Chapter 8. Deploying your customized images
After creating customized images for the VMWare vSphere private cloud, you can deploy the images to VMware vSphere. For the Guest image (.qcow2
), and Installer (.iso
), you can then download these images and deploy them to virtual machines.
You can only launch customized images directly from Hybrid Cloud Console to the following public clouds: AWS, GCP, and Azure. The VMDK customized images must first be uploaded to VMWare vSphere, deployed there, and then you can create a VM. For the Guest image (.qcow2
), and Installer (.iso
), you can then download these images and deploy them directly to virtual machines.
8.1. Configuring credentials to access your deployed systems with cloud-init
You cannot add a username and password to a blueprint by using the Red Hat Insights images UI interface. To add a username and password to your image, use the cloud-init
tool.
The following example shows how to add credentials to a VMware OVA image type created with Insights image builder. You can add credentials to other image types by using this method.
The Open virtualization format (.ova
) is a .vmdk
image with additional metadata about the virtual hardware. The .ova
image contains the cloud-init
package installed that you can use to provision users by using a user-data
file, for example.
Instead of sharing your login credentials to a hosted service, use cloud-init
and open-vm-tools
, that are installed within the image and enabled by default. For example, you can use it to pass the credentials to the VMware vSphere Cloud Director by using cloud-init
.
Prerequisites
-
You created an image in the
.ova
format by using the Hybrid Cloud Console.
Procedure
-
Access the directory where you downloaded your
.ova
image. Create a file named
metadata.yaml
and add the following information to this file:instance-id: cloud-vm local-hostname: vmname
Create a file
userdata.yaml
. Add the following information to the file:#cloud-config users: - name: admin sudo: "ALL=(ALL) NOPASSWD:ALL" ssh_authorized_keys: - ssh-rsa AAA...fhHQ== your.email@example.com
This file contains the administrator or root user credentials with no password that you can use to access your system after the first boot and create additional users later. The
ssh_authorized_keys
field is your SSH public key. You can find your SSH public key in~/.ssh/id_rsa.pub
.
Next steps
- Deploy your image to vSphere by using the CLI or to the the vSphere GUI.
8.2. Configuring credentials to access your deployed systems with API
You cannot add a username and password to a blueprint by using the Red Hat Insights images UI interface. To add a username and password to your image, use the Image-builder service API.
The following example shows how to add credentials to a VMware OVA image type created with Insights image builder. You can also use this method to add credentials to other image types.
Prerequisites
- Access to Hybrid Cloud Console.
- OAuth 2.0 authorization.
- You created an offline token. See Generate an offline token.
- Access to the Image-builder service API.
-
The
jq
tool is installed
Procedure
The offline token that you generated by using Red Hat API Tokens cannot be used directly with image builder. To use it, follow the steps:
-
Save your offline token to a
OFFLINE_TOKEN
variable. Exchange the offline token for an access token by using the following command:
$ OFFLINE_TOKEN=”YOUR_OFFLINE_TOKEN” $ curl --silent \ --request POST \ --data grant_type=refresh_token \ --data client_id=rhsm-api \ --data refresh_token=$OFFLINE_TOKEN \ https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token \ | jq .
It generates an output similar to the following example:
{ "access_token": "oiZjo1Mjhk...", "expires_in": 900, "refresh_expires_in": 0, "refresh_token": "eyJhbG...", "token_type": "bearer", "not-before-policy": 0, "session_state": "f0dbb8d4-4e4e-4654-844c-6f3704c84422", "scope": "offline_access" }
-
Save your offline token to a
Use
jq
to get the actual access token from the JSON payload and save it in a variable using the following snippet:$ access_token=$( \ curl --silent \ --request POST \ --data grant_type=refresh_token \ --data client_id=rhsm-api \ --data refresh_token=$OFFLINE_TOKEN \ https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token \ | jq -r .access_token \ )
The access token has an expiration time. If you receive an authorization error, rerun the previous command to generate a new access token.
