Chapter 3. Installing RHEL AI on AWS

PDF

To install and deploy Red Hat Enterprise Linux AI on AWS, you must first convert the RHEL AI image into an Amazon Machine Image (AMI). In this process, you create the following resources:

An S3 bucket with the RHEL AI image
AWS EC2 snapshots
An AWS AMI
An AWS instance

3.1. Converting the RHEL AI image to an AWS AMI

Before deploying RHEL AI on an AWS machine, you must set up a S3 bucket and convert the RHEL AI image to a AWS AMI.

Prerequisites

You have an Access Key ID configured in the AWS IAM account manager.

Procedure

Install the AWS command-line tool by following the AWS documentation

You need to create a S3 bucket and set the permissions to allow image file conversion to AWS snapshots.

Create the necessary environment variables by running the following commands:

$ export BUCKET=<custom_bucket_name>
$ export RAW_AMI=nvidia-bootc.ami
$ export AMI_NAME="rhel-ai"
$ export DEFAULT_VOLUME_SIZE=1000

Note

On AWS, the DEFAULT_VOLUME_SIZE is measured GBs.

You can create an S3 bucket by running the following command:
```
$ aws s3 mb s3://$BUCKET
```

You must create a trust-policy.json file with the necessary configurations for generating a S3 role for your bucket:

$ printf '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }' > trust-policy.json

Create an S3 role for your bucket that you can name. In the following example command, vmiport is the name of the role.
```
$ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
```

You must create a role-policy.json file with the necessary configurations for generating a policy for your bucket:

$ printf '{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::%s", "arn:aws:s3:::%s/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] }' $BUCKET $BUCKET > role-policy.json

Create a policy for your bucket by running the following command:

$ aws iam put-role-policy --role-name vmimport --policy-name vmimport-$BUCKET --policy-document file://role-policy.json

Now that your S3 bucket is set up, you need to download the RAW image from Red Hat Enterprise Linux AI download page
Copy the RAW image link and add it to the following command:
```
$ curl -Lo disk.raw <link-to-raw-file>
```
Upload the image to the S3 bucket with the following command:
```
$ aws s3 cp disk.raw s3://$BUCKET/$RAW_AMI
```

Convert the image to a snapshot and store it in the task_id variable name by running the following commands:

$ printf '{ "Description": "my-image", "Format": "raw", "UserBucket": { "S3Bucket": "%s", "S3Key": "%s" } }' $BUCKET $RAW_AMI > containers.json

$ task_id=$(aws ec2 import-snapshot --disk-container file://containers.json | jq -r .ImportTaskId)

You can check the progress of the disk image to snapshot conversion job with the following command:
```
$ aws ec2 describe-import-snapshot-tasks --filters Name=task-state,Values=active
```
Once the conversion job is complete, you can get the snapshot ID and store it in a variable called snapshot_id by running the following command:
```
$ snapshot_id=$(aws ec2 describe-snapshots | jq -r '.Snapshots[] | select(.Description | contains("'${task_id}'")) | .SnapshotId')
```
Add a tag name to the snapshot, so it’s easier to identify, by running the following command:
```
$ aws ec2 create-tags --resources $snapshot_id --tags Key=Name,Value="$AMI_NAME"
```

$ ami_id=$(aws ec2 register-image  \
    --name "$AMI_NAME" \
    --description "$AMI_NAME" \
    --architecture x86_64 \
    --root-device-name /dev/sda1 \
    --block-device-mappings "DeviceName=/dev/sda1,Ebs={VolumeSize=${DEFAULT_VOLUME_SIZE},SnapshotId=${snapshot_id}}" \
    --virtualization-type hvm \
    --ena-support \
    | jq -r .ImageId)

You can add another tag name to identify the AMI by running the following command:
```
$ aws ec2 create-tags --resources $ami_id --tags Key=Name,Value="$AMI_NAME"
```

3.2. Deploying your instance on AWS using the CLI

You can launch the AWS instance with your new RHEL AI AMI from the AWS web console or the CLI. You can use whichever method of deployment you want to launch your instance. The following procedure displays how you can use the CLI to launch your AWS instance with the custom AMI.

If you choose to use the CLI as a deployment option, there are several configurations you have to create, as shown in "Prerequisites".

Prerequisites

You created your RHEL AI AMI. For more information, see "Converting the RHEL AI image to an AWS AMI".
You have the AWS command-line tool installed and is properly configured with your aws_access_key_id and aws_secret_access_key.
You configured your Virtual Private Cloud (VPC).
You created a subnet for your instance.
You created a SSH key-pair.
You created a security group on AWS.

Procedure

For various parameters, you need to gather the ID of the variable.
1. To access the image ID, run the following command:
```
$ aws ec2 describe-images --owners self
```
2. To access the security group ID, run the following command:
```
$ aws ec2 describe-security-groups
```
3. To access the subnet ID, run the following command:
```
$ aws ec2 describe-subnets
```

Populate environment variables for when you create the instance

$ instance_name=rhel-ai-instance
$ ami=<ami-id>
$ instance_type=<instance-type-size>
$ key_name=<key-pair-name>
$ security_group=<sg-id>
$ disk_size=<size-of-disk>

Create your instance using the variables by running the following command:

$ aws ec2 run-instances \
    --image-id $ami \
    --instance-type $instance_type \
    --key-name $key_name \
    --security-group-ids $security_group \
    --subnet-id $subnet \
    --block-device-mappings DeviceName=/dev/sda1,Ebs='{VolumeSize='$disk_size'}' \
    --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value='$instance_name'}]'

User account

The default user account in the RHEL AI AMI is cloud-user. It has all permissions via sudo without password.

Verification

To verify that your Red Hat Enterprise Linux AI tools are installed correctly, you need to run the ilab command:

$ ilab

Example output

$ ilab
Usage: ilab [OPTIONS] COMMAND [ARGS]...

  CLI for interacting with InstructLab.

  If this is your first time running ilab, it's best to start with `ilab
  config init` to create the environment.

Options:
  --config PATH  Path to a configuration file.  [default:
                 /home/cloud--user/.config/instructlab/config.yaml]
  -v, --verbose  Enable debug logging (repeat for even more verbosity)
  --version      Show the version and exit.
  --help         Show this message and exit.

Commands:
  config    Command Group for Interacting with the Config of InstructLab.
  data      Command Group for Interacting with the Data generated by...
  model     Command Group for Interacting with the Models in InstructLab.
  system    Command group for all system-related command calls.
  taxonomy  Command Group for Interacting with the Taxonomy of InstructLab.

Aliases:
  chat      model chat
  convert   model convert
  diff      taxonomy diff
  download  model download
  evaluate  model evaluate
  generate  data generate
  init      config init
  list      model list
  serve     model serve
  sysinfo   system info
  test      model test
  train     model train

Chapter 3. Installing RHEL AI on AWS

3.1. Converting the RHEL AI image to an AWS AMI

3.2. Deploying your instance on AWS using the CLI

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

Making open source more inclusive

About Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links