Chapter 3. Deploying a Red Hat Enterprise Linux image as an EC2 instance on Amazon Web Services
You have a number of options for deploying a Red Hat Enterprise Linux (RHEL) 9 image as an EC2 instance on Amazon Web Services (AWS). This chapter discusses your options for choosing an image and lists or refers to system requirements for your host system and virtual machine (VM). This chapter also provides procedures for creating a custom VM from an ISO image, uploading it to EC2, and launching an EC2 instance.
To deploy a Red Hat Enterprise Linux 9 (RHEL 9) as an EC2 instance on Amazon Web Services (AWS), follow the information below. This chapter:
- Discusses your options for choosing an image
- Lists or refers to system requirements for your host system and virtual machine (VM)
- Provides procedures for creating a custom VM from an ISO image, uploading it to EC2, and launching an EC2 instance
While you can create a custom VM from an ISO image, Red Hat recommends that you use the Red Hat Image Builder product to create customized images for use on specific cloud providers. With Image Builder, you can create and upload an Amazon Machine Image (AMI) in the ami format. See Composing a Customized RHEL System Image for more information.
For a list of Red Hat products that you can use securely on AWS, see Red Hat on Amazon Web Services.
Prerequisites
- Sign up for a Red Hat Customer Portal account.
- Sign up for AWS and set up your AWS resources. See Setting Up with Amazon EC2 for more information.
3.1. Red Hat Enterprise Linux Image options on AWS
The following table lists image choices and notes the differences in the image options.
Table 3.1. Image options
| Image option | Subscriptions | Sample scenario | Considerations |
|---|---|---|---|
| Deploy a Red Hat Gold Image. | Use your existing Red Hat subscriptions. | Select a Red Hat Gold Image on AWS. For details on Gold Images and how to access them on Azure, see the Red Hat Cloud Access Reference Guide. | The subscription includes the Red Hat product cost; you pay Amazon for all other instance costs. Red Hat provides support directly for Cloud Access images. |
| Deploy a custom image that you move to AWS. | Use your existing Red Hat subscriptions. | Upload your custom image, and attach your subscriptions. | The subscription includes the Red Hat product cost; you pay Amazon for all other instance costs. Red Hat provides support directly for custom RHEL images. |
| Deploy an existing Amazon image that includes RHEL. | The AWS EC2 images include a Red Hat product. | Select a RHEL image when you launch an instance on the AWS Management Console, or choose an image from the AWS Marketplace. | You pay Amazon hourly on a pay-as-you-go model. Such images are called "on-demand" images. Amazon provides support for on-demand images. Red Hat provides updates to the images. AWS makes the updates available through the Red Hat Update Infrastructure (RHUI). |
You can create a custom image for AWS using Red Hat Image Builder. See Composing a Customized RHEL System Image for more information.
You cannot convert an on-demand instance to a custom RHEL instance. To change from an on-demand image to a custom RHEL bring-your-own-subscription (BYOS) image:
- Create a new custom RHEL instance and migrate data from your on-demand instance.
- Cancel your on-demand instance after you migrate your data to avoid double billing.
Additional resources
3.2. Understanding base images
This section includes information about using preconfigured base images and their configuration settings.
3.2.1. Using a custom base image
To manually configure a virtual machine (VM), first create a base (starter) VM image. Then, you can modify configuration settings and add the packages the VM requires to operate on the cloud. You can make additional configuration changes for your specific application after you upload the image.
Additional resources
3.2.2. Virtual machine configuration settings
Cloud VMs must have the following configuration settings.
Table 3.2. VM configuration settings
| Setting | Recommendation |
|---|---|
| ssh | ssh must be enabled to provide remote access to your VMs. |
| dhcp | The primary virtual adapter should be configured for dhcp. |
3.3. Creating a base VM from an ISO image
Follow the procedures in this section to create a RHEL 9 base image from an ISO image.
Prerequisites
- Virtualization is enabled on your host machine.
-
You have downloaded the latest Red Hat Enterprise Linux ISO image from the Red Hat Customer Portal and moved the image to
/var/lib/libvirt/images.
3.3.1. Creating a VM from the RHEL ISO image
Procedure
- Ensure that you have enabled your host machine for virtualization. See Enabling virtualization in RHEL 9 for information and procedures.
Create and start a basic Red Hat Enterprise Linux VM. For instructions, see Creating virtual machines.
If you use the command line to create your VM, ensure that you set the default memory and CPUs to the capacity you want for the VM. Set your virtual network interface to virtio.
For example, the following command creates a
kvmtestVM using the/home/username/Downloads/rhel9.isoimage:# virt-install \ --name kvmtest --memory 2048 --vcpus 2 \ --cdrom /home/username/Downloads/rhel9.iso,bus=virtio \ --os-variant=rhel9.0
If you use the web console to create your VM, follow the procedure in Creating virtual machines using the web console, with these caveats:
- Do not check Immediately Start VM.
- Change your Memory size to your preferred settings.
- Before you start the installation, ensure that you have changed Model under Virtual Network Interface Settings to virtio and change your vCPUs to the capacity settings you want for the VM.
3.3.2. Completing the RHEL installation
Perform the following steps to complete the installation and to enable root access once the VM launches.
Procedure
- Choose the language you want to use during the installation process.
On the Installation Summary view:
- Click Software Selection and check Minimal Install.
- Click Done.
Click Installation Destination and check Custom under Storage Configuration.
-
Verify at least 500 MB for
/boot. You can use the remaining space for root/. - Standard partitions are recommended, but you can use Logical Volume Management (LVM).
- You can use xfs, ext4, or ext3 for the file system.
- Click Done when you are finished with changes.
-
Verify at least 500 MB for
- Click Begin Installation.
- Set a Root Password. Create other users as applicable.
-
Reboot the VM and log in as
rootonce the installation completes. Configure the image.
Register the VM and enable the Red Hat Enterprise Linux 9 repository.
# subscription-manager register --auto-attachEnsure that the
cloud-initpackage is installed and enabled.# dnf install cloud-init # systemctl enable --now cloud-init.service
Important: This step is only for VMs you intend to upload to AWS.
For AMD64 or Intel 64 (x86_64)VMs, install the
nvme,xen-netfront, andxen-blkfrontdrivers.# dracut -f --add-drivers "nvme xen-netfront xen-blkfront"For ARM 64 (aarch64) VMs, install the
nvmedriver.# dracut -f --add-drivers "nvme"Including these drivers removes the possibility of a dracut time-out.
Alternatively, you can add the drivers to
/etc/dracut.conf.d/and then enterdracut -fto overwrite the existinginitramfsfile.
- Power down the VM.
3.4. Uploading the Red Hat Enterprise Linux image to AWS
Follow the procedures in this section to upload your image to AWS.
3.4.1. Installing the AWS CLI
Many of the procedures required to manage HA clusters in AWS include using the AWS CLI. Complete the following steps to install the AWS CLI.
Prerequisites
- You have created an AWS Access Key ID and an AWS Secret Access Key, and have access to them. For instructions and details, see Quickly Configuring the AWS CLI.
Procedure
Install the AWS command line tools using the
dnfcommand.# dnf install awscliUse the
aws --versioncommand to verify that you installed the AWS CLI.$ aws --version aws-cli/1.19.77 Python/3.6.15 Linux/5.14.16-201.fc34.x86_64 botocore/1.20.77Configure the AWS command line client according to your AWS access details.
$ aws configure AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: Default output format [None]:
Additional resources
3.4.2. Creating an S3 bucket
Importing to AWS requires an Amazon S3 bucket. An Amazon S3 bucket is an Amazon resource where you store objects. As part of the process for uploading your image, you create an S3 bucket and then move your image to the bucket. Complete the following steps to create a bucket.
Procedure
- Launch the Amazon S3 Console.
- Click Create Bucket. The Create Bucket dialog appears.
In the Name and region view:
- Enter a Bucket name.
- Enter a Region.
- Click Next.
- In the Configure options view, select the desired options and click Next.
- In the Set permissions view, change or accept the default options and click Next.
- Review your bucket configuration.
Click Create bucket.
NoteAlternatively, you can use the AWS CLI to create a bucket. For example, the
aws s3 mb s3://my-new-bucketcommand creates an S3 bucket namedmy-new-bucket. See the AWS CLI Command Reference for more information about thembcommand.
Additional resources
3.4.3. Creating the vmimport role
Perform the following procedure to create the vmimport role, which is required by VM import. See VM Import Service Role in the Amazon documentation for more information.
Procedure
Create a file named
trust-policy.jsonand include the following policy. Save the file on your system and note its location.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }Use the
create rolecommand to create thevmimportrole. Specify the full path to the location of thetrust-policy.jsonfile. Prefixfile://to the path. For example:$ aws iam create-role --role-name vmimport --assume-role-policy-document file:///home/sample/ImportService/trust-policy.jsonCreate a file named
role-policy.jsonand include the following policy. Replaces3-bucket-namewith the name of your S3 bucket.{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::s3-bucket-name", "arn:aws:s3:::s3-bucket-name/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] }Use the
put-role-policycommand to attach the policy to the role you created. Specify the full path of therole-policy.jsonfile. For example:$ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///home/sample/ImportService/role-policy.json
Additional resources
3.4.4. Converting and pushing your image to S3
Complete the following procedure to convert and push your image to S3. The samples are representative; they convert an image formatted in the qcow2 file format to raw format. Amazon accepts images in OVA, VHD, VHDX, VMDK, and raw formats. See How VM Import/Export Works for more information about image formats that Amazon accepts.
Procedure
Run the
qemu-imgcommand to convert your image. For example:# qemu-img convert -f qcow2 -O raw rhel-9.0-sample.qcow2 rhel-9.0-sample.rawPush the image to S3.
$ aws s3 cp rhel-9.0-sample.raw s3://s3-bucket-nameNoteThis procedure could take a few minutes. After completion, you can check that your image uploaded successfully to your S3 bucket using the AWS S3 Console.
Additional resources
3.4.5. Importing your image as a snapshot
Perform the following procedure to import an image as a snapshot.
Procedure
Create a file to specify a bucket and path for your image. Name the file
containers.json. In the sample that follows, replaces3-bucket-namewith your bucket name ands3-keywith your key. You can get the key for the image using the Amazon S3 Console.{ "Description": "rhel-9.0-sample.raw", "Format": "raw", "UserBucket": { "S3Bucket": "s3-bucket-name", "S3Key": "s3-key" } }Import the image as a snapshot. This example uses a public Amazon S3 file; you can use the Amazon S3 Console to change permissions settings on your bucket.
aws ec2 import-snapshot --disk-container file://containers.json
The terminal displays a message such as the following. Note the
ImportTaskIDwithin the message.{ "SnapshotTaskDetail": { "Status": "active", "Format": "RAW", "DiskImageSize": 0.0, "UserBucket": { "S3Bucket": "s3-bucket-name", "S3Key": "rhel-9.0-sample.raw" }, "Progress": "3", "StatusMessage": "pending" }, "ImportTaskId": "import-snap-06cea01fa0f1166a8" }Track the progress of the import using the
describe-import-snapshot-taskscommand. Include theImportTaskID.$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-06cea01fa0f1166a8The returned message shows the current status of the task. When complete,
Statusshowscompleted. Within the status, note the snapshot ID.
Additional resources
3.4.6. Creating an AMI from the uploaded snapshot
Within EC2, you must choose an Amazon Machine Image (AMI) when launching an instance. Perform the following procedure to create an AMI from your uploaded snapshot.
Procedure
- Go to the AWS EC2 Dashboard.
- Under Elastic Block Store, select Snapshots.
-
Search for your snapshot ID (for example,
snap-0e718930bd72bcda0). - Right-click on the snapshot and select Create image.
- Name your image.
- Under Virtualization type, choose Hardware-assisted virtualization.
