🎹 个人简介:大家好,我是 金鱼哥,CSDN运维领域新星创作者,华为云·云享专家,阿里云社区·专家博主
📚个人资质: CCNA、HCNP、CSNA(网络分析师),软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL😜
💬格言:努力不一定成功,但要想成功就必须努力🔥🎈支持我:可点赞👍、可收藏⭐️、可留言📝
📜进行小型镜像定制
使用diskimage-builder构建镜像可能需要几分钟时间,并且可能需要每个镜像使用的元素目录的副本。如果您只需要少量的定制,那么可以通过使用guestfish或virt-customize命令来节省时间。修改一个基本镜像,例如在rhel-request-image-7包中由Red Hat提供的镜像。这个镜像只安装了最小的一组包,并且安装并启用了Cloud-init。您可以从https://access.redhat/downloads 下载rhel-quest-image-7包。
📜guestfish和virt-customize内部
guestfish和virt-customize都使用libquestfs API来执行它们的功能。libguestfs需要一个可以使用各种镜像格式的后端。默认情况下它使用libvirt。使用libvirt后端编辑镜像的过程包括为镜像创建覆盖文件、创建设备、引导设备(无论是否支持网络)以及挂载分区。您可以通过导出两个环境变量LIBGUESTFS _DEBUG=1和LIBGUESTFS_TRACE=1来更详细地研究这个过程,然后使用-a选项执行guestfish或virt-customize来添加磁盘。
📜使用guestfish自定义镜像
guestfish是一种低级工具,它直接公开libguestfs API,这意味着您可以以非常细粒度的方式操作镜像。guestfish shell不是Bash shell,但是它提供了一些类似的命令,如cat、mount和mkfs。下面的示例使用-i选项自动挂载分区,使用-a选项添加磁盘镜像,使用network选项启用网络访问。然后安装aide包。设置根用户的密码,并恢复SELinux文件上下文。
📑官网地址:
https://libguestfs.org/guestfish.1.html
📜使用VIRT-CUSTOMIZE来定制镜像
virt-customize是一种高级工具,它也使用libguestfs API,但是通过使用简单的选项执行任务简化了镜像的构建,这些任务可能需要使用多个API调用来直接使用guestfish或libguestfs API来实现。下面的示例展示了virt-customize使用-a选项添加磁盘、安装包、设置根密码和重置SELinux上下文。
📑guestfish和virt-customize命令的比较
功能 | guestfish | virt-customize |
---|---|---|
复杂性 | 直接公开guestfish API的低级工具。 | |
SELINUX支持 | 使用selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts / 命令来恢复SELinux文件上下文。 | 使用--selinux-relabel选项恢复文件上下文。如果重标号不成功,此选项会使用touch / .autorelable命令。 |
选项 | 用于低级任务,如操作分区、脚本和远程访问。 | 用于安装包、更改密码、设置主机名和时区以及向Subscription Manager注册等常见任务。 |
--selinux-relabel定制选项将对请求中的文件进行重新标签,以便它们有正确的SELinux标签。此选项尝试立即重新标记文件。如果不成功,/ .autorelabel在镜像上创建。这将把重新标记操作安排到镜像的下一次引导时。
重要:在编写从guestfish工具中修改的文件时没有有效的SELinux上下文。如果不能重新标记已修改的关键文件(如/etc/passwd),将导致镜像不可用,因为SELinux在引导过程中拒绝了对具有不正确上下文的文件的访问。
在guestfish中,虽然标签可以用touch / .autorelabel来设置,但这将在镜像中持久,导致在第一次引导时对使用该镜像部署的每个实例执行relabel。
📜用例
对于大多数常见的镜像自定义任务,virt-customize是最佳选择。然而,如上表所示,应该使用guestfish命令执行不太频繁的低级任务。
📜额外的工具
virt-builder是libguestfs套件中的另一个工具,它包含下载、构建和定制镜像的功能。通过使用virt-builder的定制部分并创建一个独立的工具来创建virt-builder。virt-sysprep是一种通过删除特定于主机的信息(如SSH主机密钥、日志文件等)来消除虚拟机污染的工具。它只在脱机磁盘镜像上操作,而其他工具引导实例、定制它,然后将其保存回磁盘。
📜课本练习
- 使用guestfish自定义镜像。
- 使用virt-customize自定义镜像。
- 上传一张图片到Glance。
- 使用自定义的镜像生成一个实例。
[student@workstation ~]$ lab customization-img-customizing setup
Setting up workstation for exercise work:
• Installing required packages on: workstation................ SUCCESS
• Reconfiguring postfix: workstation.......................... SUCCESS
• Restarting postfix: workstation............................. SUCCESS
• Verifying project: finance.................................. SUCCESS
• Creating user environment file: developer1-finance-rc....... SUCCESS
• Creating keypair: example-keypair........................... SUCCESS
. Creating flavor: default.................................... SUCCESS
. Creating internal network: finance-network1................. SUCCESS
. Creating subnet: finance-subnet1............................ SUCCESS
. Creating external network: provider-datacentre.............. SUCCESS
. Creating router: finance-router1............................ SUCCESS
