Daniele Madama

Hi,

after looking some usefull guides to create Amazon Machine Image based on CentOS distribution, I decide to write the steps that i followed.

First of all we need of a CentOS machine, if you don’t have it use a virtual machine program (on my Kubuntu based laptop I use VirtualBox), once we have it login and start:

• create image file (in this case about 1,1GB of space reserved), take in mind that this will be the size of your / mountpoint on AWS, so if you want to use the whole size use 10GB (count=10240)
  
dd if=/dev/zero of=base-server.fs bs=1M count=1024

• then create the file system
  
mke2fs -F -j base-server.fs

• create a mount point and mount the image file
  
mkdir /mnt/ec2-fs
mount -o loop base-server.fs /mnt/ec2-fs

• prepare a base filesystem structure
  
mkdir /mnt/ec2-fs/dev
/sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x console
/sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x null
/sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x zero
mkdir /mnt/ec2-fs/etc
mkdir /mnt/ec2-fs/proc
mount -t proc none /mnt/ec2-fs/proc

• create a yum-xen.conf file with the repository info (in this case for i386 32bit architecture)
  
[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
exclude=*-debuginfo
gpgcheck=0
obsoletes=1
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1
reposdir=/dev/null
metadata_expire=1800
[base]
name=CentOS-5.3 – Base
baseurl=http://mirror.centos.org/centos/5.3/os/i386/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=1
protect=1
#released updates
[update]
name=CentOS-5.3 – Updates
baseurl=http://mirror.centos.org/centos/5.3/updates/i386/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=1
protect=1
#packages used/produced in the build but not released
[addons]
name=CentOS-5.3 – Addons
baseurl=http://mirror.centos.org/centos/5.3/addons/i386/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=1
[extras]
name=CentOS 5.3 Extras $releasever – $basearch
baseurl=http://mirror.centos.org/centos/5.3/extras/i386/
enabled=1

• install all packages in “Core” group (optionally use “Base” or whatever you want)
  
yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y groupinstall Core

• edit network interface configuration file /mnt/ec2-fs/etc/sysconfig/network-scripts/ifcfg-eth0
  
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no

• turn on networking editing file /mnt/ec2-fs/etc/sysconfig/network
  
NETWORKING=yes

• create the file /mnt/ec2-fs/etc/hosts and add at least the localhost interface
  
echo "127.0.0.1 localhost.localdomain localhost" > /mnt/ec2-fs/etc/hosts

• copy your resolv.conf, when boot from AWS DHCP was changed
  
cp /etc/resolv.conf /mnt/ec2-fs/etc/resolv.conf

• edit the file /mnt/ec2-fs/etc/fstab (32 bit linux machine match only m1.small and c1.medium instance with this mount points)
  
/dev/sda1 / ext3 defaults 1 1
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
/dev/sda2 /mnt ext3 defaults 0 0
/dev/sda3 swap swap defaults 0 0

• if you need more packages install now with yum
  
yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y install wget
yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y install curl

• disable selinux in /mnt/ec2-fs/etc/selinux/config by setting SELINUX=disabled
• move TLS library out of the way (if you have it)
  
mv /mnt/ec2-fs/lib/tls /mnt/ec2-fs/lib/tls.disabled

• put your ssh public key for root user (if you want to use another user, create it) in /mnt/ec2-fs/root/.ssh/authorized_keys or read the following step if you prefer to use the AWS assigned key-pair
• create the file /mnt/ec2-fs/usr/local/sbin/get-aws-credentials.sh (have you installed curl? is needed for this script)
  
#!/bin/sh
if [ ! -d /root/.ssh ] ;
then mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key
if [ $? -eq 0 ] ;
then
cat /tmp/my-key >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm -f /tmp/my-key
fi

  make it executable
  
chmod +x /mnt/ec2-fs/usr/local/sbin/get-aws-credentials.sh

  add it to /mnt/ec2-fs/etc/rc.local
  
# get AWS credentials
/usr/local/sbin/get-aws-credentials.sh

• chroot into your image
  
chroot /mnt/ec2-fs /bin/bash

• start your services at desired run level and emtpy yum cache
  
chkconfig --level 345 sshd on
yum clean all

  then exit from chroot
  
exit

• umount image file
  
umount /mnt/ec2-fs/proc
umount -d /mnt/ec2-fs


Now your image file is ready, simply create bundle volume and upload to S3

• install ruby, download ec2-ami-tools and install it
  
yum install ruby
wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm
rpm -Uvh ec2-ami-tools.noarch.rpm

• create bundle volume (put file in /tmp)
  
ec2-bundle-image -i base-server.fs -c my-cert.pem -k my-private-key.pem -u 1234-5678-9101 (amazon account id)

• upload to Amazon S3
  
ec2-upload-bundle -b base-server -m /tmp/base-server.fs.manifest.xml -a my-aws-access-key-id -s my-secret-key-id


Now you can register an AMI and launch your instance.

Enjoy!

Tags: Amazon Web Services, AMI, AWS, CentOS, EC2, S3

This entry was posted on Sunday, October 25th, 2009 at 1:32 am and is filed under Work stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.