Language:
Format:

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 2. Types of Installation

Red Hat Enterprise Linux Atomic Host is distributed in multiple formats and able to be installed on bare-metal, in multiple virtual environments and in public and private cloud infrastructures.

You can find the installation media on the Red Hat Enterprise Linux Atomic Host Product Page when you click the Download button under Installation Media. Complete installation instructions can be found in the Red Hat Enterprise Linux Installation Guide.

Note

Not every version of RHEL Atomic Host has an .iso image available. For example, rhel-atomic-installer-7.3.3-1.x86_64.iso is available for Atomic Host 7.3.3, but no .iso is available for versions 7.3.4 to 7.3.6.

To install the latest Atomic Host from an .iso:

Download the latest available .iso.
Install it.
Register it.
Attach the subscription.
Run this command:
```
# atomic host upgrade
```

2.1. Developer Mode

Developer Mode provides a way to try out Atomic Host without actually going through an installation. It is available as an option in the GRUB boot menu on cloud images (but not on the bare-metal ISO) and this way you also avoid setting up the meta-data and user-data files and configuring cloud-init.

When your Atomic Host machine boots up, choose the "Developer Mode" selection in the GRUB boot menu to enter Developer Mode.

Developer Mode provides cloud-init with a local data source that automatically provides the following:

a randomly-generated root password
autologin of the root account into a tmux session
pulling and starting of the rhel7/cockpit-ws container

2.2. Physical Machine Installations

2.2.1. Manual Partitioning

While physical machine installation of RHEL Atomic Host and RHEL is usually similar, there are some important differences. One such difference is which custom partitioning schemes are available.

In RHEL Atomic Host, unlike in RHEL, the /var directory is the only writeable directory (apart from the small /etc directory). Hence, most writeable subdirectories of the root directory are actually stored in /var, which usually makes /var the biggest directory. Therefore, you might want to configure /var to be a mount point. It would allow you to place /var into a separate partition, which prevents other mount points from getting full if /var gets full.

Starting with RHEL Atomic Host 7.4.2, you can do this. If you decide to do manual partitioning, consider these points:

Containers and their data are stored in /var. System containers are normally pulled to /ostree and hardlinked to /var, but if /var is on a separate partition, system containers are pulled to /var only.
This means that /var is big. Make sure to dedicate a large enough partition to it.
If for storage you use LVM thin-pool and devicemapper (default on RHEL Atomic Host), make sure to leave enough space in the volume group to allow for the thin-pool logical volume to be created and used. For instructions on this, see How to Leave Space in the Volume Group Backing Root During Installation.
With extra precautions, you can even use a more advanced scheme, where subdirectories of /var are put on different partitions, for example:
- /var/lib/docker/ - for images for docker or cri-o containers (largest space, usually)
- /var/lib/containers/atomic/ - for system containers and images
- /var/lib/docker/volumes/ - for data from running containers

2.2.2. Anaconda Installation

You can find the procedure for installing RHEL Atomic Host with Anaconda in the Installing with Anaconda chapter of the Red Hat Enterprise Linux Installation Guide.

An important difference between installing RHEL Atomic Host and RHEL is which custom partitioning schemes are available. Generally, RHEL Atomic Host supports fewer partitioning schemes. Beginning RHEL Atomic Host 7.4.2, the /var directory can be configured to be a mount point. This allows placing /var into a separate partition, which prevents other mount points from getting full if /var gets full. For full manual partitioning instructions see the Manual Partitioning section of the Red Hat Enterprise Linux Installation Guide.

2.2.3. Kickstart Installation

To prepare for a Kickstart installation, you can follow the instructions in the Kickstart Installations chapter from the Red Hat Enterprise Linux Installation Guide. Kickstart installations of Red Hat Enterprise Linux Atomic Host do not differ much from Red Hat Enterprise Linux installations except for a few specific considerations.

Red Hat Enterprise Linux Atomic Host uses the rpm-ostree technology for package management and updates. Therefore, the %packages section is not used in the Kickstart file. Instead, the file must contain a command for including the interactive-defaults.ks file from the installation media. This file contains Kickstart commands that point to an OSTree repository on the media and also disable the cloud-init service.

Following is an example Kickstart file for Atomic Host which can be used as a reference:

lang en_US.UTF-8
keyboard us
timezone America/Chicago
#rootpw --iscrypted password_hash
rootpw --plaintext atomic
auth --enableshadow --passalgo=sha512
ostreesetup --nogpg --osname=rhel-atomic-host --remote=rhel-atomic-host --url=file:///install/ostree --ref=rhel-atomic-host/7/x86_64/standard
services --disabled cloud-init,cloud-config,cloud-final,cloud-init-local
clearpart --all --initlabel
zerombr
autopart
#%include /usr/share/anaconda/interactive-defaults.ks
%post --erroronfail
fn=/etc/ostree/remotes.d/rhel-atomic-host.conf; if test -f ${fn} && grep -q -e '^url=file:///install/ostree' ${fn}$; then rm ${fn}; fi
%end
%post --erroronfail
rm -f /etc/ostree/remotes.d/*.conf
echo 'unconfigured-state=This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.' >> $(ostree admin --print-current-dir).origin
%end"

