Creating amazon web services (aws) custom centos 5.5 ami from scratch
From wiki.perl.lt
###########################################################################
###########################################################################
## ##
## CREATING AMAZON WEB SERVICES (AWS) CUSTOM CENTOS 5.5 AMI FROM SCRATCH ##
## ##
## algirdasATperl.lt (2010.11.10) ##
## ##
###########################################################################
###########################################################################
references:
http://www.philchen.com/2009/02/14/how-to-create-an-amazon-elastic-compute-cloud-ec2-machine-image-ami
http://www.danysoft.org/blog/2009/10/25/how-to-create-a-centos-5-3-ec2-ami/
http://www.how-to-linux.com/2009/02/how-to-create-a-centos-52-ec2-amazon-machine-image-ami/
additional info:
when updating, need to remember that amazon instances will only work with their custom precompiled kernel modules
###########################
#### needed files/info ####
###########################
#0 on server that images is going to be done need to have at least ~12gb free space and install ruby
login and go to http://aws.amazon.com/account/
#1 "Security Credentials"->"Access Keys"
copy "Access Key ID" f.e.: ???access_key_id???
#2 "Secret Access Key"->"Show"
copy "Secret Access Key" f.e.: ???secret_access_key???
#3 "Security Credentials"->"X.509 certificates"
and "Create a new Certificate" or "Download" existing one
#4 "Personal Information"
copy "Account Number" f.e.: ???account_number???
#5 put those two .pem files the cert-???file???.pem and pk-???file???.pem in the directory ~/.ec2
#######################
#### set variables ####
#######################
.-----------.
| ~/.bashrc |
.-----------.
export PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/opt/EC2TOOLS/bin
export EC2_HOME=/opt/EC2TOOLS
export EC2_PRIVATE_KEY=~/.ec2/pk-???file???.pem
export EC2_CERT=~/.ec2/cert-???file???.pem
##########################
#### enable variables ####
##########################
source ~/.bashrc
############################
#### create directories ####
############################
mkdir /opt/EC2AMIFILES
mkdir /opt/EC2TOOLS
mkdir /opt/EC2AMIIMAGE
mkdir /opt/EC2YUM
mkdir /mnt/ami-centos5.5-64bit
###########################
#### get ec2-ami-tools ####
###########################
cd /opt/EC2TOOLS
wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip
unzip ec2-ami-tools.zip
cd ec2-ami-tools-1.3-57676
mv * ../
cd ../
rmdir ec2-ami-tools-1.3-57676/
###################################
#### create empty ~9.5GB image ####
###################################
dd if=/dev/zero of=/opt/EC2AMIIMAGE/ami-centos5.5-64bit.img bs=1M count=10240
mke2fs -F -j /opt/EC2AMIIMAGE/ami-centos5.5-64bit.img
###########################
#### mount empty image ####
###########################
mount -o loop /opt/EC2AMIIMAGE/ami-centos5.5-64bit.img /mnt/ami-centos5.5-64bit
#############################
#### create some folders ####
#############################
mkdir /mnt/ami-centos5.5-64bit/proc
mkdir /mnt/ami-centos5.5-64bit/etc
mkdir -p /mnt/ami-centos5.5-64bit/var/cache
mkdir /mnt/ami-centos5.5-64bit/var/log
mkdir -p /mnt/ami-centos5.5-64bit/var/lock/rpm
########################
#### create devices ####
########################
MAKEDEV -d /mnt/ami-centos5.5-64bit/dev -x console
MAKEDEV -d /mnt/ami-centos5.5-64bit/dev -x null
MAKEDEV -d /mnt/ami-centos5.5-64bit/dev -x zero
###########################
#### create /etc/fstab ####
###########################
.------------------------------------.
| /mnt/ami-centos5.5-64bit/etc/fstab |
.------------------------------------.
/dev/sda1 / ext3 defaults 1 1
/dev/sdb /mnt ext3 defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
#####################
#### mount /proc ####
#####################
mount -t proc none /mnt/ami-centos5.5-64bit/proc
#########################################
#### create /opt/EC2YUM/yum-ami.conf ####
#########################################
.--------------------------.
| /opt/EC2YUM/yum-ami.conf |
.--------------------------.
