Been banging my head on this one back and forth and I haven’t been able to find the right pressure point to ask… Can anyone elaborate as to the plans for making Rocky 8 & 9 available in AWS Gov Cloud?
When I asked a few months ago, I received no response. I had to upload my own image. It was painful, but a learning experience. I highly recommend using an AWS instance to run the various commands. The faster network speeds make things so much faster, unless you have great local speeds.
I used an Ubuntu ARM instance and installed qemu-img. The ARM instances are cheap. I can post the list of commands if you’re interested. (Not sure what the policy is wrt pasting ~115 lines of text into a reply.)
My apologies for not responding. I believe this just got lost. I had asked @brian to follow up on what the steps would be for us to support this. I will see if he found anything and follow up with both of you.
No need to apologize. People get busy or distracted. I was able to do what I needed with a little effort. Thanks for doing what you do.
Here are the various commands I used. You’ll want to refer to one of the Amazon Guides.
# Create an AWS S3 bucket. Use the web console or command line.
# aws s3 mb - to create buckets
# create vmimport role
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
#set role policy
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
-- role-policy.json --
{
"Version":"2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws-us-gov:s3:::vmimage-bucket",
"arn:aws-us-gov:s3:::vmimage-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws-us-gov:s3:::vmexport-bucket",
"arn:aws-us-gov:s3:::vmexport-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
--- trust-policy.json --
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
curl -O https://rocky-linux-us-east1.production.gcp.mirrors.ctrliq.cloud/pub/rocky/8.7/images/aarch64/Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.qcow2
qemu-img convert -f qcow2 -O raw Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.qcow2 Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw
aws s3 cp Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw s3://vmimage-bucket/rocky8/Rocky-8-LVM-Base-8.7-20230215.0.aarch64.raw --region us-gov-east-1 --profile <your aws profile>
aws ec2 import-snapshot --description "Rock 8.7 Arm64" --disk-container file://container.json --profile <your aws profile> --region us-gov-east-1
-- container.json --
{
"Description": "rocky-8.7-ec2-aarch64-20230215.0",
"Format": "RAW",
"UserBucket": {
"S3Bucket": "vmimage-bucket",
"S3Key": "rocky8/Rocky-8-EC2-LVM-8.7-20230215.0.aarch64.raw"
}
}
aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-<hexvalue_comes_from_above> --region us-gov-east-1
# -- Create image from snapshot
aws ec2 create-image \
--name "rocky_8.7_ebs_base_aarch64_20230215.0" \
--description "Rocky 8.7 EBS Arm64 20230215.0" \
-- block-device-mappings DeviceName=/dev/sda,Ebs={SnapshotId="snap-<hexvalue_A>", Encrypted=false}
# --- register image ---
aws ec2 register-image --name "Rocky 8.7 Base Arm64 " --region=us-gov-east-1 \
--description "AMI_from_Rocky_8.7_20230215.0_Base" \
--block-device-mappings DeviceName="/dev/sda",Ebs={SnapshotId="snap-<hexvalue_A"} \
--root-device-name "/dev/sda1"
# -- LVM based AMI expand filesystem if needed --
sudo pvresize /dev/nvme0n1p5
sudo lvextend -l +100%FREE /dev/rocky/root
sudo xfs_growfs /dev/rocky/root
thanks - I did reach out to @brian a while back - right before the RHEL shenanigans went down. figured I’d give some time for that to settle out.
Bump - anyone have any updates or thoughts around ETA on getting some official images published on AWS GovCloud?