Turnkey Ubuntu-Based Linux for Amazon Cloud: Review

Jason Brooks eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

The Turnkey Linux service runs on Amazon Web Services and is good for test driving cloud apps

I fired up my Mediawiki appliance on one of our vSphere hosts, made some customisations, added a few pages and then headed off to back up my changes. I logged in to my server via SSH (Secure Shell) and used the command line to initialize the TKLBAM (Turnkey Linux Backup and Migration service) by providing the API key I was assigned when creating my account at hub.turnkeylinux.org. (I also could have configured backups through a Webmin module.)

All backups created by the application are encrypted before being uploaded to S3, with an option for further securing the data with a passphrase, which I did. From there, creating a new backup is as easy as running the command, TKLBAM-backup. In our lab, the port for NTP (Network Time Protocol) is blocked by default, and the Turnkey backup app looks to verify the time with a time server, so I added a hosts file entry that pointed pool.ntp.org at our internal time source before the backup would run.

I didn’t want this modification to carry over to potential restore hosts running outside our network, so this time-server workaround gave me a chance to test out the TKLBAM option for excluding data from the backup. This was straightforward enough, and required adding a line to the config file “/etc/tklbam/overrides.”

TKLBAM stores backups on Amazon S3, but not in user-controlled S3 buckets. It’s not possible, for instance, to view and browse through your TKLBAM backups using the AWS Web console or other S3 management tools. Rather, the data is stored in a bucket associated with the Turnkey Linux Hub services.

The backup application taps the open-source backup application Duplicity to handle the backups — and any storage target supported by that project could be used to store the backups —  but using a backend other than the default Amazon S3 brings additional configuration complexity.

I’d like to see the Turnkey Linux project provide an appliance that performs the Hub functionality, opening the door to using these services completely within an organization’s firewall, if desired.

Restore functionality

I tested out the service’s restore functionality by launching a new Mediawiki instance on Amazon EC2 through the Web interface of the Turnkey Hub service. The operation was simple enough: I selected the Mediawiki appliance from a drop-down menu of supported Web applications and chose a small instance size. I had to provide passwords for the Mediawiki instance’s MySQL and admin accounts, even though I intended to replace them through the restore operation.

Once my Mediawiki server was up, I connected to it via SSH and ran the TKLBAM-restore command to restore the backup I’d created of my vSphere-hosted instance. Following a reboot of the virtual server, my Mediawiki instance ran on EC2 with all the same files, data and user accounts I’d configured locally.

The console for launching and managing EC2 instances itself is fairly straightforward. There are controls for restarting or terminating running instances, viewing instance details and console output, and checking whether backups are enabled.

I was interested to find a utility in the Turnkey Linux Hub interface for configuring the security policies that control network access for EC2 instances. I could also add an elastic IP address (one that persists across reboots) and add an EBS (Elastic Block Store) volume (similarly persisting) from this console.