Before you import custom images, we recommend that you use the image compliance tool to check whether the Linux operating system configurations meet import requirements. This topic describes how to use the image compliance tool provided by Alibaba Cloud to check the validity of a custom Linux image.
Background information
ECS allows you to create instances from imported custom images. You must import custom images to ECS before you can create instances from them. Custom images can be created based on on-premises servers, virtual machines (VMs), or cloud servers of other service providers. Custom images must meet certain requirements before they can be used in Alibaba Cloud. For more information, see Instructions for importing images.
We recommend that you use the image compliance tool of ECS to reduce the time required to create a custom image. The image compliance tool is designed to automatically validate configuration items in a Linux server environment to identify non-compliant items, generate detection reports in the TXT and JSON formats, and provide troubleshooting actions.
The image compliance tool only supports Linux images, such as Ubuntu, CentOS, Debian, Red Hat, SUSE Linux Enterprise Server (SLES), openSUSE, FreeBSD, and CoreOS.
A server that runs the CentOS 7.4 64-bit OS is used in this topic to show how to use the compliance tool.
Procedure
Perform the following operations to use the compliance tool:
Detection items
The compliance tool detects the following configuration items to ensure that ECS instances created from your custom image are fully functional.
Detection item | Non-compliance issue | Suggestion |
---|---|---|
driver | The ECS instance cannot start correctly. | Install the virtualization driver. For more information, see Install the virtio driver. |
/etc/shadow | The password file cannot be modified. As a result, you cannot create an ECS instance from the custom image. | Do not run the chattr command to lock the /etc/shadow file.
|
SElinux | The ECS instance cannot start correctly. | Do not start SELinux by modifying /etc/selinux/config. |
qemu-ga | Some services required by ECS are unavailable, and the instance is not fully functional. | Uninstall qemu-ga. |
network | Network functions of the ECS instance are unstable. | Disable or delete Network Manager and enable the network service. |
ssh | You cannot connect to the ECS instance from the console. | Enable the SSH service and do not set PermitRootLogin. |
firewall | The system does not automatically configure your ECS instance environment. | Disable firewalls such as iptables, firewalld, IPFilter (IPF), IPFireWall (IPFW), or PacketFilter (PF). |
file system | You cannot resize the disk. |
|
device id | The ECS instance cannot start correctly. | Clean up the fstab file and remove device IDs that are not needed from the file to ensure that the device IDs in use appear in the output of the blkid command. |
root | The username and password cannot be used to connect to the ECS instance. | Reserve the root account. |
passwd | You cannot add users to the ECS instance. | Retain the passwd command or reinstall the password file. |
Partition table | The ECS instance cannot start correctly. | Use MBR partitioning. |
/lib | The ECS instance cannot be configured automatically. | The /lib and /lib64 files cannot be stored in absolute paths. Modify the storage paths of the /lib and /lib64 files to their relative paths. |
system disk | N/A | Increase the system disk capacity. The optimal system disk capacity is 40 GiB to 500 GiB. When you import images, configure the system disk capacity based on the virtual file size of images, instead of the size of images. |
disk usage | Required drivers or services cannot be installed for the ECS instance. | Make sure that sufficient disk space is available. |
inode usage | Required drivers or services cannot be installed for the ECS instance. | Make sure that sufficient inode resources are available. |
The image compliance tool returns an OK
, FAILED
, or WARNING
detection result based on detection items.
OK
: The detection items all comply with requirements.FAILED
: The detection items do not comply with requirements, which means ECS instances created from the custom image cannot start correctly. We recommend that you rectify the non-compliant items and create a new image to improve instance startup efficiency.WARNING
: The detection items do not comply with requirements, which means ECS instances created from the custom image can start correctly, but ECS cannot use valid methods to configure your instance. You can immediately rectify the non-compliant items, or temporarily retain the items and create an image.
Output items
-p [Destination path]
to specify the path in which to generate the detection report. If this parameter
is not specified, the detection report is generated in the same path as the compliance
tool.
- Reports in the TXT format are named
image_check_report_date_time.txt
. The reports include server configuration information and detection results. A server that runs the CentOS 7.4 64-bit OS is used in the following example.The information you need to input when you import your image to Alibaba Cloud Website: Current system is: CentOS #Server operating system Architecture: x86_64 #System architecture System disk size: 42 GB #Server system disk capacity ----------------------------------------- Check driver #Detection item name Pass: kvm drive is exist #Detection result Alibaba Cloud supports kvm virtualization technology We strongly recommend installing kvm driver.
- Reports in the JSON format are named
image_check_report.json
. The reports include server configuration information and detection results. A server that runs the CentOS 7.4 64-bit OS is used in the following example."platform": "CentOS", \\Server operating system "os_big_version": "7", \\Operating system version number (major) "os_small_version": "4", \\Operating system version number (minor) "architecture": "x86_64", \\System architecture "system_disk_size": "42", \\Server system disk capacity "version": "1.0.2", \\Compliance tool version "time": "2018-05-14_19-18-10", \\Detection time "check_items": [{ "name": "driver", \\Detection item name "result": "OK", \\Detection result "error_code": "0", \\Error code "description": "Pass: kvm driver exists.", \\Description "comment": "Alibaba Cloud supports kvm virtualization technology. We strongly recommend installing kvm driver." }] }