. Creating secgroup: finance-db............................... SUCCESS
• Creating secgroup rule: ssh................................. SUCCESS
• Creating secgroup rule: mysql............................... SUCCESS
. Creating secgroup: finance-mail............................. SUCCESS
• Creating secgroup rule: ssh................................. SUCCESS
• Creating secgroup rule: smtp................................ SUCCESS
• Checking fip availability: 2................................ SUCCESS
📑1. 在工作站上,检索osp-small.qcow2来自http:// materials.example.com/osp-small.qcow2的磁盘镜像。并保存为/home/student/finance-rhel-db.qcow2。
[student@workstation ~]$ wget http://materials.example.com/osp-small.qcow2 -O finance-rhel-db.qcow2
📑2. 使用guestfish命令更新镜像以包括网络访问。
[student@workstation ~]$ guestfish -i --network -a finance-rhel-db.qcow2
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.
Type: 'help' for help on commands
'man' to read the manual
'quit' to quit the shell
Operating system: Red Hat Enterprise Linux Server 7.5 (Maipo)
/dev/sda1 mounted on /
><fs>
📑3. 安装mariadb和mariadb-server包。
><fs> command "yum -y install mariadb mariadb-server"
Loaded plugins: langpacks, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package mariadb.x86_64 3:10.1.20-2.el7ost will be installed
---> Package mariadb-server.x86_64 3:10.1.20-2.el7ost will be installed
--> Processing Dependency: mariadb-errmsg(x86-64) = 3:10.1.20-2.el7ost for package: 3:mariadb-server-10.1.20-2.el7ost.x86_64
…………
📑4. 启用mariadb服务。
><fs> command "systemctl enable mariadb"
📑5. 因为没有输出,所以要确保mariadb服务已经启用。
><fs> command "systemctl is-enabled mariadb"
enabled
📑6. 确保所有受影响文件的SELinux上下文是正确的。
><fs> selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts /
📑7. 从guestfish的shell中登出。
><fs> exit
📑8. 作为developer1 的OpenStack用户,上传finance-rhel-db.qcow2镜像到镜像服务为finance-rhel-db,最小磁盘需求为10 GiB,最小RAM需求为2 GiB。
[student@workstation ~(developer1-finance)]$ openstack image create --disk-format qcow2 --min-disk 10 --min-ram 2048 --file finance-rhel-db.qcow2 finance-rhel-db
+------------------+----------------------------------------------------------------+
| Field | Value
+------------------+----------------------------------------------------------------+
| checksum | 79b89a04a9d11fa6889126eeddbb7389
| container_format | bare
| created_at | 2020-10-20T13:48:23Z
| disk_format | qcow2
| file | /v2/images/2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4/file
| id | 2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4
| min_disk | 10
| min_ram | 2048
| name | finance-rhel-db
| owner | 3c003f65d8d64914a053f178fbbf953c
| properties | direct_url='rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4/snap', locations='[{u'url': u'rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4/snap', u'metadata': {}}]' |
| protected | False
| schema | /v2/schemas/image
| size | 1704853504
| status | active
| tags |
| updated_at | 2020-10-20T13:49:55Z
| virtual_size | None
| visibility | shared
+------------------+----------------------------------------------------------------+
📑9. 使用以下属性在环境中启动实例:
[student@workstation ~(developer1-finance)]$ openstack server create --flavor default --key-name example-keypair --nic net-id=finance-network1 --security-group finance-db --image finance-rhel-db --wait finance-db1
+-----------------------------+-----------------------------------------------------+
| Field | Value
+-----------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
| OS-EXT-AZ:availability_zone | nova
| OS-EXT-STS:power_state | Running
| OS-EXT-STS:task_state | None
| OS-EXT-STS:vm_state | active
| OS-SRV-USG:launched_at | 2020-10-20T14:05:35.000000
| OS-SRV-USG:terminated_at | None
| accessIPv4 |
| accessIPv6 |
| addresses | finance-network1=192.168.1.8
| adminPass | Ju7U858cKXMs
| config_drive |
| created | 2020-10-20T13:59:46Z
| flavor | default (e04380ed-b027-4a72-a697-4307bc014b6c)
| hostId | 3eb57302ddddc3af1fdc763eee541c699f0866f6458e3b5c9a722611
| id | 5cede268-217c-467d-86ee-e51d34835041
| image | finance-rhel-db (2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4)
| key_name | example-keypair
| name | finance-db1
| progress | 0
| project_id | 3c003f65d8d64914a053f178fbbf953c
| properties |
| security_groups | name='finance-db'
| status | ACTIVE
| updated | 2020-10-20T14:05:36Z
| user_id | e4035d555f6b88cf42ca4cacb9fa9999dca9787392222d2eb0875e4e34e6d76f |
| volumes_attached |
+-----------------------------+-----------------------------------------------------+
📑10. 列出可用的浮动IP地址,然后分配一个给finance-db1。
[student@workstation ~(developer1-finance)]$ openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 20e6fda9-9284-4f6a-891e-0d8889c27098 | 172.25.250.101 | None | None | fc5472ee-98d9-4f6b-9bc9-544ca18aefb3 | 3c003f65d8d64914a053f178fbbf953c |
| 93c41a42-3b3f-481e-9515-ab5098785d90 | 172.25.250.102 | None | None | fc5472ee-98d9-4f6b-9bc9-544ca18aefb3 | 3c003f65d8d64914a053f178fbbf953c |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
[student@workstation ~(developer1-finance)]$ openstack floating ip list -c 'Floating IP Address' -c Port
+---------------------+------+
| Floating IP Address | Port |
+---------------------+------+
| 172.25.250.101 | None |
| 172.25.250.102 | None |
+---------------------+------+
[student@workstation ~(developer1-finance)]$ openstack server add floating ip finance-db1 172.25.250.101
📑11. 使用ssh连接到finance-db1实例。确保安装了mariadb-server包,并且mariadb服务已启用并正在运行。
[student@workstation ~(developer1-finance)]$ ssh cloud-user@172.25.250.101
Last login: Wed Oct 21 04:37:13 2020 from workstation.lab.example.com
[cloud-user@finance-db1 ~]$ rpm -q mariadb
mariadb-10.1.20-2.el7ost.x86_64
[cloud-user@finance-db1 ~]$ rpm -q mariadb-server
mariadb-server-10.1.20-2.el7ost.x86_64
[cloud-user@finance-db1 ~]$ systemctl status mariadb
● mariadb.service - MariaDB 10.1 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-10-21 04:47:49 EDT; 58min ago
Process: 1746 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)
Process: 1683 ExecStartPre=/usr/libexec/mysql-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Process: 1659 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
Main PID: 1719 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─1719 /usr/libexec/mysqld --basedir=/usr
Oct 21 04:47:22 finance-db1 systemd[1]: Starting MariaDB 10.1 database server...
