aws导入镜像和导入快照,平滑迁云详解
目录
一、安装AWS CLI
1、linux 安装AWS CLI
2、配置AWS CLI
二、创建具有导入导出权限的角色
三、导入镜像
1、上传镜像到S3
2、导入镜像
3、查看导入的镜像
4、取消导入映像任务
四、导入快照
五、导出镜像
1、导出镜像到s3
2、查看导出状态
3、取消导出映像任务
六、总结
一、安装AWS CLI
1、linux 安装AWS CLI
官网:https://docs.amazonaws.cn/cli/latest/userguide/install-cliv2-linux.html
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install2、配置AWS CLI
首先AWS后台获取账号密钥对->使用aws configure配置认证
# aws configure
AWS Access Key ID [None]: AKIAQGMfdfsefd7Odf
AWS Secret Access Key [None]: JCKbGTfkkdjfdgrrZdpo8weSenCxooY
Default region name [None]: cn-northwest-1
Default output format [None]: json二、创建具有导入导出权限的角色
1、新建文件trust-policy.json 放入
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
2、创建服务角色
# aws iam create-role --role-name vmimport --assume-role-policy-document file:///home/centos/trust-policy.json
{
"Role": {
"Path": "/",
"RoleName": "vmimport",
"RoleId": "AROAQGM5NM2MH4OH5OAVP",
"Arn": "arn:aws-cn:iam::013751903896:role/vmimport",
"CreateDate": "2020-05-14T08:34:46+00:00",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:Externalid": "vmimport"
}
}
}
]
}
}3、编写角色策略
创建名为 role-policy.json 的文件并编写下面的策略,其中,migrate-cloud-image 为存储磁盘映像的存储桶:
# cat role-policy.json
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws-cn:s3:::migrate-cloud-image",
"arn:aws-cn:s3:::migrate-cloud-image/*"
]
},
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource":[
"arn:aws-cn:s3:::export-image",
"arn:aws-cn:s3:::export-image/*"
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}4、策略和角色关联
使用put-role-policy命令将策略挂载到之前创建的角色,请指定 role-policy.json 文件位置的完整路径
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json三、导入镜像
1、上传镜像到S3
参考:https://wangfanggang.com/AWS/AWS-CLI-S3-upload/
# aws s3 cp CentOS-7.6-64bit-huawei.vmdk s3://migrate-cloud-image/CentOS-7.6-64bit-huawei.vmdk
upload: ./CentOS-7.6-64bit-huawei.vmdk to s3://migrate-cloud-image/CentOS-7.6-64bit-huawei.vmdk2、导入镜像
创建导入策略文件containers.json
[
{
"Description": "offline-data-disk",
"Format": "vhd",
"UserBucket": {
"S3Bucket": "migrate-cloud-image",
"S3Key": "offline-data-disk.vhd"
}
}
]执行导入镜像
# aws ec2 import-image --description "huawei server" --disk-containers file://containers.json {
"Description": "huawei server",
"ImportTaskId": "import-ami-06f701b644dc0fd77",
"Progress": "2",
"SnapshotDetails": [
{
"DiskImageSize": 0.0,
"Format": "VMDK",
"UserBucket": {
"S3Bucket": "migrate-cloud-image",
"S3Key": "CentOS-7.6-64bit-huawei.vmdk"
}
}
],
"Status": "active",
"StatusMessage": "pending"
}查看导入进度
使用 describe-import-image-tasks 命令返回导入任务的状态进度。
包括的状态值如下:
active — 正在运行导入任务。
deleting — 正在取消导入任务。
deleted — 导入任务已取消。
updating — 导入状态正在更新。
validating — 正在验证导入的映像。
validated — 已验证导入的映像。
converting — 正在将导入的映像转换成 AMI。
