金鱼哥RHCA回忆录:CL210执行镜像操作--自定义磁盘镜像

举报
金鱼哥 发表于 2022/07/21 12:40:15 2022/07/21
【摘要】 第四章 执行镜像操作--自定义磁盘镜像

🎹 个人简介:大家好,我是 金鱼哥,CSDN运维领域新星创作者,华为云·云享专家,阿里云社区·专家博主
📚个人资质:CCNA、HCNP、CSNA(网络分析师),软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL😜
💬格言:努力不一定成功,但要想成功就必须努力🔥

🎈支持我:可点赞👍、可收藏⭐️、可留言📝


📜进行小型镜像定制

使用diskimage-builder构建镜像可能需要几分钟时间,并且可能需要每个镜像使用的元素目录的副本。如果您只需要少量的定制,那么可以通过使用guestfish或virt-customize命令来节省时间。修改一个基本镜像,例如在rhel-request-image-7包中由Red Hat提供的镜像。这个镜像只安装了最小的一组包,并且安装并启用了Cloud-init。您可以从https://access.redhat/downloads 下载rhel-quest-image-7包。


📜guestfish和virt-customize内部

guestfish和virt-customize都使用libquestfs API来执行它们的功能。libguestfs需要一个可以使用各种镜像格式的后端。默认情况下它使用libvirt。使用libvirt后端编辑镜像的过程包括为镜像创建覆盖文件、创建设备、引导设备(无论是否支持网络)以及挂载分区。您可以通过导出两个环境变量LIBGUESTFS _DEBUG=1和LIBGUESTFS_TRACE=1来更详细地研究这个过程,然后使用-a选项执行guestfish或virt-customize来添加磁盘。


📜使用guestfish自定义镜像

guestfish是一种低级工具,它直接公开libguestfs API,这意味着您可以以非常细粒度的方式操作镜像。guestfish shell不是Bash shell,但是它提供了一些类似的命令,如cat、mount和mkfs。下面的示例使用-i选项自动挂载分区,使用-a选项添加磁盘镜像,使用network选项启用网络访问。然后安装aide包。设置根用户的密码,并恢复SELinux文件上下文。

在这里插入图片描述

📑官网地址:

https://libguestfs.org/guestfish.1.html


📜使用VIRT-CUSTOMIZE来定制镜像

virt-customize是一种高级工具,它也使用libguestfs API,但是通过使用简单的选项执行任务简化了镜像的构建,这些任务可能需要使用多个API调用来直接使用guestfish或libguestfs API来实现。下面的示例展示了virt-customize使用-a选项添加磁盘、安装包、设置根密码和重置SELinux上下文。

在这里插入图片描述

📑guestfish和virt-customize命令的比较

功能 guestfish virt-customize
复杂性 直接公开guestfish API的低级工具。
SELINUX支持 使用selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts / 命令来恢复SELinux文件上下文。 使用–selinux-relabel选项恢复文件上下文。如果重标号不成功,此选项会使用touch / .autorelable命令。
选项 用于低级任务,如操作分区、脚本和远程访问。 用于安装包、更改密码、设置主机名和时区以及向Subscription Manager注册等常见任务。

–selinux-relabel定制选项将对请求中的文件进行重新标签,以便它们有正确的SELinux标签。此选项尝试立即重新标记文件。如果不成功,/ .autorelabel在镜像上创建。这将把重新标记操作安排到镜像的下一次引导时。

重要:在编写从guestfish工具中修改的文件时没有有效的SELinux上下文。如果不能重新标记已修改的关键文件(如/etc/passwd),将导致镜像不可用,因为SELinux在引导过程中拒绝了对具有不正确上下文的文件的访问。

在guestfish中,虽然标签可以用touch / .autorelabel来设置,但这将在镜像中持久,导致在第一次引导时对使用该镜像部署的每个实例执行relabel。


📜用例

对于大多数常见的镜像自定义任务,virt-customize是最佳选择。然而,如上表所示,应该使用guestfish命令执行不太频繁的低级任务。


📜额外的工具

virt-builder是libguestfs套件中的另一个工具,它包含下载、构建和定制镜像的功能。通过使用virt-builder的定制部分并创建一个独立的工具来创建virt-builder。virt-sysprep是一种通过删除特定于主机的信息(如SSH主机密钥、日志文件等)来消除虚拟机污染的工具。它只在脱机磁盘镜像上操作,而其他工具引导实例、定制它,然后将其保存回磁盘。