Here is what the commands in that kickstart file do:

The rootpw command tells the installer to set the root user’s password using the plain text argument that follows (in this case, the password is set to atomic). You could you the --iscrypted option instead if you have a password hash you created previously.
The auth command uses --enableshadow to tell the installer to store user passwords in the /etc/shadow file and --passalgo=sha512 says to encrypt those passwords using the SHA512 algorithm.
The ostreesetup command tells the installer how to get and setup the ostree file system.
The services command disables some services that are inappropriate to an Atomic host.
The clearpart --all --initlabel command erases all disks that can be reached by the installer, including any attached network storage.
Using zerombr prevents Anaconda from prompting for confirmation which allows for an unattended installation.
The autopart command sets up the partitioning automatically (more on that later).
The %include command points to the file which contains commands that point to an OSTree repository and disables the cloud-init service. This command is mandatory for RHEL Atomic Host.
The %post section at the end of the file runs several commands to further configure the system after installation is completed.

By default, partitioning for Red Hat Enterprise Linux Atomic Host is done automatically with the autopart command, to configure Logical Volume Management (LVM) style partitioning. Although autopart partitioning is preferred, you have the option of partitioning yourself to set such things as the names of physical volumes, volume groups, and logical volumes, along with the amount of disk space associated with those entities. Here is an example of how you might set partitioning manually, to replace the autopart entry shown in the kickstart example above:

zerombr
part /boot --ondisk=sda --asprimary --fstype="xfs"   --size=512
part pv.01 --ondisk=sda --asprimary --fstype="lvmpv" --grow
volgroup vg.atomic --pesize=16384 pv.01
logvol swap --fstype="swap" --name=lv.swap --vgname=vg.atomic --size=4096
logvol / --fstype="xfs" --name=lv.root --vgname=vg.atomic --grow

This example sets a 512MB primary partition with an xfs file system type on disk /dev/sda that is assigned to the /boot partition. The rest of the disk is assigned to an LVM physical volume (lvmpv) named pv.01. That physical volume is assigned to a volume group named vg.atomic. Two logical volumes are created from that volume group: a 4G swap partition and a root partition (/) with an XFS file system that consumes the rest of the remaining space from the volume group.

2.3. Virtual Machine Installations

This chapter explains how to install Red Hat Enterprise Linux Atomic Host in several different virtualization environments and public cloud services. Before you start following the procedures below, download the appropriate ISO image for your environment as described in Downloading Red Hat Enterprise Linux from the Red Hat Enterprise Linux 7 Installation Guide.

2.3.1. Linux Hypervisor Installation with qcow2 Media

The following sections describe the installation of Red Hat Enterprise Linux Atomic Host using a qcow2 disk image in a Linux hypervisor environment on a Red Hat Enterprise Linux 7 system.

Overview

Red Hat Enterprise Linux Atomic Host is available as a fully-configured disk image ready to be used with a Linux hypervisor. This variant is distributed as a compressed gzip archive. Decompress it using the following command:

# gzip -d rhel-atomic-host-7.qcow2.gz

The resulting uncompressed qcow2 image can be used to create an instance of Red Hat Enterprise Linux Atomic Host. This means that the file will be written to once you start the virtual machine; after you use it to start one instance, you can not reuse it to start another one or reconfigure it using cloud-init. Therefore, you should back up the original qcow2 file before starting the first instance. You can use the qemu-img command to create a snapshot of the unmodified file:

# qemu-img create -f qcow2 -o backing_file=rhel-atomic-host-standard.qcow2 atomic-beta-instance-0.qcow2

This command creates a snapshot named rhel-atomic-host-standard.qcow2 which is the original, unmodified image, and a new file called atomic-beta-instance-0.qcow2, which can be used for the actual virtual machine.

2.3.1.1. Preparing for Installation

The installation configuration options are set with a pair of cloud-init configuration files:

meta-data
A plain text file which provides information that identifies the instance of Red Hat Enterprise Linux Atomic Host being installed. Its contents should be similar to the following example:
```
instance-id: Atomic0
local-hostname: atomic-00
```
The instance-id can be any identifying name and the local-hostname should be a host name that follows your site standards.
user-data
A plain text file which provides information about users on the system. This information will be used to enable access to the Red Hat Enterprise Linux Atomic Host instance. by default, the root user is password-locked; therefore, if you do not create the user-data file, you will not be able to log in.
An example of a user-data file is below:
```
#cloud-config
password: atomic
chpasswd: {expire: False}
ssh_pwauth: True
ssh_authorized_keys:
- ssh-rsa AAA...SDvz user1@yourdomain.com
- ssh-rsa AAB...QTuo user2@yourdomain.com
```
Note
The first line of the example (#cloud-config) is not a comment or a command example - it is a mandatory line in the configuration file.
This example enables the cloud-user user to log in either with a password or an SSH key. The use of both methods is possible, but not required. An initial password is set on the password line; when the user logs in for the first time on this instance, they will be prompted to change their password as defined on the chpasswd line. Forcing the user to change their password after the first login is recommended because initially the password is stored in plain text.
The final four lines in the example configure remote login using SSH. The ssh_pwauth: True line enables SSH using a password, and the ssh_authorized_keys starts a block of one or more authorized public keys. Keys described in this file will be added to the ~/.ssh/authorized_keys file. Each authorized key must be on a separate line and start with two spaces followed by a hyphen (-) and another space.

