読者です 読者をやめる 読者になる 読者になる

CentOS 5.5(x86_64)のEBSベースAMIをスクラッチからサクっと作る

ap-southeast-1でAMIを作成。S3へのイメージのアップロードは不要。
インストールするパッケージは4.のスクリプトのyumコマンドで調整(curlは必須)


1. RightScaleのCentOS AMI(ami-21f38c73)のインスタンスを立ち上げる

2. EBS Volumeを作成してインスタンスにアタッチ(/dev/sdf)

3. インスタンスにログインして以下のスクリプトを作成・実行

#!/bin/bash
IMG_DEV=/dev/sdf
MNT_DIR=fs-centos-5.5-x86_84-core
AMI_NAME=centos-5.5-x86_84-core

cd /mnt

mke2fs -F -j ${IMG_DEV}
mkdir ${MNT_DIR}
mount ${IMG_DEV} ${MNT_DIR}

mkdir ${MNT_DIR}/dev
mkdir ${MNT_DIR}/etc

for i in console null zero
do
  /sbin/MAKEDEV -d /mnt/${MNT_DIR}/dev -x $i
done

cat > ${MNT_DIR}/etc/fstab <<EOF
/dev/sda1 / ext3 defaults 1 1
/dev/sda3 swap swap defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
EOF

mkdir ${MNT_DIR}/proc
mount -t proc none ${MNT_DIR}/proc

YUMCNF=./yum.conf
cp /etc/yum.conf ${YUMCNF}
cat /etc/yum.repos.d/CentOS-Base.repo >> ${YUMCNF}
sed -i 's/$releasever/5.5/g' ${YUMCNF}
yum -c ${YUMCNF} --installroot=/mnt/${MNT_DIR} -y groupinstall Core
yum -c ${YUMCNF} --installroot=/mnt/${MNT_DIR} -y install curl

cat > ${MNT_DIR}/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
EOF

cat > ${MNT_DIR}/etc/sysconfig/network <<EOF
NETWORKING=yes
EOF

cat > ${MNT_DIR}/etc/hosts <<EOF
127.0.0.1       localhost.localdomain localhost
EOF

cat > ${MNT_DIR}/usr/local/sbin/get-credentials.sh <<'EOF'
#!/bin/bash

# Retreive the credentials from relevant sources.

# Fetch any credentials presented at launch time and add them to
# root's public keys

PUB_KEY_URI=http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
PUB_KEY_FROM_HTTP=/tmp/openssh_id.pub
PUB_KEY_FROM_EPHEMERAL=/mnt/openssh_id.pub
ROOT_AUTHORIZED_KEYS=/root/.ssh/authorized_keys



# We need somewhere to put the keys.
if [ ! -d /root/.ssh ] ; then
        mkdir -p /root/.ssh
        chmod 700 /root/.ssh
fi

# Fetch credentials...

# First try http
curl --retry 3 --retry-delay 0 --silent --fail -o $PUB_KEY_FROM_HTTP $PUB_KEY_URI
if [ $? -eq 0 -a -e $PUB_KEY_FROM_HTTP ] ; then
    if ! grep -q -f $PUB_KEY_FROM_HTTP $ROOT_AUTHORIZED_KEYS
    then
            cat $PUB_KEY_FROM_HTTP >> $ROOT_AUTHORIZED_KEYS
            echo "New key added to authrozied keys file from parameters"|logger -t "ec2"
    fi
    chmod 600 $ROOT_AUTHORIZED_KEYS
    rm -f $PUB_KEY_FROM_HTTP

elif [ -e $PUB_KEY_FROM_EPHEMERAL ] ; then
    # Try back to ephemeral store if http failed.
    # NOTE: This usage is deprecated and will be removed in the future
    if ! grep -q -f $PUB_KEY_FROM_EPHEMERAL $ROOT_AUTHORIZED_KEYS
    then
            cat $PUB_KEY_FROM_EPHEMERAL >> $ROOT_AUTHORIZED_KEYS
            echo "New key added to authrozied keys file from ephemeral store"|logger -t "ec2"

    fi
    chmod 600 $ROOT_AUTHORIZED_KEYS
    chmod 600 $PUB_KEY_FROM_EPHEMERAL

fi

if [ -e /mnt/openssh_id.pub ] ; then
        if ! grep -q -f /mnt/openssh_id.pub /root/.ssh/authorized_keys
        then
                cat /mnt/openssh_id.pub >> /root/.ssh/authorized_keys
                echo "New key added to authrozied keys file from ephemeral store"|logger -t "ec2"

        fi
        chmod 600 /root/.ssh/authorized_keys
fi
EOF

chmod a+x ${MNT_DIR}/usr/local/sbin/get-credentials.sh
echo '/usr/local/sbin/get-credentials.sh' >> ${MNT_DIR}/etc/rc.local
echo 'depmod -a #del' >> ${MNT_DIR}/etc/rc.local
echo 'modprobe loop #del' >> ${MNT_DIR}/etc/rc.local
echo "sed -i 's|^.*#del\$||' /etc/rc.local #del" >> ${MNT_DIR}/etc/rc.local

MODULE=http://s3.amazonaws.com/ec2-downloads/ec2-modules-2.6.16.33-xenU-x86_64.tgz
curl -s ${MODULE} | tar xzC ${MNT_DIR}

yum -c ${YUMCNF} --installroot=/mnt/${MNT_DIR} -y clean all

umount ${MNT_DIR}/proc/
umount ${MNT_DIR}
rmdir ${MNT_DIR}

4. EBS Volumeをデタッチしてスナップショットを作成

5. インスタンスにEC2 CertとEC2 Private Keyをコピー

6. インスタンスからスナップショットをAMIとして登録

ec2-register -K pk-XXX.pem -C cert-XXX.pem --region ap-southeast-1 -a x86_64 -d AMI_DESC -n AMI_NAME -s snap-XXX