Mwongozo huu ni "uma" wa jina moja nakala kuhusu CentOS 5.9, na inazingatia vipengele vya OS mpya. Kwa sasa hakuna picha rasmi ya Centos8 kutoka centos.org katika Soko la AWS.
Kama unavyojua, katika wingu la Amazon matukio ya kawaida yanazinduliwa kulingana na picha (kinachojulikana AMI) Amazon hutoa idadi kubwa yao; unaweza pia kutumia picha za umma zilizoandaliwa na watu wengine, ambayo mtoaji wa wingu, bila shaka, hana jukumu lolote. Lakini wakati mwingine unahitaji picha ya mfumo safi na vigezo muhimu, ambayo haipo katika orodha ya picha.
Kisha njia pekee ya nje ni kutengeneza AMI yako mwenyewe.
Nyaraka rasmi zinaelezea njia kuunda "AMI inayoungwa mkono na duka ya mfano".
Ubaya wa mbinu hii ni kwamba picha iliyokamilishwa pia itahitaji kubadilishwa kuwa "AMI inayoungwa mkono na EBS". Pia inafaa kuzingatia ni Cockpit Image Builder. Itakuruhusu kuunda picha maalum, ndani CLI au WEB GUI mode, lakini wakati tayari una Centos 8.
Jinsi ya kuunda AMI yako mwenyewe inayoungwa mkono na EBS kwenye wingu la Amazon bila hatua za kati itajadiliwa katika nakala hii.
Mpango wa vitendo
- Tayarisha mazingira
- Sakinisha mfumo safi na ufanye mipangilio muhimu
- Chukua picha ya diski
- Sajili AMI
Kuandaa Mazingira
Kwa madhumuni yetu, yoyote rasmi Centos 7 mfano umbo lolote, hata t2.micro. Unaweza kuiendesha kupitia CLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}
Amri itaongeza mfano katika VPC ambayo kitambulisho kidogo kilichobainishwa ni mali yake. Subnet inapaswa kuwa ya umma, na SG 'chaguo-msingi' inaruhusu kila kitu.
Sasa hebu tuingie kwenye mfano kupitia ssh, sasisha mfumo, sasisha dnf
na uwashe upya:
sudo yum update -y && sudo yum install -y dnf && sudo reboot
Shughuli zote zaidi zitafanywa kutoka root
.
Kufunga Centos safi 8.1
Mpangilio wa mfumo wa faili na uwekaji wa kizigeu
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/run
Kuunda mti wa saraka
Mfumo wa RPM hukuruhusu kuandaa kwa urahisi na haraka mti wa saraka kwa OS ya baadaye:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init
Ninaona kuwa ni sawa kutekeleza amri ya mwisho kwa njia hii, kwa kusanikisha vifurushi maalum, na hakikisha kupuuza vifurushi vilivyopendekezwa.
Ikiwa unataka, unaweza kutumia kitu kama hiki:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"
Π yum
hakuna --excludepkgs
, na kabla nililazimika kusanikisha vikundi na kisha kuondoa vifurushi.
Orodha ya vifurushi na vikundi tegemezi vinaweza kutazamwa kwa amri dnf group info core
kwa kikundi core
.
Kubinafsisha faili za OS
Wacha tuunde usanidi wa mtandao, fstab, grub2 na tutumie anwani za ndani za AWS 169.254 za DNS na NTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABR
Iko hapa, katika GRUB_CMDLINE_LINUX, ambapo ninapendekeza kubainisha selinux=0, kwa wale ambao bado wanaogopa SELinux.
Kuunda upya initramfs kwenye chroot
Baada ya kuhariri faili za grub na fstab, unahitaji kujenga upya.
Tunafanya sasisho:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTURE
Hapa update-crypto-policies
- hiari, kwa paranoid :)
Kwa "kuuza", unaweza kufanya hivi:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
Baada ya kupakia OS, amri update-crypto-policies --show
itatoa FIPS.
Kuanzisha otomatiki na kusafisha takataka
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mount
dnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabel
autorelabel
- inahitajika kusakinisha kiotomatiki faili za muktadha wa SELinux kwenye buti ya kwanza.
Sasa wacha tuondoe diski:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFS
Usajili wa AMI
Ili kupata ami kutoka kwa diski ya ebs, kwanza unahitaji kuchukua picha ya diski:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
Utalazimika kusubiri kwa muda fulani. Wacha tuangalie hali kwa kutumia SnapshotId iliyopokelewa:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58ed
Tunapoipata "State": "completed"
, unaweza kusajili AMI na kuifanya iwe ya umma:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
Ni hayo tu. Sasa unaweza kuzindua matukio.
Kwa njia hii, unaweza kuunda picha, uwezekano mkubwa, na usambazaji wowote wa Linux. Angalau Debian haswa (kwa kutumia debootstrap kusakinisha mfumo safi) na familia ya RHEL.
UPDATE Kulingana na maombi kutoka kwa wasomaji. Utaratibu huu unaweza kuwa otomatiki Packer, Otomatiki pekee. Hapa Kiolezo cha mfano kinawasilishwa.
Chanzo: mapenzi.com