Composing a customized RHEL system image

Procedure

1. Install RHEL image builder and other necessary packages:

   # dnf install image-builder cockpit-image-builder

   • image-builder is a service to build customized RHEL operating system images and enables access to the CLI interface.
   • cockpit-image-builder is a package that enables access to the Web UI interface. The web console is installed as a dependency of the cockpit-image-builder package.

2. If you want to use RHEL image builder in the web console, enable and start it.

   # systemctl enable --now cockpit.socket

   The image-builder and cockpit services start automatically on first access.

Procedure

1. Build the image, and add the extra repository to RHEL image builder:

   $ image-builder build <image-type> \
   --force-repo=<file:///path/to/my/repo> \

   Warning

   The RHEL image builder tool uses the repositories that you defined to solve all dependencies, which could cause issues for your system.

Procedure

1. Find the repository URL from your currently configured Satellite repositories:

   The following output is an example:

   https://satellite6.example.com/pulp/content/<your_org>/<your_env>/<your_cv>/content/dist/rhel10/10/x86_64/baseos/os

2. Build the image, and add the Satellite repository to RHEL image builder:

   $ image-builder build <image-type> \
   --add-repo=<file:///path/to/satellite/repo> \

Procedure

1. In the Satellite web UI, navigate to Content, locate Products, select your Product, and click the repository you want to use.
2. Search for the secured URL (HTTPS) in the Published field and copy it.
3. Use the URL that you copied as a base URL for the Red Hat image builder repository. See Adding custom third-party repositories to RHEL image builder.

1. Create a blueprint or export an existing blueprint definition to a plain text file.
2. Optional: Edit this file in a text editor.
3. Import the blueprint text file back into image builder.
4. Run a compose to build an image from the blueprint.
5. Export the image file to download it.

Procedure

1. Create a plain text file with the following contents:

   name = "<blueprint_name>"
   description = "<long_form_description>"
   version = "<0.0.1>"
   modules = []
   groups = []

   Replace <blueprint_name> and <long_form_description> with a name and description for your blueprint.

   Replace <0.0.1> with a version number according to the Semantic Versioning scheme.

2. For every package that you want to be included in the blueprint, add the following lines to the file:

   [[packages]]
   name = "<package_name>"
   version = "<package_version>"

   Replace <package_name> with the name of the package, such as httpd, gdb-doc, or coreutils.

   Optionally, replace <package_version> with the version to use. This field supports dnf version specifications:

   • For a specific version, use the exact version number such as 9.6.0.
   • For the latest available version, use the asterisk *
   • For the latest minor version, use formats such as 9.*.

3. Customize your blueprints to suit your needs. For example, disable Simultaneous Multi Threading (SMT), add the following lines to the blueprint file:

   [customizations.kernel]
   append = "nosmt=force"

   For additional customizations available, see Supported image customizations.

   Note that [] and [[]] are different data structures expressed in TOML.

   • The [customizations.kernel] header represents a single table that defines collection of keys and their corresponding value pairs, for example: append = "nosmt=force".
   • The [[packages]] header represents an array of tables. The first instance defines the array and its first table element, such as name = "package-name" and version = "package-version". Each subsequent instance adds a new element in the order that you define them.
4. Save the file, for example, as <blueprint_name>.toml and close the text editor.

Procedure

1. Optional: List the image formats you can create:

   # image-builder list

2. Start the compose:

   # image-builder build <image_type> --blueprint <blueprint_name>

   • Replace <blueprint_name> with the name of the blueprint, and <image_type> with the type of the image.
   • If you do not specify a distro, image-builder uses the same distribution and version as the host system.

Procedure

1. Create a kernel.json file to include the RT kernel repository:

       {
         "name": "kernel-rt",
         "baseurl": "https://cdn.redhat.com/content/dist/rhel10/10/x86_64/rt/os",
         "gpgkey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBEr………fg==\n=UZd/\n-----END PGP PUBLIC KEY BLOCK-----\n",
         "rhsm": true,
         "check_gpg": true
       },

2. Create a blueprint. In the blueprint, add the "[customizations.kernel]" customization. The following is an example that contains the "[customizations.kernel]" in the blueprint:

   name = "rt-kernel-image"
   description = ""
   version = "2.0.0"
   modules = []
   groups = []
   distro = "rhel-10.0"
   [[customizations.user]]
   name = "admin"
   password = "admin"
   groups = ["users", "wheel"]
   [customizations.kernel]
   name = "kernel-rt"
   append = ""

3. Build your image from the blueprint you created. The following example builds a .qcow2 image:

   # image-builder build qcow2 -- blueprint rt-kernel-image --data-dir kernel.json

4. Deploy the image that you built to the system where you want to use the real-time kernel features.

Procedure

1. On the host, open https://localhost:9090/ in a web browser.
2. Log in to the web console as the root user.

3. To display the RHEL image builder controls, click the Image Builder button, in the upper-left corner of the window.

   The RHEL image builder dashboard opens, listing existing blueprints, if any.

Procedure

1. Click Create Blueprint. On the Image output page, select Release version, Architecture, and target environment, then click Next.
2. Optional: On the File system configuration page, select Manually configure partitions to add mount points, such as /var, /home, /tmp and specify Minimum size partition. Click Next.
3. Optional: On the Additional packages page, search for packages, move them to Chosen packages, then click Next.
4. Optional: On the Users page, click Add user to enter a Username, a Password, an SSH key, and Administrator privileges. Click Next
5. Optional: On the Timezone page, enter a time zone, for example, "US/Eastern" and NTP servers. Click Next.
6. Optional: On the Locale page, enter the languages and keyboard identifier. For example: "us" and ["en_US.UTF-8"]. Click Next.
7. Optional: On the Hostname and Kernel pages, add a hostname, and kernel command-line arguments. Click Next after each page.
8. Optional: On the Firewall and Systemd services pages, configure port, firewall services, and systemd services to enable or disable. Click Next after each page.
9. On the Details page, enter the blueprint name and optional description, then click Next.
10. On the Review page, review the details and click Create blueprint or Create blueprint and build image(s).

Procedure

1. On the RHEL image builder dashboard, click Import blueprint. The Import blueprint wizard opens.
2. From the Upload field, either drag or upload an existing blueprint. This blueprint can be in either TOML or JSON format.
3. Click Import. The dashboard lists the blueprint you imported.

Procedure

1. On the image builder dashboard, select the blueprint you want to export.
2. Click Export blueprint. The Export blueprint wizard opens.

3. Click the Export button to download the blueprint as a file or click the Copy button to copy the blueprint to the clipboard.

   1. Optional: Click the Copy button to copy the blueprint.

Procedure

1. In the RHEL image builder dashboard, click the blueprint tab.
2. On the blueprint table, find the blueprint you want to build an image.
3. On the right side of the chosen blueprint, click Create Image. The Create image dialog wizard opens.

4. On the Image output page, complete the following steps:

   1. From the Select a blueprint list, select the image type you want.

   2. From the Image output type list, select the image output type you want.

      Depending on the image type you select, you need to add further details.

5. Click Next.

6. On the Review page, review the details about the image creation and click Create image.

   The image build starts and takes up to 20 minutes to complete.

Procedure

1. Create the ISO image:

   # image-builder build iso --blueprint <blueprint_name>

   • <blueprint_name> with the name of the blueprint you created

   • <image_installer> is the image type

     The compose process starts and might take some minutes complete.

     RHEL image builder builds an .iso file that contains a .tar file. The .tar file is the image that is installed for the operating system. The .iso is set up to boot Anaconda and install the .tar file to set up the system.

1. Locate the .iso image that you built.

2. Mount the ISO image.

   $ mount -o ro <path_to_iso> /mnt

   You can find the .tar file at the /mnt/liveimg.tar.gz directory.

3. List the .tar file content:

   $ tar ztvf /mnt/liveimg.tar.gz

Procedure

1. On the RHEL image builder dashboard, locate the blueprint that you want to use to build your image. Optionally, enter the blueprint name or a part of it into the search box at the upper left, and click Enter.

2. On the right side of the blueprint, click the corresponding Create Image button.

   The Create image dialog wizard opens.

3. On the Create image dialog wizard:

   1. In the Image Type list, select "RHEL Installer (.iso)".
   2. Click Next.

   3. On the Review tab, click Create.

      After the build process is complete, you can see the image build complete status.

1. Click Download to save the "RHEL Installer (.iso)" image to your system.
2. Navigate to the folder where you downloaded the "RHEL Installer (.iso)" image.
3. Locate the .tar image you downloaded.