completed — 导入任务已完成,并且 AMI 已准备就绪,随时可以使用。# aws ec2 describe-import-image-tasks --import-task-ids import-ami-06f701b644dc0fd77
{
"ImportImageTasks": [
{
"Description": "huawei server",
"ImportTaskId": "import-ami-06f701b644dc0fd77",
"SnapshotDetails": [],
"Status": "deleted",
"StatusMessage": "ClientError: Disk validation failed [Unsupported VMDK File Format]",
"Tags": []
}
]
}上面导入的vmdk格式,并未成功,后来导入的vhd成功。
导入完成
# aws ec2 describe-import-image-tasks --import-task-ids import-ami-0ab311a7d84fddee2
{
"ImportImageTasks": [
{
"Architecture": "x86_64",
"Description": "book-sync-server",
"ImageId": "ami-0e3bceeecf00f1c13",
"ImportTaskId": "import-ami-0ab311a7d84fddee2",
"LicenseType": "BYOL",
"Platform": "Linux",
"SnapshotDetails": [
{
"Description": "book-sync-service-image",
"DeviceName": "/dev/sda1",
"DiskImageSize": 41949169152.0,
"Format": "VHD",
"SnapshotId": "snap-0a52c455e54514e5f",
"Status": "completed",
"UserBucket": {
"S3Bucket": "migrate-cloud-image",
"S3Key": "book-sync-service-sysdisk.vhd"
}
}
],
"Status": "completed",
"Tags": []
}
]
}3、查看导入的镜像
在启动实例->我的AMI就可以看到我导入进来的镜像了,可以用作安装机器了。
4、取消导入映像任务
若您需要取消处于活跃状态的导入任务,请使用 cancel-import-task 命令。
aws ec2 cancel-import-task --import-task-id import-ami-0ab311a7d84fddee2 四、导入快照
aws官网:https://docs.amazonaws.cn/vm-import/latest/userguide/vmimport-import-snapshot.html
1、使用场景及条件
使用场景:我们做云迁移时候可用通过快照方式将磁盘作为 Amazon EBS 快照导入,然后从快照创建 EBS 卷,将其挂载到某个 EC2 实例,从而达到迁移数据盘数据的目的。
使用条件:
-
支持以下磁盘格式:虚拟硬盘 (VHD/VHDX)、ESX 虚拟机磁盘 (VMDK)、原始格式。
-
首先,您必须将磁盘上传到 Amazon S3。
-
具有已经安装好AWS CLI命令的实例
2、创建导入策略json文件
containers-disk.json 内容如下:(offline-data-disk.vhd s3上传步骤略,看导入镜像部分)
{
"Description": "offline-data-disk",
"Format": "vhd",
"UserBucket": {
"S3Bucket": "migrate-cloud-image",
"S3Key": "offline-data-disk.vhd"
}
}3、命令导入快照
# aws ec2 import-snapshot --description "offline-disk-data" --disk-container file://containers-disk.json
{
"Description": "offline-disk-data",
"ImportTaskId": "import-snap-0f9f1a54ae3cfaac3",
"SnapshotTaskDetail": {
"Description": "offline-disk-data",
"DiskImageSize": 0.0,
"Format": "VHD",
"Progress": "3",
"Status": "active",
"StatusMessage": "pending",
"UserBucket": {
"S3Bucket": "migrate-cloud-image",
"S3Key": "offline-data-disk.vhd"
}
}
}4、查看快照导入状态
# aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-0f9f1a54ae3cfaac3
{
"ImportSnapshotTasks": [
{
"Description": "offline-disk-data",
"ImportTaskId": "import-snap-0f9f1a54ae3cfaac3",
"SnapshotTaskDetail": {
"Description": "offline-disk-data",
"DiskImageSize": 371493888.0,
"Format": "VHD",
"SnapshotId": "snap-06f9d2432a33e00c7",
"Status": "completed",
"UserBucket": {
"S3Bucket": "migrate-cloud-image",
"S3Key": "offline-data-disk.vhd"
}
},
"Tags": []
}
]
}当状态变为completed说明导入完成。我们去后台ELASTIC BLOCK STORE->快照,就可以看到我们刚刚导入的快照了。
5、创建一个卷并将其附加到某个 EC2 实例
将卷挂载到的实例的可用区
