Constraints

• This feature is available for open beta test (OBT) only in certain regions.
• This function is available only for clusters of v1.15 or later.
• For details about how to create a custom node image for a CCE Turbo cluster, see Creating a Custom CCE Node Image.

Image OS and Kernel Version Requirements

You have added a dedicated label to the image. Both the label key and value are cce. The image OS version must be EulerOS 2.5 or CentOS 7.6.

• When creating an image, follow the instructions in this section to prevent unexpected problems.
• To log in to VMs created from base images, users are required to have the sudo root or root permissions.

Preparation

Notes

• Check whether the dependencies required by the current OS version are installed on the ECS used to create an image.

• After the image is created, the ECSs will not be deleted. You need to delete them manually.
• The private image installation package contains the script and dependent components required for installing the node. The package version varies depending on the cluster version.

Procedure

1. Before creating an image, you need to create two ECSs and bind EIPs to them. One ECS is used as the executor, and the other is used to create the image. The recommended ECS specifications are 4 vCPUs and memory of 8 GB.
   

   • For details about how to use an image file to create a private image, see Appendix.
   • An EIP is bound to remotely transfer the installation package and send dependency installation commands.
   • It takes about 10 minutes to create an image, which incurs network traffic and resource fees.
   • Ensure that TCP port 22 is enabled in the new inbound rule of the security group for both ECSs. For details about how to create a security group, see Security Group Configuration Examples.

2. Creating a private image depends on the lvm2, conntrack, sudo, NetworkManager, haveged, ntp, numactl, ipset, and auditd components. Check whether the corresponding dependencies required by the current OS version have been installed on the ECS used to create the image.

   eg: yum install lvm2 conntrack sudo NetworkManager haveged ntp numactl ipset audit -y;

   If "no package" is displayed when you run the yum install haveged command, run the following commands:

   yum install epel-release -y;
   yum install haveged -y;

   Check and uninstall the unnecessary dependency: network-hotplug

   eg: rpm -e network-hotplug

   If the base image requires the auditd service to run properly, run the systemctl status auditd command to check the service status and disable selinux if the service runs improperly. In some cases, if selinux is enabled, the auditd service cannot run properly. (Run the vim /etc/selinux/config command and change the value of SELINUX to disabled. Check whether the /var/log/audit directory exists. If the directory does not exist, create it. Restart the node for the modification to take effect.) If the auditd service does not exist, install the auditd service.

3. Uploading the init_envs.conf File

   The init_envs.conf file stores the configurations of the VM created from the base image. Apply for a server on the ECS console or use an existing server, log in the server, and upload the init_envs.conf file to the /root directory on the server.

   The following is an example of the init_envs.conf file. Set the parameters based on the description in Table 2.

   You are advised to use a common tenant account to create an image. Otherwise, the API call may fail due to the security requirement of the op_svc_xxx account.

   DOMAIN_NAME=''
   USER_NAME=''
   PROJECT_NAME=''
   PROJECT_ID=''
   IMS_ENDPOINT=''
   KEY_PAIR_NAME=''
   IMAGE_NAME=''

   Table 2 Description of the init_envs.conf file

   Parameter	Description
   DOMAIN_NAME	Account that creates an image.
   USER_NAME	User that creates an image.
   PROJECT_NAME	Region to which the project belongs. View the region and project ID on the My Credentials page.
   PROJECT_ID	Project ID. View the region and project ID on the My Credentials page.
   IMS_ENDPOINT	ims.region.myhuaweicloud.com For details about regions, see Regions and Endpoints. Example value: ims.cn-north-4.myhuaweicloud.com
   KEY_PAIR_NAME	(Optional) Name of the key pair, which is the same as the name of the key pair file in the /root directory.
   IMAGE_NAME	Optional. The default value is the BASIC-NODE-IMG-timestamp.

4. Obtain the key file. (Skip this step if you log in to the server using a password.)

   A key file is the authentication file required for creating an ECS. You can use existing keys or create new keys. For example, log in to the server and upload the key file named Keypair.pem to the /root directory to create an ECS.

   1. Log in to the HUAWEI CLOUD management console.
   2. Choose Service List > Computing > Elastic Cloud Server.
   3. In the navigation pane, choose Key Pair. On the page displayed, click Create Key Pair.
   4. Enter a key pair name and click OK.
   5. In the dialog box displayed, click OK.

      View and save the key pair. To ensure security, a key pair can be downloaded only once. Keep the key pair secure for login.

      For details about how to create a key pair, see Creating a Key Pair.

Creating a Node Image

1. Log in to the ECS that functions as the executor.

   Check whether the init_envs.conf and Keypair.pem files have been uploaded to the /root directory.

2. Run the image creation script.

   Table 3 Commands to be run

   Site

   Command

   HUAWEI CLOUD

   Click here to obtain the installation package. Decompress the installation package. When executing create.sh in the node-image/conf directory, add the following five parameters. The following is an example: bash create.sh ${NODE_EIP} ${PASSWORD} ${ECS_PASSWORD} ${ECS_INSTANCE_ID} ${LINUX_ROLE} The parameters are described as follows: NODE_EIP: EIP of the ECS used to create the image. PASSWORD: password for logging in to HUAWEI CLOUD. This password is used to obtain the token for creating an IMS image. ECS_PASSWORD: password for logging in to the ECS used to create the image. If you use a key pair for login, do not set this parameter (a null value). ECS_INSTANCE_ID: instance ID of the ECS used to create the image. LINUX_ROLE: role of the user who creates the image. The default user is root. If the user is not root, set the permission as follows: /etc/sudoers Username ALL=(ALL) NOPASSWD: ALL NOTE: Example: Use a key pair: bash create.sh 127.0.0.1 [Password of the user used to create the image] [Login password of the node corresponding to the machine used to create the image, which is empty when a key pair is used] d4d92ca7-256a-44ef-942d-ab326bed1d87 root Use a password: bash create.sh 127.0.0.1 [Password of the user used to create the image] [Login password of the node corresponding to the machine used to create the image] d4d92ca7-256a-44ef-942d-ab326bed1d87 root

3. After the image is created, use the image to create a worker node for verification.

Appendix

This operation is required only when you use image files to create a private image. Perform the following steps:

1. Obtain a base image file from a trusted HUAWEI CLOUD image repository.

   For details about how to obtain the image ID, see Quickly Importing an Image File (Windows).

2. Import the obtained image file to an OBS bucket of your account.
   Figure 1 Importing the image file to an OBS bucket
   

3. On IMS, click Create Image on the Private Images tab page. Select Image File for Source, which is the image file in the OBS bucket. Set the system disk to 40 GB, configure other parameters as required, and click Create Now.
   Figure 2 Creating an image