Been banging my head on this one back and forth and I haven’t been able to find the right pressure point to ask… Can anyone elaborate as to the plans for making Rocky 8 & 9 available in AWS Gov Cloud?
When I asked a few months ago, I received no response. I had to upload my own image. It was painful, but a learning experience. I highly recommend using an AWS instance to run the various commands. The faster network speeds make things so much faster, unless you have great local speeds.
I used an Ubuntu ARM instance and installed qemu-img. The ARM instances are cheap. I can post the list of commands if you’re interested. (Not sure what the policy is wrt pasting ~115 lines of text into a reply.)
My apologies for not responding. I believe this just got lost. I had asked @brian to follow up on what the steps would be for us to support this. I will see if he found anything and follow up with both of you.
No need to apologize. People get busy or distracted. I was able to do what I needed with a little effort. Thanks for doing what you do.
Here are the various commands I used. You’ll want to refer to one of the Amazon Guides.
# Create an AWS S3 bucket. Use the web console or command line.
# aws s3 mb - to create buckets
# create vmimport role
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
#set role policy
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
-- role-policy.json --
{
"Version":"2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws-us-gov:s3:::vmimage-bucket",
"arn:aws-us-gov:s3:::vmimage-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws-us-gov:s3:::vmexport-bucket",
"arn:aws-us-gov:s3:::vmexport-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
--- trust-policy.json --
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
curl -O https://rocky-linux-us-east1.production.gcp.mirrors.ctrliq.cloud/pub/rocky/8.7/images/aarch64/Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.qcow2
qemu-img convert -f qcow2 -O raw Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.qcow2 Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw
aws s3 cp Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw s3://vmimage-bucket/rocky8/Rocky-8-LVM-Base-8.7-20230215.0.aarch64.raw --region us-gov-east-1 --profile <your aws profile>
aws ec2 import-snapshot --description "Rock 8.7 Arm64" --disk-container file://container.json --profile <your aws profile> --region us-gov-east-1
-- container.json --
{
"Description": "rocky-8.7-ec2-aarch64-20230215.0",
"Format": "RAW",
"UserBucket": {
"S3Bucket": "vmimage-bucket",
"S3Key": "rocky8/Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw"
}
}
aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-<hexvalue_comes_from_above> --region us-gov-east-1
# -- Create image from snapshot
aws ec2 create-image \
--name "rocky_8.7_ebs_base_aarch64_20230215.0" \
--description "Rocky 8.7 EBS Arm64 20230215.0" \
-- block-device-mappings DeviceName=/dev/sda,Ebs={SnapshotId="snap-<hexvalue_A>", Encrypted=false}
# --- register image ---
aws ec2 register-image --name "Rocky 8.7 Base Arm64 " --region=us-gov-east-1 \
--description "AMI_from_Rocky_8.7_20230215.0_Base" \
--block-device-mappings DeviceName="/dev/sda",Ebs={SnapshotId="snap-<hexvalue_A"} \
--root-device-name "/dev/sda1"
# -- LVM based AMI expand filesystem if needed --
sudo pvresize /dev/nvme0n1p5
sudo lvextend -l +100%FREE /dev/rocky/root
sudo xfs_growfs /dev/rocky/root
thanks - I did reach out to @brian a while back - right before the RHEL shenanigans went down. figured I’d give some time for that to settle out.
Bump - anyone have any updates or thoughts around ETA on getting some official images published on AWS GovCloud?
@neil @brian - Hey Good Morning guys, Any updates on Rocky being made available for AWS gov Cloud yet? I’m following up on this Or is there a contact to submit a more formal inquiry/request? I’m asking this in an official capacity on behalf of Maxar.
Is there any update, on if Rocky8 is officially going to post to the govcloud?
Just reached out to our AWS rep. Will update shortly.
Have there been any updates on the Rocky Linux in Gov AWS yet? Looks like it’s been a while since you were reaching out to your AWS rep, so maybe this is being tracked somewhere else?
Thanks, Mike