RHEL BYOL AMI 생성
AWS 와 같은 기타 CSP 를 사용하게 되면 PAYG 라이센스의 RHEL 을 사용합니다.
PAYG 라이센스가 아닌 BYOL (Bring Your Own License) RHEL 을 사용하면서, OpenSCAP 프로파일 적용, 파티션 구분 및 파일시스템 분리 등을 위한 커스텀한 RHEL BYOL AMI 을 생성하는 방안에 대해 설명을 드리겠습니다.
이번 포스팅은 AWS 를 대상으로 진행이 되었으나, GCP, Azure, Oracle Cloud, VMWare, qcow2, iso 로 사용 가능한 이미지가 생성에도 활용이 가능합니다.
Recommanded
- Developers Subscription 등록 필요
- https://developers.redhat.com/blog/2021/02/10/how-to-activate-your-no-cost-red-hat-enterprise-linux-subscription
- 아래 페이지에서도 등록이 가능합니다.
- https://developers.redhat.com/products/rhel/download
-
- 정상적으로 등록이 된다면 아래와 같이 서브스크립션이 확인이 될 것입니다.
-
How to create BYOL AMI
- Red Hat Insights > Inventory > Images
-
- Select target environment > AWS
-
- Select the RHEL Release version
-
-
- Enter the account ID for shared AMI
-
- Select “Registration method”
-
- Select the “OpenSCAP profile”
-
- File system configuration
-
- Select the “Disable repeatable build“ for use the newest state of repositories
-
- (optional) if you need custom repositories, add custom repository information
-
- (optional) if you need additional packages
-
- (optional) if you need add user
-
- Select the timezone
-
- Select the Locale
-
- Select the hostname
-
- (optional) Customize kernel name and kernel arguments.
-
- (optional) Customize firewall settings for your image.
-
- (optional) Enable, disable and mask systemd services.
-
- (optional) Configure the image with a custom script that will execute on its first boot.
-
- Select the Blueprint name
-
- Review
-
- Create blueprint and build image
-
- building the image
-
- Shared AMI
-
- Create the instance from shared AMI
[root@ip-172-31-8-200 ~]# cat /var/log/messages | grep rhel-image
Jun 4 01:16:27 ip-172-31-8-200 systemd: Hostname set to <rhel-image-builder>.
[root@ip-172-31-8-200 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 10.0 (Coughlan)
[root@ip-172-31-8-200 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/nvme0n1p3 20G 1.9G 18G 10% /
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 1.8G 0 1.8G 0% /dev/shm
efivarfs 128K 3.6K 120K 3% /sys/firmware/efi/efivars
tmpfs 707M 8.6M 698M 2% /run
tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-journald.service
/dev/nvme0n1p2 200M 8.4M 192M 5% /boot/efi
tmpfs 1.0M 0 1.0M 0% /run/credentials/serial-getty@ttyS0.service
tmpfs 1.0M 0 1.0M 0% /run/credentials/getty@tty1.service
tmpfs 354M 4.0K 354M 1% /run/user/1001
[root@ip-172-31-8-200 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 20G 0 disk
├─nvme0n1p1 259:1 0 1M 0 part
├─nvme0n1p2 259:2 0 200M 0 part /boot/efi
└─nvme0n1p3 259:3 0 19.8G 0 part /
[root@ip-172-31-8-200 ~]# rpm -qa | egrep "cloud-init|tmux"
cloud-init-24.4-3.el10.noarch
tmux-3.3a-13.20230918gitb202a2f.el10.x86_64
[root@ip-172-31-8-200 ~]# subscription-manager status
+-------------------------------------------+
System Status Details
+-------------------------------------------+
Overall Status: Not registered
[root@ip-172-31-8-200 ~]# yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
No repositories available
Register subscription
[root@ip-172-31-8-200 ~]# subscription-manager register
Registering to: subscription.rhsm.redhat.com:443/subscription
Username: chhanz
Password: ******
The system has been registered with ID: 1234-1234-1234-1234-1234
The registered system name is: ip-172-31-8-200.ap-northeast-2.compute.internal
[root@ip-172-31-8-200 ~]# subscription-manager status
+-------------------------------------------+
System Status Details
+-------------------------------------------+
Overall Status: Registered
[root@ip-172-31-8-200 ~]# yum repolist
Updating Subscription Management repositories.
repo id repo name
rhel-10-for-x86_64-appstream-rpms Red Hat Enterprise Linux 10 for x86_64 - AppStream (RPMs)
rhel-10-for-x86_64-baseos-rpms Red Hat Enterprise Linux 10 for x86_64 - BaseOS (RPMs)