In your system, create a compose request in the
.json
format. The following example creates an up-to-date RHEL 9.4ova
for x86_64 CPU architecture.$ cat request.json { "image_name": "ova_image_name", "distribution": "rhel-94", "image_requests": [ { "architecture": "x86_64", "image_type": "vsphere-ova", "upload_request": { "type": "vmdk", "options": {} } } ], "customizations": { "users": [ { "name": "user-name", "ssh_key": "ssh-rsa AAAAB...qfGI+vk", "password": "password" } ] } }
Send the compose request to the image builder API:
$ curl --silent \ --request POST \ --header "Authorization: Bearer $access_token" \ --header "Content-Type: application/json" \ --data @request.json \ https://console.redhat.com/api/image-builder/v1/compose
If the request is successful, you can see an output similar to the following, that is the image ID:
{"id":"fd4ecf3c-f0ce-43dd-9fcc-6ad11208b939"}
Check the status of the image building:
$ curl \ --silent \ --header "Authorization: Bearer $access_token" \ "https://console.redhat.com/api/image-builder/v1/composes/$compose_id" \ | image_ID.
If the request is successful, you can see an output similar to the following, that is the image ID:
{"id":"fd4ecf3c-f0ce-43dd-9fcc-6ad11208b939"}
You can also check the image building progress by accessing Red Hat Hybrid Cloud Console.
After the image builds, you can see the following output:
If the request is successful, you can see an output similar to the following, that is the image ID:
{ "image_status": { "status": "success", "upload_status": { "options": { "url": "https://image-builder-service-production.s3.amazonaws.com/composer-api-76...-disk.ova?e42..." }, "status": "success", "type": "aws.s3" } } }
After finishing the image creation, download the image.
$ curl --location --output vsphere-ova.vmdk \ “https://image-builder-service-production.s3.amazonaws.com/composer-api-76...-disk.ova?e42...”
The image is saved to your system and ready to be used.
Next steps
- Deploy your image to vSphere by using the CLI or to the vSphere GUI.
Additional resources
- The Getting started with Red Hat APIs article
- The Image-builder service API blog post
8.3. Uploading VMDK images and creating a RHEL virtual machine in vSphere
After creating and configuring your image, you can deploy it to VMware vSphere by using the CLI, and you can create a VM and log in to it.
Prerequisites
-
You configured credentials to access your deployed systems by using the
cloud-init
tool. See Configuring credentials to access your deployed systems. You configured the
govc
VMware CLI tool client with the following values in the environment by setting the following values in the environment:GOVC_URL GOVC_DATACENTER GOVC_FOLDER GOVC_DATASTORE GOVC_RESOURCE_POOL GOVC_NETWORK
Procedure
Export the
metadata.yaml
anduserdata.yaml
files to the environment, compressed withgzip
, encoded inbase64
as follows. They will be used in further steps.export METADATA=$(gzip -c9 <metadata.yaml | { base64 -w0 2>/dev/null || base64; }) \ USERDATA=$(gzip -c9 <userdata.yaml | { base64 -w0 2>/dev/null || base64; })
Launch the image on vSphere with the
metadata.yaml
anduserdata.yaml
files:Import the
.vmdk
image in to vSphere:$ govc import.vmdk ./composer-api.vmdk foldername
Create the VM in vSphere without powering it on:
govc vm.create \ -net.adapter=vmxnet3 \ -m=4096 -c=2 -g=rhel8_64Guest \ -firmware=bios -disk=”foldername/composer-api.vmdk” \ -disk.controller=ide -on=false \ vmname
Change the VM to add
ExtraConfig
variables, thecloud-init
config:govc vm.change -vm vmname \ -e guestinfo.metadata="${METADATA}" \ -e guestinfo.metadata.encoding="gzip+base64" \ -e guestinfo.userdata="${USERDATA}" \ -e guestinfo.userdata.encoding="gzip+base64"
Power-on the VM:
govc vm.power -on vmname
Retrieve the VM IP address:
HOST=$(govc vm.ip vmname)
Use SSH to log in to the VM, using the user-data specified in
cloud-init
file configuration:$ ssh admin@HOST
Additional resources
- The govc documentation
- The VMware - cloud init 22.2 documentation
8.4. Deploying OVA VMDK images to the vSphere GUI
After creating your .vmdk
image in the open virtualization format (.ova
), you can deploy it to VMware vSphere by using the vSphere GUI client. It will create a VM which can be customized further before booting.
Prerequisite
- You logged in to the vSphere UI in a browser.
-
You downloaded your (
.ova
) image.
Procedure
- In the vSphere Client, from the Actions menu, select Deploy OVF Template.
- On the Deploy OVF Template page, complete the settings for each configuration option and click .
