Esi sikhokelo "yifolokhwe" yegama elifanayo amanqaku malunga ne-CentOS 5.9, kwaye ithathela ingqalelo iimpawu ze-OS entsha. Okwangoku akukho mfanekiso usemthethweni we-Centos8 ovela ku-centos.org kwiNdawo yeMarike ye-AWS.
Njengoko usazi, kwilifu leAmazon iimeko ezibonakalayo ziqaliswa ngokusekwe kwimifanekiso (ebizwa ngokuba Ami). IAmazon ibonelela ngenani elikhulu labo; Ungasebenzisa kwakhona imifanekiso yoluntu elungiselelwe ngabantu besithathu, apho umboneleli welifu, ewe, akanalo naluphi na uxanduva. Kodwa ngamanye amaxesha udinga umfanekiso wenkqubo ecocekileyo kunye neeparitha eziyimfuneko, ezingekho kuluhlu lwemifanekiso.
Ke ekuphela kwendlela yokuphuma kukwenza eyakho i-AMI.
Amaxwebhu asemthethweni achaza indlela ukudala "imeko yevenkile exhaswa yi-AMI".
Ukungalungi kwale ndlela kukuba umfanekiso ogqityiweyo uya kufuneka kwakhona uguqulelwe "kwi-EBS-backed AMI". Kwakhona kubalulekile ukuqaphela i-Cockpit Image Builder. Iya kukuvumela ukuba wenze imifanekiso yesiko, kwi CLI okanye WEBHU GUI imowudi, kodwa xa sele uneCentos 8.
Uyenza njani eyakho i-EBS-backed AMI kwilifu laseAmazon ngaphandle kwamanyathelo aphakathi kuya kuxutyushwa kweli nqaku.
Isicwangciso sokusebenza
- Lungisa okusingqongileyo
- Faka inkqubo ecocekileyo kwaye wenze izicwangciso eziyimfuneko
- Thatha i-snapshot yediski
- Bhalisa i-AMI
Ukulungisa iNdawo
Ngeenjongo zethu, nayiphi na esemthethweni Centos 7 umzekelo nayiphi na imilo, nokuba t2.micro. Ungayiqhuba nge-CLI:
aws ec2 run-instances
--image-id ami-4bf3d731
--region us-east-1
--key-name alpha
--instance-type t2.micro
--subnet-id subnet-240a8618
--associate-public-ip-address
--block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=8}
--block-device-mappings DeviceName=/dev/sdb,Ebs={VolumeSize=4}
Umyalelo uyakuphakamisa umzekelo kwi-VPC apho i-subnet-id echaziweyo ingowayo. I-subnet imele ukuba yeyoluntu, kwaye i-SG 'ehlala ikho' ivumela yonke into.
Ngoku makhe singene kumzekelo nge-ssh, hlaziya inkqubo, faka dnf
kwaye uqalise kwakhona:
sudo yum update -y && sudo yum install -y dnf && sudo reboot
Yonke imisebenzi eyongezelelweyo iya kwenziwa ukusuka root
.
Ukufakela iiCentos ezicocekileyo 8.1
Uyilo lwesixokelelwano sefayile kunye nokunyuswa kwesahlulelo
DEVICE=/dev/xvdb
ROOTFS=/rootfs
parted -s ${DEVICE} mktable gpt
parted -s ${DEVICE} mkpart primary ext2 1 2
parted -s ${DEVICE} set 1 bios_grub on
parted -s ${DEVICE} mkpart primary xfs 2 100%
mkfs.xfs -L root ${DEVICE}2
mkdir -p $ROOTFS
mount ${DEVICE}2 $ROOTFS
mkdir $ROOTFS/{proc,sys,dev,run}
mount --bind /proc $ROOTFS/proc
mount --bind /sys $ROOTFS/sys
mount --bind /dev $ROOTFS/dev
mount --bind /run $ROOTFS/run
Ukudala umthi wolawulo
Inkqubo ye-RPM ikuvumela ukuba ulungiselele ngokulula nangokukhawuleza umthi wolawulo lwe-OS yexesha elizayo:
PKGSURL=http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages
rpm --root=$ROOTFS --initdb
rpm --root=$ROOTFS -ivh
$PKGSURL/centos-release-8.1-1.1911.0.8.el8.x86_64.rpm
$PKGSURL/centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm
$PKGSURL/centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm
dnf --installroot=$ROOTFS --nogpgcheck --setopt=install_weak_deps=False
-y install audit authselect basesystem bash biosdevname coreutils
cronie curl dnf dnf-plugins-core dnf-plugin-spacewalk dracut-config-generic
dracut-config-rescue e2fsprogs filesystem firewalld glibc grub2 grubby hostname
initscripts iproute iprutils iputils irqbalance kbd kernel kernel-tools
kexec-tools less linux-firmware lshw lsscsi ncurses network-scripts
openssh-clients openssh-server passwd plymouth policycoreutils prefixdevname
procps-ng rng-tools rootfiles rpm rsyslog selinux-policy-targeted setup
shadow-utils sssd-kcm sudo systemd util-linux vim-minimal xfsprogs
chrony cloud-init
Ndikubona kufanelekile ukwenza umyalelo wokugqibela ngale ndlela, ngokufaka iipakethe ezithile, kwaye uqiniseke ukuba ungazihoyi iipakethe ezicetyiswayo.