4. Extract the "RHEL Installer (.iso)" image content.

   $ tar -xf <content>.tar

Procedure

1. Write the bootable ISO image directly to the USB drive using the dd tool. For example:

   dd if=installer.iso of=/dev/sdX

   Where installer.iso is the ISO image file name and /dev/sdX is your USB flash drive device path.

2. Insert the flash drive into a USB port of the computer you want to boot.

3. Boot the ISO image from the USB flash drive.

   When the installation environment starts, you might need to complete the installation manually, similarly to the default Red Hat Enterprise Linux installation.

Procedure

1. Create a hardening blueprint in the Tom’s Obvious Minimal Language (TOML) format, using the OpenSCAP tool and scap-security-guide content, and modify it if necessary:

   # oscap xccdf generate fix --profile=<profileID> --fix-type=<blueprint> /usr/share/xml/scap/ssg/content/ssg-rhel10-ds.xml > cis.toml

   Replace <profileID> with the profile ID that the system should comply with, for example, cis.

2. Start the build of hardened image:

   # image-builder build <image_type> --blueprint <blueprint_name>

   Replace <image_type> with any image type, for example, qcow2.

   After the image build is ready, you can use your pre-hardened image on your deployments. See Creating a virtual machine from a Kernel-based Virtual Machine (KVM) guest image.

Procedure

1. Create a hardening blueprint in the TOML format from a selected profile. For example:

   # oscap xccdf generate fix --profile=<profileID> --fix-type=blueprint /usr/share/xml/scap/ssg/content/ssg-rhel10-ds.xml > <profileID>tailored.toml

2. Append the tailoring section with the customized rule set to the blueprint. The tailoring customization only affects the default selected or unselected state of rules in the base profile without changing the state of other rules.

   # Blueprint for CIS Red Hat Enterprise Linux 10.0 Benchmark for Level 2 - Server
   # ...
   [customizations.openscap.tailoring]
   selected = [ "xccdf_org.ssgproject.content_bind_crypto_policy" ]
   unselected = [ "grub2_password" ]

3. Start the build of a hardened image:

   # *image-builder build <image_type> --blueprint <blueprintProfileID> *

   Replace <image_type> with any image type, for example, qcow2.

   After the image build is ready, use your pre-hardened image on your deployments.

Procedure

1. Click the blueprint name you created.
2. Select the tab Images.
3. Click Create Image to create your customized image. The Create Image window opens.
4. From the Type drop-down menu list, select QEMU Image(.qcow2).
5. Set the size that you want the image to be when instantiated and click Create.
6. A small pop-up on the upper right side of the window informs you that the image creation has been added to the queue. After the image creation process is complete, you can see the Image build complete status.

Procedure

1. Move the .qcow2 image that you created by using RHEL image builder to the /var/lib/libvirt/images/ directory.

2. Create a directory, for example, cloudinitiso, and navigate to this newly created directory:

   $ mkdir cloudinitiso
   $ cd cloudinitiso

3. Create a file named meta-data. Add the following information to this file:

   instance-id: citest
   local-hostname: vmname

4. Create a file named user-data. Add the following information to the file:

   # cloud-config
   user: admin
   password: password
   chpasswd: {expire: False}
   ssh_pwauth: True
   ssh_authorized_keys:
     - ssh-rsa AAA...fhHQ== your.email@example.com

   ssh_authorized_keys is your SSH public key. You can find your SSH public key in ~/.ssh/id_rsa.pub\.

5. Use the genisoimage utility to create an ISO image that includes the user-data and meta-data files.

   # genisoimage -output cloud-init.iso -volid cidata -joliet -rock user-data meta-data
   
   I: -input-charset not specified, using utf-8 (detected in locale settings)
   Total translation table size: 0
   Total rockridge attributes bytes: 331
   Total directory bytes: 0
   Path table size(bytes): 10
   Max brk space used 0
   183 extents written (0 MB)

6. Create a new VM from the KVM Guest Image by using the virt-install command. Include the ISO image you created in step 4 as an attachment to the VM image.

   # virt-install \
       --memory 4096 \
       --vcpus 4 \
       --name myvm \
       --disk rhel-10-x86_64-kvm.qcow2,device=disk,bus=virtio,format=qcow2 \
       --disk cloud-init.iso,device=cdrom \
       --os-variant rhel 10 \
       --virt-type kvm \
       --graphics none \
       --import

   • --graphics none means it is a headless RHEL 10 VM.
   • --vcpus 4 means that it uses 4 virtual CPUs.
   • --memory 4096 means it uses 4096 MB RAM.

