How to Convert and Deploy OVA/OVF Virtual Appliances on AWS EC2: A Step-by-Step Guide for Linux Systems


2 views

Running proprietary virtual appliances like GitHub Enterprise on AWS EC2 presents unique challenges when official AMIs aren't available. The OVA/OVF format, while standardized for virtualization platforms, requires conversion for cloud deployment.

Before beginning, ensure you have:

  • AWS CLI configured with sufficient IAM permissions
  • VMware Workstation, VirtualBox, or qemu-kvm installed locally
  • Basic familiarity with Linux system administration
  • The original OVA/OVF files from GitHub Enterprise

The key steps involve converting the virtual disk format and preparing it for EC2:

# Extract the OVA file
tar -xvf github-enterprise.ova

# Convert VMDK to raw format using qemu-img
qemu-img convert -f vmdk -O raw disk.vmdk disk.raw

# Create snapshot-compatible partition
sudo losetup -f disk.raw
sudo kpartx -av /dev/loop0
sudo mount /dev/mapper/loop0p1 /mnt

EC2 has specific requirements for bootable images:

# Install necessary drivers
sudo chroot /mnt
apt-get update && apt-get install -y linux-image-aws grub-pc

# Clean up and unmount
exit
sudo umount /mnt
sudo kpartx -d /dev/loop0
sudo losetup -d /dev/loop0

Use AWS CLI tools to import the converted image:

# Compress the raw image
gzip -c disk.raw > disk.raw.gz

# Create S3 bucket and upload
aws s3 mb s3://my-ghe-images
aws s3 cp disk.raw.gz s3://my-ghe-images/

# Create import task
aws ec2 import-image \
    --disk-containers Format=RAW,UserBucket="{S3Bucket=my-ghe-images,S3Key=disk.raw.gz}"

After the import completes (check status with aws ec2 describe-import-image-tasks), configure networking and storage:

# Attach additional storage if needed
aws ec2 create-volume \
    --availability-zone us-west-2a \
    --size 100 \
    --volume-type gp2

# Configure security groups
aws ec2 authorize-security-group-ingress \
    --group-id sg-903004f8 \
    --protocol tcp \
    --port 22 \
    --cidr 0.0.0.0/0

Some frequent problems and solutions:

  • Boot failures: Ensure xvda or /dev/sda1 exists in /etc/fstab
  • Network connectivity: Verify DHCP client is installed and running
  • Permission errors: Check IAM roles for VM Import/Export service

Running proprietary virtual appliances like GitHub Enterprise (GHE) on AWS EC2 presents unique challenges since AWS doesn't natively support OVA/OVF imports. The VMImport service currently only works with Windows VMs, leaving Linux administrators to find alternative solutions.

Before beginning the conversion process, ensure you have these components ready:

  • A local virtualization environment (VMware Workstation/Player or VirtualBox)
  • AWS CLI configured with proper IAM permissions
  • qemu-img tools installed (for disk conversion)
  • An S3 bucket for temporary storage

First, extract the OVA package which is essentially a TAR archive:

tar -xvf github-enterprise.ova

This will reveal the OVF descriptor file and associated VMDK disk images.

Use qemu-img to convert the virtual disk to raw format:

qemu-img convert -f vmdk -O raw disk.vmdk disk.raw

For better compression during upload, consider converting to qcow2 first:

qemu-img convert -f vmdk -O qcow2 disk.vmdk disk.qcow2
qemu-img convert -f qcow2 -O raw disk.qcow2 disk.raw

EC2 requires specific kernel and virtualization settings. Mount the raw image and modify:

sudo mount -o loop,offset=$((512*2048)) disk.raw /mnt
sudo chroot /mnt

# Install EC2 utilities
apt-get update
apt-get install -y cloud-init cloud-guest-utils

# Clean up
exit
sudo umount /mnt

Use the AWS CLI to upload and register your image:

aws s3 cp disk.raw s3://your-bucket/ghe-ami.raw
aws ec2 import-snapshot \
    --disk-container "Format=RAW,UserBucket={S3Bucket=your-bucket,S3Key=ghe-ami.raw}"

Monitor the import status, then create an AMI from the completed snapshot.

Boot problems: Ensure you've installed the right kernel modules and configured grub properly. The EC2 hardware virtualization requires specific drivers.

Network configuration: Modern Ubuntu systems use netplan - replace with standard ifupdown if needed:

apt-get install ifupdown
rm /etc/netplan/*

For repeatable builds, consider using HashiCorp Packer with the amazon-import post-processor:

{
  "builders": [{
    "type": "virtualbox-ovf",
    "source_path": "github-enterprise.ova",
    "ssh_username": "admin",
    "ssh_password": "yourpassword",
    "shutdown_command": "sudo shutdown -h now"
  }],
  "post-processors": [[{
    "type": "amazon-import",
    "s3_bucket_name": "your-bucket",
    "region": "us-west-2",
    "tags": {
      "Name": "GHE-AMI"
    }
  }]]
}