|
在本文中,我们将讨论如何使用Image Builder为AWS创建自定义的RHEL 8/CentOS 8 AMI,对于Image Builder的新手来说,它是用于创建Red Hat Enterprise Linux的自定义系统映像的工具,其中包括准备在云平台上部署的系统映像。image Builder会自动处理每个图像输出的服务器设置详细信息,因此它比手动图像创建方法要快,可以使用命令行工具composer-cli以及Cockpit Web控制台中的图形用户界面。
Image Builder Blocks和Image Builder输出格式 1、Image Builder Blocks Blueprint(蓝图)-通过列出将作为系统一部分的软件包和自定义项,定义自定义的系统映像,蓝图以纯文本格式呈现给用户。 Compose-选写是基于特定蓝图的特定版本的系统映像的单独构建。 Customization-这些是系统规格,不是包装,这包括用户、组和SSH密钥。 2、Image Builder输出格式 Image Builder使您可以构建多种输出格式的图像:
步骤1:安装Image Builder软件包 在使用Image Builder之前,需要安装以下软件包: sudo yum -y install vim lorax-composer composer-cli cockpit-composer bash-completion 启用Image Builder在每次重新启动后启动: sudo systemctl enable --now lorax-composer.socket 要通过Cockpit访问UI,请启用它: sudo systemctl enable --now cockpit.socket sudo firewall-cmd --add-service=cockpit && sudo firewall-cmd --add-service=cockpit --permanent 加载shell程序配置脚本,以便composer-cli命令的自动完成功能无需重启即可立即开始工作: source /etc/bash_completion.d/composer-cli
步骤2:为Image Builder创建蓝图(Blueprint) 我们将使用命令行界面执行此操作,但是可以从Cockpit Web控制台执行相同操作(参考:在CentOS 8上安装Cockpit及访问Cockpit Web控制台的方法),要使用该接口,请使用适当的选项和参数运行composer-cli命令。 这是工作流图像生成器: 将蓝图定义导出(保存)到纯文本文件。 在文本编辑器中编辑此文件。 将蓝图文本文件导入(推入)到Image Builder中。 运行compose以根据蓝图构建图像。 导出图像文件以下载。 将您的$USER添加到weldr组: sudo usermod -aG weldr $USER newgrp weldr 创建Image Builder蓝图: $ vim rhel8-base.toml 我的已修改为如下所示: name = "rhel-8-base" description = "A RHEL 8 Base Image" version = "0.0.1" groups = [] [[modules]] name = "vim" version = "*" [[packages]] name = "openssh-server" version = "*" [[packages]] name = "rsync" version = "*" [[packages]] name = "tmux" version = "*" [[packages]] name = "git" version = "*" [[packages]] name = "tree" version = "*" [[packages]] name = "bash-completion" version = "*" [[packages]] name = "lvm2" version = "*" [[packages]] name = "wget" version = "*" [[packages]] name = "firewalld" version = "*" [[packages]] name = "python3" version = "*" [[packages]] name = "python3-pip" version = "*" [[packages]] name = "telnet" version = "*" [customizations.kernel] append = "net.ifnames=0" [[customizations.user]] name = "rheladmin" description = " RHEL Admin User" password = "hashed-user-password" key = "your-ssh-pub-key" home = "/home/rheladmin/" shell = "/usr/bin/bash" groups = ["users", "wheel"] 用实际的密码哈希替换hashed-user-password,要生成哈希,请使用如下命令: python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())' 将蓝图推回Image Builder中: $ composer-cli blueprints push rhel8-base.toml 列出可用的图像生成器: $ composer-cli blueprints list example-atlas example-development example-http-server rhel-8-base
步骤3:使用Image Builder创建系统映像 传递start选项以为您的CentOS/RHEL机器构建映像: $ composer-cli compose start BLUEPRINT-NAME IMAGE-TYPE 要查看可用的图像类型,请运行: $ composer-cli compose types alibaba ami ext4-filesystem live-iso openstack partitioned-disk qcow2 tar vhd vmdk 现在,我将使用创建的蓝图和输出类型开始compose: $ composer-cli compose start rhel-8-base ami Compose 036fb329-0443-48ad-9444-a1c70caa4b36 added to the queue 要检查选写的状态: $ composer-cli compose status $ composer-cli compose status
选写完成后,下载生成的图像文件: $ composer-cli compose image UUID 例子: $ composer-cli compose image 036fb329-0443-48ad-9444-a1c70caa4b36 036fb329-0443-48ad-9444-a1c70caa4b36-disk.ami: 4452.00 MB
步骤4:将AMI映像上传到AWS 安装Python 3和pip工具: sudo yum -y install python3 python3-pip 使用pip安装AWS命令行工具: sudo pip3 install awscli 根据您的AWS访问详细信息配置AWS命令行客户端: $ aws configure AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: Default output format [None]: 配置AWS命令行客户端以使用您的存储桶: $ BUCKET=ami-image-bucket $ aws s3 mb s3://$BUCKET 确认存储桶创建: $ aws s3 ls 2020-04-04 15:49:47 ami-image-bucket 在IAM中创建vmimport S3角色,并授予其访问S3的权限: printf '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }' > trust-policy.json printf '{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::%s", "arn:aws:s3:::%s/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] }' $BUCKET $BUCKET > role-policy.json aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json 将AMI映像上传到AWS: $ BUCKET=ami-image-bucket $ AMI=036fb329-0443-48ad-9444-a1c70caa4b36-disk.ami $ aws s3 cp $AMI s3://$BUCKET upload: ./036fb329-0443-48ad-9444-a1c70caa4b36-disk.ami to s3://ami-image-bucket/036fb329-0443-48ad-9444-a1c70caa4b36-disk.ami 向S3的上传结束后,将映像作为快照导入EC2: printf '{ "Description": "my-image", "Format": "raw", "UserBucket": { "S3Bucket": "%s", "S3Key": "%s" } }' $BUCKET $AMI > containers.json aws ec2 import-snapshot --disk-container file://containers.json 样本输出:
确认导入过程: $ aws ec2 describe-import-snapshot-tasks --filters Name=task-state,Values=active
登录到AWS并确认快照的存在:
在EC2上单击快照,然后选择创建映像,从上传的快照创建映像:
给Image命名并设置虚拟化类型,磁盘大小和描述等:
创建后,该图像将在AMI部分中可用:
至此,操作完成。
相关主题 |
