Create your image with pure CentOS 5.9 in the Amazon cloud
- Tutorial
As you know, in the Amazon cloud, virtual instances are launched on the basis of images (the so-called AMI ). Amazon provides a large number of them, you can also use public images prepared by third-party organizations, for which the cloud provider, of course, does not bear any responsibility. But sometimes you need an image of a clean system with the necessary parameters, which is not in the list of images. Then the only way out is to make your AMI.
The official documentation describes how to create an “instance store-backed AMI." The disadvantage of this approach is that the finished image will also need to be converted to EBS-backed AMI.
How to create your EBS-backed AMI in the Amazon cloud without intermediate steps will be discussed in this article.
Action plan:
For our purposes, any instance of any shape is suitable, at least t1.micro. You can run it through the CLI:
Create an ebs-volume, where we will install our system later:
Next, the disk must be attached to the instance:
Now log in to the ssh instance, format the disk and mount it in the directory:
Before installing the system, you need to create a directory tree, mount proc and sysfs, create a minimal set of devices:
We will install the system using yum and the following configuration file:
After the installation process is completed, in the same way, you can install any necessary packages:
Edit fstab:
In CentOS 5.9, you still need to install the kernel with xen support:
Install Grub:
and generate a new initrd:
It is very important to specify all these parameters and the new fstab, otherwise the system will not boot.
Next, create the menu.lst file for grub:
Set up the network and sshd:
Thus, we get a working network and the ability to log in to the instance by key. But, the key itself needs to be somehow thrown to the instance. This can be done using a script that will pick up the key and save it on the instance:
Make it executable and add it to startup:
It is also desirable to disable Selinux, or configure it correctly. Otherwise, for example, the key on the instance may not be saved.
On this, you can stop the system setup. We already have a clean CentOS ready to run in the cloud. It remains only to unmount the ebs-disk with our system and register ami.
To get ami from an ebs drive, you need to first make a snapshot of the drive:
And the easiest way to register ami is through the AWS Management Console. To do this, simply go to the “Snapshots” section in the EC2 service, select the one you need (in our case, centos-snap), right-click on it and select “Create Image from Snapshot”.
Then, in the window that opens, you need to select approximately the following parameters :
Which Kernel ID to choose, you can find out like this:
That's all. Now you can run instances.
In this way, you can make an image, most likely, with any Linux distribution. At least, it’s for sure Debian- (using debootstrap to install a clean system) and the Rhel family.
The official documentation describes how to create an “instance store-backed AMI." The disadvantage of this approach is that the finished image will also need to be converted to EBS-backed AMI.
How to create your EBS-backed AMI in the Amazon cloud without intermediate steps will be discussed in this article.
Action plan:
- Prepare the environment
- Install a clean system, make the necessary settings
- Make a snapshot (snapshot) of the disk
- Register AMI
Environment preparation
For our purposes, any instance of any shape is suitable, at least t1.micro. You can run it through the CLI:
aws ec2 run-instances --image-id ami-1624987f --max-count 1 --min-count 1 --key-name mel --instance-type t1.micro
Create an ebs-volume, where we will install our system later:
aws ec2 create-volume --availability-zone us-east-1a --size 10
This command will make a 10 Gb disk for us. Important: the disk must be in the same zone as the instance (in our case it is us-east-1a). Next, the disk must be attached to the instance:
aws ec2 attach-volume --instance-id i-2bc0925b --volume-id vol-08ab3079 --device /dev/xvdf
Now log in to the ssh instance, format the disk and mount it in the directory:
mkfs.ext3 /dev/xvdf
mkdir /mnt/centos-image
mount /dev/xvdf /mnt/centos-image
cd !$
Installing Clean Centos 5.9
Before installing the system, you need to create a directory tree, mount proc and sysfs, create a minimal set of devices:
mkdir centos-image/{boot,tmp,dev,sys,proc,etc,var}
mount -t proc none /mnt/centos-image/proc/
mount -t sysfs none /mnt/centos-image/sys/
for i in console null zero ; do /sbin/MAKEDEV -d /mnt/centos-image/dev -x $i ; done
We will install the system using yum and the following configuration file:
yum-centos.conf
[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
exclude=*-debuginfo
gpgcheck=0
obsoletes=1
reposdir=/dev/null
[base]
name=CentOS-5.9 - Base
mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=os
#baseurl=http://mirror.centos.org/centos/5.9/os/x86_64/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[updates]
name=CentOS-5.9 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=updates
#baseurl=http://mirror.centos.org/centos/5.9/updates/x86_64/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[extras]
name=CentOS-5.9 - Extras
mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=extras
#baseurl=http://mirror.centos.org/centos/5.9/extras/x86_64/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-5
[centosplus]
name=CentOS-5.9 - Plus
mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=centosplus
#baseurl=http://mirror.centos.org/centos/5.9/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-5
[contrib]
name=CentOS-5.9 - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=x86_64&repo=contrib
#baseurl=http://mirror.centos.org/centos/5.9/contrib/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-5
yum -c ~/yum-centos.conf --installroot=/mnt/centos-image/ -y groupinstall Base
After the installation process is completed, in the same way, you can install any necessary packages:
yum -c ~/yum-centos.conf --installroot=/mnt/centos-image/ install $packet_name
Edit fstab:
vi /mnt/centos-image
/dev/xvda1 / ext3 defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
In CentOS 5.9, you still need to install the kernel with xen support:
yum -c ~/yum-centos.conf --installroot=/mnt/centos-image/ -y install kernel-xen
Install Grub:
chroot /mnt/centos-image/ grub-install /dev/xvdf
and generate a new initrd:
chroot /mnt/centos-image/
cd boot/
mkinitrd --omit-scsi-modules --with=xennet --with=xenblk --fstab=/etc/fstab --preload=xenblk initrd-2.6.18-348.1.1.el5xen.img 2.6.18-348.1.1.el5xen
It is very important to specify all these parameters and the new fstab, otherwise the system will not boot.
