Create RightLink 5.9 Enabled Images
Overview
Tips for creating your own custom RightLink-enabled images.
Important! Custom images that are built with RightLink 5.9 and higher are fully supported by RightScale. If you choose to create your own custom images instead of using the ones included in ServerTemplates published by RightScale, please refer to this document for best practices and recommended procedures.
NOTE: Although the steps provided below for bundling images may still be valid for some use cases, you are encouraged to explore using the Instance Provisioner for RightLink-enabling existing running instances. See Create New Instance with the Instance Provisioner for additional information.
Images Built from Scratch
When creating images from scratch, follow Install RightLink to include the required packages within your image. Installation of the packages will also enable the system services for RightScale/RightLink. There are no other requirements or software needed to be included in the virtual machine image.
Note: building a virtual machine image from scratch is out of scope to this guide and considered an advanced topic.
Bundling Running Instances
Background
Before bundling running instances, you should clean-up your instance by deleting or truncating several files stored on the instance disk to ensure that a new instance does not inherit old data. Security is the main reason for performing these steps, as some files (SSH keys/host keys, for example) can leave your newly-bundled image vulnerable, particularly if you chose to publish or distribute it publicly.
While many of these files can be excluded during the bundling process, this guide takes a preventative approach by recommending some best practices for server/instance clean-up prior to the bundling process. A majority of the file removal is applicable to RightScale-managed servers, however these practices also apply to unmanaged instances after installing RightLink.
Note: This guide should work with official RightImages that are being rebundled or with custom images built from scratch but it has not been tested with every OS distribution or RightLink version available. If you experience issues, please contact RightScale Support with questions or feedback.
Prerequisites
Before working through this guide, you should have the following:
- A running cloud instance or server that has RightLink installed and configured and is ready for bundling. For more information, see the Create RightLink Images section.
- SSH or RDP access to the server or instance
- For *nix instances, a 'truncate' script is needed by this guide, which is a simple one line Bash script that should be saved somewhere on the running instance. The script should be made executable (chmod +x), and for the purposes of this guide, it's saved as /root/truncate.sh. Here is the script:
#!/bin/sh #Truncate one line script echo -n > $1
Linux Servers and Instances
The following actions should be taken on all *nix-based instances and servers (CentOS and Ubuntu tested). Each command should be run from the command line within an SSH terminal/session.
Stop Services
Use the following commands to stop NTP and Postfix:
service postfix stop service ntp stop
Delete Files
Use the following commands to delete the following files and directories from any *nix instances. Run each command once from the command prompt:
rm -rf /var/spool/cloud/*
rm -rf /tmp/*
rm -rf /tmp/.[^.]*
rm -rf /tmp/..?*
rm -rf /var/cache/*
rm -rf /var/mail/*
rm -rf /var/lib/ntp/ntp.drift
rm -f /etc/hosts.backup.*
rm -rf /etc/pki/tls/private/*
rm -rf /root/.ssh
rm -rf /root/.gem
rm -f /root/*.tar
rm -rf /root/files
rm -f /root/*
rm -f /root/.*_history /root/.vim* /root/.lesshst /root/.gemrc
rm -rf /root/.cache /root/.vim
find /etc -name \*~ -exec rm -- {} \;
find /etc -name \*.backup* -exec rm -- {} \; Truncate and Clear Files
The following commands use the earlier-referenced 'truncate.sh' Bash script to 'clear' out or truncate many files, which effectively empties the contents of each file down to nothing. However, the files themselves will remain so we simply nullify them for the purpose of this step. Note that some services will not recreate their log files if they are deleted.
Note: Change the path to your truncate.sh script as needed if it is not in the /root/ directory.
find /var/spool -type f -exec /root/truncate.sh {} \;
find /var/log -type f -exec /root/truncate.sh {} \;
find /etc/ssh/ssh_host_* -type f -exec /root/truncate.sh {} \; Remove Empty Password from Root
The following command removes the empty password from the root user:
sed -i s/root::/root:*:/ /etc/shadow
Recreate Necessary Directories
Run the commands below to create the necessary directories. (If the directories do not already exist, they will be recreated.)
mkdir -p /var/cache/logwatch /var/cache/man mkdir -p /var/cache/nscd
Distribution Specific Actions
Centos/RHEL
Remove any custom CentOS Ruby YUM repository:
rm -f /etc/yum.repos.d/CentOS-ruby-custom.repo
Ensure that PHP packages are not installed and run YUM Clean:
yum -y remove php* yum -y clean all
Ubuntu
Run apt-get Clean:
apt-get clean
Create specific directories:
mkdir -p /var/cache/apt/archives/partial /var/cache/debconf
Generate APT caches:
apt-cache gencaches
Generate Man Cache and Other Various Actions
Run the following commands last:
mandb --create updatedb sync
Windows Servers and Instances
When bundling a Windows server or cloud instance, it is recommended to utilize the Microsoft Windows System Preparation tool (SysPrep). This tool is specifically made to prepare Windows machines for duplication or reuse by removing system specific data from Windows along with other various tasks.
In addition to this, Rightlink 5.8.8 and above provides a SysPrep provider in its code for SysPrep to initiate a cleanup of all disposable Rightlink data as well, so one must only run a SysPrep command to fully prepare the instance for bundling. Once prepared and SysPrepped, the instance should also be shutdown per best practice prior to bundling into a new image (/shutdown included in sysprep command below).
Check Rightlink Version and Upgrade if Needed
This is a CRUCIAL step to the process, since the aforementioned SysPrep provider only exists in Rightlink v5.8.8 or higher. If you are running a version of Rightlink prior to this, it is HIGHLY recommended that you upgrade to the latest available stable version of Rightlink.
Newer Rightlink packages can be found on our mirror, and directions for upgrading and/or installing the package are found on the Rightlink 5.8 Installer Page for Windows and the Upgrade Rightlink Version on Windows page.
Run SysPrep
Once we've validated that we are using Rightlink v5.8.8 or higher, it's time to run the SysPrep command. This can be run by opening up a command prompt from an remote desktop session and running the command below:
sysprep /oobe /generalize /shutdown
Note: Only run this command when you are satisfied with the state of the instance and are ready to bundle the image, as it will shutdown the system in preparation for a bundle action.
Bundle the instance
At this point, you can now safely bundle or snapshot the running instance into a new image.
AWS EC2
For RightScale accounts running on the Legacy Cloud Platform (residing on my.rightscale.com) the dashboard's bundle functionality can be used. if you encounter issues or would prefer more control over the image bundling and registration, scripts are provided in the EC2 Instance Bundler Toolbox. This is also recommend for accounts on the Unified Cloud Platform.
Other Clouds
Consult the given cloud's documentation on bundling/snapshot capabilities (if supported).
Create or Update a MultiCloud Image
When creating or adding the image to an MCI, ensure to add the provides:rs_agent_type=right_link tag to the MCI prior to adding it to a ServerTemplate. The MCI can then be added to any HEAD version of a SeverTemplate and in turn used with RightScale-managed servers.
- © Copyright 2015 RightScale Technical Support