Bukuli ndi "foloko" la dzina lomwelo zolemba za CentOS 5.9, ndipo imaganizira mawonekedwe a OS yatsopano. Pakadali pano palibe chithunzi chovomerezeka cha Centos8 chochokera ku centos.org mumsika wa AWS.
Monga mukudziwira, mumtambo wa Amazon zochitika zenizeni zimayambitsidwa kutengera zithunzi (zotchedwa AMI). Amazon imapereka ambiri aiwo; mutha kugwiritsanso ntchito zithunzi zapagulu zokonzedwa ndi anthu ena, zomwe wopereka mtambo, ndithudi, alibe udindo uliwonse. Koma nthawi zina mumafunika chithunzi choyera chadongosolo ndi magawo ofunikira, omwe sali pamndandanda wazithunzi.
Ndiye njira yokhayo yotulukira ndikupanga AMI yanu.
Zolemba zovomerezeka zimalongosola njira kupanga "AMI yothandizidwa ndi sitolo".
Choyipa cha njirayi ndikuti chithunzi chomalizidwa chidzafunikanso kusinthidwa kukhala "EBS-backed AMI". Chofunikanso kudziwa ndi Cockpit Image Builder. Ikuthandizani kuti mupange zithunzi zokhazikika, mu CLI kapena WEB GUI mode, koma mukakhala kale ndi Centos 8.
Momwe mungapangire EBS-backed AMI yanu mumtambo wa Amazon popanda masitepe apakatikati tikambirana m'nkhaniyi.
Dongosolo lochita
- Konzani chilengedwe
- Ikani dongosolo loyera ndikupanga zoikamo zofunika
- Pezani chithunzi cha disk
- Lembani AMI
Kukonzekera Chilengedwe
Kwa zolinga zathu, iliyonse chitsanzo cha Centos 7 mawonekedwe aliwonse, ngakhale t2.micro. Mutha kuyendetsa kudzera pa CLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}Lamulo lidzakweza chitsanzo mu VPC yomwe subnet-id yotchulidwayo ndi yake. Subnet ikuyenera kukhala yapagulu, ndipo SG 'default' imalola chilichonse.
Tsopano tiyeni tilowe mu chitsanzo kudzera ssh, sinthani dongosolo, khazikitsani dnf ndi kuyambitsanso:
sudo yum update -y && sudo yum install -y dnf && sudo rebootNtchito zina zonse zidzachitika kuyambira root.
Kuyika zoyera za Centos 8.1
Mapangidwe a fayilo ndi kuyika magawo
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/runKupanga chikwatu mtengo
Dongosolo la RPM limakupatsani mwayi wokonzekera mwachangu komanso mwachangu chikwatu cha OS yamtsogolo:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init Ndikuwona kuti ndibwino kuti mupereke lamulo lomaliza motere, pakuyika maphukusi enieni, ndipo onetsetsani kuti mwanyalanyaza phukusi lovomerezeka.
Ngati mukufuna, mutha kugwiritsa ntchito izi:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"Π yum palibe --excludepkgs, ndipo ndisanayambe kukhazikitsa magulu ndikuchotsa phukusi.
Mndandanda wamaphukusi ndi magulu odalira akhoza kuwonedwa ndi lamulo dnf group info core kwa gulu core.
Kusintha mafayilo a OS
Tiyeni tipange makonzedwe a netiweki, fstab, grub2 ndikugwiritsa ntchito ma adilesi a AWS amkati 169.254 a DNS ndi NTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABRNdili pano, mu GRUB_CMDLINE_LINUX, kuti ndikupangira kufotokoza selinux=0, kwa iwo omwe akuopabe SELinux.
Kumanganso initramfs mu chroot
Pambuyo pokonza mafayilo a grub ndi fstab, muyenera kumanganso.
Timakonza zowonjezera:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTUREapa update-crypto-policies - kusankha, kwa paranoid :)
Pa "kugulitsa", mutha kuchita izi:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICEPambuyo kutsegula OS, lamulo update-crypto-policies --show idzatulutsa FIPS.
Autostart ndi Kuyeretsa Zinyalala
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mountdnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabelautorelabel - yofunikira kukhazikitsa mafayilo amtundu wa SELinux pa boot yoyamba.
Tsopano tiyeni tichotse disk:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFSKulembetsa kwa AMI
Kuti mupeze ami kuchokera ku ebs disk, choyamba muyenera kujambula chithunzithunzi cha disk:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'Muyenera kudikirira kwakanthawi. Tiyeni tiwone momwe zilili pogwiritsa ntchito SnapshotId yomwe idalandilidwa:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58edTikachipeza "State": "completed", mutha kulembetsa AMI ndikuyiwonetsa poyera:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
Ndizomwezo. Tsopano mutha kuyambitsa zochitika.
Mwanjira iyi, mutha kupanga chithunzi, mwina, ndi kugawa kulikonse kwa Linux. Osachepera Debian (kugwiritsa ntchito debootstrap kukhazikitsa dongosolo loyera) ndi banja la RHEL.
PEZANI Zochokera zopempha owerenga. Izi zitha kukhala zokha Chonyamula, Zosintha zokha. apa Chitsanzo cha template chikuperekedwa.
Source: www.habr.com