Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 18. Preparing and uploading custom GCE images to Google Cloud
With RHEL image builder, you can build a gce image, provide credentials for your user or GCP service account, and then upload the gce image directly to the GCP environment.
18.1. Configuring and uploading a gce image to Google Cloud by using the CLI
Set up a configuration file with credentials to upload your gce image to GCP by using the RHEL image builder CLI.
You cannot manually import gce image to Google Cloud, because the image does not boot. You must use either gcloud or RHEL image builder to upload it.
Prerequisites
You have a valid Google account and credentials to upload your image to Google Cloud. The credentials can be from a user account or a service account. The account associated with the credentials must have at least the following IAM roles assigned:
-
roles/storage.admin- to create and delete storage objects -
roles/compute.storageAdmin- to import a VM image to Compute Engine.
-
- You have an existing Google Cloud bucket.
Procedure
Use a text editor to create a
gcp-config.tomlconfiguration file with the following content:provider = "gcp" [settings] bucket = "<gcp_bucket>" region = "<gcp_storage_region>" object = "<object_key>" credentials = "<gcp_credentials>"-
<gcp_bucket>points to an existing bucket. This field stores the intermediate storage object of the image to be uploaded. -
<gcp_storage_region>is both a regular Google storage region and a dual or multi-region. -
<object_key>is the name of an intermediate storage object. It must not exist before the upload, and when the upload process finishes, it is deleted . If the object name does not end with.tar.gz, the object name automatically adds the extension. <gcp_credentials>is aBase64-encodedscheme of the credentials JSON file downloaded from Google Cloud. The credentials determine which project the Google Cloud uploads the image to.NoteSpecifying
<gcp_credentials>in thegcp-config.tomlfile is optional if you use a different mechanism to authenticate with Google Cloud. For other authentication methods, see Authenticating with Google Cloud.
-
Retrieve the
<gcp_credentials>from the JSON file downloaded from Google Cloud.$ sudo base64 -w 0 cee-gcp-nasa-476a1fa485b7.jsonCreate a compose with an additional image name and cloud provider profile:
$ sudo image-builder build gce --blueprint <blueprint_name> <image_key> gcp-config.tomlThe image build, upload, and cloud registration processes can take up to ten minutes to complete.
Verification
Verify that the image status is FINISHED:
$ sudo image-builder compose status
18.2. How RHEL image builder sorts the authentication order of different Google Cloud credentials
You can use several different types of credentials with RHEL image builder to authenticate with GCP. If you set RHEL image builder configuration to authenticate with GCP by using multiple sets of credentials, it uses the credentials in an order of preference.
The order of preference is as follows:
-
Credentials specified with the
image-buildercommand in the configuration file. Application Default Credentialsfrom theGoogle Cloud SDKlibrary, which tries to automatically find a way to authenticate by using the following options:- If you set the GOOGLE_APPLICATION_CREDENTIALS environment variable, Application Default Credentials tries to load and use credentials from the file that the variable points to.
Application Default Credentials tries to authenticate by using the service account attached to the resource that is running the code. For example, Google Compute Engine VM.
NoteYou must use the Google Cloud credentials to determine which Google Cloud project to upload the images to. To upload to different projects, specify the credentials in
gcp-config.tomlwith theimage-buildercommand.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}