Deploying and managing RHEL systems in hybrid clouds

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Content → Repositories.
2. Click Add repositories. The Add custom repositories wizard opens.
3. In the Name field provide a name for your custom repository.

4. In the Repository type, select:

   Snapshotting

   Enables creating a daily snapshot of this repository. That enables you to create Image Blueprints with consistent repository content.

   Introspect only

   Disables snapshots for this repository.

   Upload

   Enables uploading packages to your custom repository. The file must have an rpm extension.

   Note, the Upload option is available only in the Preview mode.

5. If you selected Snapshotting or Introspect only, in the URL field, provide the URL to your repository.
6. Optional: In the Restrict architecture drop-down menu, select an architecture. You can allow all the architectures or restrict it to your system architecture to prevent incorrect repositories availability.
7. Optional: In the Restrict OS version drop-down menu, select an operating system (OS). You can allow all the RHEL versions or select one for your system version to prevent incorrect repositories being available.
8. Optional: Disable Modularity filtering option. When the Modularity filtering option is disabled, you can update packages in this repository even if the packages are part of a module.
9. Optional: In the GPG key field, upload the .txt file with a GPG key or paste the URL or value of an existing GPG key. The GPG key can be used to verify the signed packages of a repository. If you do not provide the GPG key for a repository, your system cannot perform the verification.
10. If you selected Snapshotting or Introspect only, click Save. The Red Hat Hybrid Cloud Console validates the project status. If your repository is marked as Invalid, check the repository URL that you added. For details about the repository status, see Repository status section.

11. If you selected Upload:

    1. Click Save and upload content. The Upload content window opens.
    2. Click Upload, select the rpm files you want to upload, and click Open.
    3. Click Confirm changes when your file uploading is complete.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Content → Repositories.
2. Find a repository you want to modify and click Edit in the Options menu.
3. In the Edit custom repository wizard, modify the information you need. Click Save changes.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Content → Repositories.
2. Find a repository to delete and click Delete in the Options menu.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Content → Repositories.
2. On the Custom repositories page click the Popular repositories tab.
3. Search for the repository you want to add and click Add.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Content → Repositories.
2. In the Your repositories tab, find the repository containing the snapshot to be removed, and click View all snapshots in the Option menu.
3. In the Snapshot window, select all snapshots that you want to remove from this repository, and click Remove selected snapshots.
4. In the Remove snapshot window, confirm the removal of the selected snapshots and click Remove.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Content → Repositories.
2. Find a repository you want to modify and click Introspect Now in the Options menu.

3. The status of that repository changes to In progress that indicates the Hybrid Cloud Console is connecting to the repository and checking for changes.

   The Red Hat Hybrid Cloud Console checks the status of the repositories every 24 hours and again every 8 hours if the status check fails.

Procedure

1. Access Hybrid Cloud Console, click Settings → Integrations.
2. Click Create Integration and choose the Cloud option. The Add a cloud integration wizard opens.
3. On the Select cloud provider page, select Amazon Web Service and click Next.
4. On the Name integration page, name the integration for your AWS account in the Integration name field and click Next.

5. On the Select configuration page, choose between the following two options:

   1. If you select Account authorization, provide your Access key ID and Secret access key for your ID from your AWS account. Click Next and complete the following steps:

      1. On the Select application page, select the Launch images option. Click Next.

   2. If you select Manual configuration, click Next and complete the following steps:

      1. On the Select application page, select the Launch images option. Click Next.
      2. On the Enable account access page in the AWS account number, provide your AWS account number in the Account number field and click Next.
      3. On the Create IAM role page, follow the instructions on the wizard window. Click Next.
      4. On the Enter ARN page, paste the ARN into the text field. Click Next.
6. On the Review details page, verify the details about your AWS account and click Add to finish the AWS integration process.

Procedure

1. Access Hybrid Cloud Console, click Settings → Integrations.
2. Click Create Integration and choose the Cloud option. The Add a cloud integration wizard opens.
3. Select Microsoft Azure click Next.
4. On the Name integration page, name the integration for your Microsoft Azure account in the Integration name field and click Next.
5. On the Select application page, select the Launch images option and click Next.
6. On the Configure Azure Lighthouse page, click Take me to Lighthouse and complete configuration steps in Azure Lighthouse according to the Microsoft instructions. Return to the Add integration wizard and click Next.
7. On the Set subscription ID page, fill in the Subscription ID field and click Next.
8. On the Review details page, verify the details about your Microsoft Azure account and click Add to finish adding to your Integrations.

Procedure

1. Access Hybrid Cloud Console, click Settings → Integrations.
2. Click Create Integration and choose the Cloud option. The Add a cloud integration wizard opens.
3. Select Google Cloud in the Select integration type page and click Next.
4. On the Integration name page, name the integration for your GCP project in the Name field and click Next.
5. On the Select application page, select the Launch images option and click Next.

