Hi Marc,

I'm currently working on AMIs for my company so I can outline the problems with AMI in Marketplace firsthand, some of them are connected with the creation of AMI itself, other with the way how Amazon manages Marketplace. The mail is long because it describes the whole process.

First of all, to publish on the Marketplace, you need to register to some US base taxes information. You also need US account (you can use Hyperwallet)[1]. Generally speaking its work for your accounting, and any bureaucracy is a nightmare for technical folks like us :). Note that this step is required even if you provide only free AMIs.

Then you have to make your AMI somehow. According to my knowledge, CentOS uses ImageFactory[2]. For me, it's problematic, because the most popular tool for making a bunch of images Packer [3]. I also saw some scripts based on making loopback devices and use chroot (it's used for building container images from scratch). There are also other options like importing VM, and then Amazon can make AMI from it. To sum up - **there is no standardized way** to make AMI from scratch. So you have to find some solution, then hack them.

Next, there is another problem - if your AMI have some problem you don't have the means to debug it. EC2 instances don't give you access to the console (like serial console, etc.). So you can make the only screenshot and pray that there will be some information that points out what is wrong - but for 99% there won't be anything more than information about dracut rescue console that **ohhh wow** you don't have access to. Debugging AMI in early stages is next to impossible.

But let's imagine that your AMI works like a charm. Then you have to:

1) Share AMI with Amazon, remember about additional policies! 2) AMI then is scanned. BTW when Amazon find one error, they won't point next one. For example, if you have some root password set, it will tell you that the root password must be disabled (`passwd -d root`). You change it, make new AMI, wait for it to upload, share and scan (it can take up to 4 hours). Then Amazon scan will point out that root login should be disabled (`passwd -l root`). This process is also time-consumingu. 3) With working and secure AMI, you can register your product. You have to fill like huuuuuge form. The worst part is selecting the instances that AMI should work with. It would be best if you also remembered that your kernel should support ENA (Elastic Network Adapter) because instances that are using it won't boot otherwise. 4) After creating the product, you wait for Amazon review. It takes about three days. 5) If there are some comments/reservations about your product or AMI, you have to fix them. 6) You get information that your product is available in private views. 7) You enable public asses on your product - it can take up to 3 days.

Now you can get why CentOS AMIs are not updated in Marketplace.

** In conclusion, the process is extremely long; there are parts that, are hard, unprofitable or just simply cannot be automated. According to my knowledge updating the AMI is also a pain in the neck, but I have not done it yet. So I'm not surprised that even bigger companies don't update they AMIs. Lastly, I don't know if CentOS as an organization has resources that they can allocate for this time-consuming, with little to gain, process. **

If you are interesed you can also read docs about submission[4]. From docs: "Total request time normally takes 2-4 weeks of calendar time. More complex requests or products can take longer, due to multiple iterations and adjustments to product metadata and software."

**IMO this situation is AWS fault not CentOS.**

Bests, Alex

[1] - https://sellercentral.amazon.com/gp/help/external/G201468470

[2] - https://github.com/redhat-imaging/imagefactory

[3] - https://github.com/hashicorp/packer

[4] - https://docs.aws.amazon.com/marketplace/latest/userguide/product-submission....

PS. I tried to send it from my work e-mail but it get probably rejected (I have no idea why).

On 7/28/20 10:59 AM, Marc Jay wrote:

Hi,

Long-time user of CentOS 7 AMIs from the AWS Marketplace. I see that the latest CentOS 7 and all CentOS 8 AMIs are only available outside of the Marketplace ("These images are published outside of the AWS Market Place and are shared directly" - https://wiki.centos.org/Cloud/AWS)

I'm really keen to understand if this is short-term situation, or if this is the indefinite future of CentOS AMI releases? There were a number of benefits to the Marketplace model - mainly for us is the ability to use Packer to fetch the latest AMI for the product code, plus also notifications. Are there reasons behind the recent change?

Many thanks,

Marc

---

CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel