장영호
오픈 스택을 이용하여 가상 서버를 운영을 하거나 고객에게 서버를 할당할시에는 OS설치후
기본 이미지에 추가로 작업을 해야하는 부분이 있습니다.
예를 들어 가상 서버에 Customizing을 하기 위해서는 cloud-init 이라는 패키지가 설치 되어 있어야
하며 기본적으로 패키지 업데이트 및 확인 해야하는 부분도 상당히 많습니다.
하단에 CenOS 6버전과 Ubuntu 14.04 버전을 바탕으로 각각 이미지 제작시 테스트한 내용 입니다.
- CentOS 6 버전
- cloud-init 설치
[root@host-192-168-1-71 ~]# yum install cloud-init
Loaded plugins: fastestmirror
Setting up Install Process
base | 3.7 kB 00:00
base/primary_db | 4.7 MB 00:00
extras | 3.4 kB 00:00
extras/primary_db | 37 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 2.6 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package cloud-init.x86_64 0:0.7.5-10.el6.centos.2 will be installed
--> Processing Dependency: python-requests for package: cloud-init-0.7.5-10.el6.centos.2.x86_64
--> Processing Dependency: python-prettytable for package: cloud-init-0.7.5-10.el6.centos.2.x86_64
--> Processing Dependency: python-oauth for package: cloud-init-0.7.5-10.el6.centos.2.x86_64
...
...
...
---> Package audit.x86_64 0:2.4.5-3.el6 will be an update
---> Package python-backports.x86_64 0:1.0-5.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================================================================
Installing:
cloud-init x86_64 0.7.5-10.el6.centos.2 extras 432 k
Installing for dependencies:
PyYAML x86_64 3.10-3.1.el6 base 157 k
audit-libs-python x86_64 2.4.5-3.el6 base 63 k
dmidecode x86_64 1:2.12-7.el6 base 74 k
libcgroup x86_64 0.40.rc1-18.el6_8 updates 130 k
libselinux-python x86_64 2.0.94-7.el6 base 203 k
libsemanage-python x86_64 2.0.43-5.1.el6 base 81 k
libyaml x86_64 0.1.3-4.el6_6 base 52 k
policycoreutils-python x86_64 2.0.83-29.el6 base 437 k
python-argparse noarch 1.2.1-2.1.el6 base 48 k
python-backports x86_64 1.0-5.el6 base 5.5 k
python-backports-ssl_match_hostname noarch 3.4.0.2-4.el6.centos extras 13 k
python-boto noarch 2.32.1-1.el6.centos extras 1.6 M
python-chardet noarch 2.2.1-1.el6 base 230 k
python-cheetah x86_64 2.4.1-1.el6 base 365 k
python-configobj noarch 4.6.0-3.el6 base 182 k
python-jsonpatch noarch 1.2-2.el6.centos extras 14 k
python-jsonpointer noarch 1.0-3.el6.centos extras 9.3 k
python-markdown noarch 2.0.1-3.1.el6 base 118 k
python-oauth noarch 1.0.1-1.el6.centos extras 17 k
python-prettytable noarch 0.7.2-1.el6.centos extras 37 k
python-pygments noarch 1.1.1-1.el6 base 562 k
python-requests noarch 2.6.0-3.el6 base 95 k
python-setuptools noarch 0.6.10-3.el6 base 336 k
python-six noarch 1.9.0-2.el6 base 28 k
python-urllib3 noarch 1.10.2-1.el6 base 101 k
setools-libs x86_64 3.3.7-4.el6 base 400 k
setools-libs-python x86_64 3.3.7-4.el6 base 222 k
Updating for dependencies:
audit x86_64 2.4.5-3.el6 base 214 k
audit-libs x86_64 2.4.5-3.el6 base 74 k
libselinux x86_64 2.0.94-7.el6 base 109 k
libselinux-utils x86_64 2.0.94-7.el6 base 82 k
policycoreutils x86_64 2.0.83-29.el6 base 663 k
Transaction Summary
=========================================================================================================================================================================================
Install 28 Package(s)
Upgrade 5 Package(s)
Total download size: 7.1 M
Is this ok [y/N]:
[root@host-192-168-1-71 ~]# ls /var/lib/cloud/
[root@host-192-168-1-71 ~]#
# 초기 cloud-init 설치시에는 /var/lib/cloud 디렉토리안에는 아무것도 출력이 안되며, 혹시 있다고 하면 삭제 해주자.
[root@host-192-168-1-71 ~]# vi /etc/cloud/cloud.cfg
...
...
