OpenStack鏡像制作-CentOS

雲平台中鏡像還是很重要的，提供各種定制化的鏡像使得用戶體驗更好。

最開始玩OpenStack的時候用的是安裝文檔中提到的cirros，其密碼cubswin:) 剛開始感覺很怪，現在已經可以隨手打出。ps：打的還很熟練:-)

然后慢慢開始想嘗試各種鏡像，於是乎在網上搜了很多。如下：

• 官方文檔  http://docs.openstack.org/image-guide/content/ch_obtaining_images.html
  官方文檔給的鏡像的鏈接挺多的，包括
  CirrOS (test) images
  Official Ubuntu images
  Official Red Hat Enterprise Linux images
  Official Fedora images
  Official openSUSE and SLES images
  Official images from other Linux distributions
  Rackspace Cloud Builders (multiple distros) images
  Microsoft Windows images
• CentOS鏡像 http://cloud.centos.org/
• Rackspace Cloud Builders https://github.com/rcbops/oz-image-build
• Radhat鏡像 https://openstack.redhat.com/Image_resources
• CentOS Gold Image
  http://catn.com/labs/centos-images/
  http://catn.com/2013/04/18/building-a-virtual-machine-image-for-centos/
  教你如何制作CentOS的image，並且提供現成的image下載
  鏡像下載地址：http://mirror.catn.com/pub/catn/images/qcow2/centos6.4-x86_64-gold-master.img
  該鏡像用戶名：root  密碼：changeme1122

關於CentOS鏡像制作需要注意以下幾點：

(1)修改網絡信息 /etc/sysconfig/network-scripts/ifcfg-eth0 （刪掉mac信息)，如下：

TYPE=Ethernet DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp NM_CONTROLLED=no

(2)刪除已生成的網絡設備規則，否則制作的鏡像不能上網

# rm -rf /etc/udev/rules.d/70-persistent-net.rules 

(3)增加一行到/etc/sysconfig/network

NOZERCONF=yes

(4)安裝cloud-init（可選），cloud-init可以在開機時進行密鑰注入以及修改hostname等，關於cloud-init，陳沙克的一篇博文有介紹：http://www.chenshake.com/about-openstack-centos-mirror/

# yum install -y cloud-utils cloud-init parted
修改配置文件/etc/cloud/cloud.cfg ，在cloud_init_modules 下面增加:
- resolv-conf

(5)設置系統能自動獲取openstack指定的hostname和ssh-key（可選）
編輯/etc/rc.local文件，該文件在開機后會執行，加入以下代碼：

if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP  6 ATTEMPTS=30
FAILED=0

 

while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/metadata-key >> /root/.ssh/authorized_keys 15 chmod 0600 /root/.ssh/authorized_keys 16 restorecon /root/.ssh/authorized_keys 17 rm -f /tmp/metadata-key 18 echo “Successfully retrieved public key from instance metadata” 19 echo “*****************” 20 echo “AUTHORIZED KEYS” 21 echo “*****************” 22 cat /root/.ssh/authorized_keys 23 echo “*****************” 24 
curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null
if [ $? -eq 0 ]; then
TEMP_HOST=`cat /tmp/metadata-hostname` 28 sed -i “s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g” /etc/sysconfig/network 29 /bin/hostname $TEMP_HOST 30 echo “Successfully retrieved hostname from instance metadata” 31 echo “*****************” 32 echo “HOSTNAME CONFIG” 33 echo “*****************” 34 cat /etc/sysconfig/network 35 echo “*****************” 36 
else
echo “Failed to retrieve hostname from instance metadata. This is a soft error so we’ll continue” 39 fi
rm -f /tmp/metadata-hostname
else
FAILED=$(($FAILED + 1)) 43 if [ $FAILED -ge $ATTEMPTS ]; then
echo “Failed to retrieve public key from instance metadata after $FAILED attempts, quitting” 45 break 46 fi
echo “Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds…” 48 sleep 5
fi
done 

或者

# set a random pass on first boot  2 if [ -f /root/firstrun ]; then
  dd if=/dev/urandom count=50|md5sum|passwd --stdin root  4   passwd -l root  5   rm /root/firstrun  6 fi

if [ ! -d /root/.ssh ]; then
  mkdir -m 0700 -p /root/.ssh
  restorecon /root/.ssh
fi
# Get the root ssh key setup 13 # Get the root ssh key setup 14 ReTry=0
while [ ! -f /root/.ssh/authorized_keys ] && [ $ReTry -lt 10 ]; do
  sleep 2
  curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/.ssh/pubkey
  if [ 0 -eq 0 ]; then
    mv /root/.ssh/pubkey /root/.ssh/authorized_keys 20   fi
  ReTry=$[Retry+1] 22 done
chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys

主要目的就是獲取hostname和公鑰

 (6)其他

route命令查看一下路由表

查看/etc/ssh/sshd_conf中PermitRootLogin是不是為yes