Custom RHEL5.5 EC2 images will not boot after creation
Environment
- Red Hat Enterprise Linux (RHEL) 5.5 Starter images in Amazon Web Services EC2(Elastic Compute Cloud)
Issue
- After bundling a custom image based on the RHEL5.5 starter images, the new images will not instantiate.
Resolution
Red Hat is aware of the issue, and is working on a permanent solution. In the meantime, a custom image with working selinux may be created as follows.
- Start up a new, unmodified instance of an official RHEL5.5 starter image.
Edit the /etc/selinux/config
file and set it to disabled.- Use the
setenforce 0
command to set selinux to permissive mode. - Customize the image to meet your needs.
- Rebundle, upload and register the new image.
- Launch an instance of the new image, and check the console output to ensure there are no errors.
- Login to the instance, and edit /etc/selinux/config to set it to permissive mode.
- Touch the file /.autorelabel
- Reboot the instance from the AWS management console or use 'reboot' command.
- After successful reboot, login and look to see if the /.autorelabel file is there. If it is not then the relabel was successful.
- Now use the 'setenforce 1' command to change selinux to enforcing mode.
-
Sestatus should return the following:
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: permissive Policy version: 21 Policy from config file: targeted
-
vi /etc/selinux/config
file and set it to enforcing. - Reboot the instance one last time and now the sestatus command should report back that selinux is enabled and in enforcing mode.
Root Cause
- The ec2-bundle-vol binary provided by Amazon Web Services via the ec2-ami-tools package uses the RHEL rsync command to copy over an instance's filesystem during the custom image creation. During this process, the selinux context of the files is not transferred over. The RHEL5.5 starter images we have recently posted are the very first images to have selinux enabled. As a result, any custom images based on the RHEL5.5 starter images with selinux enabled fail to boot. This issue does not affect any Red Hat images based on RHEL5.4 or earlier.
Diagnostic Steps
- Messages similar to the following will be seen in the instance logs of the Amazon Management Console.
/sbin/agetty: error while loading shared libraries: libc.so.6: cannot open shared object file: Permission denied /sbin/agetty: error while loading shared libraries: libc.so.6: cannot open shared object file: Permission denied /sbin/agetty: error while loading shared libraries: libc.so.6: cannot open shared object file: Permission denied
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments