红帽全球峰会3.9. Deploying an image mode for RHEL systems by using FDO
You can deploy an image mode for a RHEL system by using FIDO Device Onboarding (FDO) to deliver configuration to this system. Use a Kickstart file to configure various parts of the installation process, such as setting up users, customizing partitioning, and adding an SSH key. You can include the Kickstart file in an ISO build to configure any part of the installation process, except the deployment of the base image.
If you use an ISO with a bootc container base image, bootc-image-builder automatically installs ostreecontainer, the command to install the container image. You can still configure anything, except the ostreecontainer command.
Prerequisites
- You have Podman installed on your host machine.
-
You have root access to run the
bootc-image-buildertool and run the containers in--privilegedmode. - You have FDO server infrastructure deployed.
Procedure
Create a Containerfile, for example:
FROM registry.redhat.io/rhel10/rhel-bootc:latest RUN dnf install -y fdo-init fdo-client RUN systemctl enable fdo-client-linuxapp.serviceCreate your Kickstart file. The following Kickstart file is an example of a fully unattended Kickstart file configuration that contains user creation and partition instructions.
[customizations.installer.kickstart] contents = """ text --non-interactive zerombr clearpart --all --initlabel --disklabel=gpt autopart --noswap --type=lvm user --name=test --groups=wheel --plaintext --password=test sshkey --username=test "ssh-ed25519 AAA..." network --bootproto=dhcp --device=link --activate --onboot=on poweroff %post export MANUFACTURING_SERVER_URL="http://192.168……" export DIUN_PUB_KEY_INSECURE="true" /usr/libexec/fdo/fdo-manufacturing-client %end """In the export <MANUFACTURING_SERVER_URL> field, replace the manufacturing server URL with your own manufacturing server URL.
-
Save the Kickstart configuration in the
.tomlformat to inject the Kickstart content. For example,config.toml. Create the following folder:
$ mkdir $(pwd)/output"Run
bootc-image-builder, and include the Kickstart file configuration that you want to add to the ISO build. Thebootc-image-builderautomatically adds theostreecontainercommand that installs the container image.$ sudo podman run \ --rm \ -it \ --privileged \ --pull=newer \ --security-opt label=type:unconfined_t \ -v /var/lib/containers/storage:/var/lib/containers/storage \ -v $(pwd)/config.toml:/config.toml \ -v $(pwd)/output:/output \ registry.redhat.io/rhel10/bootc-image-builder:latest \ --type iso \ --config /config.toml \ quay.io/<namespace>/<image>:<tag>You can find the resulting
.isoimage in the output folder.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}