6. On the Enable account access page:

   1. On the Enter Project ID page, fill in your GCP project name that you want to add in the Project field. Click Next.
   2. On the Create custom role page, follow the instructions on the page. Click Next.
7. On the Review details page, verify the details about your GCP project and click Add to finish adding it to the Integrations.

Procedure

1. Access Hybrid Cloud Console, click Settings → Integrations and from the navigation panel choose Directory and Domain Services. The Directory and Domain Services dashboard opens.
2. Click Register identity domain to open the Register identity domain wizard.
3. Optional: On the Preparation page, the wizard prompts you to verify the ipa-hcc-server package is installed on your IdM server. Follow the instructions on the page and click Next.

4. On the Registration page.

   1. Copy the command for registration of your domain, switch to the terminal of your IdM server and run this command under the root privileges:

      # ipa-hcc register <registration token>
      
      Domain information:
          realm name:     <REALM_NAME>
          domain name:    <domain_name>
          dns domains:    <dns_domains>

   2. To continue registering your IdM server, type Yes:

      Proceed with registration? Yes/No (default No): <Yes>

5. Once the registration command is complete in your IdM server terminal, switch back to the Register identity domain wizard and on the Registration page click Test again to verify registration. Wait for the wizard to verify your registration and click Next.
6. On the Details page, you can customize the Display name field for your domain. Optionally, enter the description for this domain and leave the Domain auto-join on launch toggle enabled if you want to make your domain available during launching images in a public cloud environment after you complete the registration. Click Next.
7. On the Review page, review all your settings and click Finish to complete the registration.

Procedure

1. Access Hybrid Cloud Console, click Settings → Integrations and from the navigation panel choose Directory and Domain Services. The Directory and Domain Services dashboard opens.
2. From the list of domains locate the domain you want to edit, click the Option menu, and choose Edit.

3. You can edit the following parameters:

   Display name

   Changes the name of your domain.

   Description

   Changes the description of your domain.

   Domain auto-join on launch

   Enables or disables this domain for enrolling the instances during the launch to the public cloud providers.

Procedure

1. Access Hybrid Cloud Console, click Settings → Integrations and from the navigation panel choose Directory and Domain Services. The Directory and Domain Services dashboard opens.
2. From the list of domains locate the domain you want to remove, click the Option menu, and choose Delete. The Delete identity domain registration window opens.
3. Select the I understand that this action cannot be undone checkbox and click Delete.

4. Optional: Access your IdM server terminal and uninstall the ipa-hcc-server package:

   # dnf remove ipa-hcc-server

   If your IdM deployment consists of multiple servers, remove the ipa-hcc-server package from all of the servers.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights Images dashboard appears.
2. Click Create blueprint. The wizard for the blueprint creation opens.

3. On the Image output page, select the following options and click Next:

   1. From the Release list, select the release that you want to use.
   2. From the Architecture list, select the architecture that you want to use.
   3. From the Select target environments options, select the environments that you want to use.

4. Optional: On the Register page, the "Automatically register and enable advanced capabilities" is enabled by default and the activation key drop down is automatically populated. The Next button gets temporarily disabled when the activation key is loading. You can disable the automatic registration by clearing the checkbox if you prefer to register your system during initial boot.

   • If you have previously added a key during recent blueprint creation, the same key gets automatically selected.
   • If you have activation keys, but have not used any key previously, the first activation key will get selected.
   • If you have no activation keys, select "Automatically create and select a default key" to automatically create and use an activation-key-default-<ID> default activation key.
   • You can also select any of the available activation keys.

5. Optional: On the OpenSCAP profile page, from the drop down menu, select one of the available options and click Next:

   OpenSCAP

   The standard option profile does not enable you to customize policies. The policy must match the RHEL version. For more details, see Supported configurations.

   None

   The default visible option. Keep this option selected if you do not want to secure your system.

   (Tech Preview) Insights compliance

   Choose this option to attach the system to a customized predefined sets of policies. The compliance system is attached to the customized policy. The images you build with image builder will automatically appear under the scap policy of the system. You must have an existing set of policies to choose from. See Creating new SCAP policies on how to create your policy. If you do not have created your set of policies, click Define new policies in Insights Compliance to create the policy, and refresh the Console to see the policy that you created under the Insights compliance drop down menu. The system is attached to the customized policy. After you create the image, the system will show up under the compliance system.

6. Optional: On the File system configuration page, select one of the following options and click Next:

   • Use automatic partitioning: The recommended partitioning, depending on the target environment.

   • Manually configure partitions Use to manually configure the image file system partitions, by following the steps:

     1. Click the Manually configure partitioning radio button to show the Configure partitions section and configure the partitions based on Red Hat standards and security guides.

        1. From the drop-down menu, provide details to configure the partitions:

        2. For the Mount point field, select one mount point type option

           You can also add an additional path to the Mount point, such as /tmp. For example: /var as a prefix and /tmp as an additional path results in /var/tmp.

           Note

           Depending on the Mount point type you choose, the file system type changes, for example to xfs, or other type.

        3. For the Minimum size partition field of the file system, enter the desired minimum partition size. In the Minimum size drop-down menu, you can use common size units such as GiB, MiB, or KiB. The default unit is GiB.
        4. To add more partitions, click Add partition and repeat the steps for each added partition.

7. Optional: On the Repository snapshot page, choose one of the following options and click Next. Note that this step is available in the Preview mode only.

   • Use latest content:: the image uses the latest state of the repository.
   • Use a snapshot:: The image selects a specific date of snapshot creation. If you choose the Use a snapshot option, the images will have the static state of the repository based on a date you specify.
8. Optional: On the Custom repositories page, select the custom repositories from which you can add packages to the image and click Next.
9. Optional: On the Additional Red Hat packages page, search for the packages with the search field and choose the packages you need. Click Next.

10. Optional: On the First boot configuration page, include a file with an action script or write it in the </> SHELL field. That script is executed during the first boot of this image. It is useful when you want to enable your custom services or run an Ansible playbook at the boot time of the image. Click Next.

    You must start your script with a shebang, for example the #!/bin/sh for Bash shell. The first boot feature supports Python, Bash and YAML syntax.

11. On the Details page, the blueprint name is prefilled in the "<distribution>-<architecture>-<datetimeString>" format. You can enter a name for the blueprint, and the system checks for validity and duplicity against already existing blueprint names. Click Next.

12. On the Review page, verify the image details about the image creation and from the Create blueprint drop-down menu, choose one of the following options:

    Create blueprint

    Creates the blueprint and saves the customizations for your blueprint.

    Create blueprint and build image

    Create the blueprint, save the customizations for your blueprint and build images for the target environment or environments that you choose.

    The system verifies the build manifest of the image. After it reaches 100%, the image appears in the build queue.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights Images dashboard appears.
2. Search for the blueprint that you want to edit. You can use the Search field to search for the blueprint name.
3. Click the blueprint that you want to edit.
4. Click Edit blueprint. You are redirected to the Review page.
5. From the navigation menu, select the section that you want to edit.
6. After making the changes, click the Review page.

7. Click Save changes to the blueprint.

   The images related to the parent blueprint that you modified will be rebuilt and updated with the new changes.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights Images dashboard appears.
2. Search for the blueprint that you want to edit. You can use the Search field to search for the blueprint name.
3. Click the blueprint that you want to edit.
4. Click Edit blueprint. You are redirected to the Review page.

5. Make the changes to the blueprint and select one of the options:

   Save

   Save the customizations for your blueprint.

   Save and build image

   Save the customizations for your blueprint and build images from the target environments that you chose.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights Images dashboard appears.
2. Click Import. The Import pipeline window opens.

3. Optional: To add custom repositories from the blueprint to your repositories, select the Import missing custom repositories after file upload checkbox.

   Warning

   If the blueprint contains missing repositories, the images that you create from this blueprint might not work as expected.

4. Upload the blueprint that you want to import either drag and drop or by selecting the file from your local storage.
5. Click Review and finish.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights Images dashboard appears.
2. Search for the blueprint that you want to download. You can use the Search field to search for the blueprint name.
3. Click the blueprint that you want to download.

4. From the More options menu, select the "Download blueprint" option.

   The blueprint is saved as a file in the .json format to the local storage that you define in your web browser.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights Images dashboard appears.
2. Search for the blueprint that you want to delete. You can use the Search field to search for the blueprint name.
3. Click the blueprint that you want to delete.
4. From the More options menu, select the "Delete blueprint" option.
5. Confirm the deletion by clicking Delete.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The list of existing blueprints appears.

2. Select the blueprint that you want to build an image from.

   1. Optionally, you can select the blueprint version from the dropdown menu.

3. Click Build images. A pop-up alert informs that the image is being built.

   After the image process status is marked as Ready, you can use it in your deployments.

Procedure

1. Access your AWS account and navigate to Service → EC2.
2. In the navigation bar, verify if you are under the correct region: us-east-1.
3. Click Images, and choose AMIs. The dashboard with the Owned by me images opens.

4. From the drop-down menu, choose Private images.

   You can see the image successfully shared with the AWS account you specified.