Click
. The.ova
image starts to be deployed.After the image deployment is complete, you have a new virtual machine (VM) from the
.ova
image.In the deployed image page, perform the following steps:
- From the Actions menu, select Edit Setting.
On the Virtual Hardware tab, configure resources such as CPU, memory, add a new network adapter, between others of your choice.
On the CD/DVD drive 1 option, attach a CD or DVD Drive that contains a
cloud-init.iso
, to provision a user on startup.The VM is now ready to boot with the username and password from the
cloud-init.iso
file.
Additional resources
- Deploy an OVF or OVA Template
- The govc documentation
- The VMware - cloud init 22.2 documentation
8.5. Creating a virtual machine from the customized RHEL Guest system image
You can create a virtual machine (VM) from the QCOW2 image that you created by using Insights Images.
Prerequisites
- You created and downloaded a QCOW2 image by using Insights Images.
Procedure
- Access the directory where you downloaded your QCOW2 image.
Create a file named
meta-data
. Add the following information to this file:instance-id: nocloud local-hostname: vmname
Create a file named
user-data
. Add the following information to the file:#cloud-config user: admin password: password chpasswd: {expire: False} ssh_pwauth: True ssh_authorized_keys: - ssh-rsa AAA...fhHQ== your.email@example.com
-
ssh_authorized_keys
is your SSH public key. You can find your SSH public key in~/.ssh/id_rsa.pub
.
-
Use the
genisoimage
command to create an ISO image that includes theuser-data
andmeta-data
files.# genisoimage -output cloud-init.iso -volid cidata -joliet -rock user-data meta-data I: -input-charset not specified, using utf-8 (detected in locale settings) Total translation table size: 0 Total rockridge attributes bytes: 331 Total directory bytes: 0 Path table size(bytes): 10 Max brk space used 0 183 extents written (0 MB)
Create a new VM from the KVM Guest Image using the
virt-install
command. Include the ISO image you created on step 4 as an attachment to the VM image.# virt-install \ --memory 4096 \ --vcpus 4 \ --name myvm \ --disk composer-api.qcow2,device=disk,bus=virtio,format=qcow2 \ --disk cloud-init.iso,device=cdrom \ --os-variant rhel1-latest \ --virt-type kvm \ --graphics none \ --import
Where,
- --graphics none - indicates that it is a headless RHEL Virtual Machine.
- --vcpus 4 - indicates that it uses 4 virtual CPUs.
- --memory 4096 - indicates that it uses 4096 MB RAM.
The VM installation starts:
Starting install... Connected to domain myvm ... [ OK ] Started Execute cloud user/final scripts. [ OK ] Reached target Cloud-init target. Red Hat Enterprise Linux 1-latest (Ootpa) Kernel 4.18.0-221.el8.x86_64 on an x86_64
Additional resources
8.6. Installing a customized RHEL ISO system image to a bare metal system
You can create a virtual machine (VM) from the ISO image that you created using the Insights image builder.
Prerequisites
- You created and downloaded an ISO image by using Insights image builder.
- A 8 GB USB flash drive.
Procedure
- Access the directory where you downloaded your ISO image.
- Place the bootable ISO image file on a USB flash drive.
- Connect the USB flash drive to the port of the computer you want to boot.
- Boot the ISO image from the USB flash drive.
Perform the steps to install the customized bootable ISO image.
The boot screen shows you the following options:
- Install Red Hat Enterprise Linux 1-latest
- Test this media & install Red Hat Enterprise Linux 1-latest
Additional resources
8.7. Importing and running QCOW2 images on OCI
You can import your customized .qcow2
image to the Oracle Cloud Infrastructure (OCI). Then, you can launch the customized .qcow2
image on a virtual machine.
Prerequisites
- You logged in to the Oracle Cloud UI in a browser.
-
You downloaded your
.qcow2
image. -
You have copied the
.qcow2
image Image Link URL from Insights Instance column, in the Images dashboard.
Procedure
- In the Oracle Cloud UI dashboard, click Compute > Custom Images.
- On the Custom Images dashboard, click Import image.
On the Import image window, set the following configuration:
- Select the Import from an object storage URL option.
- In the Object Storage URL field, paste the URL given by Insights Images into it.
- Choose the QCOW2 image type.
- Under Launch mode, select the Paravirtualized mode option.
- Click .
Once the system finishes importing the image, you can run the customized image in the OCI environment.