标签:style blog http io ar color os sp for
云平台中镜像还是很重要的,提供各种定制化的镜像使得用户体验更好。
最开始玩OpenStack的时候用的是安装文档中提到的cirros,其密码cubswin:) 刚开始感觉很怪,现在已经可以随手打出。ps:打的还很熟练:-)
然后慢慢开始想尝试各种镜像,于是乎在网上搜了很多。如下:
关于CentOS镜像制作需要注意以下几点:
(1)修改网络信息 /etc/sysconfig/network-scripts/ifcfg-eth0 (删掉mac信息),如下:
TYPE=Ethernet
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
NM_CONTROLLED=no
(2)删除已生成的网络设备规则,否则制作的镜像不能上网
# rm -rf /etc/udev/rules.d/70-persistent-net.rules
(3)增加一行到/etc/sysconfig/network
NOZERCONF=yes
(4)安装cloud-init(可选),cloud-init可以在开机时进行密钥注入以及修改hostname等,关于cloud-init,陈沙克的一篇博文有介绍:http://www.chenshake.com/about-openstack-centos-mirror/
# yum install -y cloud-utils cloud-init parted
修改配置文件/etc/cloud/cloud.cfg ,在cloud_init_modules 下面增加:
- resolv-conf
(5)设置系统能自动获取openstack指定的hostname和ssh-key(可选)
编辑/etc/rc.local文件,该文件在开机后会执行,加入以下代码:
1 if [ ! -d /root/.ssh ]; then
2 mkdir -p /root/.ssh
3 chmod 700 /root/.ssh
4 fi
5 # Fetch public key using HTTP
6 ATTEMPTS=30
7 FAILED=0
8
9
10
11 while [ ! -f /root/.ssh/authorized_keys ]; do
12 curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
13 if [ $? -eq 0 ]; then
14 cat /tmp/metadata-key >> /root/.ssh/authorized_keys
15 chmod 0600 /root/.ssh/authorized_keys
16 restorecon /root/.ssh/authorized_keys
17 rm -f /tmp/metadata-key
18 echo “Successfully retrieved public key from instance metadata”
19 echo “*****************”
20 echo “AUTHORIZED KEYS”
21 echo “*****************”
22 cat /root/.ssh/authorized_keys
23 echo “*****************”
24
25 curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null
26 if [ $? -eq 0 ]; then
27 TEMP_HOST=`cat /tmp/metadata-hostname`
28 sed -i “s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g” /etc/sysconfig/network
29 /bin/hostname $TEMP_HOST
30 echo “Successfully retrieved hostname from instance metadata”
31 echo “*****************”
32 echo “HOSTNAME CONFIG”
33 echo “*****************”
34 cat /etc/sysconfig/network
35 echo “*****************”
36
37 else
38 echo “Failed to retrieve hostname from instance metadata. This is a soft error so we’ll continue”
39 fi
40 rm -f /tmp/metadata-hostname
41 else
42 FAILED=$(($FAILED + 1))
43 if [ $FAILED -ge $ATTEMPTS ]; then
44 echo “Failed to retrieve public key from instance metadata after $FAILED attempts, quitting”
45 break
46 fi
47 echo “Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds…”
48 sleep 5
49 fi
50 done
或者
1 # set a random pass on first boot
2 if [ -f /root/firstrun ]; then
3 dd if=/dev/urandom count=50|md5sum|passwd --stdin root
4 passwd -l root
5 rm /root/firstrun
6 fi
7
8 if [ ! -d /root/.ssh ]; then
9 mkdir -m 0700 -p /root/.ssh
10 restorecon /root/.ssh
11 fi
12 # Get the root ssh key setup
13 # Get the root ssh key setup
14 ReTry=0
15 while [ ! -f /root/.ssh/authorized_keys ] && [ $ReTry -lt 10 ]; do
16 sleep 2
17 curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/.ssh/pubkey
18 if [ 0 -eq 0 ]; then
19 mv /root/.ssh/pubkey /root/.ssh/authorized_keys
20 fi
21 ReTry=$[Retry+1]
22 done
23 chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys
主要目的就是获取hostname和公钥
(6)其他
route命令查看一下路由表
查看/etc/ssh/sshd_conf中PermitRootLogin是不是为yes
标签:style blog http io ar color os sp for
原文地址:http://www.cnblogs.com/gorlf/p/4140740.html
