How To create a CentOS 5.3 EC2 AMI

Hi,

after looking some usefull guides to create Amazon Machine Image based on CentOS distribution, I decide to write the steps that i followed.

First of all we need of a CentOS machine, if you don’t have it use a virtual machine program (on my Kubuntu based laptop I use VirtualBox), once we have it login and start:

  • create image file (in this case about 1,1GB of space reserved), take in mind that this will be the size of your / mountpoint on AWS, so if you want to use the whole size use 10GB (count=10240)

    dd if=/dev/zero of=base-server.fs bs=1M count=1024
  • then create the file system

    mke2fs -F -j base-server.fs
  • create a mount point and mount the image file

    mkdir /mnt/ec2-fs
    mount -o loop base-server.fs /mnt/ec2-fs
  • prepare a base filesystem structure

    mkdir /mnt/ec2-fs/dev
    /sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x console
    /sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x null
    /sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x zero
    mkdir /mnt/ec2-fs/etc
    mkdir /mnt/ec2-fs/proc
    mount -t proc none /mnt/ec2-fs/proc
  • create a yum-xen.conf file with the repository info (in this case for i386 32bit architecture)

    [main]
    cachedir=/var/cache/yum
    debuglevel=2
    logfile=/var/log/yum.log
    exclude=*-debuginfo
    gpgcheck=0
    obsoletes=1
    pkgpolicy=newest
    distroverpkg=redhat-release
    tolerant=1
    exactarch=1
    reposdir=/dev/null
    metadata_expire=1800
    [base]
    name=CentOS-5.3 – Base
    baseurl=http://mirror.centos.org/centos/5.3/os/i386/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
    priority=1
    protect=1
    #released updates
    [update]
    name=CentOS-5.3 – Updates
    baseurl=http://mirror.centos.org/centos/5.3/updates/i386/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
    priority=1
    protect=1
    #packages used/produced in the build but not released
    [addons]
    name=CentOS-5.3 – Addons
    baseurl=http://mirror.centos.org/centos/5.3/addons/i386/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
    priority=1
    [extras]
    name=CentOS 5.3 Extras $releasever – $basearch
    baseurl=http://mirror.centos.org/centos/5.3/extras/i386/
    enabled=1
  • install all packages in “Core” group (optionally use “Base” or whatever you want)

    yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y groupinstall Core
  • edit network interface configuration file /mnt/ec2-fs/etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=eth0
    BOOTPROTO=dhcp
    ONBOOT=yes
    TYPE=Ethernet
    USERCTL=yes
    PEERDNS=yes
    IPV6INIT=no
  • turn on networking editing file /mnt/ec2-fs/etc/sysconfig/network

    NETWORKING=yes
  • create the file /mnt/ec2-fs/etc/hosts and add at least the localhost interface

    echo "127.0.0.1 localhost.localdomain localhost" > /mnt/ec2-fs/etc/hosts
  • copy your resolv.conf, when boot from AWS DHCP was changed

    cp /etc/resolv.conf /mnt/ec2-fs/etc/resolv.conf
  • edit the file /mnt/ec2-fs/etc/fstab (32 bit linux machine match only m1.small and c1.medium instance with this mount points)

    /dev/sda1 / ext3 defaults 1 1
    none /dev/pts devpts gid=5,mode=620 0 0
    none /dev/shm tmpfs defaults 0 0
    none /proc proc defaults 0 0
    none /sys sysfs defaults 0 0
    /dev/sda2 /mnt ext3 defaults 0 0
    /dev/sda3 swap swap defaults 0 0
  • if you need more packages install now with yum

    yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y install wget
    yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y install curl
  • disable selinux in /mnt/ec2-fs/etc/selinux/config by setting SELINUX=disabled
  • move TLS library out of the way (if you have it)

    mv /mnt/ec2-fs/lib/tls /mnt/ec2-fs/lib/tls.disabled
  • put your ssh public key for root user (if you want to use another user, create it) in /mnt/ec2-fs/root/.ssh/authorized_keys or read the following step if you prefer to use the AWS assigned key-pair
  • create the file /mnt/ec2-fs/usr/local/sbin/get-aws-credentials.sh (have you installed curl? is needed for this script)

    #!/bin/sh
    if [ ! -d /root/.ssh ] ;
    then mkdir -p /root/.ssh
    chmod 700 /root/.ssh
    fi
    # Fetch public key using HTTP
    curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key
    if [ $? -eq 0 ] ;
    then
    cat /tmp/my-key >> /root/.ssh/authorized_keys
    chmod 600 /root/.ssh/authorized_keys
    rm -f /tmp/my-key
    fi

    make it executable

    chmod +x /mnt/ec2-fs/usr/local/sbin/get-aws-credentials.sh

    add it to /mnt/ec2-fs/etc/rc.local

    # get AWS credentials
    /usr/local/sbin/get-aws-credentials.sh
  • chroot into your image

    chroot /mnt/ec2-fs /bin/bash
  • start your services at desired run level and emtpy yum cache

    chkconfig --level 345 sshd on
    yum clean all

    then exit from chroot

    exit
  • umount image file

    umount /mnt/ec2-fs/proc
    umount -d /mnt/ec2-fs

Now your image file is ready, simply create bundle volume and upload to S3

  • install ruby, download ec2-ami-tools and install it

    yum install ruby
    wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm
    rpm -Uvh ec2-ami-tools.noarch.rpm
  • create bundle volume (put file in /tmp)

    ec2-bundle-image -i base-server.fs -c my-cert.pem -k my-private-key.pem -u 1234-5678-9101 (amazon account id)
  • upload to Amazon S3

    ec2-upload-bundle -b base-server -m /tmp/base-server.fs.manifest.xml -a my-aws-access-key-id -s my-secret-key-id

Now you can register an AMI and launch your instance.

Enjoy!

Share

Tags: , , , , ,