For additional information about these files, see the "Creating a cloud-init ISO File" section.

Once you have created both of the files described above, you must package them into the ISO image. This image will then be used as a virtual configuration CD on the virtual machine. To package the files into an image, use the following command:

# genisoimage -output atomic0-cidata.iso -volid cidata -joliet -rock user-data meta-data

This will create a new ISO image file named atomic0-cidata.iso.

2.3.1.2. Starting Red Hat Enterprise Linux Atomic Host for the First Time

After you unpacked the distributed qcow2 image and created a configuration image as described in the previous section, you can create the virtual machine and begin the installation process. This section will describe creating an instance using the virt-install command; it is also possible to use the virt-manager graphical interface. Both are documented in the Red Hat Enterprise Linux 7 Virtualization Deployment and Administration Guide. See also the Red Hat Enterprise Linux 7 Virtualization Getting Started Guide for introduction to virtualization on Red Hat Enterprise Linux 7.

The following command will create a new virtual machine using the qcow2 image distributed by Red Hat and the configuration image you have created earlier:

# virt-install --import --name Atomic0 --ram 4096 --vcpus 2 --disk path=/path/to/rhel-atomic-host-standard.qcow2,format=qcow2,bus=virtio --disk path=/path/to/atomic0-cidata.iso,device=cdrom --network bridge=virbr0 --graphics vnc

The two --disk-path= options specify locations of the image files and device types which should be created (a virtio device for the main image and a virtual CD drive for the configuration image). It also assigns 4 GB of RAM (--ram 4096) and 2 virtual CPUs (--vcpus 2) to the virtual machine, sets up a VNC graphical interface (--graphics vnc) and a network bridge (--network bridge=virbr0). You can change these settings to suit your needs, but you must always use both of the image files.

Note

Currently, DHCP is the preferred network configuration method for use with Red Hat Enterprise Linux Atomic Host. Network settings can be changed by editing configuration files in the /etc directory after the initial boot.

Note

If you want to have your virtual machine accessible outside of the host machine. You should use a direct network interface. For example, you can replace --network bridge=virbr0 with --network type=direct,source=em1, where em1 is the name of an active network interface on the host system.

At this point, you can log into the Red Hat Enterprise Linux Atomic Host virtual machine using the credentials you set up in your user-data file. To access a root shell, use the sudo -i command. To connect to the virtual machine’s console from the host system, use the following command:

# virsh console Atomic0

Replace Atomic0 with the name of the virtual machine - the --name option of the virt-install command.

For information about working with your new Red Hat Enterprise Linux Atomic Host instance, see the Red Hat Enterprise Linux Atomic Host 7 Getting Started Guide.

2.3.2. Red Hat Enterprise Virtualization Environment Installation

The following sections explain how to use Red Hat Enterprise Virtualization (RHEV) to create virtual machines that run RHEL Atomic Host with .ova files and an ISO files.

.ova-based Installation

Note

RHEV OVA images of Atomic Host currently cannot be imported into RHEV.

See this Bugzilla for details.

The .ova based installation method allows for rapid deployment of a Red Hat Enterprise Linux Atomic Host installation, but permits less customization than does the ISO-based installation described in the subsequent section.

Acquire the RHEL Atomic Host .ova media from Download Red Hat Enterprise Linux.
Copy the .ova file to the Red Hat Enterprise Virtualization Manager.
Use the engine-image-uploader command to upload the .ova file to the Export storage domain.
Create instances of Red Hat Enterprise Linux from the .ova files uploaded to your Red Hat Enterprise Virtualization instance.

ISO-based Installation

The .iso based installation method allows for greater customization of the installation than does the .ova based installation method, but requires the configuration of the virtual machine hosting the Atomic environment.

Acquire the Red Hat Enterprise Linux Atomic Host installation media from Download Red Hat Enterprise Linux. and copy it to the Red Hat Enterprise Virtualization Manager’s file system.
Use engine-image-uploader to add the ISO image to the storage domain of your Red Hat Enterprise Virtualization environment.
Attach the uploaded Red Hat Enterprise Linux Atomic Host ISO image to a new virtual machine and install Red Hat Enterprise Linux Atomic Host on that virtual machine.
Use the newly-created Red Hat Enterprise Linux Atomic Host virtual machine.

For more details, see the documentation set for Red Hat Enterprise Virtualization.