7. The VM installation starts:

   Starting install...
   Connected to domain mytestcivm
   ...
   [  OK  ] Started Execute cloud user/final scripts.
   [  OK  ] Reached target Cloud-init target.
   
   Red Hat Enterprise Linux 10 (Ootpa)
   Kernel 4.18.0-221.el8.x86_64 on an x86_64

1. Enter admin as a username and press Enter.

2. Enter password as password and press Enter.

   After the login authentication is complete, you have access to the VM by using the CLI.

Procedure

1. Build the Vagrant box image:

   • For libvirt:

     $ sudo image-builder build --distro rhel-10.0 vagrant-libvirt

   • For VirtualBox:

     $ sudo image-builder build - -distro <distro-name> vagrant-virtualbox

     This creates a .box file.

2. Import the new .box file to your local Vagrant environment. You must explicitly set the provider to virtualbox because it is not the standard provider.

   $ vagrant box add --provider=virtualbox <path/to/box> --name=<box-name>

   Replace path/to/image-name.box with the actual path to your file and <box_name> with a name such as rhel10-vagrant.

3. Create a new directory for your project, and initialize Vagrant:

   $ mkdir <my_vagrant_project>
   $ cd <my_vagrant_project>
   $ vagrant init <box-name>

   This creates the Vagrantfile configuration file and sets its default box to <box-name>.

4. Launch the virtual machine by using Vagrant:

   $ vagrant up

Procedure

1. Set up a registry-config.toml file to select the container provider. The credentials are optional.

   provider = "<container_provider>"
   [settings]
   tls_verify = false
   username = "<admin>"
   password = "<your_password>"

2. Create a blueprint in the .toml format. This is a blueprint for the container in which you install an nginx package into the blueprint.

   name = "simple-container"
   description = "Simple RHEL container"
   version = "0.0.1"
   [[packages]]
   name = "nginx"
   version = "*"

3. Build the container image, by passing the registry and the repository to the image-builder tool as arguments.

   # image-builder build --blueprint <simple-container> --extra-repo "quay.io:8080/<namespace>/<repository>" --extra-repo registry-config.toml

   Note

   Building the container image takes time because of resolving dependencies of the customized packages.

4. After the image build finishes, the container you created is available in quay.io.

Verification

1. Open quay.io and click Repository Tags. You can see details about the container you created, such as:

   • Last modified
   • Image size
   • The manifest ID that you can copy to the clipboard.
2. Copy the manifest ID value to build the image in which you want to embed a container.

Procedure

1. Create a blueprint to build a qcow2 image. The blueprint must contain the [[containers]] customization.

   name = "image"
   description = "A qcow2 image with a container"
   version = "0.0.1"
   distro = "rhel-10"
   [[packages]]
   name = "podman"
   version = "*"
   [[containers]]
   source = "registry.access.redhat.com/ubi10:8080/image/container/container-image@sha256:manifest-ID-from-Repository-tag: tag-version"
   name =  "source"
   tls-verify = true

2. Build the container image:

   # image-builder build qcow2 --blueprint <blueprint>

   Note

   Building the image takes time because it checks the container on quay.io registry.

   You can use the qcow2 image you created and downloaded to create a VM.

Verification

1. Locate the resulting qcow2 image.
2. Start the qcow2 image in a VM. See Creating a virtual machine from a KVM guest image.
3. The qemu wizard opens. Log in to the qcow2 image by entering the username and password. These can be the username and password you set up in the .qcow2 blueprint in the customizations.user section, or created at boot time with cloud-init.

4. Run the container image and open a shell prompt inside the container:

   # podman run -it registry.access.redhat.com/ubi10:8080/<organization>/<repository>/bin/bash/

   registry.access.redhat.com is the target registry, <organization> is the organization, and repository is the location to push the container when it finishes building.

5. Check that the packages you added to the blueprint are available:

   # type -a nginx

   The output shows you the nginx package path.

Procedure

1. Install Python 3 and the pip tool:

   # dnf install python3 python3-pip

2. Install the AWS command-line tools with pip:

   # pip3 install awscli

3. Set your profile. The terminal prompts you to provide your credentials, region, and output format:

   $ aws configure
   AWS Access Key ID [None]:
   AWS Secret Access Key [None]:
   Default region name [None]:
   Default output format [None]:

4. Define a name for your bucket and create a bucket:

   $ BUCKET=bucketname
   $ aws s3 mb s3://$BUCKET

   Replace bucketname with the actual bucket name. It must be a globally unique name. As a result, your bucket is created.