- Click Create. In the note regarding image creation, there is a link to your image.
Click on the image link. Your image shows up under Images>AMIs.
NoteAlternatively, you can use the AWS CLI
register-imagecommand to create an AMI from a snapshot. See register-image for more information. An example follows.$ aws ec2 register-image \ --name "myimagename" --description "myimagedescription" --architecture x86_64 \ --virtualization-type hvm --root-device-name "/dev/sda1" --ena-support \ --block-device-mappings "{\"DeviceName\": \"/dev/sda1\",\"Ebs\": {\"SnapshotId\": \"snap-0ce7f009b69ab274d\"}}"
You must specify the root device volume
/dev/sda1as yourroot-device-name. For conceptual information about device mapping for AWS, see Example block device mapping.
3.4.7. Launching an instance from the AMI
Perform the following procedure to launch and configure an instance from the AMI.
Procedure
- From the AWS EC2 Dashboard, select Images and then AMIs.
- Right-click on your image and select Launch.
Choose an Instance Type that meets or exceeds the requirements of your workload.
See Amazon EC2 Instance Types for information about instance types.
Click Next: Configure Instance Details.
- Enter the Number of instances you want to create.
- For Network, select the VPC you created when setting up your AWS environment. Select a subnet for the instance or create a new subnet.
Select Enable for Auto-assign Public IP.
NoteThese are the minimum configuration options necessary to create a basic instance. Review additional options based on your application requirements.
- Click Next: Add Storage. Verify that the default storage is sufficient.
Click Next: Add Tags.
NoteTags can help you manage your AWS resources. See Tagging Your Amazon EC2 Resources for information about tagging.
- Click Next: Configure Security Group. Select the security group you created when setting up your AWS environment.
- Click Review and Launch. Verify your selections.
Click Launch. You are prompted to select an existing key pair or create a new key pair. Select the key pair you created when setting up your AWS environment.
NoteVerify that the permissions for your private key are correct. Use the command options
chmod 400 <keyname>.pemto change the permissions, if necessary.- Click Launch Instances.
Click View Instances. You can name the instance(s).
You can now launch an SSH session to your instance(s) by selecting an instance and clicking Connect. Use the example provided for A standalone SSH client.
NoteAlternatively, you can launch an instance using the AWS CLI. See Launching, Listing, and Terminating Amazon EC2 Instances in the Amazon documentation for more information.
Additional resources
3.4.8. Attaching Red Hat subscriptions
To attach your Red Hat subscription to a RHEL instance, use the following steps.
Prerequisites
- You must have enabled your subscriptions.
Procedure
Register your system.
# subscription-manager register --auto-attachAttach your subscriptions.
- You can use an activation key to attach subscriptions. See Creating Red Hat Customer Portal Activation Keys for more information.
- Alternatively, you can manually attach a subscription using the ID of the subscription pool (Pool ID). See Attaching and Removing Subscriptions Through the Command Line.
3.4.9. Setting up automatic registration on AWS Gold Images
To make deploying RHEL 8 virtual machines on Amazon Web Services (AWS) faster and more comfortable, you can set up Gold Images of RHEL 8 to be automatically registered to the Red Hat Subscription Manager (RHSM).
Prerequisites
You have downloaded the latest RHEL 8 Gold Image for AWS. For instructions, see Using Gold Images on AWS.
NoteAn AWS account can only be attached to a single Red Hat account at a time. Therefore, ensure no other users require access to the AWS account before attaching it to your Red Hat one.
Procedure
- Upload the Gold Image to AWS. For instructions, see Uploading the Red Hat Enterprise Linux image to AWS.
- Create VMs using the uploaded image. They will be automatically subscribed to RHSM.
Verification
In a RHEL 9 VM created using the above instructions, verify the system is registered to RHSM by executing the
subscription-manager identitycommand. On a successfully registered system, this displays the UUID of the system. For example:# subscription-manager identity system identity: fdc46662-c536-43fb-a18a-bbcb283102b7 name: 192.168.122.222 org name: 6340056 org ID: 6340056
Additional resources