📜课本练习

  • 使用guestfish自定义镜像。

  • 使用virt-customize自定义镜像。

  • 上传一张图片到Glance。

  • 使用自定义的镜像生成一个实例。

[student@workstation ~]$ lab customization-img-customizing setup
Setting up workstation for exercise work:

 • Installing required packages on: workstation................  SUCCESS
 • Reconfiguring postfix: workstation..........................  SUCCESS
 • Restarting postfix: workstation.............................  SUCCESS
 • Verifying project: finance..................................  SUCCESS
 • Creating user environment file: developer1-finance-rc.......  SUCCESS
 • Creating keypair: example-keypair...........................  SUCCESS
 . Creating flavor: default....................................  SUCCESS
 . Creating internal network: finance-network1.................  SUCCESS
 . Creating subnet: finance-subnet1............................  SUCCESS
 . Creating external network: provider-datacentre..............  SUCCESS
 . Creating router: finance-router1............................  SUCCESS
 . Creating secgroup: finance-db...............................  SUCCESS
 • Creating secgroup rule: ssh.................................  SUCCESS
 • Creating secgroup rule: mysql...............................  SUCCESS
 . Creating secgroup: finance-mail.............................  SUCCESS
 • Creating secgroup rule: ssh.................................  SUCCESS
 • Creating secgroup rule: smtp................................  SUCCESS
 • Checking fip availability: 2................................  SUCCESS

📑1. 在工作站上,检索osp-small.qcow2来自http:// materials.example.com/osp-small.qcow2的磁盘镜像。并保存为/home/student/finance-rhel-db.qcow2。

[student@workstation ~]$ wget http://materials.example.com/osp-small.qcow2 -O finance-rhel-db.qcow2

📑2. 使用guestfish命令更新镜像以包括网络访问。

[student@workstation ~]$ guestfish -i --network -a finance-rhel-db.qcow2 
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

Operating system: Red Hat Enterprise Linux Server 7.5 (Maipo)
/dev/sda1 mounted on /

><fs>

📑3. 安装mariadb和mariadb-server包。

><fs> command "yum -y install mariadb mariadb-server"
Loaded plugins: langpacks, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package mariadb.x86_64 3:10.1.20-2.el7ost will be installed
---> Package mariadb-server.x86_64 3:10.1.20-2.el7ost will be installed
--> Processing Dependency: mariadb-errmsg(x86-64) = 3:10.1.20-2.el7ost for package: 3:mariadb-server-10.1.20-2.el7ost.x86_64
…………

📑4. 启用mariadb服务。

><fs> command "systemctl enable mariadb"

📑5. 因为没有输出,所以要确保mariadb服务已经启用。

><fs> command "systemctl is-enabled mariadb"
enabled

📑6. 确保所有受影响文件的SELinux上下文是正确的。

><fs> selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts  /

📑7. 从guestfish的shell中登出。

><fs> exit

📑8. 作为developer1 的OpenStack用户,上传finance-rhel-db.qcow2镜像到镜像服务为finance-rhel-db,最小磁盘需求为10 GiB,最小RAM需求为2 GiB。

[student@workstation ~(developer1-finance)]$ openstack image create --disk-format qcow2 --min-disk 10 --min-ram 2048 --file finance-rhel-db.qcow2 finance-rhel-db
+------------------+----------------------------------------------------------------+
| Field            | Value                                                           
+------------------+----------------------------------------------------------------+
| checksum         | 79b89a04a9d11fa6889126eeddbb7389                                 
| container_format | bare                                                             
| created_at       | 2020-10-20T13:48:23Z                                             
| disk_format      | qcow2                                                           
| file             | /v2/images/2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4/file             
| id               | 2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4                             
| min_disk         | 10                                                               
| min_ram          | 2048                                                             
| name             | finance-rhel-db                                                 
| owner            | 3c003f65d8d64914a053f178fbbf953c                                 
| properties       | direct_url='rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4/snap', locations='[{u'url': u'rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4/snap', u'metadata': {}}]' |
| protected        | False                                                           
| schema           | /v2/schemas/image                                               
| size             | 1704853504                                                       
| status           | active                                                           
| tags             |                                                                 
| updated_at       | 2020-10-20T13:49:55Z                                             
| virtual_size     | None                                                             
| visibility       | shared                                                           
+------------------+----------------------------------------------------------------+

