Creating your own image with pure CentOS 5.9 in the Amazon cloud
As you know, in the Amazon cloud virtual instances run on the basis of images (the so-called AMI ). Amazon provides a large number of them, you can also use public images prepared by third-party organizations, for which the cloud provider, of course, does not bear any responsibility. But sometimes you need an image of a clean system with the necessary parameters, which is not in the list of images. Then the only way out is to make your AMI.
The official documentation describes a method for creating an “instance store-backed AMI”. The disadvantage of this approach is that the finished image will also need to be converted into “EBS-backed AMI”
How to create your EBS-backed AMI in the Amazon cloud without intermediate steps will be discussed in this article.
')
Action plan:
Any instance of any shape, even t1.micro, is suitable for our purposes. You can run it through the CLI:
Let's create ebs-volume, where we will install our system later:
Next, you need to attach the disk to the instance:
Now log in to the instance by ssh, format the disk and mount it to the directory:
Before installing the system, you need to create a directory tree, mount proc and sysfs, create a minimum set of devices:
We will install the system using yum and the following configuration file:
After the installation process is completed, in the same way, you can install any necessary packages:
Edit fstab:
On CentOS 5.9, you also need to install a kernel with xen support:
Install Grub:
and generate a new initrd:
It is very important to specify all these parameters and the new fstab, otherwise the system will not boot.
Next you need to create a menu.lst file for grub:
Configure the network and sshd:
Thus, we get a working network and the ability to login to the instance by keys. But, the key itself needs to be somehow thrown onto the instance. This can be done using a script that will take the key and save it to the instance:
Let's make it executable and add it to autoload:
It is also desirable to disable Selinux, or configure it correctly. Otherwise, for example, the key may not be saved on the instance.
This can stop the system configuration. We already have a clean CentOS, ready to launch in the cloud. It remains only to unmount the ebs-disk with our system and register ami.
To get ami from an ebs disk, you need to first snapshot the disk:
The easiest way to register ami is through the AWS Management Console. To do this, simply in the EC2 service, go to the “Snapshots” section, select the desired one (in our case it is a centos-snap), right-click on it and select “Create Image from Snapshot”
Then, in the window that opens, you need to select approximately the following parameters:
Which Kernel ID to choose, you can find out like this:
That's all. Now you can run instances.
In this way, you can make an image, most likely with any Linux distribution. At least, exactly Debian- (using debootstrap to install a clean system) and the Rhel-family.
The official documentation describes a method for creating an “instance store-backed AMI”. The disadvantage of this approach is that the finished image will also need to be converted into “EBS-backed AMI”
How to create your EBS-backed AMI in the Amazon cloud without intermediate steps will be discussed in this article.
')
Action plan:
- Prepare the environment
- Install a clean system, make the necessary settings
- Snapshot a disk
- Register AMI
Environment preparation
Any instance of any shape, even t1.micro, is suitable for our purposes. You can run it through the CLI:
aws ec2 run-instances --image-id ami-1624987f --max-count 1 --min-count 1 --key-name mel --instance-type t1.micro Let's create ebs-volume, where we will install our system later:
aws ec2 create-volume --availability-zone us-east-1a --size 10 This team will make a 10 Gb disk for us. Important: the drive must be in the same zone as the instance (in our case it is us-east-1a).Next, you need to attach the disk to the instance:
aws ec2 attach-volume --instance-id i-2bc0925b --volume-id vol-08ab3079 --device /dev/xvdf Now log in to the instance by ssh, format the disk and mount it to the directory:
mkfs.ext3 /dev/xvdf mkdir /mnt/centos-image mount /dev/xvdf /mnt/centos-image cd !$ Installing Clean Centos 5.9
Before installing the system, you need to create a directory tree, mount proc and sysfs, create a minimum set of devices:
mkdir centos-image/{boot,tmp,dev,sys,proc,etc,var} mount -t proc none /mnt/centos-image/proc/ mount -t sysfs none /mnt/centos-image/sys/ for i in console null zero ; do /sbin/MAKEDEV -d /mnt/centos-image/dev -x $i ; done We will install the system using yum and the following configuration file:
yum-centos.conf
[main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log exclude=*-debuginfo gpgcheck=0 obsoletes=1 reposdir=/dev/null [base] name=CentOS-5.9 - Base mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=os #baseurl=http://mirror.centos.org/centos/5.9/os/x86_64/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 [updates] name=CentOS-5.9 - Updates mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=updates #baseurl=http://mirror.centos.org/centos/5.9/updates/x86_64/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 [extras] name=CentOS-5.9 - Extras mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=extras #baseurl=http://mirror.centos.org/centos/5.9/extras/x86_64/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-5 [centosplus] name=CentOS-5.9 - Plus mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=centosplus #baseurl=http://mirror.centos.org/centos/5.9/centosplus/x86_64/ gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-5 [contrib] name=CentOS-5.9 - Contrib mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=contrib #baseurl=http://mirror.centos.org/centos/5.9/contrib/x86_64/ gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-5 yum -c ~/yum-centos.conf --installroot=/mnt/centos-image/ -y groupinstall Base After the installation process is completed, in the same way, you can install any necessary packages:
yum -c ~/yum-centos.conf --installroot=/mnt/centos-image/ install $packet_name Edit fstab:
vi /mnt/centos-image /dev/xvda1 / ext3 defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 On CentOS 5.9, you also need to install a kernel with xen support:
yum -c ~/yum-centos.conf --installroot=/mnt/centos-image/ -y install kernel-xen Install Grub:
chroot /mnt/centos-image/ grub-install /dev/xvdf and generate a new initrd:
chroot /mnt/centos-image/ cd boot/ mkinitrd --omit-scsi-modules --with=xennet --with=xenblk --fstab=/etc/fstab --preload=xenblk initrd-2.6.18-348.1.1.el5xen.img 2.6.18-348.1.1.el5xen It is very important to specify all these parameters and the new fstab, otherwise the system will not boot.
