Chapter 5. Preparing and Uploading cloud images with Image Builder

Image Builder can create custom system images ready for use in clouds of various providers. To use your customized RHEL system image in a cloud, create the system image with Image Builder using the respective output type, configure your system for uploading the image, and upload the image to your cloud account.

5.1. Preparing for uploading AWS AMI images

This describes steps to configure a system for uploading AWS AMI images.

Prerequisites

Procedure

  1. Install Python 3 and the pip tool:

    # yum install python3
    # yum install python3-pip
  2. Install the AWS command-line tools with pip:

    # pip3 install awscli
  3. Configure the AWS command-line client according to your AWS access details:

    $ aws configure
    AWS Access Key ID [None]:
    AWS Secret Access Key [None]:
    Default region name [None]:
    Default output format [None]:
  4. Configure the AWS command-line client to use your bucket:

    $ BUCKET=bucketname
    $ aws s3 mb s3://$BUCKET

    Replace bucketname with the actual bucket name.

  5. Create a vmimport S3 Role in IAM and grant it permissions to access S3, if you have not already done so in the past:

    $ printf '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }' > trust-policy.json
    $ printf '{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::%s", "arn:aws:s3:::%s/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] }' $BUCKET $BUCKET > role-policy.json
    $ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
    $ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

5.2. Uploading an AMI image to AWS

This section describes how to upload an AMI image to AWS.

Prerequisites

  • Your system must be set up for uploading AWS images.
  • You must have an AWS image created by Image Builder. Use the ami output type in CLI or Amazon Machine Image Disk (.ami) in GUI when creating the image.

Procedure

  1. Push the image to S3:

    $ AMI=8db1b463-91ee-4fd9-8065-938924398428-disk.ami
    $ aws s3 cp $AMI s3://$BUCKET
    Completed 24.2 MiB/4.4 GiB (2.5 MiB/s) with 1 file(s) remaining
    ...
  2. After the upload to S3 ends, import the image as a snapshot into EC2:

    $ printf '{ "Description": "my-image", "Format": "raw", "UserBucket": { "S3Bucket": "%s", "S3Key": "%s" } }' $BUCKET $AMI > containers.json
    $ aws ec2 import-snapshot --disk-container file://containers.json

    Replace my-image with the name of the image.

    To track progress of the import, run:

    $ aws ec2 describe-import-snapshot-tasks --filters Name=task-state,Values=active
  3. Create an image from the uploaded snapshot by selecting the snapshot in the EC2 console, right clicking on it and selecting Create Image:

    composer aws ec2 select snapshot

  4. Select the Virtualization type of Hardware-assisted virtualization in the image you create:

    composer aws ec2 create image

  5. Now you can run an instance using whatever mechanism you like (CLI or AWS Console) from the snapshot. Use your private key via SSH to access the resulting EC2 instance. Log in as ec2-user.

5.3. Preparing for uploading Azure VHD images

This describes steps to upload an VHD image to Azure.

Prerequisites

  • You must have a usable Azure resource group and storage account.

Procedure

  1. Install python2:

    # yum install python2
    Note

    python2 package must be installed because since the AZ CLI depends specifically on python 2.7

  2. Import the Microsoft repository key:

    # rpm --import https://packages.microsoft.com/keys/microsoft.asc
  3. Create a local azure-cli repository information:

    # sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo'
  4. Install the Azure CLI:

    # yumdownloader azure-cli
    # rpm -ivh --nodeps azure-cli-2.0.64-1.el7.x86_64.rpm
    Note

    The downloaded version of the Azure CLI package may vary depending on the current downloaded version.

  5. Run the Azure CLI:

    $ az login

    The terminal shows the message 'Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"' and opens a browser where you can login.

    Note

    If you are running a remote (SSH) session, the link will not open in the browser. In this case, you can use the link provided and thus be able to login and autenticate your remote session. To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXXX to authenticate.

  6. List the keys for the storage account in Azure:

    $ GROUP=resource-group-name
    $ ACCOUNT=storage-account-name
    $ az storage account keys list --resource-group $GROUP --account-name $ACCOUNT

    Replace resource-group-name with name of the Azure resource group and storage-account-name with name of the Azure storage account.

    Note

    You can list the available resources using the command:

    $ az resource list
  7. Make note of value key1 in the output of the previous command, and assign it to an environment variable:

    $ KEY1=value
  8. Create a storage container:

    $ CONTAINER=storage-account-name
    $ az storage container create --account-name $ACCOUNT \
    --account-key $KEY1 --name $CONTAINER

    Replace storage-account-name with name of the storage account.

Additional resources

5.4. Uploading VHD images to Azure

This describes steps to upload an VHD image to Azure.

Prerequisites

  • Your system must be set up for uploading Azure VHD images.
  • You must have an Azure VHD image created by Image Builder. Use the vhd output type in CLI or Azure Disk Image (.vhd) in GUI when creating the image.

Procedure

  1. Push the image to Azure and create an instance from it:

    $ VHD=25ccb8dd-3872-477f-9e3d-c2970cd4bbaf-disk.vhd
    $ az storage blob upload --account-name $ACCOUNT --container-name $CONTAINER --file $VHD --name $VHD --type page
    ...
  2. Once the upload to the Azure BLOB completes, create an Azure image from it:

    $ az image create --resource-group $GROUP --name $VHD --os-type linux --location eastus --source https://$ACCOUNT.blob.core.windows.net/$CONTAINER/$VHD
     - Running ...
  3. Create an instance either with the Azure portal, or a command similar to the following:

    $ az vm create --resource-group $GROUP --location eastus --name $VHD --image $VHD --admin-username azure-user --generate-ssh-keys
     - Running ...
  4. Use your private key via SSH to access the resulting instance. Log in as azure-user.

