Chapter 3. Understanding gold images

Red Hat gold images are cloud-ready Red Hat virtual machine (VM) images available in select Red Hat CCSP environments for Cloud Access customers as an alternative to using their own custom images for BYOS use cases in the cloud. Gold images are built and maintained by a trusted source and are available only to Cloud Access customers.

Gold images can be used to quickly deploy Red Hat instances in the cloud without having to build, maintain, and import their own images into the cloud provider’s environment.

3.1. Getting access to gold images

Gold images are available as a no-cost benefit to Red Hat Cloud Access customers. To get access to gold images, customers must have a matching Red Hat product subscription and must connect their cloud provider accounts to Red Hat through either the Cloud Access user interface or Cloud Sources on cloud.redhat.com as described in Chapter 2, Getting started with Cloud Access.

Example 1

You want to use a Red Hat Enterprise Linux Server (Physical or Virtual Node) subscription on Azure.

  • The RHEL Server subscription is a “match” for the RHEL gold images.
  • Once the customer has completed the cloud connection step, the Azure account (that is, Subscription ID) provided will be granted access to all RHEL gold images available on Azure.

Example 2

You want to use a Red Hat JBoss Web Server subscription on AWS.

  • The JBoss Web Server subscription is a “match” for the JBoss Web Server gold images.
  • When you complete the cloud connection step, the AWS account provided grants access to all JBoss Web Server gold images available on AWS.

3.2. Image types

Gold images are primarily built for RHEL BYOS use cases in AWS, Azure, and Google, but there are additional gold images built for Red Hat Middleware, Red Hat Storage, and RHEL for SAP use cases in AWS only.

Gold image types and availability will expand over time to meet customer needs.

3.3. Updates and patches

Options for delivering updates and patches to cloud instances deployed from gold images vary by image type and cloud provider.

AWS gold images

  • AWS gold images are preconfigured to use the Red Hat Update Infrastructure (RHUI) running in EC2.
  • You can continue to use RHUI as the main update source for the cloud instances deployed from gold images without actually attaching Red Hat product subscriptions to those instances.
  • Optionally, you can disable RHUI and manage your cloud instances with Red Hat Satellite or Red Hat Subscription Manager (RHSM).
Note

When choosing the RHUI option, be aware of the number of active Red Hat product subscriptions in your account and be careful to not over-deploy Red Hat cloud instances in AWS.

Azure gold images

  • RHEL 8.4 (and newer) gold images are preconfigured to use RHUI in Azure.
  • RHEL 8.3 (and older) gold images are not configured to use RHUI and will need to be managed with Red Hat Satellite or RHSM.

Google gold images

  • Google gold images are not configured to use RHUI running in GCP.
  • You need to manage your Red Hat cloud instances deployed from gold images in GCP with Red Hat Satellite or RHSM.

3.4. Using gold images on Azure

Gold images can be used to provision RHEL VMs in Azure for BYOS using the standard interfaces: Azure Portal, Azure CLI, or PowerShell Cmdlet. Azure gold images meet the following conditions:

  • Built, maintained, and published by Microsoft
  • Available in Azure commercial and Government regions but not in China
  • RHEL images only
  • Not eligible for Azure Hybrid Benefit

Additional resources

Microsoft documentation

3.4.1. Naming and identifying gold images on Azure

There are multiple ways to search for and launch RHEL gold images in Azure. This includes the Azure Portal, Azure CLI, and PowerShell Cmdlet. The naming convention for the Red Hat gold images in Azure is RedHat:[Offering Name]:[Red Hat Product]-[OS Disk Type]-[Azure VM Generation]:[Red Hat Version].[Red Hat Release].[Image Creation Date].

An example gold image Uniform Resource Name (URN) is RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715.

3.4.2. Locating gold images in the Azure Portal

  1. Log in to the Azure Portal using an Azure subscription that has been enabled for Cloud Access.
  2. Go to Create a Resource > See All.
  3. You can see available private offers at the top of the page.
  4. Click View private offers. A Red Hat Enterprise Linux “Bring your own license” offering is available in the list of private offers.

3.4.3. Locating gold images in the Azure CLI

  1. Make sure you are using an Azure subscription that was enabled for Cloud Access.

    az account show
  2. Display the list of available RHEL gold images.

    az vm image list --publisher RedHat --offer rhel-byos --all
  3. Find the gold image version you want to use and copy the URN. You need this URN to provision a VM.

3.4.4. Locating gold images in the Azure PowerShell Cmdlet

This example command displays all of the RHEL gold images in the US East region that were shared with the Azure account provided during enrollment in Cloud Access.

Get-AzVMImageSku -Location "East US" -PublisherName RedHat -Offer rhel-byos

3.4.5. Using gold images on Azure

Using the Azure Portal

  1. View the private offers as described in Steps 3 and 4 of Locating gold images in the Azure Portal
  2. Click the Create drop-down menu to select the RHEL gold image version you want to use. The remaining provisioning steps are the same as any other RHEL Marketplace image.

Using the Azure CLI

  1. Use the image URN from Step 3 of Locating gold images in the Azure CLI to accept Azure terms (only once per Azure Subscription, per image).

    az vm image terms accept --urn RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715
  2. Provision a VM using the az vm create command.

    az vm create -n my-rhel-byos-vm -g my-rhel-byos-group --image RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715

3.5. Using gold images on AWS

Gold images can be used to provision VMs in AWS using the standard interfaces: EC2 Console, AWS CLI, and AWS PowerShell Cmdlet.

