[CentOS-devel] How to build CentOS 7 AMI

Thu Feb 11 01:59:30 UTC 2016
Jeremy Voorhis <jvoorhis at gmail.com>

As a long-time user, I second Alan's concerns. Reproducibility of cloud
images doesn't seem to be a priority for the major distros, and at best,
the marketplace throws up a roadblock requiring acceptance through the AWS
dashboard when setting up a new account.
On Wed, Feb 10, 2016 at 10:53 AM Alan Ivey <alanivey at gmail.com> wrote:

> Hi everyone,
>
> I'd like to revisit the thread about how the CentOS 7 AMIs are created (
> https://lists.centos.org/pipermail/centos-devel/2015-July/013652.html)
> and see if the process can be published in the
> https://github.com/CentOS/sig-cloud-instance-build repository or another
> relevant location.
>
> With CentOS 7 AMIs only being available in the Marketplace, all resulting
> EC2 instances have the Marketplace codes attached to the EBS volumes. A
> significant restriction of this is that a resulting image cannot be the
> non-primary volume of an instance unless it is powered down. This presents
> itself to be a problem in at least the following scenarios:
>
>    - Unable to attach a CentOS 7 boot volume to another instance for
>    repair without either creating a temporary instance or shutting down an
>    existing one. For example, if you messed up the /etc/sudoers file and
>    logged out, and wanted to repair, you would not be able to repair by
>    mounting to another instance and editing the file without incurring
>    additional (albeit small) cost, or having an existing instance be
>    temporarily unavailable.
>    - The "amazon-chroot" Packer Builder (
>    https://www.packer.io/docs/builders/amazon-chroot.html) does not work
>    because it starts by mounting a copy of the snapshot tied to the AMI as
>    part of a scripted operation and therefore cannot power off to do so
>
> Custom AMIs, snapshots, copied EBS volumes, etc, all have the marketplace
> codes copied to them and inherit the restrictions. If an org was to use
> these features for automating environments and was disconnected from the
> original Marketplace agreement, they may be unaware of this limitation.
>
> I would also appreciate being able to have the additional transparency of
> seeing how an AWS AMI is created as the docker/openstack/etc images from
> the repository referenced above. This would be useful in environments with
> regulatory compliance concerns, such as AWS GovCloud, HIPAA, FedRAMP, etc.
>
> I understand the benefit that Marketplace registrations allow for the
> ability to notify users of any changes, and I am not necessarily advocating
> for switching away from the Marketplace as the primary AMI location. I
> would like to be provided the opportunity to build a private AMI in the
> exact same procedure as the official image so as to avert the restrictions
> provided by the Marketplace.
>
> *[Note: I previously posted this question to centos-virt
> <https://lists.centos.org/pipermail/centos-virt/2016-February/004907.html>,
> but I did not receive any feedback and I have since noticed that **https://wiki.centos.org/SpecialInterestGroup/Cloud
> <https://wiki.centos.org/SpecialInterestGroup/Cloud> refers to the
> CentOS-Devel list for discussion. My apologies to subscribers of both
> lists.**]*
>
> Thank you,
> Alan
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20160211/41a7866c/attachment-0008.html>