Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 4. Building and managing customized RHEL images

You can use a blueprint to build customized RHEL images for a variety of deployment types by using Lightspeed Images. You can build Conventional (RPM-DNF) images.

  • You can only launch customized images directly from the Hybrid Cloud Console to the AWS, GCP, and Microsoft Azure public clouds.
  • The VMDK customized images must first be uploaded to VMWare vSphere, deployed there, and then you can create a VM.
  • For the Guest image (.qcow2), and Installer (.iso), you can download these images and deploy them directly to virtual machines.
  • You can use Lightspeed image builder to build images for the x86_64 and the aarch64 architectures.
Important

Red Hat Hybrid Cloud Console does not support uploading Amazon Web Services (AWS), Google Cloud Platform (GCP), and *Microsoft Azure images to GovCloud regions.

4.1. About building customized images
Copy link

You can build Conventional (RPM-DNF) images from a blueprint.

  • The Conventional (RPM-DNF) enables you to manage or modify the system software by using the DNF package manager and updated RPM packages.

The image artifacts are saved for 14 days and expire after that. To avoid losing the image, transfer the image to your account before the expiration date. If an image has already expired, you can also re-create the exact image based on an existing blueprint to reuse the previous configuration.

You can also download the compose request of your image and use the image builder API to automate your image building tasks.

4.2. Building customized RHEL system image
Copy link

Create customized RHEL system images from a blueprint by using Lightspeed Images, and deploy the images on your target environment.

Prerequisites

Procedure

  1. Access the Hybrid Cloud Console, and navigate to Inventory Image Builder. The list of existing blueprints appears. For details on how to access the Red Hat Hybrid Cloud Console, see Getting started with the Red Hat Hybrid Cloud Console.

  2. Select the blueprint that you want to build an image from.

    1. Optionally, select the blueprint version from the drop-down menu.

  3. Click Build images. A pop-up alert informs that the image is being built.

    After the image process status is marked as Ready, you can use it in your deployments.

After you built your image, uploaded it to AWS, and the cloud registration process status is marked as Ready, you can access the image that you created and shared with your AWS EC2 account.

The shared image expire within 14 days. To permanently access your image, copy the image to your own AWS account.

Prerequisites

Procedure

  1. Access your AWS account and navigate to Service EC2.
  2. In the navigation bar, verify if you are under the correct region: us-east-1.
  3. Click Images, and choose AMIs. The dashboard with the Owned by me images opens.

  4. From the drop-down menu, choose Private images.

    You can see the image successfully shared with the AWS account you specified.

Launch the image that you shared with your AWS account to the Amazon Elastic Compute Cloud(Amazon EC2) compute platform.

Prerequisites

Procedure

  1. From the drop-down menu, under Private images, locate the image that you shared to the AWS account you specified.
  2. Select the image you want to launch.
  3. On the top of the panel, click Launch. You are redirected to the Choose an Instance Type window.
  4. Choose the instance type according to the resources you need to launch your image. Click Review and Launch.
  5. Review your instance launch details. You can edit each section, such as Security, Storage, for example, if you need to make any changes. After you finish the review, click Launch.

  6. To launch the instance, you must select a public key to access it.

    Create a new key pair in EC2 and attach it to the new instance.

    1. From the drop-down menu list, select Create a new key pair.
    2. Enter the name to the new key pair. It generates a new key pair.
    3. Click Download Key Pair to save the new key pair on your local system.

  7. Then, you can click Launch Instance to launch your instance.

    You can check the status of the instance, it shows as Initializing.

  8. After the instance status is running, the Connect button turns available.

  9. Click Connect. A popup window appears with instructions on how to connect by using SSH.

    1. Select the preferred connection method to A standalone SSH client and open a terminal.

    2. In the location you store your private key, make sure that your key is publicly viewable for SSH to work. To do so, run the command: 

      $ chmod 400 <your-instance-name.pem>
      Copy to Clipboard Toggle word wrap

    3. Connect to your instance by using its Public DNS: 

      $ ssh -i "<your-instance-name.pem> ec2-user@<your-instance-IP-address>"
      Copy to Clipboard Toggle word wrap

    4. Type yes to confirm that you want to continue connecting.

      As a result, you are connected to your instance over SSH.