5. To grant Simple Storage Service (S3) access permission, create a vmimport role in the AWS Identity and Access Management (IAM), if you have not already.

   1. Create a trust-policy.json file with the trust policy configuration in JSON format. For example:

      {
          "Version": "2022-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Principal": {
                  "Service": "vmie.amazonaws.com"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      "sts:Externalid": "vmimport"
                  }
              }
          }]
      }

   2. Create a role-policy.json file with the role policy configuration, in the JSON format. For example:

      {
          "Version": "2012-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Action": ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket"],
              "Resource": ["arn:aws:s3:::%s", "arn:aws:s3:::%s/"] }, { "Effect": "Allow", "Action": ["ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe"],
              "Resource": "*"
          }]
      }
      $BUCKET $BUCKET

   3. Create a role for your Amazon Web Services account, by using the trust-policy.json file:

      $ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

   4. Embed an inline policy document by using the role-policy.json file:

      $ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Procedure

1. Build the image:

   # image-builder build ami \
   --blueprint blueprint-name \
   --aws-region us-east-1 \
   --aws-bucket <example-bucket> \
   --aws-ami-name <image-name> \

2. Upload the image to AWS:

   # image-builder upload <image-name> \

Verification

1. Confirm the image upload by accessing EC2 in the AWS console and selecting the correct region.
2. On the dashboard, select your image and click Launch.

Procedure

1. In the RHEL image builder dashboard, select your blueprint in blueprint name. Select the Images tab, and click Create Image.
2. From the Type drop-down menu list, select Amazon Machine Image Disk (.raw), check Upload to AWS, and click Next.

3. Enter your AWS access key ID and AWS secret access key in the corresponding fields. Click Next.

   Note

   If you do not know your Secret Key, generate a new Access Key ID.

4. Enter the Image name`, Amazon S3 bucket name, and AWS region, then click Next.
5. Review the information and click Finish. Wait for the Image build complete status.
6. In the AWS console, navigate to Service→EC2, select the correct region, and verify your image shows Available status.
7. Select your image, click Launch, choose an instance type, and click Review and Launch.

8. Review instance details, click Launch, then select or create a key pair:

   • To create a new key pair, select Create a new key pair, enter a name, and click Download Key Pair.
9. Click Launch Instance and wait the instance status to change to running.

10. Click Connect, then use SSH to access your instance:

    $ chmod 400 <your_instance_name>.pem
    $ ssh -i <your-instance_name>.pem ec2-user@<your-instance-IP-address>

    1. Type yes to confirm the connection.

Procedure

1. Import the Microsoft repository key:

   $ sudo rpm --import https://packages.microsoft.com/keys/microsoft-2025.asc

2. Create a packages-microsoft-com-prod repository:

   [azure-cli]
   name=Azure CLI
   baseurl=https://packages.microsoft.com/yumrepos/packages.microsoft.com/rhel/10/prod/
   enabled=1
   gpgcheck=1
   gpgkey=https://packages.microsoft.com/keys/microsoft.asc

3. Install Microsoft Azure CLI. The downloaded version of the Microsoft Azure CLI package can vary depending on the currently available version.

   $ sudo dnf install azure-cli

4. Run Microsoft Azure CLI:

   $ az login

   The terminal shows the following message: Note, we have launched a browser for you to login. For old experience with device code, use az login --use-device-code. Then, the terminal opens the Login from where you can log in.

   Note

   If you are running a remote (SSH) session, the login page link does not open in the browser. In this case, you can copy the link to a browser and log in to authenticate your remote session. To sign in, use a web browser to open the Login page and enter the device code to authenticate.

5. List the keys for the storage account in Microsoft Azure and make note of the value key1 from the output of the previous command.

   $ az storage account keys list --resource-group <resource_group_name> --account-name <account_name>

   Replace resource-group-name with the name of your Microsoft Azure resource group and storage-account-name with the name of your Microsoft Azure storage account.

   1. To list the available resources using the following command:

      $ az resource list

6. Create a storage container:

   $ az storage container create --account-name <storage_account_name> \
   --account-key <key1_value> --name <storage_account_name>

   Replace storage-account-name with the name of the storage account.

