Chapter 6. Building simplified installer images to provision a RHEL for Edge image

You can build a RHEL for Edge Simplified Installer image, which is optimized for unattended installation to a device, and provision the image to a RHEL for Edge image.

6.1. Simplified installer image build and deployment

Build a RHEL for Edge Simplified Installer image by using the edge-simplified-installer image type,.

To build a RHEL for Edge Simplified Installer image, provide an existing OSTree commit. The resulting simplified image contains a raw image that has the OSTree commit deployed. After you boot the Simplified installer ISO image, it provisions a RHEL for Edge system that you can use on a hard disk or as a boot image in a virtual machine. You can log in to the deployed system with the user name and password that you specified in the blueprint that you used to create the Simplified Installer image.

The RHEL for Edge Simplified Installer image is optimized for unattended installation to a device and supports both network-base deployment and non-network-based deployments. However, for network-based deployment, it supports only UEFI HTTP boot.

Composing and deploying a simplified RHEL for Edge image involves the following high-level steps:

  1. Install and register a RHEL system
  2. Install image builder
  3. Using image builder, create a blueprint with customizations for RHEL for Edge Container image
  4. Import the RHEL for Edge blueprint in image builder
  5. Create a RHEL for Edge image embed in an OCI container with a web server ready to deploy the commit as an OSTree repository
  6. Create a blueprint for the edge-simplified-installer image
  7. Build a simplified RHEL for Edge image
  8. Download the RHEL for Edge simplified image
  9. Install the raw image with the edge-simplified-installer virt-install

The following diagram represents the RHEL for Edge Simplified building and provisioning workflow:

Figure 6.1. Building and provisioning RHEL for Edge in network-base environment

RHEL for Edge Simplified workflow

6.2. Creating a blueprint for a Simplified image using image builder CLI

To create a blueprint for a simplified RHEL for Edge image, you must customize it with a device file location to enable an unattended installation to a device and a URL to perform the initial device credential exchange. You also must specify users and user groups in the blueprint. For that,follow the steps:

Procedure

  1. Create a plain text file in the Tom’s Obvious, Minimal Language (TOML) format, with the following content:

    name = "simplified-installer-blueprint"
    description = "blueprint for the simplified installer image"
    version = "0.0.1"
    packages = []
    modules = []
    groups = []
    distro = ""
    
    [customizations]
    installation_device = "/dev/vda"
    
    [[customizations.user]]
    name = "admin"
    password = "admin"
    groups = ["users", "wheel"]
    
    [customizations.fdo]
    manufacturing_server_url = "http://10.0.0.2:8080"
    diun_pub_key_insecure = "true"
    Note

    The FDO customization in the blueprints is optional, and you can build your RHEL for Edge Simplified Installer image with no errors.

    • name is the name and description is the description for your blueprint.
    • 0.0.1 is the version number according to the Semantic Versioning scheme.
    • Modules describe the package name and matching version glob to be installed into the image, for example, the package name = "tmux" and the matching version glob is version = "2.9a". Notice that currently there are no differences between packages and modules.
    • Groups are packages groups to be installed into the image, for example the anaconda-tools group package. If you do not know the modules and groups, leave them empty.
    • installation-device is the customization to enable an unattended installation to your device.
    • manufacturing_server_url is the URL to perform the initial device credential exchange.
    • name is the user name to login to the image.
    • password is a password of your choice.
    • groups are any user groups, such as "widget".
  2. Push (import) the blueprint to the image builder server:

    # composer-cli blueprints push blueprint-name.toml
  3. List the existing blueprints to check whether the created blueprint is successfully pushed and exists.

    # composer-cli blueprints show blueprint-name
  4. Check whether the components and versions listed in the blueprint and their dependencies are valid:

    # composer-cli blueprints depsolve blueprint-name

6.3. Creating a RHEL for Edge Simplified Installer image using image builder CLI

To create a RHEL for Edge Simplified image using image builder command-line interface, ensure that you have met the following prerequisites and then follow the procedure.

