이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Deploying a Red Hat Enterprise Linux image as an EC2 instance on Amazon Web Services
You have a number of options for deploying a Red Hat Enterprise Linux (RHEL) 7 image as an EC2 instance on Amazon Web Services (AWS). This chapter discusses your options for choosing an image and lists or refers to system requirements for your host system and virtual machine (VM). The chapter also provides procedures for creating a custom VM from an ISO image, uploading it to EC2, and launching an EC2 instance.
While you can create a custom VM from an ISO image, Red Hat recommends that you use the Red Hat Image Builder product to create customized images for use on specific cloud providers. With Image Builder, you can create and upload an AMI (Amazon Machine Image) in the ami
format. See the Image Builder Guide for more information.
This chapter refers to the Amazon documentation in a number of places. For many procedures, see the referenced Amazon documentation for additional detail.
For a list of Red Hat products that you can use securely on AWS, see Red Hat on Amazon Web Services.
Prerequisites
- Sign up for a Red Hat Customer Portal account.
- Sign up for AWS and set up your AWS resources. See Setting Up with Amazon EC2 for more information.
- Enable your subscriptions in the Red Hat Cloud Access program. The Red Hat Cloud Access program allows you to move your Red Hat subscriptions from physical or on-premise systems onto AWS with full support from Red Hat.
Additional resources
3.1. Red Hat Enterprise Linux Image options on AWS
The following table lists image choices and notes the differences in the image options.
Image option | Subscriptions | Sample scenario | Considerations |
---|---|---|---|
Choose to deploy a Red Hat Gold Image. | Leverage your existing Red Hat subscriptions. | Enable subscriptions through the Red Hat Cloud Access program, and then choose a Red Hat Gold Image on AWS. | The subscription includes the Red Hat product cost; you pay Amazon for all other instance costs. Red Hat Gold Images are called "Cloud Access" images because you leverage your existing Red Hat subscriptions. Red Hat provides support directly for Cloud Access images. |
Choose to deploy a custom image that you move to AWS. | Leverage your existing Red Hat subscriptions. | Enable subscriptions through the Red Hat Cloud Access program, upload your custom image, and attach your subscriptions. | The subscription includes the Red Hat product cost; you pay Amazon for all other instance costs. Custom images that you move to AWS are "Cloud Access" images because you leverage your existing Red Hat subscriptions. Red Hat provides support directly for Cloud Access images. |
Choose to deploy an existing Amazon image that includes RHEL. | The AWS EC2 images include a Red Hat product. | Choose a RHEL image when you launch an instance on the AWS Management Console, or choose an image from the AWS Marketplace. | You pay Amazon hourly on a pay-as-you-go model. Such images are called "on-demand" images. Amazon provides support for on-demand images. Red Hat provides updates to the images. AWS makes the updates available through the Red Hat Update Infrastructure (RHUI). |
You can create a custom image for AWS using Red Hat Image Builder. See the Image Builder Guide for more information.
You cannot convert an on-demand instance to a Red Hat Cloud Access instance. To change from an on-demand image to a Red Hat Cloud Access bring-your-own-subscription (BYOS) image, create a new Red Hat Cloud Access instance and migrate data from your on-demand instance. Cancel your on-demand instance after you migrate your data to avoid double billing.
The remainder of this chapter includes information and procedures pertaining to custom images.
3.2. Installing the AWS CLI
Many of the procedures in this chapter include using the AWS CLI. Complete the following steps to install the AWS CLI.
Prerequisites
You need to have created and have access to an AWS Access Key ID and an AWS Secret Access Key. See Quickly Configuring the AWS CLI for information and instructions.
Procedure
Install Python 3 and the
pip
tool.# yum install python3 # yum install python3-pip
Install the AWS command line tools with the
pip
command.# pip3 install awscli
Run the
aws --version
command to verify that you installed the AWS CLI.$ aws --version aws-cli/1.16.182 Python/2.7.5 Linux/3.10.0-957.21.3.el7.x86_64 botocore/1.12.172
Configure the AWS command line client according to your AWS access details.
$ aws configure AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: Default output format [None]:
Additional resources
3.3. Virtual machine configuration settings
Cloud VMs must have the following configuration settings.
Setting | Recommendation |
---|---|
ssh |
|
dhcp | The primary virtual adapter should be configured for dhcp. |
3.4. Creating a base VM from an ISO image
Follow the procedures in this section to create a base image from an ISO image.
Prerequisites
Enable virtualization for your Red Hat Enterprise Linux 7 host machine by following the Virtualization Deployment and Administration Guide.
3.4.1. Downloading the ISO image
Procedure
- Download the latest Red Hat Enterprise Linux ISO image from the Red Hat Customer Portal.
-
Move the image to the
/var/lib/libvirt/images
directory.
3.4.2. Creating a VM from an ISO image
Procedure
- Ensure that you have enabled your host machine for virtualization. For information and procedures to install virutalization packages, see Installing virtualization packages on an existing Red Hat Enterprise Linux system
Create and start a basic Red Hat Enterprise Linux VM. For instructions to create VM, refer to Creating a virtual machine.
If you use the command line to create your VM, ensure that you set the default memory and CPUs to the capacity you want for the VM. Set your virtual network interface to virtio.
A basic command line sample follows.
virt-install --name _vmname_ --memory 2048 --vcpus 2 --disk size=8,bus=virtio --location rhel-7.0-x86_64-dvd.iso --os-variant=rhel7.0
If you use the virt-manager application to create your VM, follow the procedure in Creating guests with virt-manager, with these caveats:
- Do not check Immediately Start VM.
- Change your Memory and Storage Size to your preferred settings.
- Before you start the installation, ensure that you have changed Model under Virtual Network Interface Settings to virtio and change your vCPUs to the capacity settings you want for the VM.
3.4.3. Completing the RHEL installation
Perform the following steps to complete the installation and to enable root access once the VM launches.
Procedure
- Choose the language you want to use during the installation process.
On the Installation Summary view:
- Click Software Selection and check Minimal Install.
- Click Done.
Click Installation Destination and check Custom under Storage Configuration.
-
Verify at least 500 MB for
/boot
. You can use the remaining space for root/
. - Standard partitions are recommended, but you can use Logical Volume Management (LVM).
- You can use xfs, ext4, or ext3 for the file system.
- Click Done when you are finished with changes.
-
Verify at least 500 MB for
- Click Begin Installation.
- Set a Root Password.
-
Reboot the VM and log in as
root
once the installation completes. Configure the image.
NoteEnsure that the
cloud-init
package is installed and enabled.- Power down the VM.
3.5. Uploading the Red Hat Enterprise Linux image to AWS
Follow the procedures in this section on your host machine to upload your image to AWS.
3.5.1. Creating an S3 bucket
Importing to AWS requires an Amazon S3 bucket. An Amazon S3 bucket is an Amazon resource where you store objects. As part of the process for uploading your image, you create an S3 bucket and then move your image to the bucket. Complete the following steps to create a bucket.
Prerequisites
- You need to have AWS CLI installed. For more information, see Installing the AWS CLI.
Procedure
- Launch the Amazon S3 Console.
- Click Create Bucket. The Create Bucket dialog appears.
In the Name and region view:
- Enter a Bucket name.
- Select Region. Enter your region into the field, or click the drop-down and select your region from all available regions.
- Click Next.
- In the Configure options view, select desired options and click Next.
- In the Set permissions view, change or accept the default options and click Next.
- Review your bucket configuration.
Click Create bucket.
NoteAlternatively, you can use the AWS CLI to create a bucket. For example,
aws s3 mb s3://my-new-bucket
creates an S3 bucket namedmy-new-bucket
. See the AWS CLI Command Reference for information on themb
command.
Additional resources
3.5.2. Creating the vmimport role
Perform the following procedure to create the vmimport
role, which is required by VM import. See VM Import Service Role in the Amazon documentation for more information.