Procedure

1. Create a azure.toml blueprint, and add the following information to it:

   provider = "azure"
   
   [settings]
   storageAccount = "<your-storage-account-name>"
   storageAccessKey = "<storage-access-key-you-copied-in-the-Azure-portal>"
   container = "<your-storage-container-name>"

2. Build the image, passing the following arguments:

   $ image-builder build <your-blueprint> vhd <your-image-key> azure.toml

   Replace <your-image-key> with the name of the image that you want.

3. Push the image to Microsoft Azure and create an instance from it:

   $ az storage blob upload --account-name <account-name> --container-name <container-name> --file <image-disk>.vhd --name image-disk.vhd --type page

4. After the upload to the Microsoft Azure Blob storage completes, create a Microsoft Azure image from it. The images that you create with RHEL image builder generate hybrid images that support V1 = BIOS and V2 = UEFI. Use --hyper-v-generation to specify instance type. V1 is the default.

   $ az image create --resource-group resource_group_name --name image-disk.vhd --os-type linux --location location \
   --source https://$account_name.blob.core.windows.net/container_name/image-disk.vhd
   - Running

Verification

1. Create an instance either with the Microsoft Azure portal, or a command similar to the following:

   $ az vm create --resource-group resource_group_name --location location --name vm_name --image image-disk.vhd(--admin-username azure-user --generate-ssh-keys*
   - Running

2. Use your private key by using SSH to access the resulting instance. Log in as azure-user.

Procedure

1. In the RHEL image builder dashboard, select your blueprint, click the Images tab, and click Create Image to create your customized .vhd image.
2. Select Microsoft Azure (.vhd) from the Type drop-down, check Upload to Azure, enter the Image Size, and click Next.
3. Enter your Storage account name and your Storage access key then, click Next.
4. Review the configuration and click Create. The RHEL image builder and upload processes start.
5. In the Microsoft Azure portal navigate to Storage accounts > Containers and verify if your .vhd is present.

Verification

1. In the Azure portal search bar, type Images and click +Create. Configure the following details:

   • Select your resource group and enter an image name.
   • Set OS type to Linux and VM generation to Gen 2.
   • Under Storage Blob, browse to select your VHD file.
   • Choose an Account Type, for example, Standard SSD.
2. Click Review + Create, and then Create. Wait for the image creation to complete.
3. Click Go to resource, then click Create VM. Enter a VM name, configure the Size and Administrator account sections, then click Review + Create and Create.

4. After the deployment finishes, retrieve the public IP address and connect by using SSH.

   $ ssh <username>@<public-IP-address>

Procedure

1. In the RHEL image builder dashboard, click the Blueprint tab.
2. On the blueprint table, find the blueprint you want to build an image.
3. On the right side of the chosen blueprint, click Create Image. The Create image dialog wizard opens.

4. On the Image output page, complete the following steps:

   1. From the Select a blueprint list, select the image type you want.
   2. From the Image output type list, select the image output type you want.
   3. Optional: Check Upload to VMware checkbox to upload the image directly to VMware.
   4. Enter a size for the image.
   5. Click Next.

5. On the Upload to VMware page, enter the following information:

   1. Image name: Enter the image name.
   2. Host: Enter the VMware vSphere instance URL where you want to upload the image file.
   3. Cluster: Enter the cluster name page where you want to upload the image.
   4. Datacenter: The data center name where you want to upload the image.
   5. Datastore: The data store name where you want to upload the image.
   6. Folder: Folder name where you want to upload the image.
   7. Click Next.

6. On the Review page, review the details about the image creation and click Create.

   The image creation starts, showing the progress of this image creation and the subsequent upload to the VMware vSphere client.

Procedure

1. Configure the following values in the user environment with the GOVC environment variables:

   GOVC_URL
   GOVC_DATACENTER
   GOVC_FOLDER
   GOVC_DATASTORE
   GOVC_RESOURCE_POOL
   GOVC_NETWORK

2. Navigate to the directory where you downloaded your VMware vSphere image.

3. Launch the VMware vSphere image on vSphere by following the steps:

   1. Import the VMware vSphere image into vSphere:

      $ govc import.vmdk ./api.vmdk <folder-name>

      • For the .ova format:

        $ govc import.ova ./api.ova <folder-name>

   2. Create the VM in vSphere without powering it on:

      govc vm.create \
      -net.adapter=vmxnet3 \
      -m=4096 -c=2 -g=rhel8_64Guest \
      -firmware=efi -disk="<folder-name>/api.vmdk” \
      -disk.controller=scsi -on=false \
       vmname

      For the .ova format, replace the line -firmware=efi -disk="folder_name/api.vmdk” with -firmware=efi -disk=”<folder-name>/api.ova”

   3. Power-on the VM:

      $ govc vm.power -on <vm-name>

   4. Retrieve the VM IP address:

      $ govc vm.ip <vm-name>

   5. Use SSH to log in to the VM, using the username and password you specified in your blueprint:

      $ ssh admin@ <vm-ip-address>

      Note

      Using images copied with the govc datastore.upload command is not supported. The vSphere GUI does not support import.vmdk command or direct, so .vmdk images are not usable from the vSphere GUI.

