ืืืจืื ืื ืืื "ืืืื" ืืขื ืืืชื ืฉื ืืืืจืื ืขื CentOS 5.9, ืืืืงื ืืืฉืืื ืืช ืืชืืื ืืช ืฉื ืืขืจืืช ืืืคืขืื ืืืืฉื. ืืจืืข ืืื ืชืืื ื ืจืฉืืืช ืฉื Centos8 ื-centos.org ื-AWS Marketplace.
ืืคื ืฉืืชื ืืืืข, ืืขื ื ืืืืื ืืืคืขืืื ืืืคืขืื ืืืจืืืืืืื ืืืืืกืกืื ืขื ืชืืื ืืช (ืื ืฉื ืงืจื ืขืื). ืืืืื ืืกืคืงืช ืืกืคืจ ืืืื ืืื; ื ืืชื ืื ืืืฉืชืืฉ ืืชืืื ืืช ืฆืืืืจืืืช ืฉืืืื ื ืขื ืืื ืฆืืืื ืฉืืืฉืืื, ืฉืกืคืง ืืขื ื ืืืืื ืืื ื ื ืืฉื ืืืืจืืืช ืืืฉืื. ืืื ืืคืขืืื ืฆืจืื ืชืืื ืช ืืขืจืืช ื ืงืืื ืขื ืืคืจืืืจืื ืืืจืืฉืื, ืฉืืื ื ืืจืฉืืืช ืืชืืื ืืช.
ืืื ืืืจื ืืืืืื ืืฆืืช ืืื ืืืฆืืจ AMI ืืฉืื.
ืืชืืขืื ืืจืฉืื ืืชืืจ ืชืืืื ืืฆืืจืช "AMI ืืืืื ืืื ืืช ืืืคืขืื".
ืืืืกืจืื ืฉื ืืืฉื ืื ืืื ืฉืื ืืช ืืชืืื ื ืืืืืืจืช ืืืื ืฆืืจื ืืืืืจ ื"AMI ืืืืื EBS". ืจืืื ืืฆืืื ืื ืืื Cockpit Image Builder. ืื ืืืคืฉืจ ืื ืืืฆืืจ ืชืืื ืืช ืืืชืืืืช ืืืฉืืช, ื CLI ืื WEB GUI ืืฆื, ืืื ืืฉืืืจ ืืฉ ืื Centos 8.
ืืืฆื ืืืฆืืจ AMI ืืฉืื ืขื ืืืืื EBS ืืขื ื ืืืืื ืืื ืฉืืื ืืื ืืื ืืืืื ื ืืืืืจ ืื.
ืชืืื ืืช ืคืขืืื
- ืืืื ื ืืช ืืกืืืื
- ืืชืงื ืืขืจืืช ื ืงืืื ืืืฆืข ืืช ืืืืืจืืช ืืืจืืฉืืช
- ืฆืื ืชืืื ืช ืืฆื ืฉื ืืืืกืง
- ืจืฉืื ืืช AMI
ืืื ืช ืืกืืืื
ืืืืจืืชืื ื, ืื ืืืคืข ืจืฉืื ืฉื Centos 7 ืื ืฆืืจื, ืืคืืื t2.micro. ืืชื ืืืื ืืืคืขืื ืืืชื ืืจื ื-CLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}ืืคืงืืื ืชืขืื ืืืคืข ื-VPC ืฉืืืื ืฉืืื ื-subnet-id ืฉืฆืืื. ืจืฉืช ืืืฉื ื ืืืืจื ืืืืืช ืฆืืืืจืืช, ื-SG 'default' ืืืคืฉืจ ืืื.
ืขืืฉืื ืืืื ื ืืื ืก ืืืืคืข ืืจื ssh, ื ืขืืื ืืช ืืืขืจืืช, ื ืชืงืื dnf ืืืชืืื ืืืืฉ:
sudo yum update -y && sudo yum install -y dnf && sudo rebootืื ืืคืขืืืืช ืื ืืกืคืืช ืืืืฆืขื ื root.
