Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CentOS6 (32bit, S3-Backed) の AMI をゼロから作って登録する
#! /bin/sh
# 0. 設定
RELEASE=1.kray
ARCH=i386
EC2_PRIVATE_KEY=/path/to/private_key.pem
EC2_CERT=/path/to/certificate.pem
S3_BUCKET=bucket-name
AWS_ACCOUNT_NUMBER=012345678910
AWS_ACCESS_KEY=youraccesskey
AWS_SECRET_ACCESS_KEY=yoursecretaccesskey
REGION=ap-northeast-1
AKI=aki-xxxxxxxx
NAME=CentOS-6.2-${RELEASE}-${ARCH}
# 1. loopback イメージ作成
dd if=/dev/zero of=${NAME}.img bs=1G count=8
# 2. loopback イメージにファイルシステムを作成してマウント
mkfs.ext4 -F -L _/ ${NAME}.img
mkdir ami-root
mount -o loop ${NAME}.img ami-root
cd ami-root
# 3. インストールに必要なファイルを作成
mkdir etc proc dev
cat > etc/fstab <<EOS
LABEL=_/ / ext4 defaults 1 1
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
EOS
mount -t proc none proc
# 4. インストール用の yum.conf を作成
wget -O ../RPM-GPG-KEY-CentOS-6 http://ftp.riken.jp/Linux/centos/RPM-GPG-KEY-CentOS-6
cat > ../repos.conf <<EOS
[ami-base]
name=CentOS-6 - Base
mirrorlist=http://mirrorlist.centos.org/?release=6&arch=${ARCH}&repo=os
#baseurl=http://mirror.centos.org/centos/6/os/${ARCH}/
gpgcheck=1
gpgkey=file://${PWD}/../RPM-GPG-KEY-CentOS-6
#released updates
[ami-updates]
name=CentOS-6 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=6&arch=${ARCH}&repo=updates
#baseurl=http://mirror.centos.org/centos/6/updates/${ARCH}/
gpgcheck=1
gpgkey=file://${PWD}/../RPM-GPG-KEY-CentOS-6
EOS
# 5. 最小限の構成をインストール
setarch ${ARCH} yum -y -c ../repos.conf --installroot=$PWD --disablerepo=* --enablerepo=ami-base,ami-updates groupinstall Core
# 6. 不要なパッケージを削除
## SELinux や IPv6 を使わないので
rpm -e --root $PWD selinux-policy-targeted selinux-policy policycoreutils libselinux-utils libsemanage checkpolicy iptables-ipv6
## EC2 で動かすには必要ないファームウェア
setarch ${ARCH} yum -y --installroot=$PWD remove "*-firmware"
# 7. kernel をインストール
## pv-grub でカスタムカーネルによる起動をするので
setarch ${ARCH} yum -y -c ../repos.conf --installroot=$PWD --disablerepo=* --enablerepo=ami-base,ami-updates install kernel
# 8. ec2-ami-tools をインストール
setarch ${ARCH} yum -y -c ../repos.conf --installroot=$PWD --disablerepo=* --enablerepo=ami-base,ami-updates install ruby rsync
rpm -Uvh --root=$PWD http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm
# 9. fstab に /mnt と swap パーティションの設定を追加
cat >> etc/fstab << EOS
/dev/xvde2 /mnt ext4 defaults 1 0
/dev/xvde3 swap swap defaults 0 0
EOS
# 10. ネットワークの設定
cat > etc/sysconfig/network-scripts/ifcfg-eth0 << EOS
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
EOS
cat > etc/sysconfig/network << EOS
NETWORKING=yes
EOS
cat > etc/hosts << EOS
127.0.0.1 localhost.localdomain localhost
EOS
# 11. rc.local に ssh 公開鍵を取得する設定を追加
cat > etc/rc.local << EOS
# Update the Amazon EC2 AMI creation tools
rpm -Uvh http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm
if [ -f "/root/firstrun" ] ; then
dd if=/dev/urandom count=50|md5sum|passwd --stdin root
rm -f /root/firstrun
else
echo "* Firstrun *" && touch /root/firstrun
fi
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 0700 /root/.ssh
fi
ATTEMPTS=5
FAILED=0
# Fetch public key using HTTP
while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/aws-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
rm -f /tmp/aws-key
echo "Successfully retrieved AWS public key from instance metadata"
else
FAILED=$(($FAILED + 1))
if [ $FAILED -ge $ATTEMPTS ]; then
echo "Failed to retrieve AWS public key after $FAILED attempts, quitting"
break
fi
echo "Could not retrieve AWS public key (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
sleep 5
fi
done
EOS
# 12. sshd の設定を変更
perl -p -i -e 's,^#PermitRootLogin yes,PermitRootLogin without-password,' etc/ssh/sshd_config
perl -p -i -e 's,^#UseDNS yes,UseDNS no,' etc/ssh/sshd_config
perl -p -i -e 's,^PasswordAuthentication yes,PasswordAuthentication no,' etc/ssh/sshd_config
perl -p -i -e 's,^UsePAM yes,UsePAM no,' etc/ssh/sshd_config
# 13. grub の設定を追加
cat > boot/grub/menu.lst <<EOS
default=0
timeout=0
hiddenmenu
title CentOS6.2
root (hd0)
kernel /boot/vmlinuz-$(rpm --root=$PWD -q --queryformat "%{version}-%{release}.%{arch}\n" kernel) ro root=LABEL=_/
initrd /boot/initramfs-$(rpm --root=$PWD -q --queryformat "%{version}-%{release}.%{arch}\n" kernel).img
EOS
# 14. Java とパフォーマンスに関する問題への対処
echo "hwcap 1 nosegneg" > etc/ld.so.conf.d/libc6-xen.conf
chroot . ldconfig
# 15. 不要なファイルを削除してイメージをアンマウント
setarch ${ARCH} yum -y -c ../repos.conf --installroot=$PWD --disablerepo=* --enablerepo=ami-base,ami-updates clean all
cd ..
umount ami-root/proc
umount -d ami-root
# 16. バンドルイメージを作成して S3 にアップロード
mkdir ami-bundle
ec2-bundle-image -i ${NAME}.img -k ${EC2_PRIVATE_KEY} -c ${EC2_CERT} -u ${AWS_ACCOUNT_NUMBER} -d ./ami-bundle -r ${ARCH} --kernel ${AKI}
ec2-upload-bundle -b ${S3_BUCKET} -a ${AWS_ACCESS_KEY} -s ${AWS_SECRET_ACCESS_KEY} -m ./ami-bundle/${NAME}.img.manifest.xml --retry --location ${REGION}
# 17. AMI を登録
# AWS Management Console から登録
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.