OpenStack镜像制作-CentOS

云平台中镜像还是很重要的，提供各种定制化的镜像使得用户体验更好。

最开始玩OpenStack的时候用的是安装文档中提到的cirros，其密码cubswin:) 刚开始感觉很怪，现在已经可以随手打出。ps：打的还很熟练:-)

然后慢慢开始想尝试各种镜像，于是乎在网上搜了很多。如下：

官方文档 http://docs.openstack.org/image-guide/content/ch_obtaining_images.html
官方文档给的镜像的链接挺多的，包括
CirrOS (test) images
Official Ubuntu images
Official Red Hat Enterprise Linux images
Official Fedora images
Official openSUSE and SLES images
Official images from other Linux distributions
Rackspace Cloud Builders (multiple distros) images
Microsoft Windows images

CentOS镜像 http://cloud.centos.org/

Rackspace Cloud Builders https://github.com/rcbops/oz-image-build

Radhat镜像 https://openstack.redhat.com/Image_resources

CentOS Gold Image
http://catn.com/labs/centos-images/
http://catn.com/2013/04/18/building-a-virtual-machine-image-for-centos/
教你如何制作CentOS的image，并且提供现成的image下载
镜像下载地址：http://mirror.catn.com/pub/catn/images/qcow2/centos6.4-x86_64-gold-master.img
该镜像用户名：root 密码：changeme1122

关于CentOS镜像制作需要注意以下几点：

(1)修改网络信息 /etc/sysconfig/network-scripts/ifcfg-eth0 （删掉mac信息)，如下：

TYPE=Ethernet
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
NM_CONTROLLED=no

(2)删除已生成的网络设备规则，否则制作的镜像不能上网

# rm -rf /etc/udev/rules.d/70-persistent-net.rules

(3)增加一行到/etc/sysconfig/network

NOZERCONF=yes

(4)安装cloud-init（可选），cloud-init可以在开机时进行密钥注入以及修改hostname等，关于cloud-init，陈沙克的一篇博文有介绍：http://www.chenshake.com/about-openstack-centos-mirror/

# yum install -y cloud-utils cloud-init parted
修改配置文件/etc/cloud/cloud.cfg ，在cloud_init_modules 下面增加:
- resolv-conf

(5)设置系统能自动获取openstack指定的hostname和ssh-key（可选）
编辑/etc/rc.local文件，该文件在开机后会执行，加入以下代码：

if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
ATTEMPTS=30
FAILED=0

while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/metadata-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
restorecon /root/.ssh/authorized_keys
rm -f /tmp/metadata-key
echo “Successfully retrieved public key from instance metadata”
echo “*****************”
echo “AUTHORIZED KEYS”
echo “*****************”
cat /root/.ssh/authorized_keys
echo “*****************”

curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null
if [ $? -eq 0 ]; then
TEMP_HOST=`cat /tmp/metadata-hostname`
sed -i “s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g” /etc/sysconfig/network
/bin/hostname $TEMP_HOST
echo “Successfully retrieved hostname from instance metadata”
echo “*****************”
echo “HOSTNAME CONFIG”
echo “*****************”
cat /etc/sysconfig/network
echo “*****************”

else
echo “Failed to retrieve hostname from instance metadata. This is a soft error so we’ll continue”
fi
rm -f /tmp/metadata-hostname
else
FAILED=$(($FAILED + 1))
if [ $FAILED -ge $ATTEMPTS ]; then
echo “Failed to retrieve public key from instance metadata after $FAILED attempts, quitting”
break
fi
echo “Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds…”
sleep 5
fi
done

或者

# set a random pass on first boot
if [ -f /root/firstrun ]; then
dd if=/dev/urandom count=50|md5sum|passwd --stdin root
passwd -l root
rm /root/firstrun
fi

if [ ! -d /root/.ssh ]; then
mkdir -m 0700 -p /root/.ssh
restorecon /root/.ssh
fi
# Get the root ssh key setup
# Get the root ssh key setup
ReTry=0
while [ ! -f /root/.ssh/authorized_keys ] && [ $ReTry -lt 10 ]; do
sleep 2
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/.ssh/pubkey
if [ 0 -eq 0 ]; then
mv /root/.ssh/pubkey /root/.ssh/authorized_keys
fi
ReTry=$[Retry+1]
done
chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys

主要目的就是获取hostname和公钥

(6)其他

route命令查看一下路由表

查看/etc/ssh/sshd_conf中PermitRootLogin是不是为yes