Procedure

1. For the blueprint you created, click the Images tab .

2. Click Create Image to create your customized image.

   The Image type window opens.

3. In the Image type window:

   1. From the dropdown menu, select the Type: VMware vSphere (.vmdk).
   2. Check the Upload to VMware checkbox to upload your image to vSphere.
   3. Optional: Set the size of the image you want to instantiate. The minimal default size is 2 GB.
   4. Click Next.

4. In the Upload to VMware window, under Authentication, enter the following details:

   1. Username: username of the vSphere account.
   2. Password: password of the vSphere account.

5. In the Upload to VMware window, under Destination, enter the following details about the image upload destination:

   1. Image name: a name for the image.
   2. Host: The URL of your VMware vSphere.
   3. Cluster: The name of the cluster.
   4. Data center: The name of the data center.
   5. Data store: The name of the Data store.
   6. Click Next.

6. In the Review window, review the details of the image creation and click Finish.

   You can click Back to modify any incorrect details.

   RHEL image builder adds the compose of a RHEL vSphere image to the queue, and creates and uploads the image to the Cluster on the vSphere instance you specified.

   After the process is complete, you can see the Image build complete status.

Verification

1. Create a Virtual Machine (VM) from the image you uploaded and log in to it.
2. Access VMware vSphere Client and search for the image in the Cluster.
3. Select the image, open its menu, and click New Virtual Machine.

4. In the New Virtual Machine window, configure the following details:

   1. Select New Virtual Machine, and specify a name and a folder for your VM.
   2. Select a computer resource and storage. For example, select NFS-Node1.
   3. Select compatibility, BIOS only, a guest operating system. For example, Linux and Red Hat Fedora (64-bit).
   4. In Customize hardware, delete the default New Hard Disk and select an Existing Hard Disk disk image:
5. Review the configuration and click Finish.
6. Navigate to the VMs tab, select the VM, and click Start.
7. Log in with the credentials you created in the blueprint.

8. Optional: Verify that the packages you added to the blueprint are installed. For example:

   $ rpm -qa | grep firefox

Procedure

1. Use a text editor to create a gcp-config.toml configuration file with the following content:

   provider = "gcp"
   [settings]
   bucket = "<gcp_bucket>"
   region = "<gcp_storage_region>"
   object = "<object_key>"
   credentials = "<gcp_credentials>"

   • <gcp_bucket> points to an existing bucket. This field stores the intermediate storage object of the image to be uploaded.
   • <gcp_storage_region> is both a regular Google storage region and a dual or multi-region.
   • <object_key> is the name of an intermediate storage object. It must not exist before the upload, and when the upload process finishes, it is deleted . If the object name does not end with .tar.gz, the object name automatically adds the extension.

   • <gcp_credentials> is a Base64-encoded scheme of the credentials JSON file downloaded from Google Cloud. The credentials determine which project the Google Cloud uploads the image to.

     Note

     Specifying <gcp_credentials> in the gcp-config.toml file is optional if you use a different mechanism to authenticate with Google Cloud. For other authentication methods, see Authenticating with Google Cloud.

2. Retrieve the <gcp_credentials> from the JSON file downloaded from Google Cloud.

   $ sudo base64 -w 0 cee-gcp-nasa-476a1fa485b7.json

3. Create a compose with an additional image name and cloud provider profile:

   $ sudo image-builder build gce --blueprint <blueprint_name> <image_key> gcp-config.toml

   The image build, upload, and cloud registration processes can take up to ten minutes to complete.

1. Credentials specified with the image-builder command in the configuration file.

2. Application Default Credentials from the Google Cloud SDK library, which tries to automatically find a way to authenticate by using the following options:

   1. If you set the GOOGLE_APPLICATION_CREDENTIALS environment variable, Application Default Credentials tries to load and use credentials from the file that the variable points to.