5.5. Uploading VMDK images to vSphere

Image Builder can generate images suitable for uploading to a VMware ESXi or vSphere system. This describes steps to upload an VMDK image to VMware vSphere.

Note

Because VMWare deployments typically does not have cloud-init configured to inject user credentials to virtual machines, we must perform that task ourselves on the blueprint.

Prerequisites

  • You must have an VMDK image created by Image Builder. Use the vmdk output type in CLI or VMware Virtual Machine Disk (.vmdk) in GUI when creating the image.

Procedure

  1. Upload the image into vSphere via HTTP. Click on Upload Files in the vCenter:

    composer vmware upload image

  2. When you create a VM, on the Device Configuration, delete the default New Hard Disk and use the drop-down to select an Existing Hard Disk disk image:

    composer vmware existing disk

  3. Make sure you use an IDE device as the Virtual Device Node for the disk you create. The default value SCSI results in an unbootable virtual machine.

    composer vmware existing ide

5.6. Uploading QCOW2 image to OpenStack

Image Builder can generate images suitable for uploading to OpenStack cloud deployments, and starting instances there. This describes steps to upload an QCOW2 image to OpenStack.

Prerequisites

  • You must have an OpenStack-specific image created by Image Builder. Use the openstack output type in CLI or OpenStack Image (.qcow2) in GUI when creating the image.

    Warning

    Image Builder also offers a generic QCOW2 image type output format as qcow2 or QEMU QCOW2 Image (.qcow2). Do not mistake it with the OpenStack image type which is also in the QCOW2 format, but contains further changes specific to OpenStack.

Procedure

  1. Upload the image to OpenStack and start an instance from it. Use the Images interface to do this:

    composer openstack upload image

  2. Start an instance with that image:

    composer openstack start instance

  3. You can run the instance using any mechanism (CLI or OpenStack web UI) from the snapshot. Use your private key via SSH to access the resulting instance. Log in as cloud-user.

5.7. Preparing for uploading images to Alibaba

Note

The custom image verification is an optional task. Image Builder generates images that conform to Alibaba’s requirements.

This section describes steps to verify custom images that you can deploy on Alibaba Cloud. The images will need a specific configuration to boot successfully, because Alibaba Cloud requests the custom images to meet certain requirements before you use it. For this, it is recommended that you use the Alibaba image_check tool.

Prerequisites

  • You must have an Alibaba image created by Image Builder.

Procedure

  1. Connect to the system containing the image you want to check it by the Alibaba image_check tool.
  2. Download the image_check tool:

    $ curl -O http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/73848/cn_zh/1557459863884/image_check
  3. Change the file permission of the image compliance tool:

    # chmod +x image_check
  4. Run the command to start the image compliance tool checkup:

    # ./image_check

    The tool verifies the system configuration and generate a report that is displayed on your screen. The image_check tool saves this report in the same folder where the image compliance tool is running.

  5. If any of the Detection Items fail, follow the instructions to correct it. For more information, see link: Detection items section.

Additional resources

5.8. Uploading images to Alibaba

This section describes how to upload an Alibaba image to Object Storage Service (OSS).

Prerequisites

  • Your system is set up for uploading Alibaba images.
  • You must have an Alibaba image created by Image Builder. Use the ami output type on RHEL 7 or Alibaba on RHEL 8 when creating the image.
  • You have a bucket. See Creating a bucket.
  • You have an active Alibaba Account.
  • You activated OSS.

Procedure

  1. Log in to the OSS console.
  2. On the left side Bucket menu, select the bucket to which you want to upload an image.
  3. On the right upper menu, click Files tab.
  4. Click Upload. A window dialog opens on the right side. Choose the following information:

    • Upload To: Choose to upload the file to the Current directory or to a Specified directory.
    • File ACL: Choose the type of permission of the uploaded file.
  5. Click Upload.
  6. Choose the image you want to upload.
  7. Click Open.

As a result, the custom image is uploaded to OSS Console.

Additional resources

5.9. Importing images to Alibaba

This section describes how to import an Alibaba image to Elastic Cloud Console (ECS).

Prerequisites

  • You have uploaded the image to Object Storage Service (OSS).

Procedure

  1. Log in to the ECS console.

    1. On the left side menu, click Images.
    2. On the right upper side, click Import Image. A window dialog opens.
    3. Confirm that you have set up the correct region where the image is located. Enter the following information:

      1. OSS Object Address: See how to obtain OSS Object Address.
      2. Image Name:
      3. Operating System:
      4. System Disk Size:
      5. System Architecture:
      6. Platform: Red Hat
    4. Optionally, provide the following details:

      1. Image Format: qcow2 or ami, depending on the uploaded image format.
      2. Image Description:
      3. Add Images of Data Disks:

        The address can be determined in the OSS management console after selecting the required bucket in the left menu, select Files section and then click on Details link on the right for the appropriate image. A window will appear on the right side of the screen, showing image details. The OSS object address is in the URL box.

  2. Click OK.

    Note

    The importing process time can vary depending on the image size.

As a result, the custom image is imported to ECS Console. You can create an instance from the custom image.

Additional resources

5.10. Creating an instance of a custom image using Alibaba

You can create instances of the custom image using Alibaba ECS Console.

Prerequisites

  • You have activated OSS and uploaded your custom image.
  • You have successfully imported your image to ECS Console.

Procedure

  1. Log in to the ECS console.
  2. On the left side menu, choose Instances.
  3. In the top corner, click Create Instance. You are redirected to a new window.
  4. Fill in all the required information. See Creating an instance by using the wizard for more details.
  5. Click Create Instance and confirm the order.

    Note

    You can see the option Create Order instead of Create Instace, depending on your subscription.

As a result, you have an active instance ready for deployment.

Additional resources