Verification

  • From a terminal, check if you are able to perform any action while connected to your instance by using SSH.

You can copy the image you successfully shared with the Amazon Web Services EC2 to your own account. Doing so, you grant that the image you shared and copied is available until you delete it, instead of expiring after some time. To copy your image to your own account, follow the steps:

Prerequisites

  • You have access to your customized image on AWS.

Procedure

  1. From the list of Private images, select the image you want to copy.
  2. On the top of the panel, click Actions.
  3. From the drop-down menu, choose Copy AMI. A pop-up window appears.

  4. Choose the Destination region and click Copy AMI.

    After the copying process is complete, you are provided with the new AMI ID. You can launch a new instance in the new region.

    Note

    When you copy an image to a different region, it results in a separate and new AMI in the destination region, with a unique AMI ID.

You must authorize Lightspeed image builder to push images to the Microsoft Azure cloud. This is a one-time action. he following are high-level steps:

  • Configure Lightspeed Images as an authorized application for your tenant GUID

  • Give the role of Contributor to at least one resource group of the authorized application .

    To authorize Image Builder as an authorized application, follow the steps:

Prerequisites

  • You have an existing Resource Group in Microsoft Azure portal.
  • You have the User Access Administrator role rights.
  • Your Microsoft Azure subscription has Microsoft.Storage and Microsoft.Compute as a resource provider.

Procedure

  1. Access the Hybrid Cloud Console, and navigate to Inventory Image Builder. The Lightspeed image builder dashboard appears. For details on how to access the Red Hat Hybrid Cloud Console, see Getting started with the Red Hat Hybrid Cloud Console.
  2. Click Create blueprint. The Image output wizard opens.

  3. On the Image output page, complete the following steps:

    1. From the Release list, select the release that you want to use.

    2. From the Select target environments option, select Microsoft Azure.

      Click Next.

  4. On the Target Environment - Microsoft Azure window, to add Image Builder as an authorized application, select one of the following share method options:

    1. Use an account configured from Sources:

      1. From the Source name dropdown menu, select the source that you previously configured. See Connecting Microsoft Azure account to the Red Hat Hybrid Cloud Console.

  5. The Azure tenant GUID, the Subscription ID, and the Resource group are automatically completed, and the Authorize image builder button becomes available.

    Image builder checks if your Tenant GUID is correctly formatted and the Authorize image builder button becomes available.

    1. Manually enter the account information:

      1. Enter your Azure Tenant GUID.

        Image builder checks if your Tenant GUID is correctly formatted and the Authorize image builder button becomes available.

    2. One time action: Click Authorize image builder to authorize Image Builder to push images to the Microsoft Azure cloud.

      This redirects you to the Microsoft Azure portal.

      1. Login with your credentials.
      2. Click Accept the Permission requested. Note that, if you already went through the authentication process before, you will not see the Permission requested. It is already granted.

    3. Confirm that Image Builder is authorized for your tenant.

      1. In the search bar, search for Azure Active Directory.
      2. From the Services menu, click Microsoft Entra ID, from the left menu. The Azure Active Directory page opens.
      3. Search for Lightspeed image builder and confirm it is authorized.
      4. In the Azure Active Directory, from the Services list, select Enterprise applications.
      5. In the Enterprise applications page, from the Manage list menu, click All applications. You can see Red Hat Image Builder is authorized in the Microsoft Azure cloud.

