Red Hat SummitChapter 6. Deploying the RHEL bootc images
You can deploy the rhel-bootc container image by using the following different mechanisms.
- Anaconda
-
bootc-image-builder -
bootc install
The following bootc image types are available:
Disk images that you generated by using the
bootc image-buildersuch as:- QCOW2 (QEMU copy-on-write, virtual disk)
- Raw (Mac Format)
- AMI (Amazon Cloud)
- ISO: Unattended installation method, by using an USB Sticks or Install-on-boot.
After you have created a layered image that you can deploy, there are several ways that the image can be installed to a host:
You can use RHEL installer and Kickstart to install the layered image to a bare metal system, by using the following mechanisms:
- Deploy by using USB
- PXE
-
You can also use
bootc-image-builderto convert the container image to a bootc image and deploy it to a bare metal or to a cloud environment.
The installation method happens only one time. After you deploy your image, any future updates will apply directly from the container registry as the updates are published.
Figure 6.1. Deploying a bootc image by using a basic build installer bootc install, or deploying a container image by using Anaconda and Kickstart
Figure 6.2. Using bootc-image-builder to create disk images from bootc images and deploying disk images in different environments, such as the edge, servers, and clouds by using Anaconda, bootc-image-builder or bootc install
6.1. Deploying a container image by using KVM with a QCOW2 disk image
After creating a QEMU disk image from a RHEL bootc image by using the bootc-image-builder tool, you can use a virtualization software to boot it.
Prerequisites
- You created a container image. See Creating QCOW2 images by using bootc-image-builder.
- You pushed the container image to an accessible repository.
Procedure
Run the container image that you create by using either
libvirt. See Creating virtual machines by using the command line for more details.The following example uses
libvirt:sudo virt-install \ --name bootc \ --memory 4096 \ --vcpus 2 \ --disk qcow2/disk.qcow2 \ --import \ --os-variant rhel10-unknown
$ sudo virt-install \ --name bootc \ --memory 4096 \ --vcpus 2 \ --disk qcow2/disk.qcow2 \ --import \ --os-variant rhel10-unknownCopy to Clipboard Copied!
Verification
- Connect to the VM in which you are running the container image. See Configuring bridges on a network bond to connect virtual machines with the network for more details.
6.2. Deploying a container image and creating a RHEL virtual machine in vSphere
After creating a Virtual Machine Disk (VMDK) from a RHEL bootc image by using the bootc-image-builder tool, you can deploy it to VMware vSphere by using the vSphere GUI client. The deployment creates a VM which can be customized further before booting.
Prerequisites
- You created a container image. See Creating QCOW2 images by using bootc-image-builder.
- You pushed the container image to an accessible repository.
You configured the govc VMware CLI tool client. To use the govc VMware CLI tool client, you must set the following values in the environment:
- GOVC_URL
- GOVC_DATACENTER
- GOVC_FOLDER
- GOVC_DATASTORE
- GOVC_RESOURCE_POOL
- GOVC_NETWORK
Procedure
Create a
metadata.yamlfile and add the following information to this file:instance-id: cloud-vm local-hostname: vmname
instance-id: cloud-vm local-hostname: vmnameCopy to Clipboard Copied! Create a
userdata.yamfile and add the following information to the file:#cloud-config users: - name: admin sudo: "ALL=(ALL) NOPASSWD:ALL" ssh_authorized_keys: - ssh-rsa AAA...fhHQ== your.email@example.com
#cloud-config users: - name: admin sudo: "ALL=(ALL) NOPASSWD:ALL" ssh_authorized_keys: - ssh-rsa AAA...fhHQ== your.email@example.comCopy to Clipboard Copied! ssh_authorized_keysis your SSH public key. You can find your SSH public key in~/.ssh/id_rsa.pub.Export the
metadata.yamlanduserdata.yamlfiles to the environment, compressed withgzip, encoded inbase64as follows. You will use these files in further steps.export METADATA=$(gzip -c9 <metadata.yaml | { base64 -w0 2>/dev/null || base64; }) \ USERDATA=$(gzip -c9 <userdata.yaml | { base64 -w0 2>/dev/null || base64; })export METADATA=$(gzip -c9 <metadata.yaml | { base64 -w0 2>/dev/null || base64; }) \ USERDATA=$(gzip -c9 <userdata.yaml | { base64 -w0 2>/dev/null || base64; })Copy to Clipboard Copied! Launch the image on vSphere with the
metadata.yamlanduserdata.yamlfiles:Import the
.vmdkimage in to vSphere:govc import.vmdk ./composer-api.vmdk <_foldername_>
$ govc import.vmdk ./composer-api.vmdk <_foldername_>Copy to Clipboard Copied! Create the VM in vSphere without powering it on:
