Chapter 8. Building simplified installer images to provision a RHEL for Edge image

Procedure

1. Mount the ISO image to the directory of your choice:

   # mkdir /mnt/rhel8-install/
   # mount -o loop,ro -t iso9660 /path_directory/installer.iso /mnt/rhel8-install/

   Copy to Clipboard Toggle word wrap

   Replace /path_directory/installer.iso with the path to the RHEL for Edge bootable ISO image.

2. Copy the files from the mounted image to the HTTP server root. This command creates the /var/www/html/rhel8-install/ directory with the contents of the image.

   # mkdir /var/www/html/httpboot/
   # cp -R /mnt/rhel8-install/ /var/www/html/httpboot/*
   # chmod -R +r /var/www/html/httpboot/*

   Copy to Clipboard Toggle word wrap
   Note

   Some copying methods can skip the .treeinfo file which is required for a valid installation source. Running the cp command for whole directories as shown in this procedure will copy .treeinfo correctly.

3. Update the /var/www/html/EFI/BOOT/grub.cfg file, by replacing:

   1. coreos.inst.install_dev=/dev/sda with coreos.inst.install_dev=/dev/vda
   2. linux /images/pxeboot/vmlinuz with linuxefi /images/pxeboot/vmlinuz
   3. initrd /images/pxeboot/initrd.img with initrdefi /images/pxeboot/initrd.img

   4. coreos.inst.image_file=/run/media/iso/disk.img.xz with coreos.inst.image_url=http://{IP-ADDRESS}/disk.img.xz

      The IP-ADDRESS is the IP address of this machine, which serves as a http boot server.

4. Start the httpd service:

   # systemctl start httpd.service

   Copy to Clipboard Toggle word wrap

   As a result, after you set up an UEFI HTTP Boot server, you can install your RHEL for Edge devices by using UEFI HTTP boot.

Procedure

1. Create a plain text file in the Tom’s Obvious, Minimal Language (TOML) format, with the following content:

   name = "simplified-installer-blueprint"
   description = "blueprint for the simplified installer image"
   version = "0.0.1"
   packages = []
   modules = []
   groups = []
   distro = ""
   
   [customizations]
   installation_device = "/dev/vda"
   
   [[customizations.user]]
   name = "admin"
   password = "admin"
   groups = ["users", "wheel"]
   
   [customizations.fdo]
   manufacturing_server_url = "http://10.0.0.2:8080"
   diun_pub_key_insecure = "true"

   Copy to Clipboard Toggle word wrap
   Note

   The FDO customization in the blueprints is optional, and you can build your RHEL for Edge Simplified Installer image with no errors.

   • name is the name and description is the description for your blueprint.
   • 0.0.1 is the version number according to the Semantic Versioning scheme.
   • Modules describe the package name and matching version glob to be installed into the image, for example, the package name = "tmux" and the matching version glob is version = "2.9a". Notice that currently there are no differences between packages and modules.
   • Groups are packages groups to be installed into the image, for example the anaconda-tools group package. If you do not know the modules and groups, leave them empty.
   • installation-device is the customization to enable an unattended installation to your device.
   • manufacturing_server_url is the URL to perform the initial device credential exchange.
   • name is the user name to login to the image.
   • password is a password of your choice.
   • groups are any user groups, such as "widget".

2. Push (import) the blueprint to the RHEL image builder server:

   # composer-cli blueprints push blueprint-name.toml

   Copy to Clipboard Toggle word wrap

3. Check whether the created blueprint is successfully pushed and exists.

   # composer-cli blueprints show blueprint-name

   Copy to Clipboard Toggle word wrap

4. Check whether the components and versions listed in the blueprint and their dependencies are valid:

   # composer-cli blueprints depsolve blueprint-name

   Copy to Clipboard Toggle word wrap

Procedure

1. Create the bootable ISO image.

   # composer-cli compose start-ostree \
   blueprint-name \
   edge-simplified-installer \
   --ref rhel/8/x86_64/edge \
   --url URL-OSTree-repository \

   Copy to Clipboard Toggle word wrap

   Where,

   • blueprint-name is the RHEL for Edge blueprint name.
   • edge-simplified-installer is the image type .
   • --ref is the reference for where your commit is going to be created.

