Chapter 8. Deploying your customized images


After creating customized images for the VMWare vSphere private cloud, you can deploy the images to VMware vSphere. For the Guest image (.qcow2), and Installer (.iso), you can then download these images and deploy them to virtual machines.

Note

You can only launch customized images directly from Hybrid Cloud Console to the following public clouds: AWS, GCP, and Azure. The VMDK customized images must first be uploaded to VMWare vSphere, deployed there, and then you can create a VM. For the Guest image (.qcow2), and Installer (.iso), you can then download these images and deploy them directly to virtual machines.

8.1. Configuring credentials to access your deployed systems with cloud-init

You cannot add a username and password to a blueprint by using the Red Hat Insights images UI interface. To add a username and password to your image, use the cloud-init tool.

The following example shows how to add credentials to a VMware OVA image type created with Insights image builder. You can add credentials to other image types by using this method.

The Open virtualization format (.ova) is a .vmdk image with additional metadata about the virtual hardware. The .ova image contains the cloud-init package installed that you can use to provision users by using a user-data file, for example.

Instead of sharing your login credentials to a hosted service, use cloud-init and open-vm-tools, that are installed within the image and enabled by default. For example, you can use it to pass the credentials to the VMware vSphere Cloud Director by using cloud-init.

Prerequisites

  • You created an image in the .ova format by using the Hybrid Cloud Console.

Procedure

  1. Access the directory where you downloaded your .ova image.
  2. Create a file named metadata.yaml and add the following information to this file:

    instance-id: cloud-vm
    local-hostname: vmname
  3. Create a file userdata.yaml. Add the following information to the file:

    #cloud-config
    users:
    - name: admin
      sudo: "ALL=(ALL) NOPASSWD:ALL"
      ssh_authorized_keys:
      - ssh-rsa AAA...fhHQ== your.email@example.com

    This file contains the administrator or root user credentials with no password that you can use to access your system after the first boot and create additional users later. The ssh_authorized_keys field is your SSH public key. You can find your SSH public key in ~/.ssh/id_rsa.pub.

Next steps

8.2. Configuring credentials to access your deployed systems with API

You cannot add a username and password to a blueprint by using the Red Hat Insights images UI interface. To add a username and password to your image, use the Image-builder service API.

The following example shows how to add credentials to a VMware OVA image type created with Insights image builder. You can also use this method to add credentials to other image types.

Prerequisites

Procedure

  1. The offline token that you generated by using Red Hat API Tokens cannot be used directly with image builder. To use it, follow the steps:

    1. Save your offline token to a OFFLINE_TOKEN variable.
    2. Exchange the offline token for an access token by using the following command:

      $ OFFLINE_TOKEN=”YOUR_OFFLINE_TOKEN”
      $ curl --silent \
          --request POST \
          --data grant_type=refresh_token \
          --data client_id=rhsm-api \
          --data refresh_token=$OFFLINE_TOKEN \
          https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token \
        | jq .

      It generates an output similar to the following example:

      {
        "access_token": "oiZjo1Mjhk...",
        "expires_in": 900,
        "refresh_expires_in": 0,
        "refresh_token": "eyJhbG...",
        "token_type": "bearer",
        "not-before-policy": 0,
        "session_state": "f0dbb8d4-4e4e-4654-844c-6f3704c84422",
        "scope": "offline_access"
      }
  2. Use jq to get the actual access token from the JSON payload and save it in a variable using the following snippet:

    $ access_token=$( \
        curl --silent \
          --request POST \
          --data grant_type=refresh_token \
          --data client_id=rhsm-api \
          --data refresh_token=$OFFLINE_TOKEN \
    
    https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token \
        | jq -r .access_token \
      )

    The access token has an expiration time. If you receive an authorization error, rerun the previous command to generate a new access token.

  3. In your system, create a compose request in the .json format. The following example creates an up-to-date RHEL 9.4 ova for x86_64 CPU architecture.

    $ cat request.json
    {
        "image_name": "ova_image_name",
        "distribution": "rhel-94",
        "image_requests": [
            {
                "architecture": "x86_64",
                "image_type": "vsphere-ova",
                "upload_request": {
                    "type": "vmdk",
                    "options": {}
                }
            }
        ],
        "customizations": {
            "users": [
                {
                    "name": "user-name",
                    "ssh_key": "ssh-rsa AAAAB...qfGI+vk",
                    "password": "password"
                }
            ]
        }
    }
  4. Send the compose request to the image builder API:

    $ curl --silent \
        --request POST \
        --header "Authorization: Bearer $access_token" \
        --header "Content-Type: application/json" \
        --data @request.json \
        https://console.redhat.com/api/image-builder/v1/compose

    If the request is successful, you can see an output similar to the following, that is the image ID:

    {"id":"fd4ecf3c-f0ce-43dd-9fcc-6ad11208b939"}
  5. Check the status of the image building:

    $ curl \
        --silent \
        --header "Authorization: Bearer $access_token" \
        "https://console.redhat.com/api/image-builder/v1/composes/$compose_id" \
      | image_ID.

    If the request is successful, you can see an output similar to the following, that is the image ID:

    {"id":"fd4ecf3c-f0ce-43dd-9fcc-6ad11208b939"}

    You can also check the image building progress by accessing Red Hat Hybrid Cloud Console.

    After the image builds, you can see the following output:

    If the request is successful, you can see an output similar to the following, that is the image ID:

    {
        "image_status": {
            "status": "success",
            "upload_status": {
                "options": {
                    "url": "https://image-builder-service-production.s3.amazonaws.com/composer-api-76...-disk.ova?e42..."
                },
                "status": "success",
                "type": "aws.s3"
            }
        }
    }
  6. After finishing the image creation, download the image.

    $ curl --location --output vsphere-ova.vmdk  \
        “https://image-builder-service-production.s3.amazonaws.com/composer-api-76...-disk.ova?e42...”

The image is saved to your system and ready to be used.

Next steps

Additional resources

8.3. Uploading VMDK images and creating a RHEL virtual machine in vSphere

After creating and configuring your image, you can deploy it to VMware vSphere by using the CLI, and you can create a VM and log in to it.

Prerequisites

  • You configured credentials to access your deployed systems by using the cloud-init tool. See Configuring credentials to access your deployed systems.
  • You configured the govc VMware CLI tool client with the following values in the environment by setting the following values in the environment:

    GOVC_URL
    GOVC_DATACENTER
    GOVC_FOLDER
    GOVC_DATASTORE
    GOVC_RESOURCE_POOL
    GOVC_NETWORK

Procedure

  1. Export the metadata.yaml and userdata.yaml files to the environment, compressed with gzip, encoded in base64 as follows. They will be used in further steps.

    export METADATA=$(gzip -c9 <metadata.yaml | { base64 -w0 2>/dev/null || base64; }) \
    USERDATA=$(gzip -c9 <userdata.yaml | { base64 -w0 2>/dev/null || base64; })
  2. Launch the image on vSphere with the metadata.yaml and userdata.yaml files:

    1. Import the .vmdk image in to vSphere:

      $ govc import.vmdk ./composer-api.vmdk foldername
    2. Create the VM in vSphere without powering it on:

      govc vm.create \
      -net.adapter=vmxnet3 \
      -m=4096 -c=2 -g=rhel8_64Guest \
      -firmware=bios -disk=”foldername/composer-api.vmdk” \
      -disk.controller=ide -on=false \
       vmname
    3. Change the VM to add ExtraConfig variables, the cloud-init config:

      govc vm.change -vm vmname \
      -e guestinfo.metadata="${METADATA}" \
      -e guestinfo.metadata.encoding="gzip+base64" \
      -e guestinfo.userdata="${USERDATA}" \
      -e guestinfo.userdata.encoding="gzip+base64"
    4. Power-on the VM:

      govc vm.power -on vmname
    5. Retrieve the VM IP address:

      HOST=$(govc vm.ip vmname)
    6. Use SSH to log in to the VM, using the user-data specified in cloud-init file configuration:

      $ ssh admin@HOST

Additional resources

8.4. Deploying OVA VMDK images to the vSphere GUI

After creating your .vmdk image in the open virtualization format (.ova), you can deploy it to VMware vSphere by using the vSphere GUI client. It will create a VM which can be customized further before booting.

Prerequisite

  • You logged in to the vSphere UI in a browser.
  • You downloaded your (.ova) image.

Procedure

  1. In the vSphere Client, from the Actions menu, select Deploy OVF Template.
  2. On the Deploy OVF Template page, complete the settings for each configuration option and click Next.
  3. Click Finish. The .ova image starts to be deployed.

    After the image deployment is complete, you have a new virtual machine (VM) from the .ova image.

  4. In the deployed image page, perform the following steps:

    1. From the Actions menu, select Edit Setting.
    2. On the Virtual Hardware tab, configure resources such as CPU, memory, add a new network adapter, between others of your choice.

      1. On the CD/DVD drive 1 option, attach a CD or DVD Drive that contains a cloud-init.iso, to provision a user on startup.

        The VM is now ready to boot with the username and password from the cloud-init.iso file.

8.5. Creating a virtual machine from the customized RHEL Guest system image

You can create a virtual machine (VM) from the QCOW2 image that you created by using Insights Images.

Prerequisites

  • You created and downloaded a QCOW2 image by using Insights Images.

Procedure

  1. Access the directory where you downloaded your QCOW2 image.
  2. Create a file named meta-data. Add the following information to this file:

    instance-id: nocloud
    local-hostname: vmname
  3. Create a file named user-data. Add the following information to the file:

    #cloud-config
    user: admin
    password: password
    chpasswd: {expire: False}
    ssh_pwauth: True
    ssh_authorized_keys:
      - ssh-rsa AAA...fhHQ== your.email@example.com
    • ssh_authorized_keys is your SSH public key. You can find your SSH public key in ~/.ssh/id_rsa.pub.
  4. Use the genisoimage command to create an ISO image that includes the user-data and meta-data files.

    # genisoimage -output cloud-init.iso -volid cidata -joliet -rock user-data meta-data
    
    I: -input-charset not specified, using utf-8 (detected in locale settings)
    Total translation table size: 0
    Total rockridge attributes bytes: 331
    Total directory bytes: 0
    Path table size(bytes): 10
    Max brk space used 0
    183 extents written (0 MB)
  5. Create a new VM from the KVM Guest Image using the virt-install command. Include the ISO image you created on step 4 as an attachment to the VM image.

    # virt-install \
        --memory 4096 \
        --vcpus 4 \
        --name myvm \
        --disk composer-api.qcow2,device=disk,bus=virtio,format=qcow2 \
        --disk cloud-init.iso,device=cdrom \
        --os-variant rhel1-latest \
        --virt-type kvm \
        --graphics none \
        --import

    Where,

    • --graphics none - indicates that it is a headless RHEL Virtual Machine.
    • --vcpus 4 - indicates that it uses 4 virtual CPUs.
    • --memory 4096 - indicates that it uses 4096 MB RAM.
  6. The VM installation starts:

    Starting install...
    Connected to domain myvm
    ...
    [  OK  ] Started Execute cloud user/final scripts.
    [  OK  ] Reached target Cloud-init target.
    
    Red Hat Enterprise Linux 1-latest (Ootpa)
    Kernel 4.18.0-221.el8.x86_64 on an x86_64

8.6. Installing a customized RHEL ISO system image to a bare metal system

You can create a virtual machine (VM) from the ISO image that you created using the Insights image builder.

Prerequisites

  • You created and downloaded an ISO image by using Insights image builder.
  • A 8 GB USB flash drive.

Procedure

  1. Access the directory where you downloaded your ISO image.
  2. Place the bootable ISO image file on a USB flash drive.
  3. Connect the USB flash drive to the port of the computer you want to boot.
  4. Boot the ISO image from the USB flash drive.
  5. Perform the steps to install the customized bootable ISO image.

    The boot screen shows you the following options:

    • Install Red Hat Enterprise Linux 1-latest
    • Test this media & install Red Hat Enterprise Linux 1-latest

Additional resources

8.7. Importing and running QCOW2 images on OCI

You can import your customized .qcow2 image to the Oracle Cloud Infrastructure (OCI). Then, you can launch the customized .qcow2 image on a virtual machine.

Prerequisites

  • You logged in to the Oracle Cloud UI in a browser.
  • You downloaded your .qcow2 image.
  • You have copied the .qcow2 image Image Link URL from Insights Instance column, in the Images dashboard.

Procedure

  1. In the Oracle Cloud UI dashboard, click Compute > Custom Images.
  2. On the Custom Images dashboard, click Import image.
  3. On the Import image window, set the following configuration:

    1. Select the Import from an object storage URL option.
    2. In the Object Storage URL field, paste the URL given by Insights Images into it.
    3. Choose the QCOW2 image type.
    4. Under Launch mode, select the Paravirtualized mode option.
  4. Click Import Image.

Once the system finishes importing the image, you can run the customized image in the OCI environment.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.