    4. Add the Red Hat Image Builder as a contributor to your Resource Group.

      1. In the search bar, type Resource Groups and select the first entry under Services. This redirects you to the Resource Groups dashboard.
      2. Search and select your Resource Group by name.
      3. On the lateral menu, click Access control (IAM) to add a permission to the Red Hat Image Builder application to access your resource group.
      4. From the menu, click the tab Role assignments.
      5. Click +Add.

      6. From the dropdown menu, choose Add role assignment. A menu appears on the left side.

        Select role
        Assign the Contributor role.
        Assign access to
        Select the option Assign access to user, group, and service principal.
        Members
        Click +Select members and type Red Hat in the search bar. Click enter.
        Select

        Red Hat Image Builder application.

        The Red Hat Image Builder application is now authorized to push images to the Microsoft Azure cloud.

        Note

        The Red Hat Image Builder application can locate resources only when the account administrator adds the shared application as a contributor under the IAM section of the resource group.

Verification

  • From the menu, click the tab Role assignments.

    You can see Red Hat Image Builder set as a Contributor of the Resource Group you selected.

After finishing to build and upload the image, and the cloud registration process status is marked as Ready, you can access the Azure Disk Image from your Microsoft Azure account.

Prerequisites

Procedure

  • Access your Microsoft Azure dashboard and navigate to the Resource group page.

Verification

  1. After you access your Microsoft Azure Account, you can see that the image successfully shared with the resource group account you specified.

    Note

    If the image is not visible there, you might have issues with the upload process. Return to the Lightspeed image builder dashboard and check if the image is marked as Ready.

After the image is built, uploaded, and the cloud registration process status is Ready, you can create a Virtual Machine (VM) instance by using the GCP image.

Prerequisites

Procedure

  1. From the Lightspeed image builder dashboard, copy the image UUID of the image that you created.
  2. Access /composes/{composeId} API endpoint.
  3. Click Try it Out to activate the composeId string path.
  4. Enter the UUID into the composes/{composeId} field in the API endpoint.

  5. Click Execute. The API endpoint generates a response in the Response body, for example: 

    {
  "image_status": {
    "status": "success",
    "upload_status": {
      "options": {
        "image_name": "composer-api-03f0e19c-0050-4c8a-a69e-88790219b086",
        "project_id": "red-hat-image-builder"
      },
      "status": "success",
      "type": "gcp"
    }
  }
}
    Copy to Clipboard Toggle word wrap
  6. From the Response body field, copy the image_name and project_id to access the image from the Google Cloud Platform environment.

  7. From your browser, access Google Cloud Shell and set your Google Cloud Platform Project ID as the default GCP project. You can find the Product ID of your project by accessing the Google Cloud Platform dashboard. 

    $ gcloud config set project PROJECT_ID
    Copy to Clipboard Toggle word wrap
  8. In the Authorize Cloud Shell window prompt, click Authorize to allow this and future calls that require your credentials.

  9. Create a VM instance with the image by using the gcloud command in the Google Cloud Shell: 

    $ gcloud compute instances create INSTANCE_NAME \
  --image-project PROJECT_ID_FROM_RESPONSE \
  --image IMAGE_NAME \
  --zone GCP_ZONE
    Copy to Clipboard Toggle word wrap

    Where:

    • INSTANCE_NAME is the name for your instance;
    • PROJECT_ID_FROM_RESPONSE is the project_id generated by Response body;
    • IMAGE_NAME is the image_name generated by Response body;
    • GCP_ZONE is the GCP zone in which the instance will be created.

Verification

  1. Verify that Compute Engine created the VM: 

    $ gcloud compute instances describe INSTANCE_NAME
    Copy to Clipboard Toggle word wrap

  2. Connect to the VM instance using SSH: 

    $ gcloud compute ssh --project=PROJECT_ID --zone=ZONE INSTANCE_NAME
    Copy to Clipboard Toggle word wrap

4.9. Copying the GCE image to your project group
Copy link

You can create a Virtual Machine (VM) instance using the GCE image.

