Chapter 16. Installer and image creation

The following chapters contain the most notable changes to installer and image creation between RHEL 8 and RHEL 9.

16.1. Installer

Anaconda activates network automatically for interactive installations

Anaconda now activates the network automatically when performing interactive installation, without requiring users to manually activate it in the network spoke. This update does not change the installation experience for Kickstart installations and installations using the ip= boot option.

New options to Lock root account and Allow root SSH login with password

RHEL 9 adds following new options to the root password configuration screen:

  • Lock root account: To lock the root access to the machine.
  • Allow root SSH login with password: To enable password-based SSH root logins.

During Kickstart installations, you can enable root access via SSH with password by using the --allow-ssh option of the rootpw Kickstart command. For more information, see rootpw (required).

Licensing, system, and user setting configuration screens have been disabled post standard installation

Previously, RHEL users configured Licensing, System (Subscription manager), and User Settings prior to gnome-initial-setup and login screens. Starting with RHEL 9, the initial setup screens have been disabled by default to improve user experience. If you must run the initial setup for user creation or license display, install the following packages based on the requirements.

  1. To install initial setup packages: 

    # dnf install initial-setup initial-setup-gui

  2. To enable initial setup after the next reboot of the system. 

    # systemctl enable initial-setup
  3. Reboot the system to view initial setup.

For Kickstart installations, add initial-setup-gui to the packages section and enable the initial-setup service. 

firstboot --enable
%packages
@^graphical-server-environment
initial-setup-gui
%end

The rhsm command for machine provisioning through Kickstart for Satellite is now available

The rhsm command replaces the %post scripts for machine provisioning on RHEL 9. The rhsm command helps with all provisioning tasks such as registering the system, attaching RHEL subscriptions, and installing from a Satellite instance. For more information, see the Registering and installing RHEL from Satellite using Kickstart section in the Performing an advanced RHEL installation guide.

New Kickstart command - timesource

The new timesource Kickstart command is optional and it helps to set NTP, NTS servers, and NTP pools that provide time data. It also helps to control enabling or disabling the NTP services on the system. The --ntpservers option from the timezone command has been deprecated and has been replaced with this new command.

Support for Anaconda boot arguments without inst. prefix is no longer available

Anaconda boot arguments without the inst. prefix have been deprecated since RHEL 7. Support for these boot arguments has been removed in RHEL 9. To continue using these options, use the inst. prefix

For example, to force the installation program to run in the text mode instead of the graphical mode, use the following option: 

inst.text

Removed Kickstart commands and options

The following Kickstart commands and options have been removed from RHEL 9. Using them in Kickstart files causes an error.

  • device
  • deviceprobe
  • dmraid
  • install - use the subcommands or methods directly as commands
  • multipath
  • bootloader --upgrade
  • ignoredisk --interactive
  • partition --active
  • harddrive --biospart
  • autostep

Where only specific options and values are listed, the base command and its other options are still available and not removed.

Removed boot options

The following boot options have been removed from Red Hat Enterprise Linux:

  • inst.zram

    RHEL 9 does not support the zram service. See the zram-generator(8) man page for more information.

  • inst.singlelang

    The single language mode is not supported on RHEL 9.

  • inst.loglevel

    The log level is always set to debug.

16.2. Image creation

This version introduces the following enhancements over the previous versions.

Blueprints now support adding a tailoring file for scap security profile

Starting with 9.4, RHEL image builder supports OpenSCAP customizations in the blueprint by adding a tailoring file for scap security profile. You can add customized tailoring options for a profile to the osbuild-composer blueprint customizations by using the following options:

  • selected for the list of rules that you want to add.
  • unselected for the list of rules that you want to remove.

When you build an image from the blueprint customized with tailoring file for scap security profile, it creates a tailoring file with a new tailoring profile ID and saves it to the image as /usr/share/xml/osbuild-oscap-tailoring/tailoring.xml. The new profile ID will have _osbuild_tailoring appended as a suffix to the base profile, for example, xccdf_org.ssgproject.content_profile_cis_osbuild_tailoring, if you use the cis base profile.

AWS EC2 images now support both BIOS and UEFI boot

This update extends the AWS EC2 AMD or Intel 64-bit architecture .ami images created by RHEL image builder to support UEFI boot, in addition to the legacy BIOS boot.

Support to build VMware VSphere (OVA)

RHEL image builder can build VMware VSphere Open Virtual Appliance (OVA) files that you can deploy more easily to VMware vSphere by using the vSphere GUI client.

A new and improved way to create blueprints and images in the RHEL image builder web console

With the new unified version of the image builder tool, you can much more easily create blueprints and images. Notable enhancements include the following:

  • You can now use all the customizations previously supported only in the command-line interface, such as kernel, file system, firewall, locale, and other customizations, in the image builder web console.
  • You can import, export, and save blueprints in the .JSON or .TOML format.

Ability to create images with support to different partitioning modes

With RHEL image builder, you can build VMware VSphere Open Virtual Appliance (OVA) files. You can deploy such files to VMware vSphere by using the vSphere GUI client .

Filesystem customization policy changes in image builder

The following policy changes are in place when using the RHEL image builder filesystem customization in blueprints:

  • You can set the`mountpoint` and minimum partition minsize entries in the blueprint.

  • The following image types do not support filesystem customizations:

    • image-installer
    • edge-installer
    • edge-simplified-installer

  • The following image types do not create partitioned operating systems images.

    • edge-commit
    • edge-container
    • tar

    • container

      Customizing the filesystem of such images has no result.

  • The blueprint now supports the mountpoint customization for the tpm directory and its sub-directories.

RHEL image builder supports creating customized files and directories in the /etc directory

With the new`[[customizations.files]]` and the [[customizations.directories]] blueprint customizations, you can create customized files and directories in the /etc image directory. Currently, these customizations are only available in the /etc directory. You can use the customizations for all available image types, except image types that deploy OSTree commits, such as:

  • edge-raw-image
  • edge-installer
  • edge-simplified-installer

.vhd images built with RHEL image builder now have support for 64-bit ARM

You can now build .vhd images using image builder and upload them to the Microsoft Azure cloud.

RHEL image builder supports customized file system partitions on LVM

With support for customized file system partitions on LVM, if you add any file system customization to your system, the file systems are converted to an LVM partition.

RHEL image builder now supports file system configuration

As of Red Hat Enterprise Linux 9.0, Image Builder provides support for users to specify a custom filesystem configuration in blueprints to create images with a specific disk layout, instead of using the default layout configuration.

RHEL image builder can create bootable ISO Installer images

You can use image uilder GUI and CLI to create bootable ISO Installer images. These images consist of a tar file that contains a root file system which you can use to install directly to a bare metal server.