ืืชืงื ืช Centos 8.1 ื ืงื
ืคืจืืกืช ืืขืจืืช ืงืืฆืื ืืืจืืืช ืืืืฆืืช
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/runืืฆืืจืช ืขืฅ ืกืคืจืืืช
ืืขืจืืช RPM ืืืคืฉืจืช ืื ืืืืื ืืงืืืช ืืืืืืจืืช ืขืฅ ืกืคืจืืืช ืขืืืจ ืืขืจืืช ืืืคืขืื ืืขืชืืืืช:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init ืื ื ืจืืื ืืช ืื ืืืคืืืืื ืืืฆืข ืืช ืืคืงืืื ืืืืจืื ื ืืืจื ืื, ืขื ืืื ืืชืงื ืช ืืืืืืช ืกืคืฆืืคืืืช, ืืืืงืคืื ืืืชืขืื ืืืืืืืืช ืืืืืืฆืืช.
ืื ืชืจืฆื, ืชืืื ืืืฉืชืืฉ ืืืฉืื ืืื:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"ะ yum ืื --excludepkgs, ืืืคื ื ืฉืืืืชื ืฆืจืื ืืืชืงืื ืงืืืฆืืช ืืื ืืืกืืจ ืืืืืืช.
ื ืืชื ืืืฆืื ืืช ืจืฉืืืช ืืืืืืืช ืืืงืืืฆืืช ืืชืืืืืช ืืืืฆืขืืช ืืคืงืืื dnf group info core ืขืืืจ ืงืืืฆื core.
ืืชืืื ืืืฉืืช ืฉื ืงืืฆื ืืขืจืืช ืืืคืขืื
ืืืื ื ืืฆืืจ ืืืืจืืช ืขืืืจ ืืจืฉืช, fstab, grub2 ืื ืฉืชืืฉ ืืืชืืืืช AWS ืคื ืืืืืช 169.254 ืขืืืจ DNS ื-NTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABRืืื, ื-GRUB_CMDLINE_LINUX, ืื ื ืืืืืฅ ืืฆืืื selinux=0, ืืื ืฉืขืืืื ืืคืื ื-SELinux.
ืื ืืื ืืืืฉ ืฉื initramfs ื-chroot
ืืืืจ ืขืจืืืช ืงืืฆื grub ื-fstab, ืขืืื ืืื ืืช ืืืืฉ.
ืื ื ืืืฆืขืื ืืช ืืขืืืื:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTUREืืื update-crypto-policies - ืืืคืฆืืื ืื, ืืคืจื ืืืืืื :)
ืขืืืจ "ืืืืจื", ืืชื ืืืื ืืขืฉืืช ืืืช:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICEืืืืจ ืืขืื ืช ืืขืจืืช ืืืคืขืื, ืืคืงืืื update-crypto-policies --show ืืืฆืื FIPS.
ืืคืขืื ืืืืืืืืช ืื ืืงืื ืืฉืคื
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mountdnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabelautorelabel - ื ืืจืฉ ืืืชืงืื ืืืืืืืืช ืงืืฆื ืืงืฉืจ ืฉื SELinux ืืืชืืื ืืจืืฉืื.
ืขืืฉืื ืืืื ื ืืื ืืช ืืืขืื ื ืฉื ืืืืกืง:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFSืจืืฉืื AMI
ืืื ืืงืื ami ืืืืกืง ebs, ืชืืืื ืขืืื ืืฆืื ืชืืื ืช ืืฆื ืฉื ืืืืกืง:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'ืชืฆืืจื ืืืืืช ืืื ืื. ืืืื ื ืืืืง ืืช ืืืฆื ืืืืฆืขืืช SnapshotId ืฉืืชืงืื:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58edืืฉืื ืื ื ืืงืืืื ืืช ืื "State": "completed", ืืชื ืืืื ืืจืฉืื AMI ืืืืคืื ืืืชื ืืฆืืืืจื:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
ืื ืืื. ืขืืฉืื ืืชื ืืืื ืืืคืขืื ืืืคืขืื.
ืืืจื ืื, ืืชื ืืืื ืืืฆืืจ ืชืืื ื, ืืื ืื ืจืื, ืขื ืื ืืคืฆืช ืืื ืืงืก. ืืคืืืช ืืืืืง ืืืืื (ืืืืฆืขืืช debootstrap ืืืชืงื ืช ืืขืจืืช ื ืงืืื) ืืืฉืคืืช RHEL.
ืขืืืื ืืืืกืก ืขื ืืงืฉืืช ืฉื ืงืืจืืื. ืชืืืื ืื ืืืื ืืืืืช ืืืืืืื ืืืจื, ืืืืืืฆืื ืืืื. ืืื ืืืฆืืช ืชืื ืืช ืืืืืื.
ืืงืืจ: www.habr.com