govc vm.create \ -net.adapter=vmxnet3 \ -m=4096 -c=2 -g=rhel8_64Guest \ -firmware=bios -disk=”foldername/composer-api.vmdk” \ -disk.controller=ide -on=false \ vmname
govc vm.create \ -net.adapter=vmxnet3 \ -m=4096 -c=2 -g=rhel8_64Guest \ -firmware=bios -disk=”foldername/composer-api.vmdk” \ -disk.controller=ide -on=false \ vmnameCopy to Clipboard Copied! Change the VM to add ExtraConfig variables, the cloud-init config:
govc vm.change -vm vmname \ -e guestinfo.metadata="${METADATA}" \ -e guestinfo.metadata.encoding="gzip+base64" \ -e guestinfo.userdata="${USERDATA}" \ -e guestinfo.userdata.encoding="gzip+base64" .. Power-on the VM: govc vm.power -on vmnamegovc vm.change -vm vmname \ -e guestinfo.metadata="${METADATA}" \ -e guestinfo.metadata.encoding="gzip+base64" \ -e guestinfo.userdata="${USERDATA}" \ -e guestinfo.userdata.encoding="gzip+base64" .. Power-on the VM: govc vm.power -on vmnameCopy to Clipboard Copied! Retrieve the VM IP address:
HOST=$(govc vm.ip vmname)
HOST=$(govc vm.ip vmname)Copy to Clipboard Copied!
Verification
Connect to the VM in which you are running the container image. See Connecting to virtual machines for more details.
Use SSH to log in to the VM, using the user-data specified in
cloud-initfile configuration:ssh admin@HOST
$ ssh admin@HOSTCopy to Clipboard Copied!
6.3. Deploying a container image to AWS with an AMI disk image
After using the bootc-image-builder tool to create an AMI from a bootc image, and uploading it to a AWS s3 bucket, you can deploy a container image to AWS with the AMI disk image.
Prerequisites
- You created an Amazon Machine Image (AMI) from a bootc image. See Creating AMI images by using bootc-image-builder and uploading it to AWS.
-
cloud-initis available in the Containerfile that you previously created so that you can create a layered image for your use case.
Procedure
- In a browser, access Service→EC2 and log in.
- On the AWS console dashboard menu, choose the correct region. The image must have the Available status, to indicate that it was correctly uploaded.
- On the AWS dashboard, select your image and click .
- In the new window that opens, choose an instance type according to the resources you need to start your image. Click .
- Review your instance details. You can edit each section if you need to make any changes. Click .
- Before you start the instance, select a public key to access it. You can either use the key pair you already have or you can create a new key pair.
Click to start your instance. You can check the status of the instance, which displays as Initializing.
After the instance status is Running, the button becomes available.
- Click . A window appears with instructions on how to connect by using SSH.
Run the following command to set the permissions of your private key file so that only you can read it. See Connect to your Linux instance.
chmod 400 <your-instance-name.pem>
$ chmod 400 <your-instance-name.pem>Copy to Clipboard Copied! Connect to your instance by using its Public DNS:
ssh -i <your-instance-name.pem>ec2-user@<your-instance-IP-address>
$ ssh -i <your-instance-name.pem>ec2-user@<your-instance-IP-address>Copy to Clipboard Copied!
Your instance continues to run unless you stop it.
Verification
After launching your image, you can:
- Try to connect to http://<your_instance_ip_address> in a browser.
- Check if you are able to perform any action while connected to your instance by using SSH.
6.4. Deploying a container image from the network by using Anaconda and Kickstart
You can deploy an ISO image by using Anaconda and Kickstart to install your container image. The installable boot ISO already contains the ostreecontainer Kickstart file configured that you can use to provision your custom container image.
Prerequisites
- You have downloaded a RHEL 10 Boot ISO for your architecture from Red Hat.
Procedure
Create an
ostreecontainerKickstart file to fetch the image from the network. For example:Basic setup Basic partitioning Reference the container image to install - The kickstart has no %packages section. A container image is being installed. Only inject a SSH key for root
# Basic setup text network --bootproto=dhcp --device=link --activate # Basic partitioning clearpart --all --initlabel --disklabel=gpt reqpart --add-boot part / --grow --fstype xfs # Reference the container image to install - The kickstart # has no %packages section. A container image is being installed. ostreecontainer --url quay.io/<namespace>/<image>:<tag> . bootc-image-builder:latest firewall --disabled services --enabled=sshd # Only inject a SSH key for root rootpw --iscrypted locked sshkey --username root "<your-key>" rebootCopy to Clipboard Copied! Boot a system by using the RHEL 10 Boot ISO installation media.
