Tataiso ena ke "fereko" ea lebitso le tšoanang Lingoloa ka CentOS 5.9, 'me e nahanela likarolo tsa OS e ncha. Hajoale ha ho na setšoantšo sa semmuso sa Centos8 se tsoang ho centos.org 'Maraka oa AWS.
Joalo ka ha u tseba, ho leru la Amazon ho hlahisoa maemo a hlakileng a ipapisitseng le litšoantšo (tse bitsoang MOTSOALLE). Amazon e fana ka palo e kholo ea tsona; u ka sebelisa litšoantšo tsa sechaba tse lokiselitsoeng ke batho ba boraro, tseo mofani oa maru, ehlileng, a sa jarang boikarabello. Empa ka linako tse ling u hloka setšoantšo se hloekileng sa tsamaiso se nang le li-parameter tse hlokahalang, tse seng lethathamong la litšoantšo.
Joale tsela feela ea ho tsoa ke ho iketsetsa AMI ea hau.
Litokomane tsa molao lia hlalosa tsela ho theha "AMI e tšehelitsoeng ka lebenkele la mohlala".
Bothata ba mokhoa ona ke hore setšoantšo se phethiloeng se tla boela se hloke ho fetoloa "EBS-backed AMI". Hape ho bohlokoa ho elelloa ke Cockpit Image Builder. E tla u lumella ho etsa litšoantšo tse tloaelehileng, ho CLI kapa WEB GUI mode, empa ha o se o na le Centos 8.
Mokhoa oa ho iketsetsa AMI e tšehelitsoeng ke EBS ka leru la Amazon ntle le mehato e mahareng e tla tšohloa sehloohong sena.
Morero oa tšebetso
- Lokisetsa tikoloho
- Kenya sistimi e hloekileng 'me u etse litlhophiso tse hlokahalang
- Nka setšoantšo sa disk
- Ngolisa AMI
Ho Lokisetsa Tikoloho
Bakeng sa merero ea rona, leha e le efe mohlala oa Centos 7 sebopeho sefe kapa sefe, esita le t2.micro. U ka e tsamaisa ka CLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}Taelo e tla hlahisa mohlala ho VPC eo subnet-id e boletsoeng e leng ea eona. Subnet e lokela ho ba ea sechaba, 'me SG 'default' e lumella ntho e 'ngoe le e' ngoe.
Joale ha re keneng ho mohlala ka ssh, ntlafatsa sistimi, kenya dnf ebe o qala hape:
sudo yum update -y && sudo yum install -y dnf && sudo rebootLits'ebetso tsohle tse ling li tla etsoa ho tloha ho root.
Ho kenya Centos 8.1 e hloekileng
Sebopeho sa sistimi ea faele le ho kenya karohano
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/runHo theha sefate sa directory
Sistimi ea RPM e u lumella ho itokisetsa habonolo le kapele sefate sa directory bakeng sa OS e tlang:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init Ke nka ho le molemo ho phethahatsa taelo ea ho qetela ka tsela ena, ka ho kenya liphutheloana tse itseng, 'me u be le bonnete ba hore u hlokomoloha liphutheloana tse khothalletsoang.
Haeba u lakatsa, u ka sebelisa ntho e kang ena:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"В yum ha ho --excludepkgs, 'me pele ke tlameha ho kenya lihlopha ebe ke tlosa liphutheloana.
Lethathamo la liphutheloana le lihlopha tse itšetlehileng ka tsona li ka bonoa ka taelo dnf group info core bakeng sa sehlopha core.
Ho hlophisa lifaele tsa OS
Ha re theheng litlhophiso tsa marang-rang, fstab, grub2 'me re sebelise liaterese tsa AWS tsa kahare tsa 169.254 bakeng sa DNS le NTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABRKe mona, ho GRUB_CMDLINE_LINUX, moo ke khothaletsang ho hlakisa selinux=0, bakeng sa ba ntseng ba tšaba SELinux.
Ho tsosolosa initramfs ka chroot
Kamora ho hlophisa lifaele tsa grub le fstab, o hloka ho aha bocha.
Re etsa ntlafatso:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTUREmona update-crypto-policies - boikhethelo, bakeng sa paranoid :)
Bakeng sa "thekiso", o ka etsa sena:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICEKa mor'a ho kenya OS, taelo update-crypto-policies --show e tla fana ka FIPS.
Autostart le ho hloekisa litšila
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mountdnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabelautorelabel - e hlokahalang ho kenya lifaele tsa moelelo oa SELinux ka bo eona ho boot ea pele.
Joale a re theoleng disk:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFSNgoliso ea AMI
Ho fumana ami ho tsoa ho ebs disk, o hloka ho nka setšoantšo sa disk pele:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'U tla tlameha ho ema nako e itseng. Ha re hlahlobeng boemo re sebelisa SnapshotId e amohetseng:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58edHa re e fumana "State": "completed", o ka ngolisa AMI mme oa e phatlalatsa:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
Ke phetho. Joale o ka qala liketsahalo.
Ka tsela ena, o ka etsa setšoantšo, mohlomong, ka phepelo efe kapa efe ea Linux. Bonyane hantle Debian (ho sebelisa debootstrap ho kenya tsamaiso e hloekileng) le lelapa la RHEL.
Update E ipapisitse le likopo tsa babali. Tshebetso ena e ka iketsetsa Paka, Iketsetse feela. mona Ho hlahisoa template ea mohlala.
Source: www.habr.com