Anka on AWS EC2 Macs

Up and running fast, with Anka and Amazon (AWS) EC2 Macs
This guide is also valid for the Anka 3/mac2.metal/Apple processor (M1, M2, etc) EC2 instances.

Customers often find that purchasing and managing their own hardware can become a burden. This is why we recommend using AWS EC2 Mac instances to run the Anka Virtualization software.

With Anka installed on your AWS EC2 Mac instance, you can run ephemeral macOS VMs as well as optimize the instance cost by running more than one at a time. Visit our site and Amazon’s blog for more information about AWS EC2 Mac and Anka.


There are three options available for you to use Anka with AWS EC2 Mac instances:

  1. Use our Marketplace AMI
  • macOs pre-configured/optimized + Anka installed
  • Provides an hourly billing option for Anka based on the uptime of your EC2 Mac instance
  1. Bring your own license (BYOL) Community AMI
  • macOS pre-configured/optimized + Anka installed
  • With these AMIs, you will be able to use your own Anka License.
  1. Build your own AMI
Note: You must request a dedicated mac* host in order to run EC2 Mac instances. There is a known delay requesting, stopping, and starting EC2 Mac instances as the dedicated host must clean itself each time an instance stops on it.

Marketplace AMI

In order to get started using our Marketplace AMIs you have four options:

  1. Intel + Basic License : Product Page
  2. Intel + Enterprise License : Product Page

Other than the hourly price, there is a list of features that differ between the two.

You can find a full list of products available on the AWS marketplace by visiting https://veertu.com/aws-marketplace. Or, once subscribed, you can find and launch instances from the marketplace AMIs on the Manage Subscriptions page.
Marketplace AMIs are charged on an hourly basis and don’t need an Anka License.
You can create custom AMIs from the Marketplace AMI and the license for Anka will continue to work and attach to your existing marketplace subscription.

Usage

To get up and running with our AWS EC2 Mac instances using our Marketplace AMI, you’ll need to navigate to one of the Marketplace AMI Product URLs listed above and go through the process of subscribing. Take a look at the official AMI Subscription documentation to understand how to subscribe.

Once subscribed, you can start launching AMIs.

  • (Optional) Automatically join to the Anka Build Cloud Controller using User Data:

    This step requires that you first set up the Anka Build Cloud.
    IMPORTANT: Amazon confirmed that Terminating from the AWS console/API does not properly send SIGTERMs to services and wait for them to stop. This prevents our cloud-connect script from automatically disjoining with ankacluster disjoin before AWS pulls the plug. Therefore, we recommend executing the sudo launchctl unload -w /Library/LaunchDaemons/com.veertu.aws-ec2-mac-amis.cloud-connect.plist command before termination of the instance.

    User Data ENVs

    For user-data, don’t use ;, && or any other type of separator between envs.
    If you pass in user-data with the exports all on one line, and have non ANKA_ ENVs you’re setting, the cloud-connect.bash service we run on instance start/boot will source/execute them. We recommend you split exports and user-data onto separate lines to avoid this.

    ANKA_CONTROLLER_ADDRESS

    Full URL for the Anka Build Cloud Controller.

    • REQUIRED
    • Must be in the following structure: http[s]://[IP/DOMAIN]:[PORT].
    ANKA_JOIN_ARGS

    Allows you to pass in any “Flags” from ankacluster join --help.

    • Optional
    ANKA_REGISTRY_OVERRIDE_IP + ANKA_REGISTRY_OVERRIDE_DOMAIN

    Allows you to set the registry IP address and domain in the /etc/hosts file.

    • Optional
    • Use 1: if your corporate registry doesn’t have a public domain name, but does have a public IP.
    • Use 2: if you want the EC2 mac mini to pull from a second registry that’s hosted on EC2 instead of a local corporate one (AWS -> AWS is much faster).
    ANKA_LICENSE

    If not already licensed, the cloud-connect service will license Anka using this ENV’s value.

    • Optional
    • Only used with Community AMI.
    • Only available in >= 2.5.4 AMIs.
    • You can also update invalid/expired licenses with this (requires a reboot).
    • Starting in AMIs with a macOS version greater than 12.2.1: The Fulfillment ID output from anka license activate, which is used for releasing cores, is logged to your Cloud Controller > Logs section in the “AWS Cloud Connect Service”.
    ANKA_USE_PUBLIC_IP

    This will determine whether the instance/node is joined using the public ipv4. Otherwise, it will default to the local/private ipv4.

    • Optional
    ANKA_CONTROLLER_API_CERT / _KEY / _CA | ANKA_REGISTRY_API_CERT / _KEY / _CA

    The script which handles joining to your controller has a few calls to the controller as well as the registry APIs. If you’re protecting your APIs with TLS and Certificate Authentication, you can set the certs to use with these ENVs.

    • Optional

Manual Preparation

By default all of our AMIs have a cloud-connect agent which on boot will join your AWS instance to the Anka Build Cloud controller automatically with user data ENVs you set. This is issuing ankacluster join under the hood. Once joind, the agent which runs and communicates with the Anka Build Controller does its best to determine the proper IP to use for the node. On AWS the interfaces are loaded at different times and orders and often you’ll end up with an IP assigned to the node which cannot be used for communication. To solve this, you’ll want to set ANKA_JOIN_ARGS with --host {IP HERE} in the user data for the AWS instance. You can find all available flags/options for the join command here.

Our AMIs attempt to do the majority of preparation for you, however, there are several steps you need to perform once the instance is started:

  1. Set password with sudo /usr/bin/dscl . -passwd /Users/ec2-user zbun0ok= {NEWPASSWORDHERE} (AMI password: zbun0ok=). It is unsafe to continue to use the default password we set.

  2. You now need to VNC in and log into the ec2-user (requirement for Anka to start the hypervisor): open vnc://ec2-user:{NEWPASSWORDHERE}@{INSTANCEPUBLICIP}.

Amazon EBS volumes can be very slow even when you max iOPS, etc. Because of this, anka create and other processes can take very long times or outright fail (Apple’s installer is sensitive to disk IO). We recommend that you “pre-warm” the EBS volume by running dd if=/dev/random of=testfile bs=1g count=$(($(df -h | grep "/$" | awk '{print $4}' | grep -oE "[0-9]+")-2)) on the host right after it starts. Additionally, pre-warmed volumes stay warmed – no need to run dd after periods of inactivity on the AWS instance.
You can see how we generate these AMIs in our open source repo: https://github.com/veertuinc/aws-ec2-mac-amis.

Logs

  • /var/log/resize-disk.log
  • /var/log/cloud-connect.log

Licensing

The Marketplace AMI does not require a license. You are charged hourly for the usage through the AWS marketplace. Anka marketplace AMIs are available with Anka Basic and Anka Enterprise Tier features. For more details on Basic and Enterprise Tier, check out our documention.

Anka Build Cloud automated setup scripts

We have a script that will set up both a Linux instance with the Anka Build Cloud Controller & Registry. You can find it under our Getting Started repo’s AWS folder.

  1. Clone the getting-started repo

    git clone https://github.com/veertuinc/getting-started.git
    cd getting-started
    
  2. Execute ./AWS/prepare-build-cloud.bash

    • Running this script will create everything necessary inside of AWS to run the Anka Build Cloud. This includes a security group, elastic IP, etc.

The script can be run locally from your local macOS laptop with an existing AWS credential, region set, etc. These scripts have not been tested on linux.


Community AMI

Our BYOL Community AMIs are useful if you’d like to bring your own existing Anka license. They both have all of the same configuration changes, optimizations, and Anka inside. The difference is that Anka is unlicensed.

You can find a list of currently available Community AMIs below:

Name
anka-build-3.0.1.144-macos-12.5.1-arm64
anka-build-2.5.7.148-macos-12.4
anka-build-3.0.1.144-macos-12.4-arm64
anka-build-2.5.6.147-macos-12.4
anka-build-2.5.5.143-macos-12.3.1
anka-build-2.5.4.139-macos-12.2.1

Usage

To get up and running with our AWS EC2 Mac instances using our BYOL Community AMI, you’ll need to:

  1. Have an AWS mac1 (intel) or mac2 (arm/apple/m1) dedicated host ready.

  2. Have an Anka license.

  3. Choose the Community AMI when starting an instance:

Licensing

When you first license Anka, keep track of the fulfillment ID as you’ll need this to release the cores and use the license on a fresh machine.

The Anka Develop license type will not work on AWS EC2 Macs.
Stopping and starting the instance does not impact the Anka licenses validity, even if you start the instance on a different dedicated machine.
Before terminating an instance, you will need to remove the Anka license first and then contact Veertu support ([email protected]) to clear the fulfillments

Anka Build Cloud automated setup scripts

We have two scripts that will set up both a Linux instance with the Anka Build Cloud Controller & Registry as well as an EC2 Mac instance (Anka Node) to run VMs. This relies on our Community AMI and you will need to have an Anka License. You can find them under our Getting Started repo’s AWS folder.

  1. Clone the getting-started repo

    git clone https://github.com/veertuinc/getting-started.git
    cd getting-started
    
  2. Execute ./AWS/prepare-build-cloud.bash

    • Running this script will create everything necessary inside of AWS to run the Anka Build Cloud. This includes a security group, elastic IP, etc.
  3. Execute ./AWS/prepare-anka-node.bash

    • Requires that you first run prepare-build-cloud.bash.

    • Running this script will create everything necessary inside of AWS to run an EC2 Mac instance. You’ll be prompted for the Anka license to use if the ANKA_LICENSE env variable is not set.

Both scripts can be run locally from your local macOS laptop with an existing AWS credential, region set, etc. These scripts have not been tested on linux.


Build your own AMI

Building your own AMI is easy! You can review our AMI scripts to see how we do it.

Some important notes about creating your own AMI:

  • Be sure that the minimum EBS volume specs are gp3, 6000IOPS, and 256 throughput. Anka VM creation is sensitive on slow disks and will likely fail.