# aws ec2 create-volume --availability-zone cn-northwest-1c --snapshot-id snap-06f9d2432a33e00c7
{
"AvailabilityZone": "cn-northwest-1c",
"CreateTime": "2020-05-17T11:35:00+00:00",
"Encrypted": false,
"Size": 101,
"SnapshotId": "snap-06f9d2432a33e00c7",
"State": "creating",
"VolumeId": "vol-0b01d8b1a69db9b1d",
"Iops": 303,
"Tags": [],
"VolumeType": "gp2"
}查看上面我们创建的卷,管理后台ELASTIC BLOCK STORE->卷
将卷关联到你的目标实例EC2
# aws ec2 attach-volume --volume-id vol-0b01d8b1a69db9b1d --instance-id i-07fec72fd87af22ff --device /dev/sdb
{
"AttachTime": "2020-05-17T11:43:01.774000+00:00",
"Device": "/dev/sdb",
"InstanceId": "i-07fec72fd87af22ff",
"State": "attaching",
"VolumeId": "vol-0b01d8b1a69db9b1d"
}EC2实例描述中查看刚挂载的卷
但是注意,最后还需要通过手动mount此卷到EC2实例
mount -t ext4 /dev/xvdb /opt# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 472M 0 472M 0% /dev
tmpfs 495M 0 495M 0% /dev/shm
tmpfs 495M 13M 482M 3% /run
tmpfs 495M 0 495M 0% /sys/fs/cgroup
/dev/xvda1 180G 161G 20G 90% /
tmpfs 99M 0 99M 0% /run/user/1000
/dev/xvdb 99G 139M 94G 1% /optps:其实将卷挂载到的实例的可用区后,我们可以在后台进行关联实例了,自己去研究吧。
五、导出镜像
官网:https://docs.amazonaws.cn/vm-import/latest/userguide/vmexport_image.html
参数S3Bucket为导出的bucket名字,S3Prefix是bucket路径
1、导出镜像到s3
# aws ec2 export-image --image-id ami-0c32dcd3405ad47eb --disk-image-format VHD --s3-export-location S3Bucket=export-image,S3Prefix=/
{
"DiskImageFormat": "vhd",
"ExportImageTaskId": "export-ami-00bfb78a9f3fce2a3",
"ImageId": "ami-0c32dcd3405ad47eb",
"RoleName": "vmimport",
"Progress": "0",
"S3ExportLocation": {
"S3Bucket": "export-image",
"S3Prefix": "/"
},
"Status": "active",
"StatusMessage": "validating"
}2、查看导出状态
# aws ec2 describe-export-image-tasks --export-image-task-ids export-ami-00bfb78a9f3fce2a3
{
"ExportImageTasks": [
{
"ExportImageTaskId": "export-ami-00bfb78a9f3fce2a3",
"Progress": "85",
"S3ExportLocation": {
"S3Bucket": "export-image",
"S3Prefix": "/"
},
"Status": "active",
"StatusMessage": "converting"
}
]
}3、取消导出映像任务
若有需要,您可以使用以下 cancel-export-task 命令取消正在进行的映像导出。
aws ec2 cancel-export-task --export-task-id export-ami-00bfb78a9f3fce2a3如果导出任务完成或正在传输最后一个磁盘映像,则该命令将失败且会返回错误。
六、aws命令上传下载
下载
/usr/local/bin/aws s3 cp s3://export-image//export-ami-00bfb78a9f3fce2a3.vhd /home/centos/
download: s3://export-image//export-ami-00bfb78a9f3fce2a3.vhd to ./export-ami-00bfb78a9f3fce2a3.vhd
七、总结
经过测试,AWS导入vmdk不成功,接口提示不支持,vmdk非加密。使用vhd格式成功导入。
{
"ImportImageTasks": [
{
"Description": "huawei server",
"ImportTaskId": "import-ami-06f701b644dc0fd77",
"SnapshotDetails": [],
"Status": "deleted",
"StatusMessage": "ClientError: Disk validation failed [Unsupported VMDK File Format]",
"Tags": []
}
]
}抛去其他因素,利用AWS导入镜像和导入快照,我们可以将业务平滑迁移。
参考:
https://mhl.xyz/Windows/aws-AMI.html
https://blog.csdn.net/weixin_33796177/article/details/92989241