Red Hat Training

A Red Hat training course is available for RHEL 8

3.7. Supported Image Customizations

A number of image customizations are supported at this time within blueprints. In order to make use of these options, they must be initially configured in the blueprint and imported (pushed) to Image Builder.


These customizations are not currently supported within the accompanying cockpit-composer GUI.


  1. Set the image hostname:

    hostname = "baseimage"
  2. User specifications for the resulting system image:

    name = "USER-NAME"
    description = "USER-DESCRIPTION"
    password = "PASSWORD-HASH"
    key = "PUBLIC-SSH-KEY"
    home = "/home/USER-NAME/"
    shell = "/usr/bin/bash"
    groups = ["users", "wheel"]
    uid = NUMBER
    gid = NUMBER

    To generate the hash, you must install python3 on your system. The following command will install the python3 package.

    # yum install python3

    Replace PASSWORD-HASH with the actual password hash. To generate the hash, use a command such as:

    $ python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'

    Replace PUBLIC-SSH-KEY with the actual public key.

    Replace the other placeholders with suitable values.

    Leave out any of the lines as needed, only the user name is required.

    Repeat this block for every user to include.

  3. Group specifications for the resulting system image:

    name = "GROUP-NAME"
    gid = NUMBER

    Repeat this block for every group to include.

  4. Set an existing users ssh key:

    user = "root"
    key = "PUBLIC-SSH-KEY"

    This option is only applicable for existing users. To create a user and set an ssh key, use the User specifications for the resulting system image customization.

  5. Append a kernel boot parameter option to the defaults:

    append = "KERNEL-OPTION"
  6. Set the image host name:

    hostname = "BASE-IMAGE"
  7. Add a group for the resulting system image:

    name = "USER-NAME"
    gid = "NUMBER"

    Only the name is required and GID is optional.

  8. Set the timezone and the Network Time Protocol (NTP) servers for the resulting system image:

    timezone = "TIMEZONE"
    ntpservers = "NTP_SERVER"

    If you do not set a timezone, the system uses Universal Time, Coordinated (UTC) as default. Setting NTP servers is optional.

  9. Set the locale settings for the resulting system image:

    languages = ["LANGUAGE"]
    keyboard = "KEYBOARD"

    Setting both language and keyboard options is mandatory. You can add multiple languages. The first language you add will be the primary language and the other languages will be secondary.

  10. Set the firewall for the resulting system image:

    port = ["PORTS"]

    You can use the numeric ports, or theirs names from the /etc/services file to enable lists.

  11. Customize the firewall services:

    Review the available firewall services.

    $ firewall-cmd --get-services

    In the blueprint, under section customizations.firewall.service, specify the firewall services that you want to customize.

    enabled = ["SERVICES"]
    disabled = ["SERVICES"]

    The services listed in are different from the names available in the /etc/services file.

    You can optionally customize the firewall services for the system image that you plan to create.


    If you do not want to customize the firewall services, omit the [customizations.firewall] and [] sections from the blueprint.

  12. Set which services to enable during the boot time:

    enabled = ["SERVICES"]
    disabled = ["SERVICES"]

    You can control which services to enable during the boot time. Some image types already have services enabled or disabled so that the image works correctly and this setup cannot be overridden.

  13. Add files from a git repository to your blueprint:

    rpmname = "RPM-NAME"
    rpmversion = "RPM-VERSION"
    rpmrelease = "RPM-RELEASE"
    summary = "RPM-SUMMARY"
    repo = "REPO-URL"
    ref = "GIT-REF"
    destination = "SERVICES"

    You can use entries to add files from a git repository to the created image.

    For example, to create an RPM package named server-config-1.0-1.noarch.rpm, add the following information to your blueprint:

    Replace _RPM-NAME with the name of the RPM package to create. This is also the prefix name in the resulting tar archive.

    Replace RPM-VERSION with the version of the RPM package, for example, "1.0.0".

    Replace RPM-RELEASE with the version of the RPM package release, for example, "1".

    Replace RPM-SUMMARY with the summary string for the RPM package.

    Replace REPO-URL with the URL of the get repository to clone and create the archive from it.

    Replace GIT-REF with the git reference to check out, for example, origin/branch-name, git tag, or git commit hash.

    Replace SERVICES with the path to install the directory of the git repository when installing the RPM package.

    As a consequence, the git repository you provided is cloned, the specified git reference is checked out and an RPM package is created to install the files to a destination path, for example, /opt/server/. The RPM includes a summary with the details of the repository and reference used to create it. The RPM package is also included in the image build metadata.


    Each time a build starts, it clones the repository. If you refer to a repository with a large amount of history, it might take a while to clone and use a significant amount of disk space. Also, the clone is temporary and is removed once the RPM package is created.