Rocky Linux availibility on AWS Gov Cloud

Tburow · July 24, 2023, 5:40pm

Been banging my head on this one back and forth and I haven’t been able to find the right pressure point to ask… Can anyone elaborate as to the plans for making Rocky 8 & 9 available in AWS Gov Cloud?

hubbs · July 24, 2023, 9:50pm

When I asked a few months ago, I received no response. I had to upload my own image. It was painful, but a learning experience. I highly recommend using an AWS instance to run the various commands. The faster network speeds make things so much faster, unless you have great local speeds.

I used an Ubuntu ARM instance and installed qemu-img. The ARM instances are cheap. I can post the list of commands if you’re interested. (Not sure what the policy is wrt pasting ~115 lines of text into a reply.)

neil · July 24, 2023, 9:58pm

My apologies for not responding. I believe this just got lost. I had asked @brian to follow up on what the steps would be for us to support this. I will see if he found anything and follow up with both of you.

hubbs · July 25, 2023, 1:44am

No need to apologize. People get busy or distracted. I was able to do what I needed with a little effort. Thanks for doing what you do.

hubbs · July 25, 2023, 11:50am

Here are the various commands I used. You’ll want to refer to one of the Amazon Guides.

# Create an AWS S3 bucket.  Use the web console or command line. 
# aws s3 mb - to create buckets 

# create vmimport role
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

#set role policy
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

-- role-policy.json --
{
    "Version":"2012-10-17",
    "Statement":[
       {
          "Effect": "Allow",
          "Action": [
             "s3:GetBucketLocation",
             "s3:GetObject",
             "s3:ListBucket" 
          ],
          "Resource": [
             "arn:aws-us-gov:s3:::vmimage-bucket",
             "arn:aws-us-gov:s3:::vmimage-bucket/*"
          ]
       },
       {
          "Effect": "Allow",
          "Action": [
             "s3:GetBucketLocation",
             "s3:GetObject",
             "s3:ListBucket",
             "s3:PutObject",
             "s3:GetBucketAcl"
          ],
          "Resource": [
             "arn:aws-us-gov:s3:::vmexport-bucket",
             "arn:aws-us-gov:s3:::vmexport-bucket/*"
          ]
       },
       {
          "Effect": "Allow",
          "Action": [
             "ec2:ModifySnapshotAttribute",
             "ec2:CopySnapshot",
             "ec2:RegisterImage",
             "ec2:Describe*"
          ],
          "Resource": "*"
       }
    ]
 }
 
--- trust-policy.json  --
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

curl -O https://rocky-linux-us-east1.production.gcp.mirrors.ctrliq.cloud/pub/rocky/8.7/images/aarch64/Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.qcow2

qemu-img convert -f qcow2 -O raw Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.qcow2 Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw

aws s3 cp Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw s3://vmimage-bucket/rocky8/Rocky-8-LVM-Base-8.7-20230215.0.aarch64.raw --region us-gov-east-1 --profile <your aws profile>

aws ec2 import-snapshot --description "Rock 8.7 Arm64" --disk-container file://container.json --profile <your aws profile> --region us-gov-east-1

-- container.json --
{
  "Description": "rocky-8.7-ec2-aarch64-20230215.0",
  "Format": "RAW",
  "UserBucket": {
      "S3Bucket": "vmimage-bucket",
      "S3Key": "rocky8/Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw"
  }
}

aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-<hexvalue_comes_from_above> --region us-gov-east-1

# -- Create image from snapshot
aws ec2 create-image \
    --name "rocky_8.7_ebs_base_aarch64_20230215.0" \
    --description "Rocky 8.7 EBS Arm64 20230215.0" \
	-- block-device-mappings DeviceName=/dev/sda,Ebs={SnapshotId="snap-<hexvalue_A>", Encrypted=false}
    
# --- register image ---
aws ec2 register-image --name "Rocky 8.7 Base Arm64 " --region=us-gov-east-1 \
    --description "AMI_from_Rocky_8.7_20230215.0_Base" \
    --block-device-mappings DeviceName="/dev/sda",Ebs={SnapshotId="snap-<hexvalue_A"} \
    --root-device-name "/dev/sda1"

# -- LVM based AMI expand filesystem if needed --
sudo pvresize /dev/nvme0n1p5 

sudo lvextend -l +100%FREE /dev/rocky/root

sudo xfs_growfs /dev/rocky/root

Tburow · July 28, 2023, 4:47pm

thanks - I did reach out to @brian a while back - right before the RHEL shenanigans went down. figured I’d give some time for that to settle out.

Tburow · August 14, 2023, 5:35pm

Bump - anyone have any updates or thoughts around ETA on getting some official images published on AWS GovCloud?

Tburow · August 22, 2023, 3:18pm

@neil @brian - Hey Good Morning guys, Any updates on Rocky being made available for AWS gov Cloud yet? I’m following up on this Or is there a contact to submit a more formal inquiry/request? I’m asking this in an official capacity on behalf of Maxar.

ssoto · October 31, 2023, 6:14pm

Is there any update, on if Rocky8 is officially going to post to the govcloud?

brian · November 2, 2023, 12:53am

Just reached out to our AWS rep. Will update shortly.

mmerriel · March 29, 2024, 2:23pm

Have there been any updates on the Rocky Linux in Gov AWS yet? Looks like it’s been a while since you were reaching out to your AWS rep, so maybe this is being tracked somewhere else?

Thanks, Mike

ssoto · February 20, 2025, 8:09pm

Hey, just wondering if there are any updated on this?