Prerequisites

Procedure

  1. Create the bootable ISO image.

    # composer-cli compose start-ostree \
    blueprint-name \
    edge-simplified-installer \
    --ref rhel/9/x86_64/edge \
    --url URL-OSTree-repository \

    Where,

    • blueprint-name is the RHEL for Edge blueprint name.
    • edge-simplified-installer is the image type .
    • --ref is the reference for where your commit is going to be created.
    • --url is the URL to the OSTree repository of the commit to embed in the image. For example, http://10.0.2.2:8080/repo/. You can either start a RHEL for Edge Container or set up a web server. See Creating a RHEL for Edge Container image for non-network-based deployments and Setting up a web server to install RHEL for Edge image.

      A confirmation that the composer process has been added to the queue appears. It also shows a Universally Unique Identifier (UUID) number for the image created. Use the UUID number to track your build. Also keep the UUID number handy for further tasks.

  2. Check the image compose status.

    # composer-cli compose status

    The output displays the status in the following format:

    <UUID> RUNNING date blueprint-name blueprint-version image-type
    Note

    The image creation processes can take up to ten minutes to complete.

    To interrupt the image creation process, run:

    # composer-cli compose cancel <UUID>

    To delete an existing image, run:

    # composer-cli compose delete <UUID>

6.4. Downloading a simplified RHEL for Edge image using the image builder command-line interface

To download a RHEL for Edge image using image builder command line interface, ensure that you have met the following prerequisites and then follow the procedure.

Prerequisites

  • You have created a RHEL for Edge image.

Procedure

  1. Review the RHEL for Edge image status.

    # composer-cli compose status

    The output must display the following:

    $ <UUID> FINISHED date blueprint-name blueprint-version image-type
  2. Download the image.

    # composer-cli compose image <UUID>

    Image builder downloads the image as an .iso file at the current directory path where you run the command.

    The UUID number and the image size is displayed alongside.

    $ <UUID>-simplified-installer.iso: size MB

As a result, you downloaded a RHEL for Edge Simplified Installer ISO image. You can use it directly as a boot ISO to install a RHEL for Edge system.

6.5. Creating a blueprint for a Simplified image using image builder GUI

To create a RHEL for Edge Simplified Installer image, you must create a blueprint and ensure that you customize it with:

  • A device node location to enable an unattended installation to your device.
  • A URL to perform the initial device credential exchange.
  • A user or user group.
Note

You can also add any other customizations that your image requires.

To create a blueprint for a simplified RHEL for Edge image in the image builder GUI, complete the following steps:

Prerequisites

Procedure

  1. Click Create Blueprint in the upper-right corner of the image builder app.

    A dialog wizard with fields for the blueprint name and description opens.

  2. On the Details page:

    1. Enter the name of the blueprint and, optionally, its description. Click Next.
  3. Optional: On the Packages page, complete the following steps:

    1. In the Available packages search, enter the package name and click the > button to move it to the Chosen packages field. Search and include as many packages as you want. Click Next.

      Note

      The customizations are all optional unless otherwise specified.

  4. Optional: On the Kernel page, enter a kernel name and the command-line arguments.
  5. Optional: On the File system page, select Use automatic partitioning.The filesystem customization is not supported for OSTree systems, because OSTree images have their own mount rule, such as read-only. Click Next.
  6. Optional: On the Services page, you can enable or disable services:

    1. Enter the service names you want to enable or disable, separating them by a comma, by space, or by pressing the Enter key. Click Next.
  7. Optional: On the Firewall page, set up your firewall setting:

    1. Enter the Ports, and the firewall services you want to enable or disable.
    2. Click the Add zone button to manage your firewall rules for each zone independently. Click Next.
  8. On the Users page, add a users by following the steps:

    1. Click Add user.
    2. Enter a Username, a password, and a SSH key. You can also mark the user as a privileged user, by clicking the Server administrator checkbox.

      Note

      When you specify the user in the blueprint customization and then create an image from that blueprint, the blueprint creates the user under the /usr/lib/passwd directory and the password under the /usr/etc/shadow during installation time. You can log in to the device with the username and password you created for the blueprint. After you access the system, you must create users, for example, using the useradd command.

      Click Next.

  9. Optional: On the Groups page, add groups by completing the following steps:

    1. Click the Add groups button:

      1. Enter a Group name and a Group ID. You can add more groups. Click Next.
  10. Optional: On the SSH keys page, add a key:

    1. Click the Add key button.

      1. Enter the SSH key.
      2. Enter a User. Click Next.
  11. Optional: On the Timezone page, set your timezone settings:

    1. On the Timezone field, enter the timezone you want to add to your system image. For example, add the following timezone format: "US/Eastern".

      If you do not set a timezone, the system uses Universal Time, Coordinated (UTC) as default.

    2. Enter the NTP servers. Click Next.
  12. Optional: On the Locale page, complete the following steps:

    1. On the Keyboard search field, enter the package name you want to add to your system image. For example: ["en_US.UTF-8"].
    2. On the Languages search field, enter the package name you want to add to your system image. For example: "us". Click Next.
  13. Mandatory: On the Others page, complete the following steps:

    1. In the Hostname field, enter the hostname you want to add to your system image. If you do not add a hostname, the operating system determines the hostname.
    2. Mandatory: In the Installation Devices field, enter a valid node for your system image to enable an unattended installation to your device. For example: dev/sda1. Click Next.
  14. Optional: On the FIDO device onboarding page, complete the following steps:

    1. On the Manufacturing server URL field, enter the manufacturing server URL to perform the initial device credential exchange, for example: "http://10.0.0.2:8080". The FDO customization in the blueprints is optional, and you can build your RHEL for Edge Simplified Installer image with no errors.
    2. On the DIUN public key insecure field, enter the certification public key hash to perform the initial device credential exchange. This field accepts "true" as value, which means this is an insecure connection to the manufacturing server. For example: manufacturing_server_url="http://${FDO_SERVER}:8080" diun_pub_key_insecure="true". You must use only one of these three options: "key insecure", "key hash" and "key root certs".
    3. On the DIUN public key hash field, enter the hashed version of your public key. For example: 17BD05952222C421D6F1BB1256E0C925310CED4CE1C4FFD6E5CB968F4B73BF73. You can get the key hash by generating it based on the certificate of the manufacturing server. To generate the key hash, run the command:

      # openssl x509 -fingerprint -sha256 -noout -in /etc/fdo/aio/keys/diun_cert.pem | cut -d"=" -f2 | sed 's/://g'

      The /etc/fdo/aio/keys/diun_cert.pem is the certificate that is stored in the manufacturing server.

    4. On the DIUN public key root certs field, enter the public key root certs. This field accepts the content of the certification file that is stored in the manufacturing server. To get the content of certificate file, run the command:

      $ cat /etc/fdo/aio/keys/diun_cert.pem.
  15. Click Next.
  16. On the Review page, review the details about the blueprint. Click Create.

The image builder view opens, listing existing blueprints.

6.6. Creating a RHEL for Edge Simplified Installer image using image builder GUI

To create a RHEL for Edge Simplified image using image builder GUI, ensure that you have met the following prerequisites and then follow the procedure.

Prerequisites

  • You opened the image builder app from the web console in a browser.
  • You created a blueprint for the RHEL for Edge Simplified image.
  • You served an OSTree repository of the commit to embed in the image, for example, http://10.0.2.2:8080/repo. See Setting up a web server to install RHEL for Edge image.
  • The FDO manufacturing server is up and running.

Procedure

  1. Access mage builder dashboard.
  2. On the blueprint table, find the blueprint you want to build an image for.
  3. Navigate to the Images tab and click Create Image. The Create image wizard opens.
  4. On the Image output page, complete the following steps:

    1. From the Select a blueprint list, select the blueprint you created for the RHEL for Edge Simplified image.
    2. From the Image output type list, select RHEL for Edge Simplified Installer (.iso).
    3. In the Image Size field, enter the image size. Minimum image size required for Simplified Installer image is:
  5. Click Next.
  6. In the OSTree settings page, complete the following steps:

    1. In the Repository URL field, enter the repository URL to where the parent OSTree commit will be pulled from.
    2. In the Ref field, enter the ref branch name path. If you do not enter a ref, the default ref for the distro is used.
  7. On the Review page, review the image customization and click Create.

The image build starts and takes up to 20 minutes to complete. To stop the building, click Stop build.

6.7. Downloading a simplified RHEL for Edge image using the image builder GUI

To download a RHEL for Edge image using image builder GUI, ensure that you have met the following prerequisites and then follow the procedure.

Prerequisites

  • You have successfully created a RHEL for Edge image. See link.

Procedure

  1. Access the image builder dashboard. The blueprint list dashboard opens.
  2. In the blueprint table, find the blueprint you built your RHEL for Edge Simplified Installer image for.
  3. Navigate to the Images tab.
  4. Choose one of the options:

    • Download the image.
    • Download the logs of the image to inspect the elements and verify if any issue is found.
Note

You can use the RHEL for Edge Simplified Installer ISO image that you downloaded directly as a boot ISO to install a RHEL for Edge system.