Oct 21 04:47:27 finance-db1 mysql-prepare-db-dir[1683]: Database MariaDB is probably initialized i...e.
Oct 21 04:47:28 finance-db1 mysql-prepare-db-dir[1683]: If this is not the case, make sure the /va...r.
Oct 21 04:47:28 finance-db1 mysqld[1719]: 2020-10-21 4:47:28 140420776507584 [Note] /usr/libexe... ...
Oct 21 04:47:48 finance-db1 mysql-check-upgrade[1746]: The datadir located at /var/lib/mysql needs...s:
Oct 21 04:47:49 finance-db1 systemd[1]: Started MariaDB 10.1 database server.
Hint: Some lines were ellipsized, use -l to show in full.
📑12. 在工作站上,检索osp-small.qcow2来自http://materials.example.com/osp-small.qcow2的磁盘镜像。并保存为/home/student/finance-rhel-mail.qcow2。
[student@workstation ~]$ wget http://materials.example.com/osp-small.qcow2 -O finance-rhel-mail.qcow2
📑13. 使用virt-customize命令定~/finance-rhel-mail.qcow2镜像。启用postfix服务,配置postfix监听所有接口,并中继所有邮件发送到workstation.lab.example.com。安装mailx包以启用发送测试电子邮件。确保恢复SELinux上下文。
[student@workstation ~]$ virt-customize \
> -a ~/finance-rhel-mail.qcow2 \
> --run-command 'systemctl enable postfix' \
> --run-command 'postconf -e "relayhost = [workstation.lab.example.com]"' \
> --run-command 'postconf -e "inet_interfaces = all"' \
> --run-command 'yum -y install mailx' \
> --selinux-relabel
[ 0.0] Examining the guest ...
[ 79.4] Setting a random seed
[ 79.6] Running: systemctl enable postfix
[ 82.9] Running: postconf -e "relayhost = [workstation.lab.example.com]"
[ 87.5] Running: postconf -e "inet_interfaces = all"
[ 91.5] Running: yum -y install mailx
[ 182.2] SELinux relabelling
[ 886.0] Finishing off
📑14. 作为developer1 的OpenStack用户,上传finance-rhel-mail.qcow2镜像到镜像服务为finance-rhel-mail,最小磁盘需求为10 GiB,最小RAM需求为2 GiB。
[student@workstation ~(developer1-finance)]$ openstack image create --disk-format qcow2 --min-disk 10 --min-ram 2048 --file finance-rhel-mail.qcow2 finance-rhel-mail
+------------------+----------------------------------------------------------------+
| Field | Value
+------------------+----------------------------------------------------------------+
| checksum | ada4c33b9d9f3df17868da6e2a49f3de
| container_format | bare
| created_at | 2020-10-20T14:02:35Z
| disk_format | qcow2
| file | /v2/images/77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69/file
| id | 77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69
| min_disk | 10
| min_ram | 2048
| name | finance-rhel-mail
| owner | 3c003f65d8d64914a053f178fbbf953c
| properties | direct_url='rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69/snap', locations='[{u'url': u'rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69/snap', u'metadata': {}}]' |
| protected | False
| schema | /v2/schemas/image
| size | 1632174080
| status | active
| tags |
| updated_at | 2020-10-20T14:05:57Z
| virtual_size | None
| visibility | shared
+------------------+----------------------------------------------------------------+
📑15. 使用以下属性在环境中启动实例:
[student@workstation ~(developer1-finance)]$ openstack server create --flavor default --key-name example-keypair --nic net-id=finance-network1 --security-group finance-mail --image finance-rhel-mail --wait finance-mail1
+-----------------------------+-----------------------------------------------------+
| Field | Value
+-----------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
| OS-EXT-AZ:availability_zone | nova
| OS-EXT-STS:power_state | Running
| OS-EXT-STS:task_state | None
| OS-EXT-STS:vm_state | active
| OS-SRV-USG:launched_at | 2020-10-20T14:30:24.000000
| OS-SRV-USG:terminated_at | None
| accessIPv4 |
| accessIPv6 |
| addresses | finance-network1=192.168.1.5
| adminPass | 6226AsaDrwF7
| config_drive |
| created | 2020-10-20T14:19:03Z
| flavor | default (e04380ed-b027-4a72-a697-4307bc014b6c)
| hostId | 3eb57302ddddc3af1fdc763eee541c699f0866f6458e3b5c9a722611 |
| id | 2822b2e1-0976-4249-b810-b7ac885bf6f1
| image | finance-rhel-mail (77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69)
| key_name | example-keypair
| name | finance-mail1
| progress | 0
| project_id | 3c003f65d8d64914a053f178fbbf953c
| properties |
| security_groups | name='finance-mail'
| status | ACTIVE
| updated | 2020-10-20T14:30:24Z
| user_id | e4035d555f6b88cf42ca4cacb9fa9999dca9787392222d2eb0875e4e34e6d76f |
| volumes_attached |
+-----------------------------+-----------------------------------------------------+
📑16. 列出可用的浮动IP地址,并分配一个给finance-mail1。
[student@workstation ~(developer1-finance)]$ openstack server add floating ip finance-mail1 172.25.250.102
📑17. 使用ssh连接到finance-mail1实例。确保postfix服务正在运行,postfix正在监听所有接口,并且relay_host选项是正确的。
[student@workstation ~(developer1-finance)]$ ssh cloud-user@172.25.250.102
Warning: Permanently added '172.25.250.102' (ECDSA) to the list of known hosts.
[cloud-user@finance-mail1 ~]$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-10-20 10:59:30 EDT; 11h ago
Process: 883 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 880 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 872 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 989 (master)
CGroup: /system.slice/postfix.service
├─ 989 /usr/libexec/postfix/master -w
├─ 993 qmgr -l -t unix -u
└─11623 pickup -l -t unix -u
Oct 20 10:58:07 localhost systemd[1]: Starting Postfix Mail Transport Agent...
Oct 20 10:59:27 localhost postfix/postfix-script[987]: starting the Postfix mail system
Oct 20 10:59:30 localhost postfix/master[989]: daemon started -- version 2.10.1, configuration /e...fix
Oct 20 10:59:31 localhost systemd[1]: Started Postfix Mail Transport Agent.
Hint: Some lines were ellipsized, use -l to show in full.
[cloud-user@finance-mail1 ~]$ sudo netstat -antup | grep master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 989/master
tcp6 0 0 :::25 :::* LISTEN 989/maste
[cloud-user@finance-mail1 ~]$ mail -s 'test' student@workstation.lab.example.com Hello World!
..
EOT
[cloud-user@finance-mail1 ~]$ exit
logout
[student@workstation ~(developer1-finance)]$
You have new mail in /var/spool/mail/student
[student@workstation ~(developer1-finance)]$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/student": 1 message 1 new
>N 1 Cloud User Wed Oct 21 11:01 22/947 "test"
&
📑清除实验
[student@workstation ~(developer1-finance)]$ lab customization-img-customizing cleanup
💡总结
RHCA认证需要经历5门的学习与考试,还是需要花不少时间去学习与备考的,好好加油,可以噶🤪。
以上就是【金鱼哥】对 第四章 执行镜像操作--自定义磁盘镜像 的简述和讲解。希望能对看到此文章的小伙伴有所帮助。
💾 红帽认证专栏系列:
RHCSA专栏: 戏说 RHCSA 认证
RHCE专栏: 戏说 RHCE 认证
此文章收录在RHCA专栏: RHCA 回忆录
如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点。
如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!