut -d "/" -f 1`
    sudo ./INSTALL_DKU --silentgeneric --keepnvdriver
    
    sudo systemctl stop httpd
    sudo systemctl disable httpd

12. Enable IGMPv2.

    echo "net.ipv4.conf.all.force_igmp_version=2" | sudo tee --append /etc/sysctl.conf

13. Create the project storage mountpoint.

    sudo mkdir /var/opt/Autodesk
    sudo mkfs.xfs /dev/nvme1n1
    sudo mount /dev/nvme1n1 /var/opt/Autodesk
    
    sudo tee --append /etc/fstab << EOF
    UUID=$(sudo xfs_admin -u /dev/nvme1n1 | awk '{print $3}') /var/opt/Autodesk   xfs   defaults    0 0
    EOF

14. Download the NVIDIA installer and install the project server software. Make sure to replace <CIDR_of_the_VPC> with your VPC CIDR. 

    cd /tmp/provisioning
    aws s3 cp s3://ec2-linux-nvidia-drivers/grid-12.4/NVIDIA-Linux-x86_64-460.106.00-grid-aws.run .
    chmod +x ./NVIDIA-Linux-x86_64-460.106.00-grid-aws.run
    aws s3 cp <FLAME TAR FILE> flame.tar
    tar xf flame.tar
    cd `tar tf flame.tar | head -1 | cut -d "/" -f 1`
    
    sudo ./INSTALL_PROJECTSERVER  --imageprep --backburner --cidr <CIDR_of_the_VPC> --dataroot /var/opt/Autodesk --nvinst /tmp/provisioning/NVIDIA-Linux-x86_64-460.106.00-grid-aws.run

    Note:

    The previous commands download and install NVIDIA GRID drivers version 460.106.00 from AWS S3 storage.

    For more information, see AWS NVIDIA GRID drivers documentation.

15. Clear the command line history and shut down the instance.

    history -c
    sudo shutdown now

You can now convert this instance image to a project server AMI.

Creating the final AMI

1. From the AWS Console, go the EC2 Instances page.
2. Right-click on the stopped instance that was created in the previous section.
3. Select Image and Templates > Create Image.
4. Give the new image a name and a description.
5. Select No reboot.
6. Decide if you want the instance volume to be deleted on termination (Enabled by default).
7. You can keep all other options as default, or adjust according to your needs.
8. Click Create Image.
9. Your new AMI will appear in the AMI section of the EC2 Management Console.

You can now use this AMI to launch a project server instance.