...
ssh_pwauth: true
# true로 value 변경
- disk 용량 확인(25G)
[root@host-192-168-1-71 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 ext4 25G 2.7G 21G 12% /
tmpfs tmpfs 939M 0 939M 0% /dev/shm
[root@host-192-168-1-71 ~]# fdisk -l
Disk /dev/vda: 26.8 GB, 26843545600 bytes
255 heads, 63 sectors/track, 3263 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0004d6c5
Device Boot Start End Blocks Id System
/dev/vda1 * 1 3264 26213376 83 Linux
- 랜 디바이스 rule 파일 생성 안되게 설정
[root@host-192-168-1-71 ~]# vi /lib/udev/write_net_rules
...
...
#RULES_FILE='/etc/udev/rules.d/70-persistent-net.rules' # 주석 처리
RULES_FILE='/dev/null' # 기존 네트웍 파일 생성되지 않게 수정
[root@host-192-168-1-71 ~]# rm /etc/udev/rules.d/70-persistent-net.rules
rm: remove 일반 파일 `/etc/udev/rules.d/70-persistent-net.rules'? y
- yum update
[root@host-192-168-1-71 ~]# yum update
Loaded plugins: fastestmirror
Setting up Update Process
Determining fastest mirrors
* base: mirror.navercorp.com
* extras: mirror.navercorp.com
* updates: mirror.navercorp.com
Resolving Dependencies
--> Running transaction check
---> Package ConsoleKit.x86_64 0:0.4.1-3.el6 will be updated
---> Package ConsoleKit.x86_64 0:0.4.1-6.el6 will be an update
---> Package ConsoleKit-libs.x86_64 0:0.4.1-3.el6 will be updated
...
...
...
yum noarch 3.2.29-75.el6.centos updates 1.0 M
yum-plugin-fastestmirror noarch 1.1.30-37.el6 base 32 k
zip x86_64 3.0-1.el6_7.1 base 259 k
Installing for dependencies:
compat-xcb-util x86_64 0.4.0-2.2.el6 base 25 k
Transaction Summary
=========================================================================================================================================================================================
Install 3 Package(s)
Upgrade 188 Package(s)
Total download size: 346 M
Is this ok [y/N]:
- history 및 로그 초기화(virt-sysprep을 사용하여 설정)
root@jyh-con:~# virt-sysprep -a jyh
[ 0.0] Examining the guest ...
[ 6.2] Performing "abrt-data" ...
[ 6.2] Performing "bash-history" ...
[ 6.2] Performing "blkid-tab" ...
[ 6.2] Performing "crash-data" ...
[ 6.2] Performing "cron-spool" ...
[ 6.2] Performing "dhcp-client-state" ...
[ 6.2] Performing "dhcp-server-state" ...
[ 6.2] Performing "dovecot-data" ...
[ 6.2] Performing "logfiles" ...
[ 6.2] Performing "machine-id" ...
[ 6.3] Performing "mail-spool" ...
[ 6.3] Performing "net-hostname" ...
[ 6.3] Performing "net-hwaddr" ...
[ 6.3] Performing "pacct-log" ...
[ 6.3] Performing "package-manager-cache" ...
[ 6.3] Performing "pam-data" ...
[ 6.3] Performing "puppet-data-log" ...
[ 6.3] Performing "rh-subscription-manager" ...
[ 6.3] Performing "rhn-systemid" ...
[ 6.3] Performing "rpm-db" ...
[ 6.3] Performing "samba-db-log" ...
[ 6.3] Performing "script" ...
[ 6.3] Performing "smolt-uuid" ...
[ 6.3] Performing "ssh-hostkeys" ...
[ 6.3] Performing "ssh-userdir" ...
[ 6.3] Performing "sssd-db-log" ...
[ 6.3] Performing "tmp-files" ...
[ 6.3] Performing "udev-persistent-net" ...
[ 6.3] Performing "utmp" ...
[ 6.3] Performing "yum-uuid" ...
[ 6.3] Performing "customize" ...
[ 6.3] Setting a random seed
[ 6.3] Performing "lvm-uuids" ...
root@jyh-con:~#
# glance로 업로드 하기전 이미지 초기화 작업
- 기존 이미지의 cloud-init 내용 삭제
root@jyh-con:~# modprobe nbd
root@jyh-con:~# qemu-nbd -c /dev/nbd0 jyh
root@jyh-con:~# mount /dev/nbd0p1 /mnt
root@jyh-con:~# cd /mnt/var/lib/cloud/
root@jyh-con:/mnt/var/lib/cloud# ll
total 36
drwxr-xr-x 8 root root 4096 Oct 11 15:18 ./
drwxr-xr-x. 21 root root 4096 Oct 11 15:25 ../
drwxr-xr-x 2 root root 4096 Oct 11 15:18 data/
drwxr-xr-x 2 root root 4096 Oct 11 15:16 handlers/
lrwxrwxrwx 1 root root 61 Oct 11 15:18 instance -> /var/lib/cloud/instances/547a2a04-09f1-4bea-a501-6ff447faf3b6
drwxr-xr-x 3 root root 4096 Oct 11 15:16 instances/
drwxr-xr-x 6 root root 4096 Oct 11 15:16 scripts/
drwxr-xr-x 2 root root 4096 Oct 11 15:16 seed/
drwxr-xr-x 2 root root 4096 Oct 11 15:16 sem/
root@jyh-con:/mnt/var/lib/cloud# rm -rf *
removed 'data/result.json'
removed 'data/previous-hostname'
removed 'data/previous-datasource'
removed 'data/instance-id'
removed 'data/previous-instance-id'
removed 'data/status.json'
...
...
...
root@jyh-con:/mnt/var/lib/cloud# cd /root/
root@jyh-con:/# umount /mnt
root@jyh-con:/# qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnected
- 초기 접속 패스워드 할당 및 클라이언트 최초 접속시 자동 패스워드 변경 요청하는 스크립트로 인스턴스 생성(nova user-data 사용)
root@jyh-con:~# cat change_pwd.sh
#cloud-config
chpasswd:
list: |
root:cloudv_unga # 계정:비번
expire: False
runcmd:
- cp /etc/shadow /etc/shadow_ori
- "old=`grep root /etc/shadow | cut -d: -f3`"
- sed -i "1s/$old/0/" /etc/shadow
# /etc/shadow 파일 수정하여 처음 접속시 무조건 패스워드 변경하게 한다.
2. Ubuntu 14.04 LTS 버전
- 처음 설치시 생성한 계정 삭제
root@jyh1:~# vi /etc/ssh/sshd_config
...
...
#PermitRootLogin without-password
PermitRootLogin yes
...
...
# PermitRootLogin 옵션 yes 변경.
root@jyh1:~# service ssh restart
ssh stop/waiting
ssh start/running, process 1500
root@jyh1:~# userdel -r cloudv_unga
root@jyh1:~#
# 설치 계정 삭제.
- cloud-init 설치
root@jyh1:~# apt-get install cloud-init
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
cloud-init
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/198 kB of archives.
After this operation, 1,023 kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously unselected package cloud-init.
(Reading database ... 86153 files and directories currently installed.)
Preparing to unpack .../cloud-init_0.7.5-0ubuntu1.18_all.deb ...
Unpacking cloud-init (0.7.5-0ubuntu1.18) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up cloud-init (0.7.5-0ubuntu1.18) ...
Adding 'diversion of /etc/init/ureadahead.conf to /etc/init/ureadahead.conf.disabled by cloud-init'
Processing triggers for ureadahead (0.100.0-16) ...
root@jyh1:~# ls /var/lib/cloud/
root@jyh1:~#
# 초기 cloud-init 설치시에는 /var/lib/cloud 디렉토리안에는 아무것도 출력이 안되며, 혹시 있다고 하면 삭제 해주자.
- disk 용량 확인(25G)
root@jyh1:~# df -Th
Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 3.9G 8.0K 3.9G 1% /dev
tmpfs tmpfs 799M 352K 799M 1% /run
/dev/vda1 ext4 25G 1.7G 22G 8% /
none tmpfs 4.0K 0 4.0K 0% /sys/fs/cgroup
none tmpfs 5.0M 0 5.0M 0% /run/lock
none tmpfs 3.9G 0 3.9G 0% /run/shm
none tmpfs 100M 0 100M 0% /run/user
root@jyh1:~# fdisk -l
Disk /dev/vda: 26.8 GB, 26843545600 bytes
25 heads, 8 sectors/track, 262144 cylinders, total 52428800 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c67e1
Device Boot Start End Blocks Id System
/dev/vda1 2048 52428799 26213376 83 Linux
- 인스턴스 콘솔 display size 설정
root@jyh1:~# vi /etc/default/grub
...
...
...
GRUB_CMDLINE_LINUX_DEFAULT="nomodeset vga=100"
root@jyh1:~# update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.13.0-93-generic
Found initrd image: /boot/initrd.img-3.13.0-93-generic
Found linux image: /boot/vmlinuz-3.13.0-24-generic
Found initrd image: /boot/initrd.img-3.13.0-24-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
- 랜 디바이스 rule 파일 생성 안되게 설정
root@jyh1:~# vi /lib/udev/write_net_rules
...
...
...
