Phau ntawv qhia no yog "khob ntoo" ntawm tib lub npe lus txog CentOS 5.9, thiab coj mus rau hauv tus account cov yam ntxwv ntawm OS tshiab. Tam sim no tsis muaj cov duab Centos8 los ntawm centos.org hauv AWS Marketplace.
Raws li koj paub, hauv Amazon huab virtual piv txwv tau pib ua raws li cov duab (lub npe hu ua AMI). Amazon muab ntau tus ntawm lawv; koj tuaj yeem siv pej xeem cov duab npaj los ntawm peb tog, uas cov neeg muab kev pabcuam huab, tau kawg, tsis muaj lub luag haujlwm. Tab sis qee zaum koj xav tau ib daim duab huv si nrog rau qhov tsim nyog tsis, uas tsis nyob hauv daim ntawv teev cov duab.
Tom qab ntawd tib txoj kev tawm yog ua kom koj tus kheej AMI.
Cov ntaub ntawv raug piav qhia txoj kev tsim ib qho "piv txwv li khw-rov qab AMI".
Qhov tsis zoo ntawm txoj hauv kev no yog tias cov duab tiav yuav tsum tau hloov mus rau hauv "EBS-backed AMI". Kuj tsim nyog sau cia yog Cockpit Image Builder. Nws yuav tso cai rau koj los tsim cov duab kev cai, hauv CLI los yog WEB GUI hom, tab sis thaum koj twb muaj Centos 8.
Yuav ua li cas los tsim koj tus kheej EBS-rov qab AMI hauv Amazon huab yam tsis muaj cov kauj ruam nruab nrab yuav tau tham hauv tsab xov xwm no.
Kev npaj ua
- Npaj ib puag ncig
- Nruab ib lub kaw lus huv thiab ua qhov tsim nyog
- Siv ib daim duab ntawm lub disk
- Sau npe AMI
Npaj ib puag ncig
Rau peb lub hom phiaj, txhua yam official Centos 7 piv txwv tej duab, txawm t2.micro. Koj tuaj yeem khiav nws ntawm CLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}Cov lus txib yuav tsa ib qho piv txwv hauv VPC uas tau teev tseg subnet-id yog. Lub subnet yuav tsum yog pej xeem, thiab SG 'default' tso cai rau txhua yam.
Tam sim no cia peb nkag mus rau qhov piv txwv ntawm ssh, hloov kho qhov system, nruab dnf thiab reboot:
sudo yum update -y && sudo yum install -y dnf && sudo rebootTag nrho cov hauj lwm ntxiv yuav ua los ntawm root.
Txhim kho huv Centos 8.1
Cov ntaub ntawv system layout thiab muab faib mounting
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/runTsim ib tsob ntoo directory
Lub RPM system tso cai rau koj kom yooj yim thiab sai sai npaj ib tsob ntoo npe rau yav tom ntej OS:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init Kuv xav tias nws yog qhov zoo tshaj plaws los ua cov lus txib kawg li no, los ntawm kev txhim kho cov pob tshwj xeeb, thiab nco ntsoov tsis quav ntsej cov pob khoom pom zoo.
Yog tias koj xav tau, koj tuaj yeem siv qee yam zoo li no:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"Π yum tsis muaj --excludepkgs, thiab ua ntej kuv yuav tsum tau nruab pab pawg thiab ces tshem tawm pob.
Daim ntawv teev cov pob khoom thiab cov pab pawg nyob nrog tuaj yeem saib nrog cov lus txib dnf group info core rau ib pab pawg core.
OS file customization
Wb tsim configs rau lub network, fstab, grub2 thiab siv AWS sab hauv 169.254 chaw nyob rau DNS thiab NTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABRNws nyob ntawm no, hauv GRUB_CMDLINE_LINUX, uas kuv xav kom qhia meej selinux = 0, rau cov neeg uas tseem ntshai SELinux.
Rebuilding initramfs hauv chroot
Tom qab kho cov ntaub ntawv grub thiab fstab, koj yuav tsum rov tsim dua.
Peb ua qhov hloov tshiab:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTUREno update-crypto-policies - yeem, rau qhov paranoid :)
Rau "muag", koj tuaj yeem ua qhov no:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICETom qab thauj khoom OS, cov lus txib update-crypto-policies --show yuav muab FIPS.
Autostart thiab khib nyiab tu
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mountdnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabelautorelabel - xav tau los nruab SELinux cov ntsiab lus cov ntaub ntawv ntawm thawj khau raj.
Tam sim no cia peb unmount lub disk:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFSAMI sau npe
Yuav kom tau txais ami los ntawm ebs disk, koj thawj zaug yuav tsum tau thaij duab ntawm lub disk:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'Koj yuav tau tos qee lub sijhawm. Cia peb txheeb xyuas cov xwm txheej uas tau txais SnapshotId:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58edThaum peb tau txais nws "State": "completed", koj tuaj yeem sau npe AMI thiab ua rau pej xeem:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
Yog tag nrho. Tam sim no koj tuaj yeem tso cov piv txwv.
Ua li no, koj tuaj yeem tsim cov duab, feem ntau yuav, nrog rau Linux faib. Yam tsawg kawg nkaus Debian (siv debootstrap los nruab ib lub kaw lus huv) thiab RHEL tsev neeg.
Hloov tshiab Raws li kev thov los ntawm cov neeg nyeem. Cov txheej txheem no tuaj yeem ua tiav Pob Ntawv, Automate nkaus xwb. no Ib qho piv txwv yog nthuav tawm.
Tau qhov twg los: www.hab.com