[CentOS-devel] Availability of CentOS 7/8 AMIs through AWS Marketplace

Tue Jul 28 16:17:49 UTC 2020
aleksander.baranowski <aleksander.baranowski at yahoo.pl>

Hi Marc,

 I'm currently working on AMIs for my company so I can outline the
problems with AMI in Marketplace firsthand, some of them are connected
with the creation of AMI itself, other with the way how Amazon manages
Marketplace. The mail is long because it describes the whole process.

 First of all, to publish on the Marketplace, you need to register to
some US base taxes information. You also need US account (you can use
Hyperwallet)[1]. Generally speaking its work for your accounting, and
any bureaucracy is a nightmare for technical folks like us :). Note that
this step is required even if you provide only free AMIs.

 Then you have to make your AMI somehow. According to my knowledge,
CentOS uses ImageFactory[2]. For me, it's problematic, because the most
popular tool for making a bunch of images Packer [3]. I also saw some
scripts based on making loopback devices and use chroot (it's used for
building container images from scratch). There are also other options
like importing VM, and then Amazon can make AMI from it. To sum up -
**there is no standardized way** to make AMI from scratch. So you have
to find some solution, then hack them.

 Next, there is another problem - if your AMI have some problem you
don't have the means to debug it. EC2 instances don't give you access to
the console (like serial console, etc.). So you can make the only
screenshot and pray that there will be some information that points out
what is wrong - but for 99% there won't be anything more than
information about dracut rescue console that **ohhh wow** you don't have
access to. Debugging AMI in early stages is next to impossible.

 But let's imagine that your AMI works like a charm. Then you have to:

 1) Share AMI with Amazon, remember about additional policies!
 2) AMI then is scanned. BTW when Amazon find one error, they won't
point next one. For example, if you have some root password set, it will
tell you that the root password must be disabled (`passwd -d root`). You
change it, make new AMI, wait for it to upload, share and scan (it can
take up to 4 hours). Then Amazon scan will point out that root login
should be disabled (`passwd -l root`). This process is also time-consumingu.
 3) With working and secure AMI, you can register your product. You have
to fill like huuuuuge form. The worst part is selecting the instances
that AMI should work with. It would be best if you also remembered that
your kernel should support ENA (Elastic Network Adapter) because
instances that are using it won't boot otherwise.
 4) After creating the product, you wait for Amazon review. It takes
about three days.
 5) If there are some comments/reservations about your product or AMI,
you have to fix them.
 6) You get information that your product is available in private views.
 7) You enable public asses on your product - it can take up to 3 days.


 Now you can get why CentOS AMIs are not updated in Marketplace.

 **
 In conclusion, the process is extremely long; there are parts that, are
hard, unprofitable or just simply cannot be automated. According to my
knowledge updating the AMI is also a pain in the neck, but I have not
done it yet. So I'm not surprised that even bigger companies don't
update they AMIs. Lastly, I don't know if CentOS as an organization has
resources that they can allocate for this time-consuming, with little to
gain, process.
 **


If you are interesed you can also read docs about submission[4]. From
docs: "Total request time normally takes 2-4 weeks of calendar time.
More complex requests or products can take longer, due to multiple
iterations and adjustments to product metadata and software."

**IMO this situation is AWS fault not CentOS.**

Bests,
 Alex

[1] - https://sellercentral.amazon.com/gp/help/external/G201468470

[2] - https://github.com/redhat-imaging/imagefactory

[3] - https://github.com/hashicorp/packer

[4] -
https://docs.aws.amazon.com/marketplace/latest/userguide/product-submission.html

PS. I tried to send it from my work e-mail but it get probably rejected
(I have no idea why).

On 7/28/20 10:59 AM, Marc Jay wrote:
> Hi,
> 
> Long-time user of CentOS 7 AMIs from the AWS Marketplace. I see that the
> latest CentOS 7 and all CentOS 8 AMIs are only available outside of the
> Marketplace ("These images are published outside of the AWS Market Place
> and are shared directly" - https://wiki.centos.org/Cloud/AWS)
> 
> I'm really keen to understand if this is short-term situation, or if this
> is the indefinite future of CentOS AMI releases? There were a number of
> benefits to the Marketplace model - mainly for us is the ability to use
> Packer to fetch the latest AMI for the product code, plus also
> notifications. Are there reasons behind the recent change?
> 
> Many thanks,
> 
> Marc
> 
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>