📑9. 使用以下属性在环境中启动实例:

在这里插入图片描述

[student@workstation ~(developer1-finance)]$ openstack server create --flavor default --key-name example-keypair --nic net-id=finance-network1 --security-group finance-db --image finance-rhel-db --wait finance-db1
+-----------------------------+-----------------------------------------------------+
| Field                       | Value
+-----------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig           | MANUAL
| OS-EXT-AZ:availability_zone | nova
| OS-EXT-STS:power_state      | Running
| OS-EXT-STS:task_state       | None
| OS-EXT-STS:vm_state         | active
| OS-SRV-USG:launched_at      | 2020-10-20T14:05:35.000000
| OS-SRV-USG:terminated_at    | None
| accessIPv4                  |
| accessIPv6                  |
| addresses                   | finance-network1=192.168.1.8
| adminPass                   | Ju7U858cKXMs
| config_drive                |
| created                     | 2020-10-20T13:59:46Z
| flavor                      | default (e04380ed-b027-4a72-a697-4307bc014b6c)
| hostId                      | 3eb57302ddddc3af1fdc763eee541c699f0866f6458e3b5c9a722611
| id                          | 5cede268-217c-467d-86ee-e51d34835041
| image                       | finance-rhel-db (2e73e43c-7bf7-44a1-a0a5-c5415b5a5ac4)
| key_name                    | example-keypair
| name                        | finance-db1
| progress                    | 0
| project_id                  | 3c003f65d8d64914a053f178fbbf953c
| properties                  |
| security_groups             | name='finance-db' 
| status                      | ACTIVE
| updated                     | 2020-10-20T14:05:36Z
| user_id                     | e4035d555f6b88cf42ca4cacb9fa9999dca9787392222d2eb0875e4e34e6d76f |
| volumes_attached            | 
+-----------------------------+-----------------------------------------------------+

📑10. 列出可用的浮动IP地址,然后分配一个给finance-db1。

[student@workstation ~(developer1-finance)]$ openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 20e6fda9-9284-4f6a-891e-0d8889c27098 | 172.25.250.101      | None             | None | fc5472ee-98d9-4f6b-9bc9-544ca18aefb3 | 3c003f65d8d64914a053f178fbbf953c |
| 93c41a42-3b3f-481e-9515-ab5098785d90 | 172.25.250.102      | None             | None | fc5472ee-98d9-4f6b-9bc9-544ca18aefb3 | 3c003f65d8d64914a053f178fbbf953c |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
[student@workstation ~(developer1-finance)]$ openstack floating ip list -c 'Floating IP Address' -c Port
+---------------------+------+
| Floating IP Address | Port |
+---------------------+------+
| 172.25.250.101      | None |
| 172.25.250.102      | None |
+---------------------+------+
[student@workstation ~(developer1-finance)]$ openstack server add floating ip finance-db1 172.25.250.101

📑11. 使用ssh连接到finance-db1实例。确保安装了mariadb-server包,并且mariadb服务已启用并正在运行。

[student@workstation ~(developer1-finance)]$ ssh cloud-user@172.25.250.101
Last login: Wed Oct 21 04:37:13 2020 from workstation.lab.example.com
[cloud-user@finance-db1 ~]$ rpm -q mariadb
mariadb-10.1.20-2.el7ost.x86_64
[cloud-user@finance-db1 ~]$ rpm -q mariadb-server
mariadb-server-10.1.20-2.el7ost.x86_64
[cloud-user@finance-db1 ~]$ systemctl status mariadb
● mariadb.service - MariaDB 10.1 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-10-21 04:47:49 EDT; 58min ago
  Process: 1746 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)
  Process: 1683 ExecStartPre=/usr/libexec/mysql-prepare-db-dir %n (code=exited, status=0/SUCCESS)
  Process: 1659 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
 Main PID: 1719 (mysqld)
   Status: "Taking your SQL requests now..."
   CGroup: /system.slice/mariadb.service
           └─1719 /usr/libexec/mysqld --basedir=/usr

Oct 21 04:47:22 finance-db1 systemd[1]: Starting MariaDB 10.1 database server...
Oct 21 04:47:27 finance-db1 mysql-prepare-db-dir[1683]: Database MariaDB is probably initialized i...e.
Oct 21 04:47:28 finance-db1 mysql-prepare-db-dir[1683]: If this is not the case, make sure the /va...r.
Oct 21 04:47:28 finance-db1 mysqld[1719]: 2020-10-21  4:47:28 140420776507584 [Note] /usr/libexe... ...
Oct 21 04:47:48 finance-db1 mysql-check-upgrade[1746]: The datadir located at /var/lib/mysql needs...s:
Oct 21 04:47:49 finance-db1 systemd[1]: Started MariaDB 10.1 database server.
Hint: Some lines were ellipsized, use -l to show in full.

📑12. 在工作站上,检索osp-small.qcow2来自http://materials.example.com/osp-small.qcow2的磁盘镜像。并保存为/home/student/finance-rhel-mail.qcow2。

[student@workstation ~]$ wget http://materials.example.com/osp-small.qcow2 -O finance-rhel-mail.qcow2

📑13. 使用virt-customize命令定~/finance-rhel-mail.qcow2镜像。启用postfix服务,配置postfix监听所有接口,并中继所有邮件发送到workstation.lab.example.com。安装mailx包以启用发送测试电子邮件。确保恢复SELinux上下文。

[student@workstation ~]$ virt-customize \
> -a ~/finance-rhel-mail.qcow2 \
> --run-command 'systemctl enable postfix' \
> --run-command 'postconf -e "relayhost = [workstation.lab.example.com]"' \
> --run-command 'postconf -e "inet_interfaces = all"' \
> --run-command 'yum -y install mailx' \
> --selinux-relabel
[   0.0] Examining the guest ...
[  79.4] Setting a random seed
[  79.6] Running: systemctl enable postfix
[  82.9] Running: postconf -e "relayhost = [workstation.lab.example.com]"
[  87.5] Running: postconf -e "inet_interfaces = all"
[  91.5] Running: yum -y install mailx
[ 182.2] SELinux relabelling
[ 886.0] Finishing off

📑14. 作为developer1 的OpenStack用户,上传finance-rhel-mail.qcow2镜像到镜像服务为finance-rhel-mail,最小磁盘需求为10 GiB,最小RAM需求为2 GiB。

[student@workstation ~(developer1-finance)]$ openstack image create --disk-format qcow2 --min-disk 10 --min-ram 2048 --file finance-rhel-mail.qcow2 finance-rhel-mail
+------------------+----------------------------------------------------------------+
| Field            | Value                                                           
+------------------+----------------------------------------------------------------+
| checksum         | ada4c33b9d9f3df17868da6e2a49f3de                                 
| container_format | bare                                                             
| created_at       | 2020-10-20T14:02:35Z                                             
| disk_format      | qcow2                                                           
| file             | /v2/images/77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69/file             
| id               | 77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69                             
| min_disk         | 10                                                               
| min_ram          | 2048                                                             
| name             | finance-rhel-mail                                               
| owner            | 3c003f65d8d64914a053f178fbbf953c                                 
| properties       | direct_url='rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69/snap', locations='[{u'url': u'rbd://fe8e3db0-d6c3-11e8-a76d-52540001fac8/images/77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69/snap', u'metadata': {}}]' |
| protected        | False                                                           
| schema           | /v2/schemas/image                                               
| size             | 1632174080                                                       
| status           | active                                                           
| tags             |                                                                 
| updated_at       | 2020-10-20T14:05:57Z                                             
| virtual_size     | None                                                             
| visibility       | shared                                                           
+------------------+----------------------------------------------------------------+

📑15. 使用以下属性在环境中启动实例:

在这里插入图片描述

[student@workstation ~(developer1-finance)]$ openstack server create --flavor default --key-name example-keypair --nic net-id=finance-network1 --security-group finance-mail --image finance-rhel-mail --wait finance-mail1
+-----------------------------+-----------------------------------------------------+
| Field                       | Value
+-----------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig           | MANUAL
| OS-EXT-AZ:availability_zone | nova
| OS-EXT-STS:power_state      | Running
| OS-EXT-STS:task_state       | None
| OS-EXT-STS:vm_state         | active
| OS-SRV-USG:launched_at      | 2020-10-20T14:30:24.000000
| OS-SRV-USG:terminated_at    | None
| accessIPv4                  |
| accessIPv6                  |
| addresses                   | finance-network1=192.168.1.5
| adminPass                   | 6226AsaDrwF7
| config_drive                | 
| created                     | 2020-10-20T14:19:03Z
| flavor                      | default (e04380ed-b027-4a72-a697-4307bc014b6c)
| hostId                      | 3eb57302ddddc3af1fdc763eee541c699f0866f6458e3b5c9a722611         |
| id                          | 2822b2e1-0976-4249-b810-b7ac885bf6f1
| image                       | finance-rhel-mail (77f73400-fbfa-4c3c-9e0f-cd9fc27ffc69)
| key_name                    | example-keypair
| name                        | finance-mail1
| progress                    | 0
| project_id                  | 3c003f65d8d64914a053f178fbbf953c
| properties                  |
| security_groups             | name='finance-mail'
| status                      | ACTIVE
| updated                     | 2020-10-20T14:30:24Z
| user_id                     | e4035d555f6b88cf42ca4cacb9fa9999dca9787392222d2eb0875e4e34e6d76f |
| volumes_attached            |
+-----------------------------+-----------------------------------------------------+

📑16. 列出可用的浮动IP地址,并分配一个给finance-mail1。

[student@workstation ~(developer1-finance)]$ openstack server add floating ip finance-mail1 172.25.250.102

📑17. 使用ssh连接到finance-mail1实例。确保postfix服务正在运行,postfix正在监听所有接口,并且relay_host选项是正确的。

[student@workstation ~(developer1-finance)]$ ssh cloud-user@172.25.250.102
Warning: Permanently added '172.25.250.102' (ECDSA) to the list of known hosts.
[cloud-user@finance-mail1 ~]$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-10-20 10:59:30 EDT; 11h ago
  Process: 883 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 880 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 872 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 989 (master)
   CGroup: /system.slice/postfix.service
           ├─  989 /usr/libexec/postfix/master -w
           ├─  993 qmgr -l -t unix -u
           └─11623 pickup -l -t unix -u

Oct 20 10:58:07 localhost systemd[1]: Starting Postfix Mail Transport Agent...
Oct 20 10:59:27 localhost postfix/postfix-script[987]: starting the Postfix mail system
Oct 20 10:59:30 localhost postfix/master[989]: daemon started -- version 2.10.1, configuration /e...fix
Oct 20 10:59:31 localhost systemd[1]: Started Postfix Mail Transport Agent.
Hint: Some lines were ellipsized, use -l to show in full.
[cloud-user@finance-mail1 ~]$ sudo netstat -antup | grep master
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      989/master 
tcp6       0      0 :::25                   :::*                    LISTEN      989/maste
[cloud-user@finance-mail1 ~]$ mail -s 'test' student@workstation.lab.example.com Hello World!
..
EOT
[cloud-user@finance-mail1 ~]$ exit
logout
[student@workstation ~(developer1-finance)]$
You have new mail in /var/spool/mail/student
[student@workstation ~(developer1-finance)]$ mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/student": 1 message 1 new
>N  1 Cloud User            Wed Oct 21 11:01  22/947   "test"
&

📑清除实验

[student@workstation ~(developer1-finance)]$ lab customization-img-customizing cleanup

💡总结

RHCA认证需要经历5门的学习与考试,还是需要花不少时间去学习与备考的,好好加油,可以噶🤪。

以上就是【金鱼哥】对 第四章 执行镜像操作–自定义磁盘镜像 的简述和讲解。希望能对看到此文章的小伙伴有所帮助。

💾红帽认证专栏系列:
RHCSA专栏:戏说 RHCSA 认证
RHCE专栏:戏说 RHCE 认证
此文章收录在RHCA专栏:RHCA 回忆录

如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点。

如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。