[main]
cachedir=/var/cache/yum
keepcache=1
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
metadata_expire=1800
[base]
name=CentOS-5 - Base
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=os
#baseurl=http://mirror.centos.org/centos/5/os/x86_64/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#released updates
[updates]
name=CentOS-5 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=updates
#baseurl=http://mirror.centos.org/centos/5/updates/x86_64/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#packages used/produced in the build but not released
[addons]
name=CentOS-5 - Addons
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=addons
#baseurl=http://mirror.centos.org/centos/5/addons/x86_64/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#additional packages that may be useful
[extras]
name=CentOS-5 - Extras
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=extras
#baseurl=http://mirror.centos.org/centos/5/extras/x86_64/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-5 - Plus
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=centosplus
#baseurl=http://mirror.centos.org/centos/5/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#contrib - packages by Centos Users
[contrib]
name=CentOS-5 - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=contrib
#baseurl=http://mirror.centos.org/centos/5/contrib/x86_64/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#############################
#### install base system ####
#############################
cd /opt/EC2YUM
yum -c yum-ami.conf --installroot=/mnt/ami-centos5.5-64bit -y groupinstall Base
cp yum-ami.conf /mnt/ami-centos5.5-64bit/etc/yum.conf
################################
#### install custom modules ####
################################
wget http://s3.amazonaws.com/ec2-downloads/ec2-modules-2.6.16.33-xenU-x86_64.tgz
tar xfz ec2-modules-2.6.16.33-xenU-x86_64.tgz
mv boot/* /mnt/ami-centos5.5-64bit/boot/
mv lib/modules/2.6.16.33-xenU /mnt/ami-centos5.5-64bit/lib/modules/
chroot /mnt/ami-centos5.5-64bit /sbin/depmod -ae 2.6.16.33-xenU
rm -rf boot lib ec2-modules-2.6.16.33-xenU-x86_64.tgz
######################
#### install sshd ####
######################
yum -y -c /opt/EC2YUM/yum-ami.conf --installroot=/mnt/ami-centos5.5-64bit install *openssh*
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig --add sshd
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig sshd on
#####################################
#### make changes in sshd_config ####
#####################################
.----------------------------------------------.
| /mnt/ami-centos5.5-64bit/etc/ssh/sshd_config |
.----------------------------------------------.
UseDNS no
PermitRootLogin without-password
######################
#### remove kudzu ####
######################
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig --del kudzu
################################################
#### turn off some other services if needed ####
################################################
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig microcode_ctl off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig iptables off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig auditd off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig nfslock off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig rpcgssd off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig rpcidmapd off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig bluetooth off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig autofs off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig hidd off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig haldaemon off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig avahi-daemon off
chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig avahi-dnsconfd off
######################
#### edit network ####
######################
.------------------------------------------------.
| /mnt/ami-centos5.5-64bit/etc/sysconfig/network |
.------------------------------------------------.
NETWORKING=yes
HOSTNAME=localhost.localdomain
.-------------------------------------------------------------------.
| /mnt/ami-centos5.5-64bit/etc/sysconfig/network-scripts/ifcfg-eth0 |
.-------------------------------------------------------------------.
ONBOOT=yes
DEVICE=eth0
BOOTPROTO=dhcp
##############################
#### create getssh script ####
##############################
.--------------------------------------------.
| /mnt/ami-centos5.5-64bit/etc/init.d/getssh |
.--------------------------------------------.
#!/bin/bash
# chkconfig: 2345 95 20
# description: getssh
# processname: getssh
#
export PATH=:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 1
start() {
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key
if [ $? -eq 0 ] ; then
cat /tmp/my-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm /tmp/my-key
fi
}
stop() {
echo "Nothing to do here"
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $"Usage: $0 {start|stop}"
exit 1
esac
exit $?
####################################
#### make getssh run on startup ####
####################################
chmod +x /mnt/ami-centos5.5-64bit/etc/init.d/getssh
/usr/sbin/chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig --add getssh
/usr/sbin/chroot /mnt/ami-centos5.5-64bit /sbin/chkconfig getssh on
##############################################################
#### install curl (for getssh) and other stuff f.e.: ruby ####
##############################################################
cd /opt/EC2YUM/
yum -y -c yum-ami.conf --installroot=/mnt/ami-centos5.5-64bit install curl
yum -y -c yum-ami.conf --installroot=/mnt/ami-centos5.5-64bit install ruby
###############
#### clean ####
###############
yum -c yum-ami.conf --installroot=/mnt/ami-centos5.5-64bit clean all
sync
umount /mnt/ami-centos5.5-64bit/proc
umount /mnt/ami-centos5.5-64bit
##############################
#### create/upload bundle ####
##############################
cd /opt/EC2TOOLS/bin/
./ec2-bundle-image --image /opt/EC2AMIIMAGE/ami-centos5.5-64bit.img --prefix ami-centos5.5-64bit --cert ~/.ec2/cert-???file???.pem \
--privatekey ~/.ec2/pk-???file???.pem --user ???account_number??? --destination /opt/EC2AMIFILES --arch x86_64
./ec2-upload-bundle --manifest /opt/EC2AMIFILES/ami-centos5.5-64bit.manifest.xml --bucket centos55x64 --access-key ???access_key_id??? \
--secret-key "???secret_access_key???" --location US
#### Amazon Management Console ####
https://console.aws.amazon.com/s3/home
"Amazon EC2"->"AMIs"->"Register New AMI"
enter "centos55x64/ami-centos5.5-64bit.manifest.xml"
right click on new AMI->"Launch Instance"
...
"Create & Download your Key Pair" f.e.: centos55x64.pem
...
in "Instances" right click "Get System Log" to see if server is up, "Connect" to get host info.
on local linux/bsd/whatever server:
chmod 400 centos55x64.pem
ssh -i centos55x64.pem root@ec2-???-???-???-???.???.???.amazonaws.com
...
