来自自定义的EBS支持的实例的实例存储AMI [英] Instance Store AMI from a customized EBS-backed instance

问题描述

抱歉，如果应该从文档中轻松理解它，但是我没有-如果我使用一个易于使用的Ubuntu EBS引导AMI启动EC2实例，请安装一堆东西并在其中移动一些文件在"/"下，然后使用ec2-bundle-vol创建一个实例存储AMI，将实际驻留在"/"上的EBS卷上的数据放入AMI吗?

从用户的角度考虑，我希望在以后的自定义AMI升级中，可以在"/"下找到与原始实例中相同的东西.即使AMI本身是Amazon的"/"文件夹快照，也可以创建我的AMI(否则，将拍摄快照的是什么?！")也很有意义.基于实例存储，而原始实例受EBS支持.

请帮助我理解这一点.

我指的是:
http://docs.aws .amazon.com/AWSEC2/latest/UserGuide/creating-snapshot-s3-linux.html
http://docs.aws .amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html

谢谢.

解决方案

是的，位于根卷上的EBS卷上的数据将进入AMI.

来自AWS文档:默认情况下，AMI捆绑过程在/tmp目录中创建了代表根卷的压缩的加密文件集合." http://docs.aws.amazon .com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html

它当然会排除私钥和bash历史记录...除非您使用--no-filter选项:创建过程需要遵循实例存储支持的AMI . 但是，注册AMI时必须指出兼容的内核.

1. 在要转换的实例上设置EC2 CLI工具(如果尚未安装)

2. 获取X.509证书和私钥(可以自签名:openssl req -x509 -newkey rsa:2048 -keyout private-key.pem -out cert.pem -days 385 -nodes)

3. 连接到要转换的实例

4. 将您的X.509证书和私钥移至/tmp/mv private-key.pem cert.pem /tmp/

5. 创建文件夹/tmp/out/mkdir /tmp/out

6. 创建捆绑包:ec2-bundle-vol -k /tmp/private-key.pem -c /tmp/cert.pem -u <account_id> -r x86_64 -d /mnt/out有关更多详细信息，请参见文档有关更多详细信息，请参阅文档:ec2-bundle-vol, will the data that was actually residing on the EBS volume mounted at "/" make it into the AMI?

   Considering that from a user point-of-view, I would expect to find the same things under "/" in a future spin-up of my custom AMI, that I had in the original instance. It would also kind of make sense for Amazon to take a snapshot of the "/" folder to create my AMI (otherwise, what would one take a snapshot of?!), even though the AMI itself is Instance Store based while the original instance was EBS-backed.

   Please help me understand this.

   What I'm referring to:
   http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-snapshot-s3-linux.html
   http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html

   Thanks.

   解决方案

   Yes, the data on the EBS volume residing on the root volume will make it to the AMI.

   From AWS documentation : "By default, the AMI bundling process creates a compressed, encrypted collection of files in the /tmp directory that represent your root volume." http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html

   It will of course exclude the private keys and bash history... unless you use the --no-filter option : http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html

   Procedure for the conversion:

   It’s basically the procedure to create an instance store-backed AMI that needs to be followed. You will have to indicate a compatible kernel when registering the AMI though.

   1. set up the EC2 CLI tools on the instance you want to convert (if not already installed)

   2. get a X.509 certificate and private key (it can be self signed: openssl req -x509 -newkey rsa:2048 -keyout private-key.pem -out cert.pem -days 385 -nodes)

   3. connect to the instance you want to convert

   4. move your X.509 certificate and private key to /tmp/ mv private-key.pem cert.pem /tmp/

   5. create the folder /tmp/out/ mkdir /tmp/out

   6. create your bundle: ec2-bundle-vol -k /tmp/private-key.pem -c /tmp/cert.pem -u <account_id> -r x86_64 -d /mnt/out See the documentation for more details http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-upload-bundle.html You may need to hange the block device mapping (e.g. -B root=/dev/sda1)

   7. upload the bundle to a S3 bucket: ec2-upload-bundle -b <bucket_name>/<bundle_folder>/<bundle_name> -a <access_key> -s <secret_key> -m /tmp/out/image.manifest.xml --region <aws_region>

   8. register the AMI: ec2-register --kernel <kernel_id> --region <aws_region> --name "<ami_name>" --description "<ami_description>" <bucket_name>/<bundle_folder>/<bundle_name>/image.manifest.xml -O <access_key> -W <secret_key> See the documentation for more details: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-RegisterImage.html (see --root-device-name and -b options)

   The devices mapping and volumes organisation are different between ebs-backed and instance store-backed instances so you need to make sure everything is where the system expects it to be

   这篇关于来自自定义的EBS支持的实例的实例存储AMI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！