Next, create the menu.lst file for grub:
default=0
timeout=5
hiddenmenu
title CentOS_5.9_(x86_64)
root (hd0)
kernel /boot/vmlinuz-2.6.18-348.1.1.el5xen ro root=/dev/xvda1
initrd /boot/initrd-2.6.18-348.1.1.el5xen.img
Set up the network and sshd:
vi etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
DEVICE=eth0
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
vi etc/sysconfig/network
NETWORKING=yes
chroot /mnt/centos5img/ chkconfig --level 2345 network on
vi /mnt/centos5img/etc/ssh/sshd_config
...
UseDNS no
PermitRootLogin without-password
Thus, we get a working network and the ability to log in to the instance by key. But, the key itself needs to be somehow thrown to the instance. This can be done using a script that will pick up the key and save it on the instance:
vi /mnt/centos5img/etc/init.d/ec2-get-ssh
ec2-get-ssh
#! / bin / bash
# chkconfig: 2345 95 20
# processname: ec2-get-ssh
# description: Capture AWS public key credentials for EC2 user
# Source function library
. /etc/rc.d/init.d/functions
# Source networking configuration
[-r / etc / sysconfig / network] &&. / etc / sysconfig / network
# Replace the following environment variables for your system
export PATH =: / usr / local / bin: / usr / local / sbin: / usr / bin: / usr / sbin: / bin: / sbin
# Check that networking is configured
if ["$ {NETWORKING}" = "no"]; then
echo "Networking is not configured."
exit 1
fi
start () {
if [! -d /root/.ssh]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Retrieve public key from metadata server using HTTP
curl -f 169.254.169.254/latest/meta-data/public-keys/0/openssh-key > / tmp / my-public-key
if [$? -eq 0]; then
echo "EC2: Retrieve public key from metadata server using HTTP."
cat / tmp / my-public-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm / tmp / my-public-key
fi
}
stop () {
echo "Nothing to do here"
}
restart () {
stop
start
}
# See how we were called.
case "$ 1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $ "Usage: $ 0 {start | stop | restart}"
exit 1
esac
exit $?
# chkconfig: 2345 95 20
# processname: ec2-get-ssh
# description: Capture AWS public key credentials for EC2 user
# Source function library
. /etc/rc.d/init.d/functions
# Source networking configuration
[-r / etc / sysconfig / network] &&. / etc / sysconfig / network
# Replace the following environment variables for your system
export PATH =: / usr / local / bin: / usr / local / sbin: / usr / bin: / usr / sbin: / bin: / sbin
# Check that networking is configured
if ["$ {NETWORKING}" = "no"]; then
echo "Networking is not configured."
exit 1
fi
start () {
if [! -d /root/.ssh]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Retrieve public key from metadata server using HTTP
curl -f 169.254.169.254/latest/meta-data/public-keys/0/openssh-key > / tmp / my-public-key
if [$? -eq 0]; then
echo "EC2: Retrieve public key from metadata server using HTTP."
cat / tmp / my-public-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm / tmp / my-public-key
fi
}
stop () {
echo "Nothing to do here"
}
restart () {
stop
start
}
# See how we were called.
case "$ 1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $ "Usage: $ 0 {start | stop | restart}"
exit 1
esac
exit $?
Make it executable and add it to startup:
chmod +x /mnt/centos-image/etc/init.d/ec2-get-ssh
/usr/sbin/chroot /mnt/centos-image/ /sbin/chkconfig --level 34 ec2-get-ssh on
It is also desirable to disable Selinux, or configure it correctly. Otherwise, for example, the key on the instance may not be saved.
On this, you can stop the system setup. We already have a clean CentOS ready to run in the cloud. It remains only to unmount the ebs-disk with our system and register ami.
umount /mnt/centos-image/proc/
umount /mnt/centos-image/sys/
umount /mnt/centos-image/
AMI Registration
To get ami from an ebs drive, you need to first make a snapshot of the drive:
aws ec2 create-snapshot --volume-id vol-0b4bd07a --description centos-snap
And the easiest way to register ami is through the AWS Management Console. To do this, simply go to the “Snapshots” section in the EC2 service, select the one you need (in our case, centos-snap), right-click on it and select “Create Image from Snapshot”.
Then, in the window that opens, you need to select approximately the following parameters :
Which Kernel ID to choose, you can find out like this:
aws ec2 describe-images --owner amazon --region us-east-1 --output text | grep "\/pv-grub-hd0.*-x86_64" | awk '{print $7}' | grep aki
aki-88aa75e1
aki-b4aa75dd
That's all. Now you can run instances.
In this way, you can make an image, most likely, with any Linux distribution. At least, it’s for sure Debian- (using debootstrap to install a clean system) and the Rhel family.