OpenStack镜像制作-CentOS

star870126

　　云平台中镜像还是很重要的，提供各种定制化的镜像使得用户体验更好。
　　最开始玩OpenStack的时候用的是安装文档中提到的cirros，其密码cubswin:) 刚开始感觉很怪，现在已经可以随手打出。ps：打的还很熟练:-)
　　然后慢慢开始想尝试各种镜像，于是乎在网上搜了很多。如下：

• 官方文档  http://docs.openstack.org/image-guide/content/ch_obtaining_images.html
  官方文档给的镜像的链接挺多的，包括
  CirrOS (test) images
  Official Ubuntu images
  Official Red Hat Enterprise Linux images
  Official Fedora images
  Official openSUSE and SLES images
  Official images from other Linux distributions
  Rackspace Cloud Builders (multiple distros) images
  Microsoft Windows images
  
• CentOS镜像 http://cloud.centos.org/
  
• Rackspace Cloud Builders https://github.com/rcbops/oz-image-build
  
• Radhat镜像 https://openstack.redhat.com/Image_resources
  
• CentOS Gold Image
  http://catn.com/labs/centos-images/
  http://catn.com/2013/04/18/building-a-virtual-machine-image-for-centos/
  教你如何制作CentOS的image，并且提供现成的image下载
  镜像下载地址：http://mirror.catn.com/pub/catn/images/qcow2/centos6.4-x86_64-gold-master.img
  该镜像用户名：root  密码：changeme1122
  

　　关于CentOS镜像制作需要注意以下几点：
　　(1)修改网络信息 /etc/sysconfig/network-scripts/ifcfg-eth0 （删掉mac信息)，如下：



TYPE=Ethernet
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
NM_CONTROLLED=no
　　(2)删除已生成的网络设备规则，否则制作的镜像不能上网



# rm -rf /etc/udev/rules.d/70-persistent-net.rules
　　(3)增加一行到/etc/sysconfig/network



NOZERCONF=yes
　　(4)安装cloud-init（可选），cloud-init可以在开机时进行密钥注入以及修改hostname等，关于cloud-init，陈沙克的一篇博文有介绍：http://www.chenshake.com/about-openstack-centos-mirror/



# yum install -y cloud-utils cloud-init parted
修改配置文件/etc/cloud/cloud.cfg ，在cloud_init_modules 下面增加:
- resolv-conf
　　(5)设置系统能自动获取openstack指定的hostname和ssh-key（可选）
编辑/etc/rc.local文件，该文件在开机后会执行，加入以下代码：



1 if [ ! -d /root/.ssh ]; then
2 mkdir -p /root/.ssh
3 chmod 700 /root/.ssh
4 fi
5 # Fetch public key using HTTP
6 ATTEMPTS=30
7 FAILED=0
8
9  
10
11 while [ ! -f /root/.ssh/authorized_keys ]; do
12 curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
13 if [ $? -eq 0 ]; then
14 cat /tmp/metadata-key >> /root/.ssh/authorized_keys
15 chmod 0600 /root/.ssh/authorized_keys
16 restorecon /root/.ssh/authorized_keys
17 rm -f /tmp/metadata-key
18 echo “Successfully retrieved public key from instance metadata”
19 echo “*****************”
20 echo “AUTHORIZED KEYS”
21 echo “*****************”
22 cat /root/.ssh/authorized_keys
23 echo “*****************”
24
25 curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null
26 if [ $? -eq 0 ]; then
27 TEMP_HOST=`cat /tmp/metadata-hostname`
28 sed -i “s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g” /etc/sysconfig/network
29 /bin/hostname $TEMP_HOST
30 echo “Successfully retrieved hostname from instance metadata”
31 echo “*****************”
32 echo “HOSTNAME CONFIG”
33 echo “*****************”
34 cat /etc/sysconfig/network
35 echo “*****************”
36
37 else
38 echo “Failed to retrieve hostname from instance metadata. This is a soft error so we’ll continue”
39 fi
40 rm -f /tmp/metadata-hostname
41 else
42 FAILED=$(($FAILED + 1))
43 if [ $FAILED -ge $ATTEMPTS ]; then
44 echo “Failed to retrieve public key from instance metadata after $FAILED attempts, quitting”
45 break
46 fi
47 echo “Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds…”
48 sleep 5
49 fi
50 done
　　或者



1 # set a random pass on first boot
2 if [ -f /root/firstrun ]; then
3   dd if=/dev/urandom count=50|md5sum|passwd --stdin root
4   passwd -l root
5   rm /root/firstrun
6 fi
7
8 if [ ! -d /root/.ssh ]; then
9   mkdir -m 0700 -p /root/.ssh
10   restorecon /root/.ssh
11 fi
12 # Get the root ssh key setup
13 # Get the root ssh key setup
14 ReTry=0
15 while [ ! -f /root/.ssh/authorized_keys ] && [ $ReTry -lt 10 ]; do
16   sleep 2
17   curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/.ssh/pubkey
18   if [ 0 -eq 0 ]; then
19     mv /root/.ssh/pubkey /root/.ssh/authorized_keys
20   fi
21   ReTry=$[Retry+1]
22 done
23 chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys
　　主要目的就是获取hostname和公钥
　　 (6)其他
　　route命令查看一下路由表
　　查看/etc/ssh/sshd_conf中PermitRootLogin是不是为yes