Ukuba unqwenela, ungasebenzisa into efana nale:
dnf --installroot=$ROOTFS groupinstall base core
--excludepkgs "NetworkManager*"
-e "i*-firmware"
Π yum
akukho --excludepkgs
, kwaye ngaphambi kokuba ndifake amaqela kwaye emva koko ndisuse iipakethe.
Uluhlu lweepakethe kunye namaqela axhomekeke kuwo anokujongwa ngomyalelo dnf group info core
kwiqela core
.
Ukwenziwa kwefayile ye-OS
Masenze ulungelelwaniso lwenethiwekhi, i-fstab, i-grub2 kwaye sisebenzise iidilesi ze-AWS zangaphakathi ze-169.254 ze-DNS kunye ne-NTP.
cat > $ROOTFS/etc/resolv.conf << HABR
nameserver 169.254.169.253
HABR
cat > $ROOTFS/etc/sysconfig/network << HABR
NETWORKING=yes
NOZEROCONF=yes
HABR
cat > $ROOTFS/etc/sysconfig/network-scripts/ifcfg-eth0 << HABR
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
HABR
cat > $ROOTFS/etc/fstab << HABR
LABEL=root / xfs defaults,relatime 1 1
HABR
sed -i "s/cloud-user/centos/" $ROOTFS/etc/cloud/cloud.cfg
echo "server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4" >> $ROOTFS/etc/chrony.conf
sed -i "/^pool /d" $ROOTFS/etc/chrony.conf
sed -i "s/^AcceptEnv/# /" $ROOTFS/etc/ssh/sshd_config
cat > $ROOTFS/etc/default/grub << HABR
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
HABR
Kulapha, kwi-GRUB_CMDLINE_LINUX, apho ndicebisa ukuba ikhankanye selinux=0, kwabo basayoyika i-SELinux.
Ukwakha kwakhona ii-initramfs kwi-chroot
Emva kokuhlela iifayile ze-grub kunye ne-fstab, kufuneka uphinde wakhe.
Senza uhlaziyo:
KERNEL=$(ls $ROOTFS/lib/modules/)
chroot $ROOTFS dracut -f -v /boot/initramfs-$KERNEL.img $KERNEL
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
chroot $ROOTFS update-crypto-policies --set FUTURE
apha update-crypto-policies
-ukuzikhethela, kwi-paranoid :)
Ukwenzela "intengiso", unokwenza oku:
chroot $ROOTFS fips-mode-setup --enable
chroot $ROOTFS grub2-mkconfig -o /boot/grub2/grub.cfg
chroot $ROOTFS grub2-install $DEVICE
Emva kokulayisha i-OS, umyalelo update-crypto-policies --show
izakukhupha i-FIPS.
Ukuqalisa ngokuzenzekelayo kunye nokucoca inkunkuma
chroot $ROOTFS systemctl enable network.service
chroot $ROOTFS systemctl enable sshd.service
chroot $ROOTFS systemctl enable cloud-init.service
chroot $ROOTFS systemctl mask tmp.mount
dnf --installroot=$ROOTFS clean all
truncate -c -s 0 $ROOTFS/var/log/*.log
rm -rf var/lib/dnf/*
touch $ROOTFS/.autorelabel
autorelabel
-efunekayo ukufaka ngokuzenzekelayo iifayile ze-SELinux kwi-boot yokuqala.
Ngoku makhe sihlise idiski:
sync
umount $ROOTFS/{proc,sys,dev,run}
umount $ROOTFS
Ukubhaliswa kwe-AMI
Ukufumana i-ami kwidiski ye-ebs, kufuneka uqale uthathe umfanekiso okhawulezayo wediski:
aws ec2 create-snapshot
--volume-id vol-09f26eba4c50da110 --region us-east-1
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
Kuya kufuneka ulinde ixesha elithile. Makhe sijonge ubume sisebenzisa i-SnapshotId efunyenweyo:
aws ec2 describe-snapshots --region us-east-1 --snapshot-ids snap-0b665542fc59e58ed
Xa siyifumana "State": "completed"
, ungabhalisa i-AMI kwaye uyenze esidlangalaleni:
aws ec2 register-image
--region us-east-1
--name 'CentOS-8.1-1.1911.0.8-minimal'
--description 'centos-release-8.1-1.1911.0.8 4.18.0-147.5.1 01'
--virtualization-type hvm --root-device-name /dev/sda1
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs": { "SnapshotId": "snap-0b665542fc59e58ed", "VolumeSize":4, "DeleteOnTermination": true, "VolumeType": "gp2"}}]'
--architecture x86_64 --sriov-net-support simple --ena-support
aws ec2 modify-image-attribute
--region us-east-1
--image-id ami-011ed2a37dc89e206
--launch-permission 'Add=[{Group=all}]'
Kuko konke. Ngoku unokuqalisa iimeko.
Ngale ndlela, unokwenza umfanekiso, ngakumbi, nangaluphi na usasazo lweLinux. Ubuncinci kanye i-Debian (usebenzisa i-debootstrap ukufaka inkqubo ecocekileyo) kunye nosapho lwe-RHEL.
UPDATE Ngokusekelwe kwizicelo zabafundi. Le nkqubo inokuzenzekela Ipakethi, Zizenzele kuphela. apha Ithempleyithi yomzekelo ibonisiwe.
umthombo: www.habr.com