読者です 読者をやめる 読者になる 読者になる

CentOS 5.5 AMI作成スクリプト

RightScaleのAMI(ami-21f38c73)上で、CentOS 5.5のAMI(Coreのみインストール)をスクラッチから作成・登録するスクリプトを書いてみた。

#!/bin/bash
AMI_IMG=centos-5.5-x86_84-core.img
MNT_DIR=fs-centos-5.5-x86_84-core
AMI_NAME=centos-5.5-x86_84-core

EC2_CERT=~/.aws/cert-XXXXXXXXXX.pem
EC2_PRIVATE_KEY=~/.aws/pk-XXXXXXXXXX.pem
ACCOUNT_NUM=XXXXXXXXXX
S3_BUCKET_NAME=XXXXXXXXXX/AMI/CentOS/5.5/x86_64/Core
S3_REGION=ap-southeast-1
#S3_REGION=us-west-1
ACCESS_KEY_ID=XXXXXXXXXX
SECRET_ACCESS_KEY=XXXXXXXXXX

cd /mnt
dd if=/dev/zero of=${AMI_IMG} count=1024 bs=1M

mke2fs -F -j ${AMI_IMG}
mkdir ${MNT_DIR}
mount -o loop ${AMI_IMG} ${MNT_DIR}

mkdir ${MNT_DIR}/dev
mkdir ${MNT_DIR}/etc

for i in console null zero
do
  /sbin/MAKEDEV -d /mnt/${MNT_DIR}/dev -x $i
done

cat > ${MNT_DIR}/etc/fstab << EOS
/dev/sda1 / ext3 defaults 1 1
/dev/sda2 /mnt ext3 defaults 0 0
/dev/sda3 swap swap defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
EOS

mkdir ${MNT_DIR}/proc
mount -t proc none ${MNT_DIR}/proc

YUMCNF=./yum.conf
cp /etc/yum.conf ${YUMCNF}
cat /etc/yum.repos.d/CentOS-Base.repo >> ${YUMCNF}
sed -i 's/$releasever/5.5/g' ${YUMCNF}
yum -c ${YUMCNF} --installroot=/mnt/${MNT_DIR} -y groupinstall Core
yum -c ${YUMCNF} --installroot=/mnt/${MNT_DIR} -y install curl

cat > ${MNT_DIR}/etc/sysconfig/network-scripts/ifcfg-eth0 << EOS
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
EOS

cat > ${MNT_DIR}/etc/sysconfig/network << EOS
NETWORKING=yes
EOS

cat > ${MNT_DIR}/etc/hosts << EOS
127.0.0.1       localhost.localdomain localhost
EOS

cat > ${MNT_DIR}/usr/local/sbin/get-credentials.sh << 'EOS'
#!/bin/bash

# Retreive the credentials from relevant sources.

# Fetch any credentials presented at launch time and add them to
# root's public keys

PUB_KEY_URI=http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
PUB_KEY_FROM_HTTP=/tmp/openssh_id.pub
PUB_KEY_FROM_EPHEMERAL=/mnt/openssh_id.pub
ROOT_AUTHORIZED_KEYS=/root/.ssh/authorized_keys



# We need somewhere to put the keys.
if [ ! -d /root/.ssh ] ; then
        mkdir -p /root/.ssh
        chmod 700 /root/.ssh
fi

# Fetch credentials...

# First try http
curl --retry 3 --retry-delay 0 --silent --fail -o $PUB_KEY_FROM_HTTP $PUB_KEY_URI
if [ $? -eq 0 -a -e $PUB_KEY_FROM_HTTP ] ; then
    if ! grep -q -f $PUB_KEY_FROM_HTTP $ROOT_AUTHORIZED_KEYS
    then
            cat $PUB_KEY_FROM_HTTP >> $ROOT_AUTHORIZED_KEYS
            echo "New key added to authrozied keys file from parameters"|logger -t "ec2"
    fi
    chmod 600 $ROOT_AUTHORIZED_KEYS
    rm -f $PUB_KEY_FROM_HTTP

elif [ -e $PUB_KEY_FROM_EPHEMERAL ] ; then
    # Try back to ephemeral store if http failed.
    # NOTE: This usage is deprecated and will be removed in the future
    if ! grep -q -f $PUB_KEY_FROM_EPHEMERAL $ROOT_AUTHORIZED_KEYS
    then
            cat $PUB_KEY_FROM_EPHEMERAL >> $ROOT_AUTHORIZED_KEYS
            echo "New key added to authrozied keys file from ephemeral store"|logger -t "ec2"

    fi
    chmod 600 $ROOT_AUTHORIZED_KEYS
    chmod 600 $PUB_KEY_FROM_EPHEMERAL

fi

if [ -e /mnt/openssh_id.pub ] ; then
        if ! grep -q -f /mnt/openssh_id.pub /root/.ssh/authorized_keys
        then
                cat /mnt/openssh_id.pub >> /root/.ssh/authorized_keys
                echo "New key added to authrozied keys file from ephemeral store"|logger -t "ec2"

        fi
        chmod 600 /root/.ssh/authorized_keys
fi
EOS

chmod a+x ${MNT_DIR}/usr/local/sbin/get-credentials.sh
echo '/usr/local/sbin/get-credentials.sh' >> ${MNT_DIR}/etc/rc.local
echo 'depmod -a #del' >> ${MNT_DIR}/etc/rc.local
echo 'modprobe loop #del' >> ${MNT_DIR}/etc/rc.local
echo "sed -i 's|^.*#del\$||' /etc/rc.local" >> ${MNT_DIR}/etc/rc.local

MODULE=http://s3.amazonaws.com/ec2-downloads/ec2-modules-2.6.16.33-xenU-x86_64.tgz
curl -s ${MODULE} | tar xzC ${MNT_DIR}

yum -c ${YUMCNF} --installroot=/mnt/${MNT_DIR} -y clean all

umount ${MNT_DIR}/proc/
umount ${MNT_DIR}
rmdir ${MNT_DIR}

wget "http://www.amazon.com/gp/redirect.html/ref=aws_rc_ec2tools?location=http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip&token=A80325AA4DAB186C80828ED5138633E3F49160D9"
wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip
mv *.zip /opt/
cd /opt
unzip ec2-api-tools.zip
unzip ec2-ami-tools.zip
export EC2_HOME=/opt/ec2-api-tools-1.3-53907
export EC2_AMITOOL_HOME=/opt/ec2-ami-tools-1.3-56066
export PATH=$EC2_HOME/bin:$EC2_AMITOOL_HOME/bin:$PATH

cd /mnt
ec2-bundle-image -i ${AMI_IMG} -c ${EC2_CERT} -k ${EC2_PRIVATE_KEY} -u ${ACCOUNT_NUM} -r x86_64
ec2-upload-bundle -b ${S3_BUCKET_NAME} -m /tmp/${AMI_IMG}.manifest.xml -a ${ACCESS_KEY_ID} -s ${SECRET_ACCESS_KEY}
ec2-register --region ${S3_REGION} -C ${EC2_CERT} -K ${EC2_PRIVATE_KEY} -n ${AMI_NAME} ${S3_BUCKET_NAME}/${AMI_IMG}.manifest.xml