Procedure

1. From the drop-down menu, under Private images, locate the image that you shared to the AWS account you specified.
2. Select the image you want to launch.
3. On the top of the panel, click Launch. You are redirected to the Choose an Instance Type window.
4. Choose the instance type according to the resources you need to launch your image. Click Review and Launch.
5. Review your instance launch details. You can edit each section, such as Security, Storage, for example, if you need to make any changes. After you finish the review, click Launch.

6. To launch the instance, you must select a public key to access it.

   Create a new key pair in EC2 and attach it to the new instance.

   1. From the drop-down menu list, select Create a new key pair.
   2. Enter the name to the new key pair. It generates a new key pair.
   3. Click Download Key Pair to save the new key pair on your local system.

7. Then, you can click Launch Instance to launch your instance.

   You can check the status of the instance, it shows as Initializing.

8. After the instance status is running, the Connect button turns available.

9. Click Connect. A popup window appears with instructions on how to connect by using SSH.

   1. Select the preferred connection method to A standalone SSH client and open a terminal.

   2. In the location you store your private key, make sure that your key is publicly viewable for SSH to work. To do so, run the command:

      $ chmod 400 <your-instance-name.pem>

   3. Connect to your instance by using its Public DNS:

      $ ssh -i "<_your-instance-name.pem_> ec2-user@<_your-instance-IP-address_>"

   4. Type yes to confirm that you want to continue connecting.

Procedure

1. From the list of Public images, select the image you want to copy.
2. On the top of the panel, click Actions.
3. From the drop-down menu, choose Copy AMI. A pop-up window appears.

4. Choose the Destination region and click Copy AMI.

   After the copying process is complete, you are provided with the new AMI ID. You can launch a new instance in the new region.

   Note

   When you copy an image to a different region, it results in a separate and new AMI in the destination region, with a unique AMI ID.

Procedure

1. From the Images table, select the image you want to share with other regions.
2. From the Node options menu (⫶), select Share to new region. The Share to new region wizard opens.

3. From the Select region dropdown menu, select the region to share the image.

   You can choose more than one region to share your image with.

4. Click Share.

   Your image is built, uploaded to AWS, and shared to the regions you selected.

   Note

   The shared image expires in 14 days.

5. To ensure that you can access the image permanently, copy the Red Hat image to your own AWS account.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images. The Insights image builder dashboard appears.
2. Click Create blueprint. The Image output wizard opens.

1. From the Release list, select the release that you want to use.

2. From the Select target environments option, select Microsoft Azure.

   Click Next.

   1. On the Target Environment - Microsoft Azure window, to add Image Builder as an authorized application, select one of the following share method options:

3. Use an account configured from Sources:

   1. From the Source name dropdown menu, select the source that you previously configured. See Connecting Microsoft Azure account to the Red Hat Hybrid Cloud Console.

      1. The Azure tenant GUID, the Subscription ID, and the Resource group are automatically completed, and the Authorize image builder button becomes available.

         Image builder checks if your Tenant GUID is correctly formatted and the Authorize image builder button becomes available.

4. Manually enter the account information:

   1. Enter your Azure Tenant GUID.

      Image builder checks if your Tenant GUID is correctly formatted and the Authorize image builder button becomes available.

5. One time action: Click Authorize image builder to authorize Image Builder to push images to the Microsoft Azure cloud.

   This redirects you to the Microsoft Azure portal.

   1. Login with your credentials.
   2. Click Accept the Permission requested. Note that, if you already went through the authentication process before, you will not see the Permission requested. It is already granted.

6. Confirm that Image Builder is authorized for your tenant.

   1. In the search bar, search for Azure Active Directory.
   2. From the Services menu, click Microsoft Entra ID, from the left menu. The Azure Active Directory page opens.
   3. Search for Insights image builder and confirm it is authorized.
   4. In the Azure Active Directory, from the Services list, select Enterprise applications.
   5. In the Enterprise applications page, from the Manage list menu, click All applications. You can see Red Hat Image Builder is authorized in the Microsoft Azure cloud.

7. Add the Red Hat Image Builder as a contributor to your Resource Group.

   1. In the search bar, type Resource Groups and select the first entry under Services. This redirects you to the Resource Groups dashboard.
   2. Search and select your Resource Group by name.
   3. On the lateral menu, click Access control (IAM) to add a permission to the Red Hat Image Builder application to access your resource group.
   4. From the menu, click the tab Role assignments.
   5. Click +Add.

   6. From the dropdown menu, choose Add role assignment. A menu appears on the left side.

      Select role

      Assign the Contributor role.

      Assign access to

      Select the option Assign access to user, group, and service principal.

      Members

      Click +Select members and type Red Hat in the search bar. Click enter.

      Select

      Red Hat Image Builder application.

Verification

1. After you access your Microsoft Azure Account, you can see that the image successfully shared with the resource group account you specified.

   Note

   If the image is not visible there, you might have issues with the upload process. Return to the Insights image builder dashboard and check if the image is marked as Ready.

Procedure

1. From the Insights image builder dashboard, copy the image UUID of the image that you created.
2. Access /composes/{composeId} API endpoint.
3. Click Try it Out to activate the composeId string path.
4. Enter the UUID into the composes/{composeId} field in the API endpoint.

5. Click Execute. The API endpoint generates a response in the Response body, for example:

   {
     "image_status": {
       "status": "success",
       "upload_status": {
         "options": {
           "image_name": "composer-api-03f0e19c-0050-4c8a-a69e-88790219b086",
           "project_id": "red-hat-image-builder"
         },
         "status": "success",
         "type": "gcp"
       }
     }
   }

6. From the Response body field, copy the image_name and project_id to access the image from the Google Cloud Platform environment.

7. From your browser, access Google Cloud Shell and set your Google Cloud Platform Project ID as the default GCP project. You can find the Product ID of your project by accessing the Google Cloud Platform dashboard.

   $ gcloud config set project PROJECT_ID

8. In the Authorize Cloud Shell window prompt, click Authorize to allow this and future calls that require your credentials.

9. Create a VM instance with the image by using the gcloud command in the Google Cloud Shell:

   $ gcloud compute instances create INSTANCE_NAME \
     --image-project PROJECT_ID_FROM_RESPONSE \
     --image IMAGE_NAME \
     --zone GCP_ZONE

   Where:

   • INSTANCE_NAME is the name for your instance;
   • PROJECT_ID_FROM_RESPONSE is the project_id generated by Response body;
   • IMAGE_NAME is the image_name generated by Response body;
   • GCP_ZONE is the GCP zone in which the instance will be created.

Verification

1. Verify that Compute Engine created the VM:

   $ gcloud compute instances describe INSTANCE_NAME

2. Connect to the VM instance using SSH:

   $ gcloud compute ssh --project=PROJECT_ID --zone=ZONE INSTANCE_NAME

Procedure

1. From the Images dashboard, copy the UUID image of the image you created.
2. Access /composes/{composeId} API endpoint.
3. Click Try it Out to activate the composeId string path.
4. Enter the UUID into the composes/{composeId} field in the API endpoint.

5. Click Execute. The API endpoint generates a response in the Response body, for example:

   {
     "image_status": {
       "status": "success",
       "upload_status": {
         "options": {
           "image_name": "composer-api-03f0e19c-0050-4c8a-a69e-88790219b086",
           "project_id": "red-hat-image-builder"
         },
         "status": "success",
         "type": "gcp"
       }
     }
   }

6. From the Response body field, copy the image_name and project_id to access the image from the Google Cloud Platform environment. From the Response body:

   "image_name": "composer-api-03f0e19c-0050-4c8a-a69e-88790219b086",
   "project_id": "red-hat-image-builder"

7. From your browser, access Google Cloud Shell.

8. Set your Google Cloud Platform Project ID as the default GCP project. You can find the Product ID of your project by accessing the Google Cloud Platform dashboard.

   $ gcloud config set project PROJECT_ID

9. In the Authorize Cloud Shell window prompt, click Authorize to allow this and future calls that require your credentials.

10. Copy the image to your project by using the gcloud command:

    $ gcloud compute images create MY_IMAGE_NAME \
      --source-image-project red-hat-image-builder \
      --source-image IMAGE_NAME

    Where:

    • MY_IMAGE_NAME is the name you give to your instance;
    • red-hat-image-builder is the project_id generated by Response body;
    • IMAGE_NAME is the image_name generated by Response body;

Procedure

1. From the Images dashboard, select the image from which you want to create your customized image.

2. Click the Node options menu (⫶) and select Re-create image. The Create image wizard opens.

   Note

   If the image status is Expired, click the Re-create image button.

   1. Optional: You can customize the new image by using the Navigation panel to open a step and making changes. Click Next.
   2. On the Review page, click Create image.

Procedure

1. From the Images table, select the image that you want to download as a .json compose request.

2. Click the Node options (⫶) menu and select Download compose request (.json).

   The .json compose request is now saved to your host server. To use the image builder API, see Using hosted image builder via its API.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images.
2. Find an image you want to launch in the public cloud environment and click Launch in the Instance column. The Launch wizard opens.

3. On the Account and customization page, complete the following steps:

   1. From the Select account drop-down menu, select the account you want to use.
   2. From the Select region drop-down menu, select the region to run the instance.

   3. Optionally: From the Select template drop-down menu, select the template you want to use.

      If you do not specify the template, you launch the image under the default security group. Ensure that the default security group allows SSH traffic.

   4. From the Select instance type drop-down menu, select the instance type configuration.

   5. In the Count field, select the number of images you want to launch. Click Next.

      The wizard notifies you if you try to launch too many images. Make sure you have enough resources in your AWS account.

      Note

      You must have the default Virtual Private Cloud (VPC) and Security Group on your AWS account. If you do not have them, contact the AWS support to re-create them.

4. On the SSH key authentication page, select one of the options:

   1. Select existing SSH public key. From the Select public key drop-down menu, add an existing SSH public key.
   2. Add and save a new SSH public key. Enter a name for your new SSH public key and drag or upload a new SSH public key file. Click Next.
5. On the Review page, review the details about the image launch process and click Launch.

Verification

1. The Launch wizard shows the green checkmark with a message System launched successfully.
2. To verify the instance is running, copy the ssh command displayed on the screen to your terminal and connect to the instance.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images.
2. Find an image you want to launch in the public cloud environment and click Launch in the Instance column. The Launch wizard opens.

3. On the Account and customization page, complete the following steps:

   1. From the Select account drop-down menu, select the account you want to use.

   2. From the Azure resource group drop-down menu, select the resource group in which you want to run your instance.

      This creates the resources in the same region that this resource group is located. You can leave this field empty to run the instance in the same resource group as the image.

   3. From the Select instance size drop-down menu, select the instance type configuration.

   4. In the Count field, select the number of images you want to launch. Click Next.

      The wizard notifies you if you try to launch too many images. Make sure you have enough quotas in your Microsoft Azure subscription when you are launching a large set of images.

4. On the SSH key authentication page, choose to use an existing SSH key or add a new SSH key:

   To select an existing SSH public key, follow the steps

   1. From the Select public key drop-down menu, choose an existing SSH public key.
   2. Click Next.

   To Add and save a new SSH public key, follow the steps

   1. In the Name field, enter a name for your new SSH public key.
   2. In the SSH public key, drag or upload a new SSH public key file.

   3. Click Next.

      Note

      Microsoft Azure does not support the ed25519 SSH keys.

5. On the Review page, review the details about the image launch process and click Launch.

Verification

1. The Launch wizard shows the green checkmark with a message System launched successfully.
2. To verify the instance is running, copy the ssh command displayed on the screen to your terminal and connect to the instance.

Procedure

1. Access Hybrid Cloud Console, click Services → Red Hat Enterprise Linux → Inventory → Images.
2. Find the image you want to launch in the public cloud environment and click Launch in the Instance column. The Launch wizard opens.

3. On the Account and customization page, complete the following steps:

   1. From the Select account drop-down menu, select the account you want to use.

   2. Optionally: From the Select template drop-down menu, select the template you want to use.

      If you do not specify the template, you launch the image to the default Virtual Private Cloud (VPC) with its firewall rules.

   3. From the Select machine type drop-down menu, select the machine configuration.
   4. In the Count field, select the number of images you want to launch and click Next.

4. On the SSH key authentication page, select one of the options:

   1. Select existing SSH public key. From the Select public key drop-down menu, choose an existing SSH public key. Click Next.
   2. Add and save a new SSH public key. Enter a name for your new SSH public key and drag or upload a new SSH public key file. Click Next.
5. On the Review page, review the details about the image launch process and click Launch.

Verification

1. The Launch wizard shows the green checkmark with a message System launched successfully.
2. To verify the instance is running, copy the ssh command displayed on the screen to your terminal and connect to the instance.

Procedure

1. Access the directory where you downloaded your .ova image.

2. Create a file named metadata.yaml and add the following information to this file:

   instance-id: cloud-vm
   local-hostname: vmname

3. Create a file userdata.yaml. Add the following information to the file:

   #cloud-config
   users:
   - name: admin
     sudo: "ALL=(ALL) NOPASSWD:ALL"
     ssh_authorized_keys:
     - ssh-rsa AAA...fhHQ== your.email@example.com

   This file contains the administrator or root user credentials with no password that you can use to access your system after the first boot and create additional users later. The ssh_authorized_keys field is your SSH public key. You can find your SSH public key in ~/.ssh/id_rsa.pub.

Procedure

1. Generate an access token for API queries by following the step in Generating an access token for the Image Builder API queries.

   Important

   Access tokens expire after fifteen (15) minutes. The expiration is included within the JSON response. You must repeat the process of obtaining an access token approximately every ten (10) minutes so that the token is rotated before it expires.

2. In your system, create a file in the .json format to create an image. The following example shows how to create an up-to-date RHEL 9.4 ova image for x86_64 CPU architecture.

   $ request.json
   {
       "image_name": "ova_image_name",
       "distribution": "rhel-94",
       "image_requests": [
           {
               "architecture": "x86_64",
               "image_type": "vsphere-ova",
               "upload_request": {
                   "type": "vmdk",
                   "options": {}
               }
           }
       ],
       "customizations": {
           "users": [
               {
                   "name": "user-name",
                   "ssh_key": "ssh-rsa AAAAB...qfGI+vk",
                   "password": "password"
               }
           ]
       }
   }

3. Send the compose request to the image builder API:

   $ curl --silent \
       --request POST \
       --header "Authorization: Bearer $access_token" \
       --header "Content-Type: application/json" \
       --data @request.json \
       https://console.redhat.com/api/image-builder/v1/compose

   If the request is successful, you can see an output similar to the following, that is the image ID:

   {"id":"fd4ecf3c-f0ce-43dd-9fcc-6ad11208b939"}

4. Check the status of the image building:

   $ curl \
       --silent \
       --header "Authorization: Bearer $access_token" \
       "https://console.redhat.com/api/image-builder/v1/composes/$compose_id" \
     | image_ID.

   If the request is successful, you can see an output similar to the following, that is the image ID:

   {"id":"fd4ecf3c-f0ce-43dd-9fcc-6ad11208b939"}

   You can also check the image building progress by accessing Red Hat Hybrid Cloud Console.

   After the image builds, you can see the following output:

   If the request is successful, you can see an output similar to the following, that is the image ID:

   {
       "image_status": {
           "status": "success",
           "upload_status": {
               "options": {
                   "url": "https://image-builder-service-production.s3.amazonaws.com/composer-api-76...-disk.ova?e42..."
               },
               "status": "success",
               "type": "aws.s3"
           }
       }
   }

5. After finishing the image creation, download the image.

   $ curl --location --output vsphere-ova.vmdk  \
       “https://image-builder-service-production.s3.amazonaws.com/composer-api-76...-disk.ova?e42...”

Procedure

1. Export the metadata.yaml and userdata.yaml files to the environment, compressed with gzip, encoded in base64 as follows. They will be used in further steps.

   export METADATA=$(gzip -c9 <metadata.yaml | { base64 -w0 2>/dev/null || base64; }) \
   USERDATA=$(gzip -c9 <userdata.yaml | { base64 -w0 2>/dev/null || base64; })

2. Launch the image on vSphere with the metadata.yaml and userdata.yaml files:

   1. Import the .vmdk image in to vSphere:

      $ govc import.vmdk ./composer-api.vmdk foldername

   2. Create the VM in vSphere without powering it on:

      govc vm.create \
      -net.adapter=vmxnet3 \
      -m=4096 -c=2 -g=rhel8_64Guest \
      -firmware=bios -disk=”foldername/composer-api.vmdk” \
      -disk.controller=ide -on=false \
       vmname

   3. Change the VM to add ExtraConfig variables, the cloud-init config:

      govc vm.change -vm vmname \
      -e guestinfo.metadata="${METADATA}" \
      -e guestinfo.metadata.encoding="gzip+base64" \
      -e guestinfo.userdata="${USERDATA}" \
      -e guestinfo.userdata.encoding="gzip+base64"

   4. Power-on the VM:

      govc vm.power -on vmname

   5. Retrieve the VM IP address:

      HOST=$(govc vm.ip vmname)

   6. Use SSH to log in to the VM, using the user-data specified in cloud-init file configuration:

      $ ssh admin@HOST

Procedure

1. In the vSphere Client, from the Actions menu, select Deploy OVF Template.
2. On the Deploy OVF Template page, complete the settings for each configuration option and click Next.

3. Click Finish. The .ova image starts to be deployed.

   After the image deployment is complete, you have a new virtual machine (VM) from the .ova image.

4. In the deployed image page, perform the following steps:

   1. From the Actions menu, select Edit Setting.

   2. On the Virtual Hardware tab, configure resources such as CPU, memory, add a new network adapter, between others of your choice.

      1. On the CD/DVD drive 1 option, attach a CD or DVD Drive that contains a cloud-init.iso, to provision a user on startup.

         The VM is now ready to boot with the username and password from the cloud-init.iso file.

Procedure

1. Access the directory where you downloaded your QCOW2 image.

2. Create a file named meta-data. Add the following information to this file:

   instance-id: nocloud
   local-hostname: vmname

3. Create a file named user-data. Add the following information to the file:

   #cloud-config
   user: admin
   password: password
   chpasswd: {expire: False}
   ssh_pwauth: True
   ssh_authorized_keys:
     - ssh-rsa AAA...fhHQ== your.email@example.com

   • ssh_authorized_keys is your SSH public key. You can find your SSH public key in ~/.ssh/id_rsa.pub.

4. Use the genisoimage command to create an ISO image that includes the user-data and meta-data files.

   # genisoimage -output cloud-init.iso -volid cidata -joliet -rock user-data meta-data
   
   I: -input-charset not specified, using utf-8 (detected in locale settings)
   Total translation table size: 0
   Total rockridge attributes bytes: 331
   Total directory bytes: 0
   Path table size(bytes): 10
   Max brk space used 0
   183 extents written (0 MB)

5. Create a new VM from the KVM Guest Image using the virt-install command. Include the ISO image you created on step 4 as an attachment to the VM image.

   # virt-install \
       --memory 4096 \
       --vcpus 4 \
       --name myvm \
       --disk composer-api.qcow2,device=disk,bus=virtio,format=qcow2 \
       --disk cloud-init.iso,device=cdrom \
       --os-variant rhel1-latest \
       --virt-type kvm \
       --graphics none \
       --import

   Where,

   • --graphics none - indicates that it is a headless RHEL Virtual Machine.
   • --vcpus 4 - indicates that it uses 4 virtual CPUs.
   • --memory 4096 - indicates that it uses 4096 MB RAM.

6. The VM installation starts:

   Starting install...
   Connected to domain myvm
   ...
   [  OK  ] Started Execute cloud user/final scripts.
   [  OK  ] Reached target Cloud-init target.
   
   Red Hat Enterprise Linux 1-latest (Ootpa)
   Kernel 4.18.0-221.el8.x86_64 on an x86_64

Procedure

1. Access the directory where you downloaded your ISO image.
2. Place the bootable ISO image file on a USB flash drive.
3. Connect the USB flash drive to the port of the computer you want to boot.
4. Boot the ISO image from the USB flash drive.

5. Perform the steps to install the customized bootable ISO image.

   The boot screen shows you the following options:

   • Install Red Hat Enterprise Linux 1-latest
   • Test this media & install Red Hat Enterprise Linux 1-latest

Procedure

1. In the Oracle Cloud UI dashboard, click Compute > Custom Images.
2. On the Custom Images dashboard, click Import image.

3. On the Import image window, set the following configuration:

   1. Select the Import from an object storage URL option.
   2. In the Object Storage URL field, paste the URL given by Insights Images into it.
   3. Choose the QCOW2 image type.
   4. Under Launch mode, select the Paravirtualized mode option.
4. Click Import Image.

Procedure

1. Access Hybrid Cloud Console.
2. Go to Services → Red Hat Enterprise Linux → Content → Templates.
3. Click Add content template. The Create content template wizard opens.

4. In the Content section complete the following:

   1. On the Define content page, select the architecture and the OS version of your system. Click Next.
   2. On the Red Hat repositories page, select repositories you want to include in the template. Click Next.

   3. On the Custom Repositories page, select repositories you want to include in the template. Click Next.

      Note, only repositories with enabled snapshot functionality are displayed in the list of repositories.

5. On the Set snapshot date page, select:

   Use latest content

   To use the latest content from the repository during image building. Click Next.

   Use a snapshot

   To use a repository snapshot. Select the date and then click Next.

   Note, if your repository does not have the required snapshot, it chooses the earliest possible snapshot to the date of your choice.

6. On the Detail page, provide a name for your template. Optionally, provide a description of your template. Click Next.

7. On the Review page, verify the details about the template and click Create template and add to systems. Assign template to systems opens.

   Optional: Click Create template only if you want to assign this template to systems later.

8. Select all the systems you want to assign the template to and click Assign.

   This change updates the /etc/yum.repos.d/redhat.repo file on the selected systems. All changes affect your systems every four hours. If you want this change to affect your systems immediately, you must manually refresh subscription-manager on the selected system:

   # subscription-manager refresh

Verification

1. Go to Services → Red Hat Enterprise Linux → Content → Templates and verify your template is added to the list of templates.
2. On your system, check the /etc/yum.repos.d/redhat.repo file contains https://cert.console.redhat.com.

Procedure

1. Access Hybrid Cloud Console.
2. Go to Services → Red Hat Enterprise Linux → Content → Templates.

3. Select the content template you want to edit and choose an action from the following options:

   • To edit repositories, snapshot date, and the name of your content template, go to Actions → Edit and follow the Edit content template wizard.

     Note, if you edit a snapshot date for the template, it sets a new baseline for patching, and the systems start using the new snapshot.

   • To assign this template to more systems, go to Systems, click Assign template to systems and select the systems you want to assign this template to. Click Assign.
   • To delete the content template, go to Actions → Delete.