openstack-manuals/doc/image-guide/source/centos-image.rst

Example: CentOS image

This example shows you how to install a CentOS image and focuses mainly on CentOS 7. Because the CentOS installation process might differ across versions, the installation steps might differ if you use a different version of CentOS.

Download a CentOS install ISO

1. Navigate to the CentOS mirrors page.
2. Click one of the HTTP links in the right-hand column next to one of the mirrors.
3. Click the folder link of the CentOS version that you want to use. For example, 7/.
4. Click the isos/ folder link.
5. Click the x86_64/ folder link for 64-bit images.
6. Click the netinstall ISO image that you want to download. For example, CentOS-7-x86_64-NetInstall-1511.iso is a good choice because it is a smaller image that downloads missing packages from the Internet during installation.

Start the installation process

Start the installation process using either the virt-manager or the virt-install command as described in the previous section. If you use the virt-install command, do not forget to connect your VNC client to the virtual machine.

Assume that:

• The name of your virtual machine image is centos; you need this name when you use virsh commands to manipulate the state of the image.
• You saved the netinstall ISO image to the /data/isos directory.

If you use the virt-install command, the commands should look something like this:

# qemu-img create -f qcow2 /tmp/centos.qcow2 10G
# virt-install --virt-type kvm --name centos --ram 1024 \
  --disk /tmp/centos.qcow2,format=qcow2 \
  --network network=default \
  --graphics vnc,listen=0.0.0.0 --noautoconsole \
  --os-type=linux --os-variant=rhel7 \
  --location=/data/isos/CentOS-7-x86_64-NetInstall-1511.iso

Step through the installation

At the initial Installer boot menu, choose the Install CentOS 7 option. Step through the installation prompts. Accept the defaults.

Change the Ethernet status

The default Ethernet setting is OFF. Change the setting of the Ethernet form OFF to ON. In particular, ensure that IPv4 Settings' Method is Automatic (DHCP), which is the default.

Point the installer to a CentOS web server

Depending on the version of CentOS, the net installer requires the user to specify either a URL or the web site and a CentOS directory that corresponds to one of the CentOS mirrors. If the installer asks for a single URL, a valid URL might be http://mirror.umd.edu/centos/7/os/x86_64.

Note

Consider using other mirrors as an alternative to mirror.umd.edu.

If the installer asks for web site name and CentOS directory separately, you might enter:

• Web site name: mirror.umd.edu
• CentOS directory: centos/7/os/x86_64

See CentOS mirror page to get a full list of mirrors, click on the HTTP link of a mirror to retrieve the web site name of a mirror.

Storage devices

If prompted about which type of devices your installation uses, choose Virtio Block Device.

Hostname

The installer may ask you to choose a host name. The default (localhost.localdomain) is fine. You install the cloud-init package later, which sets the host name on boot when a new instance is provisioned using this image.

Partition the disks

There are different options for partitioning the disks. The default installation uses LVM partitions, and creates three partitions (/boot, /, swap), which works fine. Alternatively, you might want to create a single ext4 partition that is mounted to /, which also works fine.

If unsure, use the default partition scheme for the installer because no scheme is better than another.

Select installation option

Step through the installation, using the default options. The simplest thing to do is to choose the Minimal Install install, which installs an SSH server.

Detach the CD-ROM and reboot

When the installation has completed, the Congratulations, your CentOS installation is complete screen appears.

To eject a disk by using the virsh command, libvirt requires that you attach an empty disk at the same target that the CDROM was previously attached, which should be hdc. You can confirm the appropriate target using the virsh dumpxml vm-image command.

# virsh dumpxml centos
<domain type='kvm' id='19'>
  <name>centos</name>
...
    <disk type='block' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
    </disk>
...
</domain>

Run the following commands from the host to eject the disk and reboot using virsh, as root. If you are using virt-manager, the commands below will work, but you can also use the GUI to detach and reboot it by manually stopping and starting.

# virsh attach-disk --type cdrom --mode readonly centos "" hdc
# virsh reboot centos

Log in to newly created image

When you boot for the first time after installation, you might be prompted about authentication tools. Select Exit. Then, log in as root.

Install the ACPI service

To enable the hypervisor to reboot or shutdown an instance, you must install and run the acpid service on the guest system.

Run the following commands inside the CentOS guest to install the ACPI service and configure it to start when the system boots:

# yum install acpid
# systemctl enable acpid

Configure to fetch metadata

An instance must interact with the metadata service to perform several tasks on start up. For example, the instance must get the ssh public key and run the user data script. To ensure that the instance performs these tasks, use one of these methods:

• Install a cloud-init RPM, which is a port of the Ubuntu cloud-init package. This is the recommended approach.
• Modify the /etc/rc.local file to fetch desired information from the metadata service, as described in the next section.