Next you need to create a menu.lst file for grub:
default=0 timeout=5 hiddenmenu title CentOS_5.9_(x86_64) root (hd0) kernel /boot/vmlinuz-2.6.18-348.1.1.el5xen ro root=/dev/xvda1 initrd /boot/initrd-2.6.18-348.1.1.el5xen.img Configure the network and sshd:
vi etc/sysconfig/network-scripts/ifcfg-eth0 ONBOOT=yes DEVICE=eth0 BOOTPROTO=dhcp TYPE=Ethernet USERCTL=yes PEERDNS=yes IPV6INIT=no vi etc/sysconfig/network NETWORKING=yes chroot /mnt/centos5img/ chkconfig --level 2345 network on vi /mnt/centos5img/etc/ssh/sshd_config ... UseDNS no PermitRootLogin without-password Thus, we get a working network and the ability to login to the instance by keys. But, the key itself needs to be somehow thrown onto the instance. This can be done using a script that will take the key and save it to the instance:
vi /mnt/centos5img/etc/init.d/ec2-get-ssh ec2-get-ssh
#! / bin / bash
# chkconfig: 2345 95 20
# processname: ec2-get-ssh
# description: Capture AWS public key credentials for EC2 user
# Source function library
. /etc/rc.d/init.d/functions
# Source networking configuration
[-r / etc / sysconfig / network] &&. / etc / sysconfig / network
# Replace the environment variables for your system
export PATH =: / usr / local / bin: / usr / local / sbin: / usr / bin: / usr / sbin: / bin: / sbin
# Check that networking is configured
if ["$ {NETWORKING}" = "no"]; then
echo "Networking is not configured."
exit 1
fi
start () {
if [! -d /root/.ssh]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Retrieve public key from metadata server using HTTP
curl -f 169.254.169.254/latest/meta-data/public-keys/0/openssh-key > / tmp / my-public-key
if [$? -eq 0]; then
echo "EC2: Retrieve public key from metadata server using HTTP."
cat / tmp / my-public-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm / tmp / my-public-key
fi
}
stop () {
echo "Nothing to do here"
}
restart () {
stop
start
}
# See how we were called.
case "$ 1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $ "Usage: $ 0 {start | stop | restart}"
exit 1
esac
exit $?
# chkconfig: 2345 95 20
# processname: ec2-get-ssh
# description: Capture AWS public key credentials for EC2 user
# Source function library
. /etc/rc.d/init.d/functions
# Source networking configuration
[-r / etc / sysconfig / network] &&. / etc / sysconfig / network
# Replace the environment variables for your system
export PATH =: / usr / local / bin: / usr / local / sbin: / usr / bin: / usr / sbin: / bin: / sbin
# Check that networking is configured
if ["$ {NETWORKING}" = "no"]; then
echo "Networking is not configured."
exit 1
fi
start () {
if [! -d /root/.ssh]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Retrieve public key from metadata server using HTTP
curl -f 169.254.169.254/latest/meta-data/public-keys/0/openssh-key > / tmp / my-public-key
if [$? -eq 0]; then
echo "EC2: Retrieve public key from metadata server using HTTP."
cat / tmp / my-public-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm / tmp / my-public-key
fi
}
stop () {
echo "Nothing to do here"
}
restart () {
stop
start
}
# See how we were called.
case "$ 1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $ "Usage: $ 0 {start | stop | restart}"
exit 1
esac
exit $?
Let's make it executable and add it to autoload:
chmod +x /mnt/centos-image/etc/init.d/ec2-get-ssh /usr/sbin/chroot /mnt/centos-image/ /sbin/chkconfig --level 34 ec2-get-ssh on It is also desirable to disable Selinux, or configure it correctly. Otherwise, for example, the key may not be saved on the instance.
This can stop the system configuration. We already have a clean CentOS, ready to launch in the cloud. It remains only to unmount the ebs-disk with our system and register ami.
umount /mnt/centos-image/proc/ umount /mnt/centos-image/sys/ umount /mnt/centos-image/ AMI Registration
To get ami from an ebs disk, you need to first snapshot the disk:
aws ec2 create-snapshot --volume-id vol-0b4bd07a --description centos-snap The easiest way to register ami is through the AWS Management Console. To do this, simply in the EC2 service, go to the “Snapshots” section, select the desired one (in our case it is a centos-snap), right-click on it and select “Create Image from Snapshot”
Then, in the window that opens, you need to select approximately the following parameters:
Which Kernel ID to choose, you can find out like this:
aws ec2 describe-images --owner amazon --region us-east-1 --output text | grep "\/pv-grub-hd0.*-x86_64" | awk '{print $7}' | grep aki aki-88aa75e1 aki-b4aa75dd That's all. Now you can run instances.
In this way, you can make an image, most likely with any Linux distribution. At least, exactly Debian- (using debootstrap to install a clean system) and the Rhel-family.
Source: https://habr.com/ru/post/169331/
All Articles