Append the Kickstart file with the following to the kernel argument:
inst.ks=http://<path_to_your_kickstart>
inst.ks=http://<path_to_your_kickstart>Copy to Clipboard Copied!
- Press CTRL+X to boot the system.
6.5. Deploying a custom ISO container image in disconnected environments
By using using bootc-image-builder to convert a bootc image to an ISO image, you create a system similar to the RHEL ISOs available for download, except that your container image content is embedded in the ISO disk image. You do not need to have access to the network during installation. You can install the ISO disk image that you created from bootc-image-builder to a bare metal system.
Prerequisites
- You have created a customized container image.
Procedure
-
Create a custom installer ISO disk image with
bootc-image-builder. See Creating ISO images by using bootc-image-builder. - Copy the ISO disk image to a USB flash drive.
- Perform a bare-metal installation by using the content in the USB stick into a disconnected environment.
6.6. Deploying an ISO bootc image over PXE boot
You can use a network installation to deploy the RHEL ISO image over PXE boot to run your ISO bootc image.
Prerequisites
- You have downloaded a RHEL 10 Boot ISO for your architecture from Red Hat. See Downloading RHEL boot images.
You have configured the server for the PXE boot. Choose one of the following options:
- For HTTP clients, see Configuring the DHCPv4 server for HTTP and PXE boot.
- For UEFI-based clients, see Configuring a TFTP server for UEFI-based clients.
- For BIOS-based clients, see Configuring a TFTP server for BIOS-based clients.
- You have a client, also known as the system to which you are installing your ISO image.
Procedure
- Export the RHEL installation ISO image to the HTTP server. The PXE boot server is now ready to serve PXE clients.
- Boot the client and start the installation.
- Select PXE Boot when prompted to specify a boot source. If the boot options are not displayed, press the Enter key on your keyboard or wait until the boot window opens.
- From the Red Hat Enterprise Linux boot window, select the boot option that you want, and press Enter.
- Start the network installation.
Next steps
- You can make updates to the image and push the changes to a registry. See Managing RHEL bootc images.
6.7. Injecting configuration in the resulting disk images with bootc-image-builder
You can inject configuration into a custom image by using a build config, that is, a .toml or a .json file with customizations for the resulting image. The `build config file is mapped into the container directory to /config.toml. The following example shows how to add a user to the resulting disk image:
Procedure
Create a
./config.toml. The following example shows how to add a user to the disk image.[[customizations.user]] name = "user" password = "pass" key = "ssh-rsa AAA ... user@email.com" groups = ["wheel"]
[[customizations.user]] name = "user" password = "pass" key = "ssh-rsa AAA ... user@email.com" groups = ["wheel"]Copy to Clipboard Copied! -
name- Mandatory. Name of the user. -
password- Not mandatory. Nonencrypted password. -
key- Not mandatory. Public SSH key contents. -
groups- Not mandatory. An array of groups to add the user into.
-
Run
bootc-image-builderand pass the following arguments, including the./config.toml:sudo podman run \ --rm \ -it \ --privileged \ --pull=newer \ --security-opt label=type:unconfined_t \ -v $(pwd)/config.toml:/config.toml \ -v $(pwd)/output:/output \ registry.redhat.io/rhel10/bootc-image-builder:latest \ --type qcow2 \ --config config.toml \ quay.io/<namespace>/<image>:<tag>$ sudo podman run \ --rm \ -it \ --privileged \ --pull=newer \ --security-opt label=type:unconfined_t \ -v $(pwd)/config.toml:/config.toml \ -v $(pwd)/output:/output \ registry.redhat.io/rhel10/bootc-image-builder:latest \ --type qcow2 \ --config config.toml \ quay.io/<namespace>/<image>:<tag>Copy to Clipboard Copied! Launch a VM, for example, by using
virt-install:sudo virt-install \ --name bootc \ --memory 4096 \ --vcpus 2 \ --disk qcow2/disk.qcow2 \ --import \ --os-variant rhel10
$ sudo virt-install \ --name bootc \ --memory 4096 \ --vcpus 2 \ --disk qcow2/disk.qcow2 \ --import \ --os-variant rhel10Copy to Clipboard Copied!
Verification
Access the system with SSH:
ssh -i /<path_to_private_ssh-key> <user1>_@_<ip-address>
# ssh -i /<path_to_private_ssh-key> <user1>_@_<ip-address>Copy to Clipboard Copied!
Next steps
- After you deploy your container image, you can make updates to the image and push the changes to a registry. See Managing RHEL bootable images.
6.8. Deploying a container image to bare metal by using bootc install
You can perform a bare-metal installation to a device by using a RHEL ISO image. Bootc contains a basic build installer and it is available as the following methods: bootc install to-disk or bootc install to-filesystem.
-
bootc install to-disk: By using this method, you do not need to perform any additional steps to deploy the container image, because the container images include a basic installer. -
bootc install to-filesystem: By using this method, you can configure a target device and root filesystem by using a tool of your choice, for example, LVM.
Prerequisites
- You have downloaded a RHEL 10 Boot ISO from Red Hat for your architecture. See Downloading RHEL boot images.
- You have created a configuration file.
Procedure
Inject a configuration into the running ISO image.
By using
bootc install to-disk:podman run \ --rm --privileged \ --pid=host
$ podman run \ --rm --privileged \ --pid=host -v /dev:/dev \ -v /var/lib/containers:/var/lib/containers \ --security-opt label=type:unconfined_t <image> bootc install to-disk <path-to-disk>Copy to Clipboard Copied! By using
bootc install to-filesystem:podman run \ --rm --privileged \ --pid=host
$ podman run \ --rm --privileged \ --pid=host -v /:/target \ -v /dev:/dev \ -v /var/lib/containers:/var/lib/containers \ --security-opt label=type:unconfined_t <image> bootc install to-filesystem <path-to-disk>Copy to Clipboard Copied!
6.9. Deploying a container image by using a single command
The system-reinstall-bootc command provides an interactive CLI that wraps the bootc install to-existing root command. You can deploy a container image into a RHEL cloud instance by using a signal command. The system-reinstall-bootc command performs the following actions:
- Pull the supplied image to set up SSH keys or access the system.
-
Run the
bootc install to-existing-rootcommand with all the bind mounts and SSH keys configured.
The following procedure deploys a bootc image to a new RHEL 10 instance on AWS. When launching the instance, make sure to select your SSH key, or create a new one. Otherwise, the default instance configuration settings can be used.
Prerequisites
- Red Hat Account or Access to Red Hat RPMS
- A package-based RHEL (9.6 / 10.0 or greater) virtual system running in an AWS environment.
- Ability and permissions to SSH into the package system and make "destructive changes."
Procedure
After the instance starts, connect to it by using SSH using the key you selected when creating the instance:
ssh -i <ssh-key-file> <cloud-user@ip>
$ ssh -i <ssh-key-file> <cloud-user@ip>Copy to Clipboard Copied! Make sure that the
system-reinstall-bootcsubpackage is installed:rpm -q system-reinstall-bootc
# rpm -q system-reinstall-bootcCopy to Clipboard Copied! If not, install the
system-reinstall-bootcsubpackage:dnf -y install system-reinstall-bootc
# dnf -y install system-reinstall-bootcCopy to Clipboard Copied! Convert the system to use a bootc image:
system-reinstall-bootc <image>
# system-reinstall-bootc <image>Copy to Clipboard Copied! - You can use the container image from the Red Hat Ecosystem Catalog or the customized bootc image built from a Containerfile.
- Select users to import to the bootc image by pressing the "a" key.
- Confirm your selection twice and wait until the image is downloaded.
Reboot the system:
reboot
# rebootCopy to Clipboard Copied! Remove the stored SSH host key for the given
<ip>from your/.ssh/known_hostsfile:ssh-keygen -R <ip>
# ssh-keygen -R <ip>Copy to Clipboard Copied! The bootc system is now using a new public SSH host key. When attempting to connect to the same IP address with a different key than what is stored locally, SSH will raise a warning or refuse the connection due to a host key mismatch. Since this change is expected, the existing host key entry can be safely removed from the
~/.ssh/known_hostsfile using the following command.Connect to the bootc system:
ssh -i <ssh-key-file> root@<ip>
# ssh -i <ssh-key-file> root@<ip>Copy to Clipboard Copied!
Verification
Confirm that the system OS has changed:
bootc status
# bootc statusCopy to Clipboard Copied!
6.10. Advanced installation with to-filesystem
The bootc install contains two subcommands: bootc install to-disk and bootc install to-filesystem.
-
The
bootc-install-to-filesystemperforms installation to the target filesystem. The
bootc install to-disksubcommand consists of a set of opinionated lower level tools that you can also call independently. The command consist of the following tools:-
mkfs.$fs /dev/disk -
mount /dev/disk /mnt -
bootc install to-filesystem --karg=root=UUID=<uuid of /mnt> --imgref $self /mnt
-
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}