AWS gold images meet the following conditions:

  • Built, maintained, and published by Red Hat
  • Available in AWS commercial regions but not in China or GovCloud
  • Preconfigured to use the Red Hat Update Infrastructure (RHUI) running in EC2
  • RHEL, RHEL for SAP, Red Hat Middleware, and Red Hat Storage images

3.5.1. Naming and identifying gold images on AWS

There are multiple ways to search for and launch RHEL Amazon Machine Images (AMIs) in AWS. This includes the EC2 Management Console, AWS CLI, and PowerShell Cmdlet. The naming convention for the Red Hat AMIs in AWS is listed below.

  • Initial GA AMI release: [Red Hat Product]-[Version]-[Virtualization Type]_[Red Hat Release Type]-[Release Date]-[Minor Version Release AMI Iteration]-[Subscription Model]-[EBS Volume Type]
  • After the initial GA AMI release: [Red Hat Product]-[Version]-[Virtualization Type]-[Release Date]-[Minor Version Release AMI Iteration]-[Subscription Model]-[EBS Volume Type]
Note

The Red Hat gold images will have the designation of Access in the AMI Name representing the subscription model.

Red Hat gold images are published under the Owner ID 309956199498. You can ensure that you are using official Red Hat gold images by looking for this Owner ID when you choose an image.

3.5.2. Locating gold images in the AWS EC2 Console

When working in the EC2 Management Console, there is a menu item for AMIs under the IMAGES section within the left-side navigation pane. In this view, using the designation of Private images displays the gold images that have been shared with the AWS account provided during enrollment.

Note

When in this section of the EC2 Management Console, it is possible to add a filter of Owner : 309956199498, which limits the displayed AMIs to those that were shared with the AWS account after enrolling in Cloud Access.

It is possible to further filter the list of displayed AMIs by adding an additional filter representing different aspects of the AMI Name that Red Hat uses, such as AMI Name : RHEL, AMI Name :.

An example AMI Name is RHEL-8.3.0_HVM-20201031-x86_64-0-Access2-GP2.

If you use the Launch Instance button from the EC2 Dashboard section of the EC2 Management Console and you select My AMIs, the filter Shared with me filters the listed AMIs to show the gold images that have been shared with the AWS account provided during enrollment.

3.5.3. Locating gold images in the AWS CLI

This example command displays all of the RHEL 8.3 AMIs in the US-East-1 region that were shared with the AWS account provided during enrollment in Cloud Access using the AWS CLI. The AWS CLI Command Reference provides additional documentation regarding available options, commands, subcommands, and parameters.

$ aws ec2 describe-images --owners 309956199498 \
> --filters "Name=is-public,Values=false" \>
"Name=name,Values=RHEL*8.3*GA*Access*" \
> --region us-east-1

3.5.4. Locating gold images in the AWS PowerShell Cmdlet

This example command displays all of the RHEL 8.3 AMIs in the US-East-1 region that were shared with the AWS account provided during enrollment in Cloud Access using the AWS Tools for Cmdlet. The AWS Tools for Cmdlet Reference provides additional documentation on the PowerShell cmdlets.

PS > Get-EC2Image -Region us-east-1 `
>> -Owner 309956199498 -Filter `
>> @{ Name="name" ; Values="RHEL*8.3*GA*Access*" }

3.6. Using gold images on Google

Gold images can be used to provision RHEL VMs in GCP for BYOS using the standard interfaces: GCP Console, GCP cloud shell, and gcloud CLI.

Google gold images meet the following conditions:

  • Built, maintained, and published by Google
  • Available in GCP commercial regions
  • RHEL images only

The steps below show how to identify the gold images and deploy a RHEL VM from a gold image using the GCP Console UI, GCP Cloud Shell, and gcloud CLI.

3.6.1. Naming and identifying gold images on Google

Once your Google Group(s) has been granted access to the GCP gold images, you will be able to find them in the rhel-byos-cloud google project. This is a special project that limits access to the RHEL gold images for only Cloud Access customers.

The naming convention for Red Hat gold images in GCP is: [Red Hat Product]-[Version]-byos-[Image Creation Date].

Examples:

  • rhel-7-byos-v20210916
  • rhel-8-byos-v20210916

3.6.2. Locating gold images in the GCP Console

Procedure

  1. Sign in to the GCP Console at Google Cloud Platform using a Google group/account that has been enabled for Cloud Access.
  2. Create or select the project where you want to deploy the RHEL VM.
  3. Verify you can see the RHEL gold images.

    1. Open a Cloud Shell.
    2. Enter the following command to list all of the available RHEL gold images:

      gcloud compute images list --project rhel-byos-cloud --no-standard-images

3.6.3. Locating gold images in the gcloud CLI

  1. Make sure you are using a Google group/account that has been enabled for Cloud Access:

    gcloud info | grep account
  2. Display the list of available Red Hat gold images:

    gcloud compute images list --project rhel-byos-cloud --no-standard-images
  3. View details of a specific image:

    gcloud compute images describe rhel-8-byos-v20210916 --project rhel-byos-cloud

3.6.4. Creating a new RHEL VM using a Google gold image

Procedure

Using the GCP Console

  1. Navigate to GCP Console>Home>Dashboard.
  2. From the Navigation menu, select Compute Engine>VM Instances.
  3. Click Create Instances.
  4. Find the Boot Disk section on the VM instance configuration page and click Change
  5. Select the Custom Images tab.
  6. Click Select A Project and select the rhel-byos-cloud project.
  7. From the Images dropdown list, choose the gold image you want to use and click Select.
  8. Change any other VM instance configuration settings and then click Create.

Using the GCP Cloud Shell or gcloud CLI

  1. Use the gcloud compute images list command to find the name of the gold image you want to use.
  2. Create a new RHEL VM:

    gcloud compute instances create my-rhel8-byos --image rhel-8-byos-v20210916 --image-project rhel-byos-cloud --zone us-east1-b
  3. View details of the new RHEL VM:

    gcloud compute instances describe my-rhel8-byos --zone us-east1-b