   • --url is the URL to the OSTree repository of the commit to embed in the image. For example, http://10.0.2.2:8080/repo/. You can either start a RHEL for Edge Container or set up a web server. See Creating a RHEL for Edge Container image for non-network-based deployments and Setting up a web server to install RHEL for Edge image.

     A confirmation that the composer process has been added to the queue appears. It also shows a Universally Unique Identifier (UUID) number for the image created. Use the UUID number to track your build. Also keep the UUID number handy for further tasks.

2. Check the image compose status.

   # composer-cli compose status

   Copy to Clipboard Toggle word wrap

   The output displays the status in the following format:

   <UUID> RUNNING date blueprint-name blueprint-version image-type

   Copy to Clipboard Toggle word wrap
   Note

   The image creation processes can take up to ten minutes to complete.

   To interrupt the image creation process, run:

   # composer-cli compose cancel <UUID>

   Copy to Clipboard Toggle word wrap

   To delete an existing image, run:

   # composer-cli compose delete <UUID>

   Copy to Clipboard Toggle word wrap

Procedure

1. Click Create Blueprint in the upper-right corner of the RHEL image builder app.

   A dialog wizard with fields for the blueprint name and description opens.

2. On the Details page:

   1. Enter the name of the blueprint and, optionally, its description. Click Next.

3. Optional: On the Packages page, complete the following steps:

   1. In the Available packages search, enter the package name and click the > button to move it to the Chosen packages field. Search and include as many packages as you want. Click Next.

      Note

      The customizations are all optional unless otherwise specified.

4. Optional: On the Kernel page, enter a kernel name and the command-line arguments.
5. Optional: On the File system page, select Use automatic partitioning.The filesystem customization is not supported for OSTree systems, because OSTree images have their own mount rule, such as read-only. Click Next.

6. Optional: On the Services page, you can enable or disable services:

   1. Enter the service names you want to enable or disable, separating them by a comma, by space, or by pressing the Enter key. Click Next.

7. Optional: On the Firewall page, set up your firewall setting:

   1. Enter the Ports, and the firewall services you want to enable or disable.
   2. Click the Add zone button to manage your firewall rules for each zone independently. Click Next.

8. On the Users page, add a users by following the steps:

   1. Click Add user.

   2. Enter a Username, a password, and a SSH key. You can also mark the user as a privileged user, by clicking the Server administrator checkbox.

      Note

      When you specify the user in the blueprint customization and then create an image from that blueprint, the blueprint creates the user under the /usr/lib/passwd directory and the password under the /usr/etc/shadow during installation time. You can log in to the device with the username and password you created for the blueprint. After you access the system, you must create users, for example, using the useradd command.

      Click Next.

9. Optional: On the Groups page, add groups by completing the following steps:

   1. Click the Add groups button:

      1. Enter a Group name and a Group ID. You can add more groups. Click Next.

10. Optional: On the SSH keys page, add a key:

    1. Click the Add key button.

       1. Enter the SSH key.
       2. Enter a User. Click Next.

11. Optional: On the Timezone page, set your timezone settings:

    1. On the Timezone field, enter the timezone you want to add to your system image. For example, add the following timezone format: "US/Eastern".

       If you do not set a timezone, the system uses Universal Time, Coordinated (UTC) as default.

    2. Enter the NTP servers. Click Next.

12. Optional: On the Locale page, complete the following steps:

    1. On the Keyboard search field, enter the package name you want to add to your system image. For example: ["en_US.UTF-8"].
    2. On the Languages search field, enter the package name you want to add to your system image. For example: "us". Click Next.

13. Mandatory: On the Others page, complete the following steps:

    1. In the Hostname field, enter the hostname you want to add to your system image. If you do not add a hostname, the operating system determines the hostname.
    2. Mandatory: In the Installation Devices field, enter a valid node for your system image to enable an unattended installation to your device. For example: dev/sda1. Click Next.

14. Optional: On the FIDO device onboarding page, complete the following steps:

    1. On the Manufacturing server URL field, enter the manufacturing server URL to perform the initial device credential exchange, for example: "http://10.0.0.2:8080". The FDO customization in the blueprints is optional, and you can build your RHEL for Edge Simplified Installer image with no errors.
    2. On the DIUN public key insecure field, enter the certification public key hash to perform the initial device credential exchange. This field accepts "true" as value, which means this is an insecure connection to the manufacturing server. For example: manufacturing_server_url="http://${FDO_SERVER}:8080" diun_pub_key_insecure="true". You must use only one of these three options: "key insecure", "key hash" and "key root certs".

    3. On the DIUN public key hash field, enter the hashed version of your public key. For example: 17BD05952222C421D6F1BB1256E0C925310CED4CE1C4FFD6E5CB968F4B73BF73. You can get the key hash by generating it based on the certificate of the manufacturing server. To generate the key hash, run the command:

       # openssl x509 -fingerprint -sha256 -noout -in /etc/fdo/aio/keys/diun_cert.pem | cut -d"=" -f2 | sed 's/://g'

       Copy to Clipboard Toggle word wrap

       The /etc/fdo/aio/keys/diun_cert.pem is the certificate that is stored in the manufacturing server.

    4. On the DIUN public key root certs field, enter the public key root certs. This field accepts the content of the certification file that is stored in the manufacturing server. To get the content of certificate file, run the command:

       $ cat /etc/fdo/aio/keys/diun_cert.pem.

       Copy to Clipboard Toggle word wrap
15. Click Next.
16. On the Review page, review the details about the blueprint. Click Create.

Procedure

1. Access mage builder dashboard.
2. On the blueprint table, find the blueprint you want to build an image for.
3. Navigate to the Images tab and click Create Image. The Create image wizard opens.

4. On the Image output page, complete the following steps:

   1. From the Select a blueprint list, select the blueprint you created for the RHEL for Edge Simplified image.
   2. From the Image output type list, select RHEL for Edge Simplified Installer (.iso).
   3. In the Image Size field, enter the image size. Minimum image size required for Simplified Installer image is:
5. Click Next.

6. In the OSTree settings page, complete the following steps:

   1. In the Repository URL field, enter the repository URL to where the parent OSTree commit will be pulled from.
   2. In the Ref field, enter the ref branch name path. If you do not enter a ref, the default ref for the distro is used.
7. On the Review page, review the image customization and click Create.

Procedure

1. Access the RHEL image builder dashboard. The blueprint list dashboard opens.
2. In the blueprint table, find the blueprint you built your RHEL for Edge Simplified Installer image for.
3. Navigate to the Images tab.

4. Choose one of the options:

   • Download the image.
   • Download the logs of the image to inspect the elements and verify if any issue is found.

Procedure

1. Set up a network configuration to support UEFI HTTP boot. See Setting up UEFI HTTP boot with libvirt.

2. Use the virt-install command to create a RHEL for Edge Virtual Machine from the UEFI HTTP Boot.

   # virt-install \
       --name edge-install-image \
       --disk path=”  “, ,format=qcow2
       --ram 3072 \
       --memory 4096 \
       --vcpus 2 \
       --network network=integration,mac=mac_address \
       --os-type linux
       --os-variant rhel8 \
       --cdrom "/var/lib/libvirt/images/”ISO_FILENAME"
       --boot uefi,loader_ro=yes,loader_type=pflash,nvram_template=/usr/share/edk2/ovmf/OVMF_VARS.fd,loader_secure=no
       --virt-type kvm \
       --graphics none \
        --wait=-1
        --noreboot

   Copy to Clipboard Toggle word wrap

Procedure

1. Copy the ISO image file to a USB flash drive.
2. Connect the USB flash drive to the port of the computer you want to boot.

3. Boot the ISO image from the USB flash drive.The boot menu shows you the following options:

   Install Red Hat Enterprise Linux 8
   Test this media & install Red Hat Enterprise Linux 8

   Copy to Clipboard Toggle word wrap
4. Choose Install Red Hat Enterprise Linux 8. This starts the system installation.