OpenStack镜像制作-CentOS

云平台中镜像还是很重要的，提供各种定制化的镜像使得用户体验更好。

最开始玩OpenStack的时候用的是安装文档中提到的cirros，其密码cubswin:) 刚开始感觉很怪，现在已经可以随手打出。ps：打的还很熟练:-)

然后慢慢开始想尝试各种镜像，于是乎在网上搜了很多。如下：

• 官方文档  http://docs.openstack.org/image-guide/content/ch_obtaining_images.html
  官方文档给的镜像的链接挺多的，包括
  CirrOS (test) images
  Official Ubuntu images
  Official Red Hat Enterprise Linux images
  Official Fedora images
  Official openSUSE and SLES images
  Official images from other Linux distributions
  Rackspace Cloud Builders (multiple distros) images
  Microsoft Windows images
• CentOS镜像 http://cloud.centos.org/
• Rackspace Cloud Builders https://github.com/rcbops/oz-image-build
• Radhat镜像 https://openstack.redhat.com/Image_resources
• CentOS Gold Image
  http://catn.com/labs/centos-images/
  http://catn.com/2013/04/18/building-a-virtual-machine-image-for-centos/
  教你如何制作CentOS的image，并且提供现成的image下载
  镜像下载地址：http://mirror.catn.com/pub/catn/images/qcow2/centos6.4-x86_64-gold-master.img
  该镜像用户名：root  密码：changeme1122

关于CentOS镜像制作需要注意以下几点：

(1)修改网络信息 /etc/sysconfig/network-scripts/ifcfg-eth0 （删掉mac信息)，如下：

TYPE=Ethernet
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
NM_CONTROLLED=no

(2)删除已生成的网络设备规则，否则制作的镜像不能上网

# rm -rf /etc/udev/rules.d/70-persistent-net.rules 

(3)增加一行到/etc/sysconfig/network

NOZERCONF=yes

(4)安装cloud-init（可选），cloud-init可以在开机时进行密钥注入以及修改hostname等，关于cloud-init，陈沙克的一篇博文有介绍：http://www.chenshake.com/about-openstack-centos-mirror/

# yum install -y cloud-utils cloud-init parted
修改配置文件/etc/cloud/cloud.cfg ，在cloud_init_modules 下面增加:
- resolv-conf

(5)设置系统能自动获取openstack指定的hostname和ssh-key（可选）
编辑/etc/rc.local文件，该文件在开机后会执行，加入以下代码：

if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
ATTEMPTS=30
FAILED=0

 

while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/metadata-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
restorecon /root/.ssh/authorized_keys
rm -f /tmp/metadata-key
echo “Successfully retrieved public key from instance metadata”
echo “*****************”
echo “AUTHORIZED KEYS”
echo “*****************”
cat /root/.ssh/authorized_keys
echo “*****************”

curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null
if [ $? -eq 0 ]; then
TEMP_HOST=`cat /tmp/metadata-hostname`
sed -i “s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g” /etc/sysconfig/network
/bin/hostname $TEMP_HOST
echo “Successfully retrieved hostname from instance metadata”
echo “*****************”
echo “HOSTNAME CONFIG”
echo “*****************”
cat /etc/sysconfig/network
echo “*****************”

else
echo “Failed to retrieve hostname from instance metadata. This is a soft error so we’ll continue”
fi
rm -f /tmp/metadata-hostname
else
FAILED=$(($FAILED + 1))
if [ $FAILED -ge $ATTEMPTS ]; then
echo “Failed to retrieve public key from instance metadata after $FAILED attempts, quitting”
break
fi
echo “Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds…”
sleep 5
fi
done 

或者

# set a random pass on first boot
if [ -f /root/firstrun ]; then
  dd if=/dev/urandom count=50|md5sum|passwd --stdin root
  passwd -l root
  rm /root/firstrun
fi

if [ ! -d /root/.ssh ]; then
  mkdir -m 0700 -p /root/.ssh
  restorecon /root/.ssh
fi
# Get the root ssh key setup
# Get the root ssh key setup
ReTry=0
while [ ! -f /root/.ssh/authorized_keys ] && [ $ReTry -lt 10 ]; do
  sleep 2
  curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/.ssh/pubkey
  if [ 0 -eq 0 ]; then
    mv /root/.ssh/pubkey /root/.ssh/authorized_keys
  fi
  ReTry=$[Retry+1]
done
chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys

主要目的就是获取hostname和公钥

 (6)其他

route命令查看一下路由表

查看/etc/ssh/sshd_conf中PermitRootLogin是不是为yes