Use cloud-init to fetch the public key

The cloud-init package automatically fetches the public key from the metadata server and places the key in an account. You can install cloud-init inside the CentOS guest by adding the EPEL repo:

# yum install http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm
# yum install cloud-init

The account varies by distribution. On Ubuntu-based virtual machines, the account is called ubuntu. On Fedora-based virtual machines, the account is called ec2-user.

You can change the name of the account used by cloud-init by editing the /etc/cloud/cloud.cfg file and adding a line with a different user. For example, to configure cloud-init to put the key in an account named admin, add this line to the configuration file:

user: admin

Write a script to fetch the public key (if no cloud-init)

If you are not able to install the cloud-init package in your image, to fetch the ssh public key and add it to the root account, edit the /etc/rc.d/rc.local file and add the following lines before the line touch /var/lock/subsys/local:

if [ ! -d /root/.ssh ]; then
  mkdir -p /root/.ssh
  chmod 700 /root/.ssh
fi

# Fetch public key using HTTP
ATTEMPTS=30
FAILED=0
while [ ! -f /root/.ssh/authorized_keys ]; do
  curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key \
    > /tmp/metadata-key 2>/dev/null
  if [ \$? -eq 0 ]; then
    cat /tmp/metadata-key >> /root/.ssh/authorized_keys
    chmod 0600 /root/.ssh/authorized_keys
    restorecon /root/.ssh/authorized_keys
    rm -f /tmp/metadata-key
    echo "Successfully retrieved public key from instance metadata"
    echo "*****************"
    echo "AUTHORIZED KEYS"
    echo "*****************"
    cat /root/.ssh/authorized_keys
    echo "*****************"
  fi
done

Note

Some VNC clients replace the colon (:) with a semicolon (;) and the underscore (_) with a hyphen (-). Make sure to specify http: and not http;. Make sure to specify authorized_keys and not authorized-keys.

Note

The previous script only gets the ssh public key from the metadata server. It does not get user data, which is optional data that can be passed by the user when requesting a new instance. User data is often used to run a custom script when an instance boots.

As the OpenStack metadata service is compatible with version 2009-04-04 of the Amazon EC2 metadata service, consult the Amazon EC2 documentation on Using Instance Metadata <http://docs.amazonwebservices.com/AWSEC2/2009-04-04/UserGuide/ AESDG-chapter-instancedata.html> for details on how to get user data.

Disable the zeroconf route

For the instance to access the metadata service, you must disable the default zeroconf route:

# echo "NOZEROCONF=yes" >> /etc/sysconfig/network

Configure console

For the nova console-log command to work properly on CentOS 7.x, you might need to do the following steps:

1. Edit the /etc/default/grub file and configure the GRUB_CMDLINE_LINUX option. Delete the rhgb quiet and add the console=tty0 console=ttyS0,115200n8 to the option:

   ...
   GRUB_CMDLINE_LINUX="crashkernel=auto console=tty0 console=ttyS0,115200n8"

2. Run the following command to save the changes:

   # grub2-mkconfig -o /boot/grub2/grub.cfg
   Generating grub configuration file ...
   Found linux image: /boot/vmlinuz-3.10.0-229.14.1.el7.x86_64
   Found initrd image: /boot/initramfs-3.10.0-229.14.1.el7.x86_64.img
   Found linux image: /boot/vmlinuz-3.10.0-229.4.2.el7.x86_64
   Found initrd image: /boot/initramfs-3.10.0-229.4.2.el7.x86_64.img
   Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
   Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
   Found linux image: /boot/vmlinuz-0-rescue-605f01abef434fb98dd1309e774b72ba
   Found initrd image: /boot/initramfs-0-rescue-605f01abef434fb98dd1309e774b72ba.img
   done

Shut down the instance

From inside the instance, as root:

# /sbin/shutdown -h now

Clean up (remove MAC address details)

The operating system records the MAC address of the virtual Ethernet card in locations such as /etc/sysconfig/network-scripts/ifcfg-eth0 and /etc/udev/rules.d/70-persistent-net.rules during the instance process. However, each time the image boots up, the virtual Ethernet card will have a different MAC address, so this information must be deleted from the configuration file.

There is a utility called virt-sysprep, that performs various cleanup tasks such as removing the MAC address references. It will clean up a virtual machine image in place:

# virt-sysprep -d centos

Undefine the libvirt domain

Now that you can upload the image to the Image service, you no longer need to have this virtual machine image managed by libvirt. Use the virsh undefine vm-image command to inform libvirt:

# virsh undefine centos

Image is complete

The underlying image file that you created with the qemu-img create command is ready to be uploaded. For example, you can upload the /tmp/centos.qcow2 image to the Image service.