Prerequisites

  • The universally unique identifier (UUID) of the image you created.
  • Access to the Image-builder service API endpoint.
  • Access to the Google Cloud Shell from your browser.

Procedure

  1. From the Images dashboard, copy the UUID image of the image you created.
  2. Access /composes/{composeId} API endpoint.
  3. Click Try it Out to activate the composeId string path.
  4. Enter the UUID into the composes/{composeId} field in the API endpoint.

  5. Click Execute. The API endpoint generates a response in the Response body, for example: 

    {
  "image_status": {
    "status": "success",
    "upload_status": {
      "options": {
        "image_name": "composer-api-03f0e19c-0050-4c8a-a69e-88790219b086",
        "project_id": "red-hat-image-builder"
      },
      "status": "success",
      "type": "gcp"
    }
  }
}
    Copy to Clipboard Toggle word wrap

  6. From the Response body field, copy the image_name and project_id to access the image from the Google Cloud Platform environment. From the Response body: 

    "image_name": "composer-api-03f0e19c-0050-4c8a-a69e-88790219b086",
"project_id": "red-hat-image-builder"
    Copy to Clipboard Toggle word wrap
  7. From your browser, access Google Cloud Shell.

  8. Set your Google Cloud Platform Project ID as the default GCP project. You can find the Product ID of your project by accessing the Google Cloud Platform dashboard. 

    $ gcloud config set project PROJECT_ID
    Copy to Clipboard Toggle word wrap
  9. In the Authorize Cloud Shell window prompt, click Authorize to allow this and future calls that require your credentials.

  10. Copy the image to your project by using the gcloud command: 

    $ gcloud compute images create MY_IMAGE_NAME \
  --source-image-project red-hat-image-builder \
  --source-image IMAGE_NAME
    Copy to Clipboard Toggle word wrap

    Where:

    • MY_IMAGE_NAME is the name you give to your instance;
    • red-hat-image-builder is the project_id generated by Response body;
    • IMAGE_NAME is the image_name generated by Response body;

Verification

Confirm that the image has been successfully copied to your project:

  • Using the Google Cloud Platform UI, by accessing the Compute Engine / Images section.

  • Using the gcloud tool, by running the command in Google Cloud Shell: 

    $ gcloud compute images list --no-standard-images
    Copy to Clipboard Toggle word wrap

4.10. Creating a new image from an existing build
Copy link

You can create a new image from an existing customized RHEL image by using Lightspeed Images. The Lightspeed Images re-creates the exact image, with a different UUID, which you can use to identify the image in the Hybrid Cloud Console.

The new image also fetches package updates and refreshes the content with those updates. You can customize this new image to fit your requirements.

+ NOTE: You can re-create images from failed builds.

Prerequisites

  • You created an AWS image with Lightspeed Images.

Procedure

  1. From the Images dashboard, select the image from which you want to create your customized image.

  2. Click the Node options menu (⫶) and select Re-create image. The Create image wizard opens.

    Note

    If the image status is Expired, click the Re-create image button.

    1. Optional: You can customize the new image by using the Navigation panel to open a step and making changes. Click Next.

    2. On the Review page, click Create image.

      The Lightspeed Images dashboard opens. The image build starts to re-create the image and lists the following information:

      • Image name
      • UUID
      • Cloud target environment
      • Image operating system release
      • Status of the image creation

Verification

  • From the Status column, check if the image is Ready.
  • Optional: Click Image details to display additional information about the re-created image.

4.11. Downloading the JSON compose request
Copy link

If you download the .json compose request of your image, you can use the image builder API to automate your image building tasks. For example, you can automate customizing the image with extra packages, customizing the partition layout, or embedding an activation key.

Prerequisites

  • You created an image with Lightspeed Images.

Procedure

  1. From the Images table, select the image that you want to download as a .json compose request.

  2. Click the Node options () menu and select Download compose request (.json).

    The .json compose request is now saved to your host server. To use the image builder API, see Using hosted image builder via its API.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat