来自自定义的EBS支持的实例的实例存储AMI [英] Instance Store AMI from a customized EBS-backed instance
问题描述
抱歉,如果应该从文档中轻松理解它,但是我没有-如果我使用一个易于使用的Ubuntu EBS引导AMI启动EC2实例,请安装一堆东西并在其中移动一些文件在"/"下,然后使用ec2-bundle-vol
创建一个实例存储AMI,将实际驻留在"/"上的EBS卷上的数据放入AMI吗?
从用户的角度考虑,我希望在以后的自定义AMI升级中,可以在"/"下找到与原始实例中相同的东西.即使AMI本身是Amazon的"/"文件夹快照,也可以创建我的AMI(否则,将拍摄快照的是什么?!")也很有意义.基于实例存储,而原始实例受EBS支持.
请帮助我理解这一点.
我指的是:
http://docs.aws .amazon.com/AWSEC2/latest/UserGuide/creating-snapshot-s3-linux.html
http://docs.aws .amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html
谢谢.
是的,位于根卷上的EBS卷上的数据将进入AMI.
来自AWS文档:默认情况下,AMI捆绑过程在/tmp目录中创建了代表根卷的压缩的加密文件集合." http://docs.aws.amazon .com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html
它当然会排除私钥和bash历史记录...除非您使用--no-filter选项:创建过程需要遵循实例存储支持的AMI . 但是,注册AMI时必须指出兼容的内核.
-
在要转换的实例上设置EC2 CLI工具(如果尚未安装)
-
获取X.509证书和私钥(可以自签名:
openssl req -x509 -newkey rsa:2048 -keyout private-key.pem -out cert.pem -days 385 -nodes
) -
连接到要转换的实例
-
将您的X.509证书和私钥移至/tmp/
mv private-key.pem cert.pem /tmp/
-
创建文件夹/tmp/out/
mkdir /tmp/out
-
创建捆绑包:
ec2-bundle-vol -k /tmp/private-key.pem -c /tmp/cert.pem -u <account_id> -r x86_64 -d /mnt/out
有关更多详细信息,请参见文档有关更多详细信息,请参阅文档:ec2-bundle-vol, will the data that was actually residing on the EBS volume mounted at "/" make it into the AMI?Considering that from a user point-of-view, I would expect to find the same things under "/" in a future spin-up of my custom AMI, that I had in the original instance. It would also kind of make sense for Amazon to take a snapshot of the "/" folder to create my AMI (otherwise, what would one take a snapshot of?!), even though the AMI itself is Instance Store based while the original instance was EBS-backed.
Please help me understand this.
What I'm referring to:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-snapshot-s3-linux.html
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.htmlThanks.
解决方案Yes, the data on the EBS volume residing on the root volume will make it to the AMI.
From AWS documentation : "By default, the AMI bundling process creates a compressed, encrypted collection of files in the /tmp directory that represent your root volume." http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html
It will of course exclude the private keys and bash history... unless you use the --no-filter option : http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html
Procedure for the conversion:
It’s basically the procedure to create an instance store-backed AMI that needs to be followed. You will have to indicate a compatible kernel when registering the AMI though.
set up the EC2 CLI tools on the instance you want to convert (if not already installed)
get a X.509 certificate and private key (it can be self signed:
openssl req -x509 -newkey rsa:2048 -keyout private-key.pem -out cert.pem -days 385 -nodes
)connect to the instance you want to convert
move your X.509 certificate and private key to /tmp/
mv private-key.pem cert.pem /tmp/
create the folder /tmp/out/
mkdir /tmp/out
create your bundle:
ec2-bundle-vol -k /tmp/private-key.pem -c /tmp/cert.pem -u <account_id> -r x86_64 -d /mnt/out
See the documentation for more details http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-upload-bundle.html You may need to hange the block device mapping (e.g. -B root=/dev/sda1)upload the bundle to a S3 bucket:
ec2-upload-bundle -b <bucket_name>/<bundle_folder>/<bundle_name> -a <access_key> -s <secret_key> -m /tmp/out/image.manifest.xml --region <aws_region>
register the AMI:
ec2-register --kernel <kernel_id> --region <aws_region> --name "<ami_name>" --description "<ami_description>" <bucket_name>/<bundle_folder>/<bundle_name>/image.manifest.xml -O <access_key> -W <secret_key>
See the documentation for more details: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-RegisterImage.html (see --root-device-name and -b options)
The devices mapping and volumes organisation are different between ebs-backed and instance store-backed instances so you need to make sure everything is where the system expects it to be
这篇关于来自自定义的EBS支持的实例的实例存储AMI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!