   2. Application Default Credentials tries to authenticate by using the service account attached to the resource that is running the code. For example, Google Compute Engine VM.

      Note

      You must use the Google Cloud credentials to determine which Google Cloud project to upload the images to. To upload to different projects, specify the credentials in gcp-config.toml with the image-builder command.

Procedure

1. Open the RHEL image builder interface of the web console in a browser.
2. Click Create blueprint. The Create blueprint wizard opens.
3. On the Details page, enter a name for the blueprint, and optionally, a description. Click Next.
4. On the Packages page, select the components and packages that you want to include in the image. Click Next.
5. On the Customizations page, configure the customizations that you want for your blueprint. Click Next.
6. On the Review page, click Create.
7. To create an image, click Create Image. The Create image wizard opens.

8. On the Image output page, complete the following steps:

   1. From the "Select a blueprint" drop-down menu, select the blueprint you want.
   2. From the "Image output type" drop-down menu, select Oracle Cloud Infrastructure (.qcow2).
   3. Check the Upload to OCI checkbox to upload your image to the OCI.
   4. Enter the "image size". Click Next.

9. On the Upload to OCI - Authentication page, enter the following mandatory details:

   1. User OCID: You can find it in the Console on the page showing the user’s details.
   2. Private key

10. On the Upload to OCI - Destination page, enter the following mandatory details and click Next.

    • Image name: a name for the image that you want to upload.
    • OCI bucket
    • Bucket namespace
    • Bucket region
    • Bucket compartment
    • Bucket tenancy

11. Review the details in the wizard and click Finish.

    RHEL image builder adds the compose of a RHEL .qcow2 image to the queue.

Verification

1. Access the OCI dashboard and click Custom Images.
2. Select the Compartment you specified for the image and locate the image in the Import image table.
3. Click the image name and verify the image information.

Procedure

1. Start the compose of a QCOW2 image.

   # image-builder build qcow2 --blueprint blueprint_name

2. Access the OpenStack dashboard and click +Create Image.
3. On the left menu, select the Admin tab.

4. From the System Panel, click Image.

   The Create An Image wizard opens.

5. In the Create An Image wizard:

   1. Enter a name for the image
   2. Click Browse to upload the QCOW2 image.
   3. From the Format dropdown list, select the QCOW2 - QEMU Emulator.
   4. Click Create Image.

6. On the left menu, select the Project tab.

   1. From the Compute menu, select Instances.

   2. Click the Launch Instance button.

      The Launch Instance wizard opens.

   3. On the Details page, enter a name for the instance. Click Next.
   4. On the Source page, select the name of the image you uploaded. Click Next.
   5. On the Flavor page, select the machine resources that best fit your needs. Click Launch.
7. You can run the image instance using any mechanism such as the CLI or OpenStack web UI from the image. Use your private key by using SSH to access the resulting instance. Log in as cloud-user.

Procedure

1. Log in to the ECS console.
2. On the left-side menu, select Instances.
3. In the upper-right corner, click Create Instance. A new window opens.
4. Complete all the required information. See Creating an instance by using the custom launch for more details.

5. Click Create Instance and confirm the order.

   Note

   You can see the option Create Order instead of Create Instance, depending on your subscription.

   As a result, you have an active instance ready for deployment from the Alibaba ECS Console.

Procedure

1. Log in to the ECS console, click Images, then click Import Image. A dialog window opens.
2. Confirm the correct region and enter the following information:

Procedure

1. Log in to the OSS console.
2. In the Bucket menu on the left, select the bucket to which you want to upload an image.
3. In the upper right menu, click the Files tab.

4. Click Upload. A dialog window opens on the right side. Configure the following:

   • Upload To: Choose to upload the file to the Current directory or to a Specified directory.
   • File ACL: Choose the type of permission of the uploaded file.
5. Click Upload.
6. Select the image you want to upload to the OSS Console.
7. Click Open.

Procedure

1. Connect to the system containing the image that you want to check by using the Alibaba image_check tool.

2. Download the image_check tool:

   $ curl -O https://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/73848/cn_zh/1557459863884/image_check

3. Change the file permission of the image compliance tool:

   # chmod +x image_check

4. Run the command to start the image compliance tool checkup:

   # ./image_check

   The tool verifies the system configuration and generates a report that in your screen. The image_check tool saves this report in the same folder where the image compliance tool is running.