Procedure
Create a file named
trust-policy.json
and include the following policy. Save the file on your system and note its location.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }
Use the
create role
command to create thevmimport
role. Specify the full path to the location of thetrust-policy.json
file. Prefixfile://
to the path. A sample follows.aws iam create-role --role-name vmimport --assume-role-policy-document file:///home/sample/ImportService/trust-policy.json
Create a file named
role-policy.json
and include the following policy. Replaces3-bucket-name
with the name of your S3 bucket.{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::s3-bucket-name", "arn:aws:s3:::s3-bucket-name/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] }
Use the
put-role-policy
command to attach the policy to the role you created. Specify the full path of therole-policy.json
file. A sample follows.aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///home/sample/ImportService/role-policy.json
Additional resources
3.5.3. Converting and pushing an AMI to S3
Complete the following procedure to convert and push your Amazon Machine Image (AMI) to S3. The samples are representative; they convert an image formatted in the qcow2
file format to raw
format. Amazon accepts images in OVA
, VHD
, VHDX
, VMDK
, and raw
formats. For more information, see How VM Import/Export Works on image formats that Amazon accepts.
Procedure
Run the
qemu-img
command to convert your image. A sample follows.qemu-img convert -f qcow2 -O raw rhel-server-7.7-1-x86_64-kvm.qcow2 rhel-server-7.7-1-x86_64-kvm.raw
Push the image to S3.
aws s3 cp rhel-server-7.7.1-x86_64-kvm.raw s3://s3-_bucket-name_
NoteThis procedure could take a few minutes. After completion, you can check that your image uploaded successfully to your S3 bucket using the AWS S3 Console.
Additional resources
3.5.4. Creating an AMI from a raw image
Perform the following procedure to create an AMI from the raw image.
Prerequisites
- You need to have AWS CLI installed. For more information, see Installing the AWS CLI.
Procedure
-
You can run the
aws ec2 import-image
command on the AWS CLI to create an AMI from the raw image.
# aws ec2 import-image --platform Linux --license-type BYOL --no-encrypted --description _imagedescription_ --architecture x86_64 --disk-containers Format=Raw,UserBucket="{S3Bucket=virtqes1,S3Key=rhel-server-ec2-7.9-30.x86_64.raw}" --region _regionname_
Additional resources
3.5.5. Launching an instance from the AMI
Perform the following procedure to launch and configure an instance from the AMI.
Procedure
- From the AWS EC2 Dashboard, select Images and then AMIs.
- Right-click on your image and select Launch.
Choose an Instance Type that meets or exceeds the requirements of your workload.
See Amazon EC2 Instance Types for information on instance types.
Click Next: Configure Instance Details.
- Enter the Number of instances you want to create.
- For Network, select the VPC you created when setting up your AWS environment. Select a subnet for the instance or create a new subnet.
Select Enable for Auto-assign Public IP.
NoteThese are the minimum configuration options necessary to create a basic instance. Review additional options based on your application requirements.
- Click Next: Add Storage. Verify that the default storage is sufficient.
Click Next: Add Tags.
NoteTags can help you manage your AWS resources. See Tagging Your Amazon EC2 Resources for information on tagging.
- Click Next: Configure Security Group. Select the security group you created when setting up your AWS environment.
- Click Review and Launch. Verify your selections.
Click Launch. You are prompted to select an existing key pair or create a new key pair. Select the key pair you created when setting up your AWS environment.
NoteVerify that the permissions for your private key are correct. Use the command options
chmod 400 <keyname>.pem
to change the permissions, if necessary.- Click Launch Instances.
Click View Instances. You can name the instance(s).
You can now launch an SSH session to your instance(s) by selecting an instance and clicking Connect. Use the example command provided for A standalone SSH client.
NoteAlternatively, you can launch an instance using the AWS CLI. See Launching, Listing, and Terminating Amazon EC2 Instances in the Amazon documentation for more information.
Additional resources
3.5.6. Attaching Red Hat subscriptions
Complete the following steps to attach the subscriptions you previously enabled through the Red Hat Cloud Access program.
Prerequisites
You must have enabled your subscriptions.
Procedure
Register your system.
subscription-manager register --auto-attach
Attach your subscriptions.
- You can use an activation key to attach subscriptions. Refer to Creating Red Hat Customer Portal Activation Keys.
- Alternatively, you can manually attach a subscription using the ID of the subscription pool (Pool ID). Refer to Attaching and Removing Subscriptions Through the Command Line.