Gwaro iri iβforogoβ yezita rimwechete zvinyorwa nezve CentOS 5.9, uye inofunga nezve maficha eiyo OS itsva. Parizvino hapana zviri pamutemo Centos8 mufananidzo kubva kucentos.org muAWS Musika.
Sezvaunoziva, muAmazon gore chaiwo zviitiko zvinotangwa zvichibva pamifananidzo (iyo inonzi AMI) Amazon inopa huwandu hukuru hwadzo; iwe unogona zvakare kushandisa yeruzhinji mifananidzo yakagadzirirwa nevechitatu mapato, iyo iyo mupi wegore, hongu, haatore chero mutoro. Asi dzimwe nguva unoda yakachena system mufananidzo ine inodiwa paramita, iyo isiri mune rondedzero yemifananidzo.
Ipapo nzira chete yekubuda ndeye kugadzira yako AMI.
Zvinyorwa zvepamutemo zvinotsanangura nzira kugadzira "yemuenzaniso chitoro-yakatsigirwa AMI".
Kuipa kweiyi nzira ndeyekuti mufananidzo wakapedzwa uchadawo kushandurwa kuita "EBS-backed AMI". Zvakare zvakakosha kucherechedza ndeye Cockpit Image Builder. Ichakubvumidza iwe kugadzira yakajairwa mifananidzo, mukati CLI kana WEB GUI modhi, asi kana watova neCentos 8.
Maitiro ekugadzira yako EBS-yakatsigirwa AMI muAmazon gore pasina matanho epakati ichakurukurwa muchinyorwa ichi.
Urongwa hwekuita
- Gadzirira zvakatipoteredza
- Isa yakachena sisitimu uye ita zvimiro zvinodiwa
- Tora mufananidzo we diski
- Bhalisa AMI
Kugadzirira Zvakatipoteredza
Nezvinangwa zvedu, chero pamutemo Centos 7 muenzaniso chero chimiro, kunyange t2.micro. Unogona kuimhanyisa kuburikidza neCLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}Iwo murairo uchasimudza chiitiko muVPC iyo yakatsanangurwa subnet-id ndeyayo. Iyo subnet inofanirwa kuve yeruzhinji, uye SG 'default' inobvumira zvese.
Iye zvino ngatipindei kumuenzaniso kuburikidza ne ssh, gadzirisa sisitimu, isa dnf uye reboot:
sudo yum update -y && sudo yum install -y dnf && sudo rebootMamwe maoperation ese achaitwa kubva root.
Kuisa yakachena Centos 8.1
Faira system dhizaini uye partition kukwira
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/runKugadzira dhairekitori muti
Iyo RPM sisitimu inobvumidza iwe nyore uye nekukurumidza kugadzirira dhairekitori muti kune ramangwana OS:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init Ini ndinoona sechakanyanya kuita murairo wekupedzisira neiyi nzira, nekuisa chaiwo mapakeji, uye uve nechokwadi chekufuratira mapakeji anokurudzirwa.
Kana uchida, unogona kushandisa chimwe chinhu chakadai:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"Π yum kwete --excludepkgs, uye ndisati ndafanirwa kuisa mapoka uyezve kubvisa mapakeji.
Rondedzero yemapakeji uye mapoka anotsamira anogona kutariswa nemirairo dnf group info core zveboka core.
OS faira kugadzirisa
Ngatigadzire magadzirirwo etiweki, fstab, grub2 uye tishandise AWS yemukati 169.254 kero yeDNS neNTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABRIri pano, muGRUB_CMDLINE_LINUX, yandinokurudzira kudoma selinux=0, kune avo vachiri kutya SELinux.
Kuvakazve initramfs muchroot
Mushure mekugadzirisa iyo grub uye fstab mafaera, unofanirwa kuvakazve.
Isu tinogadzirisa update:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTUREpano update-crypto-policies - Optional, yeparanoid :)
Nokuda kwe "kutengesa", unogona kuita izvi:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICEMushure mekurodha OS, iwo murairo update-crypto-policies --show ichaburitsa FIPS.
Autostart uye Garbage Cleaning
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mountdnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabelautorelabel - inodiwa kuti uise otomatiki maSELinux mafaera ekutanga bhutsu.
Zvino ngatibvisei dhisiki:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFSAMI kunyoresa
Kuti uwane ami kubva ku ebs disk, iwe unofanirwa kutanga watora mufananidzo we diski:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'Iwe uchafanirwa kumirira kwenguva yakati. Ngatitarisei chimiro tichishandisa yakagamuchirwa SnapshotId:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58edKana tazviwana "State": "completed", unogona kunyoresa AMI uye kuita kuti ive pachena:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
Ndizvo zvose. Iye zvino unogona kutanga zviitiko.
Nenzira iyi, iwe unogona kugadzira mufananidzo, pamwe, nechero Linux kugovera. Zvirinani chaizvo Debian (uchishandisa debootstrap kuisa yakachena sisitimu) uye iyo RHEL mhuri.
UPDATE Kubva pane zvikumbiro zvevaverengi. Iyi nzira inogona kuve yega packers, Automate chete. pano Muenzaniso template unoratidzwa.
Source: www.habr.com