RULES_FILE='/dev/null'
#RULES_FILE='/etc/udev/rules.d/70-persistent-net.rules'
# 기존 RULE_FILE 주석처리하고 /dev/null로 설정
root@jyh1:~# rm /etc/udev/rules.d/70-persistent-net.rules
- apt-get update
root@jyh1:~# apt-get update
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]
Ign http://zone2.clouds.archive.ubuntu.com trusty InRelease
Get:2 http://security.ubuntu.com trusty-security/main Sources [120 kB]
Get:3 http://zone2.clouds.archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:4 http://security.ubuntu.com trusty-security/universe Sources [43.7 kB]
Get:5 http://security.ubuntu.com trusty-security/main amd64 Packages [536 kB]
Get:6 http://zone2.clouds.archive.ubuntu.com trusty-backports InRelease [65.9 kB]
Get:7 http://security.ubuntu.com trusty-security/universe amd64 Packages [138 kB]
...
...
Ign http://zone2.clouds.archive.ubuntu.com trusty/universe Translation-en_US
Fetched 33.7 MB in 50s (660 kB/s)
Reading package lists... Done
- history 및 로그 초기화(virt-sysprep을 사용하여 설정)
root@jyh-con:~# virt-sysprep -a jyh
[ 0.0] Examining the guest ...
[ 18.9] Performing "abrt-data" ...
[ 18.9] Performing "bash-history" ...
[ 18.9] Performing "blkid-tab" ...
[ 18.9] Performing "crash-data" ...
[ 18.9] Performing "cron-spool" ...
[ 18.9] Performing "dhcp-client-state" ...
[ 18.9] Performing "dhcp-server-state" ...
[ 18.9] Performing "dovecot-data" ...
[ 18.9] Performing "logfiles" ...
[ 19.0] Performing "machine-id" ...
[ 19.0] Performing "mail-spool" ...
[ 19.0] Performing "net-hostname" ...
[ 19.0] Performing "net-hwaddr" ...
[ 19.0] Performing "pacct-log" ...
[ 19.0] Performing "package-manager-cache" ...
[ 19.1] Performing "pam-data" ...
[ 19.1] Performing "puppet-data-log" ...
[ 19.1] Performing "rh-subscription-manager" ...
[ 19.1] Performing "rhn-systemid" ...
[ 19.1] Performing "rpm-db" ...
[ 19.1] Performing "samba-db-log" ...
[ 19.1] Performing "script" ...
[ 19.1] Performing "smolt-uuid" ...
[ 19.1] Performing "ssh-hostkeys" ...
[ 19.1] Performing "ssh-userdir" ...
[ 19.1] Performing "sssd-db-log" ...
[ 19.1] Performing "tmp-files" ...
[ 19.1] Performing "udev-persistent-net" ...
[ 19.1] Performing "utmp" ...
[ 19.1] Performing "yum-uuid" ...
[ 19.1] Performing "customize" ...
[ 19.1] Setting a random seed
[ 19.2] Performing "lvm-uuids" ...
# glance로 업로드 하기전에 초기화
- 기존 이미지의 cloud-init 내용 삭제
root@jyh-con:~# modprobe nbd
root@jyh-con:~# qemu-nbd -c /dev/nbd0 jyh
root@jyh-con:~# mount /dev/nbd0p1 /mnt
root@jyh-con:~# cd /mnt/var/lib/cloud/
root@jyh-con:/mnt/var/lib/cloud# ls
data handlers instance instances scripts seed sem
root@jyh-con:/mnt/var/lib/cloud# rm -rf *
removed 'data/status.json'
removed 'data/previous-hostname'
removed 'data/previous-instance-id'
removed 'data/previous-datasource'
removed 'data/instance-id'
removed 'data/result.json'
removed directory 'data'
...
...
...
# 기존에 자료가 남아있으면 삭제한다.
root@jyh-con:/mnt# cd /root/
root@jyh-con:~# umount /mnt
root@jyh-con:~# qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnected
root@jyh-con:~# rmmod nbd
- 초기 접속 패스워드 할당 및 클라이언트 최초 접속시 패스워드 자동 변경 요청하는 스크립트로 인스턴스 생성(nova user-data 사용)
root@jyh-con:~# cat change_pwd.sh
#cloud-config
chpasswd:
list: |
root:bulgom_unga # 계정:비번
expire: False
runcmd:
- cp /etc/shadow /etc/shadow_ori
- "old=`grep root /etc/shadow | cut -d: -f3`"
- sed -i "1s/$old/0/" /etc/shadow
# /etc/shadow 파일 수정하여 처음 접속시 무조건 패스워드 변경하게 한다.