6.8. Setting up an UEFI HTTP Boot server

To set up an UEFI HTTP Boot server, so that you can start to provision a RHEL for Edge Virtual Machine over network by connecting to this UEFI HTTP Boot server, follow the steps:

Prerequisites

  • You have created the ISO simplified installer image.
  • An http server that serves the ISO content.

Procedure

  1. Mount the ISO image to the directory of your choice:

    # mkdir /mnt/rhel9-install/
    # mount -o loop,ro -t iso9660 /path_directory/installer.iso /mnt/rhel9-install/

    Replace /path_directory/installer.iso with the path to the RHEL for Edge bootable ISO image.

  2. Copy the files from the mounted image to the HTTP server root. This command creates the /var/www/html/rhel9-install/ directory with the contents of the image.

    # mkdir /var/www/html/httpboot/
    # cp -R /mnt/rhel9-install/* /var/www/html/httpboot/
    # chmod -R +r /var/www/html/httpboot/*
    Note

    Some copying methods can skip the .treeinfo file which is required for a valid installation source. Running the cp command for whole directories as shown in this procedure will copy .treeinfo correctly.

  3. Update the /var/www/html/EFI/BOOT/grub.cfg file, by replacing:

    1. coreos.inst.install_dev=/dev/sda with coreos.inst.install_dev=/dev/vda
    2. linux /images/pxeboot/vmlinuz with linuxefi /images/pxeboot/vmlinuz
    3. initrd /images/pxeboot/initrd.img with initrdefi /images/pxeboot/initrd.img
    4. coreos.inst.image_file=/run/media/iso/disk.img.xz with coreos.inst.image_url=http://{IP-ADDRESS}/disk.img.xz

      The IP-ADDRESS is the ip address of this machine, which will serve as a http boot server.

  4. Start the httpd service:

    # systemctl start httpd.service

    As a result, after you set up an UEFI HTTP Boot server, you can install your RHEL for Edge devices by using UEFI HTTP boot.

6.9. Deploying the Simplified ISO image in a Virtual Machine

Deploy the RHEL for Edge ISO image you generated by creating a RHEL for Edge Simplified image by using any the following installation sources:

  • UEFI HTTP Boot
  • virt-install

This example shows how to create a virt-install installation source from your ISO image for a network-based installation .

Prerequisites

  • You have created an ISO image.
  • You set up a network configuration to support UEFI HTTP boot.

Procedure

  1. Set up a network configuration to support UEFI HTTP boot. See Setting up UEFI HTTP boot with libvirt.
  2. Use the virt-install command to create a RHEL for Edge Virtual Machine from the UEFI HTTP Boot.

    # virt-install \
        --name edge-install-image \
        --disk path=”  “, ,format=qcow2
        --ram 3072 \
        --memory 4096 \
        --vcpus 2 \
        --network network=integration,mac=mac_address \
        --os-type linux
        --os-variant rhel9 \
        --cdrom "/var/lib/libvirt/images/”ISO_FILENAME"
        --boot uefi,loader_ro=yes,loader_type=pflash,nvram_template=/usr/share/edk2/ovmf/OVMF_VARS.fd,loader_secure=no
        --virt-type kvm \
        --graphics none \
         --wait=-1
         --noreboot

After you run the command, the Virtual Machine installation starts.

Verification

  • Log in to the created Virtual Machine.

6.10. Deploying the Simplified ISO image from a USB flash drive

Deploy the RHEL for Edge ISO image you generated by creating a RHEL for Edge Simplified image by using an USB installation.

This example shows how to create a USB installation source from your ISO image.

Prerequisites

  • You have created a simplified installer image, which is an ISO image.
  • You have a 8 GB USB flash drive.

Procedure

  1. Copy the ISO image file to a USB flash drive.
  2. Connect the USB flash drive to the port of the computer you want to boot.
  3. Boot the ISO image from the USB flash drive.The boot menu shows you the following options:

    Install Red Hat Enterprise Linux 9
    Test this media & install Red Hat Enterprise Linux 9
  4. Choose Install Red Hat Enterprise Linux 9. This starts the system installation.

Additional resources