2.3.2.1. Installing Red Hat Enterprise Linux Atomic Host from an .ova File

The following section explains how to install Red Hat Enterprise Linux Atomic Host in Red Hat Enterprise Virtualization, from an .ova (Open Virtualization Appliance) source. This operation consists of a procedure in three stages. The first stage describes how to unpack the .ova file in the export storage domain of your Red Hat Enterprise Virtualization environment and how to set permissions so that Red Hat Enterprise Virtualization has ownership of the unpacked files. The second stage describes how to import the virtual machine template from the export domain into the Red Hat Enterprise Virtualization environment. The third stage describes how to create a virtual machine from the imported template.

Importing the .ova File with engine-image-uploader

This procedure explains how to use rhevnm-image-uploader to upload the virtual machine template of the Red Hat Enterprise Linux Atomic Host to the Export storage domain. Perform the following steps from within the Red Hat Enterprise Virtualization Manager environment.

Transfer the .ova file to the Red Hat Enterprise Virtualization Manager.

[a computer that is not the RHEV Manager]# scp filename.ova root@rhevm.hostname.com:/

Log in to the Red Hat Enterprise Virtualization Manager machine as root.
```
[a computer that is not the RHEV Manager]# ssh root@rhevm.hostname.com
```
Move to the directory to which you transferred the .ova file. In this example we assume that the directory is root (/):
```
[RHEVM]# cd /
```
Use the following command to upload the .ova file to the Export storage domain:
```
[RHEVM]# engine-image-uploader -N imagename -e Export upload filename.ova
```
Include -N imagename to give the image a human-readable file name. Otherwise, the name of the image will be a long alphanumeric string. Also substitute the name of your export domain for "Export" and the name of the .ova file for "filename.ova".
Provide the REST API password for the admin@internal oVirt engine user when prompted. The upload may take some time, depending on the size of the uploaded file. The upload succeeds silently, returning you to a command prompt when it is complete.

Importing the Virtual Machine Template into Red Hat Enterprise Virtualization

After the .ova file has been unpacked and the virtual machine template that it contained has its permissions set so that Red Hat Enterprise Virtualization can operate on it, you must import the virtual machine template into the Red Hat Enterprise Virtualization environment through the Administration Portal user interface. When this procedure is complete, it will be possible to create virtual machines from the imported template.

Sign in to the Red Hat Enterprise Virtualization Manager Administrator Portal as admin.
In the Red Hat Enterprise Virtualization Manager User Interface, click the Storage tab in the Navigation Pane (the pane at the top of the interface).
In the Red Hat Enterprise Virtualization Manager User Interface, click the name of the Export Domain in the Navigation Pane.
In the Red Hat Enterprise Virtualization Manager User Interface, click the Template Import tab in the Details Pane (the pane at the bottom of the interface).
In the Red Hat Enterprise Virtualization Manager User Interface, in the Details Pane (the pane at the bottom of the interface), click the name of the file you plan to import.
In the Red Hat Enterprise Virtualization Manager User Interface, click Import at the top left of the Details Pane.
In the Import Template window, click the name of the virtual machine you plan to import.
In the Import Template window, click OK in the bottom right corner.

Adding a cloud-init ISO to the ISO Domain

Create a cloud-init ISO by following the instructions in the "Creating a cloud-init ISO File" section.
From a machine remote to the RHEV Manager machine in your Red Hat Enterprise Virtualization environment, use scp to copy the cloud-init ISO to the file system of the RHEV Manager machine in the Red Hat Enterprise Virtualization Environment.

[a computer that is not the RHEV Manager]# scp atomic-cloud.iso root@rhevm.hostname.com:/

[a computer that is not the RHEV Manager]# ssh root@rhevm.hostname.com

Move to the directory to which you uploaded the atomic-cloud.iso:

[RHEVM]# cd /

Use rhevm-iso-uploader to upload the cloud-init ISO to the ISO domain.

[RHEVM]# rhevm-iso-uploader --iso-domain=domain_name upload atomic-cloud.iso

Sign in to the Red Hat Enterprise Virtualization Manager Administrator Portal as admin.
In the Red Hat Enterprise Virtualization Manager User Interface, select the Storage tab in the Navigation pane.
In the Details pane (the pane at the bottom of the interface), select the Images tab.
Confirm that the .iso file is present in the ISO domain (it will appear in a list in the Images subtab of the Details pane if it is present).

Creating a Virtual Machine from the Imported Template

Now that your Red Hat Enterprise Linux Atomic Host virtual machine template has been unpacked and imported to your Red Hat Enterprise Virtualization environment and your cloud-init ISO file is present in the Red Hat Enterprise Virtualization ISO domain, you can create Red Hat Enterprise Linux Atomic Host virtual machines using the following procedure.

Log in to the Red Hat Enterprise Virtualization Manager user interface.
Open the Virtual Machines tab in the Navigation pane.
In the Navigation Pane of the Red Hat Enterprise Virtualization User Interface, click New VM.
In the New Virtual Machine window, in the Based on Template drop-down menu, select the name of the Red Hat Enterprise Linux Atomic Host template that you imported earlier.
In the New Virtual Machine window, fill out the "Name", "Description", and "Comment" fields.
In the Boot Options tab of the New Virtual Machine window, select the "Attach CD" check box, and select the name of the cloud-init ISO that contains the user credentials you want to use on this virtual machine.
Click OK.

Updating the RHEV Guest Agent in the Atomic Host VM

To allow the RHEV Manager to control an Atomic Host VM, a guest agent must be running on that VM. The ovirt-guest-agent interfaces with the RHEV Manager to supply run-time data and heart beat information, as well as allowing the RHEV Manager to control the operation of the VM (including shutdown and restart).

The latest Atomic Host ova image for RHEV includes the ovirt-guest-agent in the form of a container named rhevm-guest-agent. When you created a virtual machine from the imported ova image (as described previously), the rhevm-guest-agent container image included in the VM is automatically set to run when the VM starts up.

You can check the status of the rhevm-guest-agent container (and update the container if needed) by logging into the Atomic Host VM on the RHEV environment and running the following commands:

List that the rhevm-guest-agent is available and running:

# runc list
ID                PID  STATUS  BUNDLE                                           CREATED
rhevm-guest-agent 674  running /var/lib/containers/atomic/rhevm-guest-agent.0   2017-06-...

Check the status of the rhevm-guest-agent running as a systemd service:

# systemctl status rhevm-guest-agent
● rhevm-guest-agent.service - oVirt Guest Agent Container
   Loaded: loaded (/etc/systemd/system/rhevm-guest-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2017-06-19 19:06:58 UTC; 1 weeks 0 days ago
 Main PID: 644 (runc)
   Memory: 5.8M
   CGroup: /system.slice/rhevm-guest-agent.service
           └─644 /bin/runc --systemd-cgroup run rhevm-guest-agent

Update the rhevm-guest-agent. If an newer version of the rhevm-guest-agent container is available, you can update the container by running the following command (in this example, no new version was available):

# atomic containers update rhevm-guest-agent
Latest version already installed.

2.3.2.2. Installing Red Hat Enterprise Linux Atomic Host from an ISO Image

Uploading ISO

Note

This section pertains only to the procedure describing the installation of a Red Hat Enterprise Linux Atomic Host system from an ISO image. This section does not pertain to the creation of a Red Hat Enterprise Linux Atomic Host system from an .ova file.

Transfer the ISO file to the file system of the Red Hat Enterprise Virtualization Manager.
```
[a computer that is not the RHEV Manager]# scp filename.iso root@rhevm.hostname.com:/
```
Log in to the back end of the Red Hat Enterprise Virtualization Manager as root. Note that this does not mean that you should log in to the Red Hat Enterprise Virtualization Manager Administrator Portal.
```
[a computer that is not the RHEV Manager]# ssh root@rhevm.hostname.com
```
Move to the directory to which you transferred the ISO file:
```
[RHEVM]# cd /
```
Determine the name of the ISO storage domain on your Red Hat Enterprise Virtualization Manager. In the example here, the name of the ISO storage domain is ISO_DOMAIN:
```
# rhevm-iso-uploader list
ISO Storage Domain Name   | Datacenter                | ISO Domain Status
ISO_DOMAIN                | Default                   | active
```
Use rhevm-iso-uploader to upload the Red Hat Enterprise Linux Atomic Host installation ISO image to the Red Hat Enterprise Virtualization storage domain:
```
[RHEVM]# rhevm-iso-uploader upload -i ISO_DOMAIN filename.iso
```

For more information on uploading ISO files to ISO domains in Red Hat Enterprise Virtualization, see the Red Hat Enterprise Virtualization Installation Guide.

Creating a Red Hat Enterprise Linux Atomic Virtual Machine

Log in to the Red Hat Enterprise Virtualization Manager.
Click the Virtual Machines tab.
Click the New VM button to open the New Virtual Machine window.
Click the Show Advanced Options button in the lower left corner of the New Virtual Machine window.
On the General tab, fill in the Name and Operating System fields. You can accept the default settings for other fields, or change them if required.
Click Boot Options in the menu on the left of the New Virtual Machine window.
In the Boot Sequence menu, select CD-ROM in the First Device drop-down menu.
In the Boot Sequence menu, select Hard Disk in the Second Device drop-down menu.
Select the Attach CD check box.
In the drop-down menu to the right of the Attach CD check box, select the name of the Red Hat Enterprise Linux Atomic Host installation ISO.
Click OK in the bottom right of the New Virtual Machine window.
The New Virtual Machine - Guide Me window opens, displaying two buttons: Configure Network Interfaces and Configure Virtual Disks.
Click Configure Network Interfaces.
The New Network Interface window opens. The default values in this window are sufficient to create a virtual network interface for the virtual machine.
Click OK in the bottom right of the New Network Interface window.
In the New Virtual Machine - Guide Me window, click the Configure Virtual Disks button.
The New Virtual Disk window opens. In the Size (GB) field, enter the size in gigabytes of your virtual hard drive.
Click OK in the bottom right of the New Virtual Disk window
In the New Virtual Machine - Guide Me window, click Configure Later in the bottom right.

2.3.3. Red Hat Enterprise Linux OpenStack Platform Installation

This section explains how to launch an instance of Red Hat Enterprise Linux Atomic Host on the Red Hat Enterprise Linux OpenStack Platform using a QCOW2 image. Before you start the procedure, download the QCOW2 image from here: Download Red Hat Enterprise Linux.

Creating a Red Hat Enterprise Linux Atomic Host Instance from a QCOW2 image

The following procedure assumes you are familiar with Red Hat Enterprise Linux OpenStack Platform. For more information about Red Hat Enterprise Linux OpenStack Platform, see the Red Hat Enterprise Linux OpenStack Platform End User Guide.

Create a project.
1. Log into the Red Hat Enterprise Linux OpenStack Platform Dashboard
2. Create a project by going to the Admin Tab and then clicking on Projects under Identity Panel.
3. Click Create Project and provide a Project Name that is meets your site requirements. Additional configuration is not required, but should be done to meet your site requirements.
Setup networking for your project. This will vary by site configuration. In general the following steps are required:
1. Create a network and a subnet for the internal networking for the project.
2. Create a router and assign a gateway and create an interface to configure it to connect the internal network to the external network.
Create or upload a key pair to use with instances. The key pair settings can be found in the Project Tab under Manage Compute in Access & Security on the Keypair Tab.
Load the QCOW2 image into Red Hat Enterprise Linux OpenStack Platform.
1. Click Images & Snapshots located on the Project Tab under Manage Compute.
2. Click Create Image and provide the following information:
  - Name: A meaningful image name
  - Image Source: Choose Image File to allow a file to be uploaded from your local workstation.
  - Format: Choose QCOW2
  - Minimum Disk (GB): The minimum amount of disk space this image should be allowed to have. For more information, see Disk Space and Memory Requirements.
  - Minimum Ram (MB): The minimum amount of memory this image should be allowed to have. For more information, see Disk Space and Memory Requirements.
3. Finally, click Choose File and select the QCOW2 image to upload and then click Create Image to start the upload.
Set up the instance to be launched, including basic first boot configuration using cloud-init.
1. Access the Launch Instance dialog box by clicking on the Launch Instance button found on the Projects Tab under Manage Compute on the Instances Screen.
2. Provide the following information in the Launch Instance dialog box on the Details Tab.
  - Instance Name: A meaningful instance name
  - Flavor: A properly sized instance for your application requirements that meets the minimum requirements for Red Hat Enterprise Linux Atomic Host.
  - Instance Boot Source: Choose the image you loaded in the previous step. For more information, see Disk Space and Memory Requirements.
3. Provide the following information in the Launch Instance dialog box on the Access & Security Tab.
  - Keypair: Select the key pair you wish to use with this instance.
4. Provide the following information in the Launch Instance dialog box on the Networking Tab.
  - Selected Network: Select the network you wish to use with this instance.
5. Provide the following information in the Launch Instance dialog box on the Post-Creation Tab.
  - Customization Script: In this field, paste the equivalent of a user-data file for cloud-init. A user-data is a plain text file which provides information about users and configuration of the system. This information will be used to enable access to the Red Hat Enterprise Linux Atomic Host instance. By default, the root user is password protected; therefore, if you do not create the user-data file, you will not be able to log in.
    An example of a `user-data` file is below:
    #cloud-config password: atomic chpasswd: {expire: False} ssh_pwauth: True ssh_authorized_keys: - ssh-rsa AAA...SDvz user1@yourdomain.com - ssh-rsa AAB...QTuo user2@yourdomain.com
    Note
    The first line of the example (#cloud-config) is not a comment or a command example - it is a mandatory line in the configuration file.
    This example enables the cloud-user user to log in either with a password or an SSH key. The use of both methods is possible, but not required. An initial password is set on the password line; when the user logs in for the first time on this instance, they will be prompted to change their password as defined on the chpasswd line. Forcing the user to change their password after the first login is recommended because initially the password is stored in plain text.
  The final four lines in the example configure remote login using SSH. The ssh_pwauth: True line enables SSH using a password, and the ssh_authorized_keys starts a block of one or more authorized public keys. Keys described in this file will be added to the ~/.ssh/authorized_keys file. Each authorized key must be on a separate line and start with two spaces followed by a hyphen (-) and another space.
For additional information about this file, see the "Creating a cloud-init ISO File" section.
1. Click the Launch button to start your instance.

2.3.4. VMWare Installation

VMware vSphere provides a means of deploying and managing virtual machine resources. This section explains how to run Red Hat Enterprise Linux Atomic Host using the VMware vSphere Client. For the examples in this article, the ISO image was created on a Red Hat Enterprise Linux 7 system and Red Hat Enterprise Linux Atomic Host was run on VMware vSphere that was set up as a single ESXi 5.5 hypervisor and vCenter host running on a Microsoft Windows system.

Getting a Red Hat Enterprise Linux Atomic Host Image

To create a Red Hat Enterprise Linux Atomic Host virtual machine image that you can run on VMware vSphere, first download the Red Hat Enterprise Linux Atomic Host OVA file for VMware from the Download Red Hat Enterprise Linux page.

The vSphere OVA plug-in has a configurable network controller and a configurable SCSI controller.

The configurable parameters are:

vsphere_scsi_controller_type: Valid settings are: lsilogic and VirtualSCSI
vsphere_network_controller_type: Valid settings are: E1000 and VmxNet3

When these parameters are not explicitly set, they default to the non-paravirtualization settings. The SCSI controller non-paravirtualization setting is lsilogic. The network controller non-paravirtualization setting is E1000.

Creating a cloud-init ISO File

You need to create a cloud-init ISO image that includes information that is used to configure the Red Hat Enterprise Linux Atomic Host system. This information can include a host name, a user name and password, and other configuration settings. Create the configuration information needed and produce the ISO image as described in the following steps:

Create cloud-init meta-data file.
The final installation configuration options are set with a pair of cloud-init configuration files. The first installation configuration file contains the metadata. Create this file with a text editor and call it meta-data. This file provides information that identifies the instance of Red Hat Enterprise Linux Atomic Host being installed. The instance-id can be any identifying name and the local-hostname should be a host name that follows your site standards, for example:
```
instance-id: Atomic0
local-hostname: atomic-00
```
Create cloud-init user-data file.
The second installation configuration option file is the user data file. This file provides information about users on the system. Create it with a text editor and call it user-data. This file will be used to enable access to the installation of Red Hat Enterprise Linux Atomic Host. By default, the root user is password locked and it is not possible to log in if this step is skipped. The following is an example of what the user-data file will look like:
```
#cloud-config
password: atomic
chpasswd: {expire: False}
ssh_pwauth: True
ssh_authorized_keys:
  - ssh-rsa AAA...SDvz user1@yourdomain.com
  - ssh-rsa AAB...QTuo user2@yourdomain.com
```
This user-data file enables the default user, cloud-user, to log in either with a password or with an SSH key. The use of both methods is possible but not required. Password login is enabled by the password and chpasswd lines. The password contains the plain-text password for the cloud-user user. The chpasswd line turns off password expiration to prevent the first login from immediately prompting for a change of password. This is optional. If you set a password, it is recommended that you change it when you first log in because the password has been stored in a plain text file.
SSH login is enabled by the last three lines of the file. The ssh_pwauth line enables SSH login. The ssh_authorized_keys line begins a block of one or more authorized keys. Each public SSH key listed on the ssh-rsa lines will be added to the cloud-user ~/.ssh/authorized_keys file. In this example, two keys are listed. For this example, the key has been truncated, in a real file the entire public key must be listed. Note that the ssh-rsa lines must be preceded by two spaces, followed by a hyphen, followed by another space.
Create ISO file.
Once you have completed your files, they need to be packaged into an ISO image. This ISO image is used as a virtual configuration CD with the virtual machine. This ISO image, called atomic0-cidata.iso, is created with the following command on Red Hat Enterprise Linux:
```
# genisoimage -output atomic0-cidata.iso -volid cidata -joliet -rock user-data meta-data
```
Transfer the newly created ISP image to the host running VMware.

2.3.4.1. Setting up a Red Hat Enterprise Linux Atomic Host Virtual Machine in VMware*

The steps for running a Red Hat Enterprise Linux Atomic Host on a VMware vSphere client include the following:

Adding the ISO image you created earlier into your VMware vSphere data store.
Deploying your OVA file as an OVF template in vSphere.
Attaching the ISO image as a CD/DVD drive to the vSphere template.
Run the Red Hat Enterprise Linux Atomic Host virtual machine.

Note

This procedure assumes you are familiar with VMware vSphere and is not written with reference to any specific version of VMware vSphere.

Add image to the Datastore

Open the VMware vSphere client.
In the left pane, access Datastores.
Select the target datastore.
Select Browse this datastore.
Select the folder icon and create a new folder. In this example, it is called atomic01/.
With the new folder atomic01/ highlighted, select the GUI option to upload data to the datastore (and to the folder).
Browse to the cloud-init ISO file you created earlier (for example, atomic01-cid.iso), select it, and upload it to the datastore. If an identically named file already exists in the datastore, you will be asked if you want to overwrite it.
Close the Datastore Browser.

Deploy OVF template

Select Home, then Inventory, then the Hosts and Clusters option.
Select File and Deploy OVF Template.
Browse to the location where you have the OVA file, for example, rhel-atomic-cloud-7.1-6.x86_64.vsphere.ova, select it, and click Open.
Select the Next button. You see the OVF template details screen.
From the OVF template details screen, select Next again.
Type in the name for your Red Hat Enterprise Linux Atomic Host virtual machine.
Select a host or cluster for the virtual machine to run in and click Next.
Select the Disk Format option. You may leave the defaults. Then click Next.
Note
Be sure not to select the Power on after deployment check box. Selecting it will start the virtual machine and it should be started later after the cloud-init ISO has been attached.
Click Finish to begin deploying the template. This should take no more than two minutes.

Attach ISO image as a CD/DVD to Virtual Machine

Right-click on the newly added Red Hat Enterprise Linux Atomic Host template and select Edit Settings. (Select the Virtual Machines tab or expand the server in the Tree View in order to see the virtual machine.)
From the Virtual Machine Properties window, select Add and then CD/DVD Drive and click Next.
Select the Use an ISO image option and click Next.
Browse to find the ISO image you created earlier (we called ours atomic0-cidata.iso), select it, and click Next. The ISO can be found in the datastore that you uploaded it to, in the folder that you created.
After the Advanced options are displayed, click Next to continue.
When the Ready to Complete screen appears, click Finish to complete the settings. Now you are ready to run the Red Hat Enterprise Linux Atomic Host virtual machine.
Click OK to exit the Properties screen.

Run the Red Hat Enterprise Linux Atomic Host virtual machine

To start up the Red Hat Enterprise Linux Atomic Host virtual machine, click to highlight it, then select the Power On button.
Select the Console tab to watch as the virtual machine boots up.

If you configured Red Hat Enterprise Linux Atomic Host as described here, you should be able to log into the virtual machine with the user name cloud-user and password atomic that you defined when you created the cloud-init ISO.

2.3.5. Microsoft Hyper-V Installation

This section explains how to use Microsoft Hyper-V to create virtual machines that run Red Hat Enterprise Linux Atomic Host. Before you begin the installation process, make sure to download the installation media from the Download Red Hat Enterprise Linux page. The VHD image provided by Red Hat is a pre-deployed disk image which can be used to rapidly deploy Generation 1 Hyper-V virtual machines; alternatively you can use the Red Hat Enterprise Linux Atomic Host ISO installer, which allows for customized installations.

For full documentation of Microsoft Hyper-V, see the Hyper-V Getting Started section of the Microsoft TechNet Library.

Creating a Virtual Machine in Hyper-V

In the Actions menu, select New. Then, select Virtual Machine from the drop-down menu, and click Next. A new dialog window titled New Virtual Machine Wizard will open.
Before You Begin. Click Next.
Specify Name and Location. Name the new virtual machine, and click Next.
Specify Generation. Specify Generation 1 if you want to use the VHD disk image provided by Red Hat, or Generation 2 if you need to. (See Section 25.5.3, “Differences Between Generation 1 and Generation 2” for information about Generation 1 and Generation 2 virtual machines.)
Click Next to continue.
Assign Memory. Select how much memory should be assigned to the virtual machine, and click Next.
Configure Networking. In the Connections drop-down menu, select external. Then, click Next.
Connect Virtual Hard Disk. If you are using the VHD disk image provided by Red Hat, choose Use an existing virtual hard disk and then specify the location of the VHD file you have downloaded from Red Hat Customer Portal. Click Next.
Summary. Review your selections and click Finish to create the virtual machine.

Preparing for Installation

Once you run the Hyper-V image, you will be asked for login credentials. These can be preset using a pair of cloud-init files and you can also use the files to set other installation configuration options. The following is an example procedure:

meta-data
A plain text file which provides information that identifies the instance of Red Hat Enterprise Linux Atomic Host being installed. Its contents should be similar to the following example:
```
instance-id: Atomic0
local-hostname: atomic-00
```
The instance-id can be any identifying name and the local-hostname should be a host name that follows your site standards.
user-data
A plain text file which provides information about users on the system. This information will be used to enable access to the Red Hat Enterprise Linux Atomic Host instance. By default, the root user is password protected; therefore, if you do not create the user-data file, you will not be able to log in.
An example of a user-data file is below:
```
#cloud-config
password: atomic
chpasswd: {expire: False}
ssh_pwauth: True
ssh_authorized_keys:
- ssh-rsa AAA...SDvz user1@yourdomain.com
- ssh-rsa AAB...QTuo user2@yourdomain.com
```
Note
The first line of the example (#cloud-config) is not a comment or a command example - it is a mandatory line in the configuration file.
This example enables the cloud-user user to log in either with a password or an SSH key. The use of both methods is possible, but not required. An initial password is set on the password line; when the user logs in for the first time on this instance, they will be prompted to change their password as defined on the chpasswd line. Forcing the user to change their password after the first login is recommended because initially the password is stored in plain text.
The final four lines in the example configure remote login using SSH. The ssh_pwauth: True line enables SSH using a password, and the ssh_authorized_keys starts a block of one or more authorized public keys. Keys described in this file will be added to the ~/.ssh/authorized_keys file. Each authorized key must be on a separate line and start with two spaces followed by a hyphen (-) and another space.

# genisoimage -output atomic0-cidata.iso -volid cidata -joliet -rock user-data meta-data

This will create a new ISO image file named atomic0-cidata.iso.

Differences Between Generation 1 and Generation 2

Microsoft Hyper-V has two different generations (also known as modes): Generation 1 and Generation 2. The differences between these generations have impact on the installation process of Red Hat Enterprise Linux Atomic Host.

Generation 1 disk images are supported on all Microsoft Hyper-V hosts. Generation 2 disk images are supported only on Microsoft Windows 2012 and Microsoft Windows 8.1.

Images provided by Red Hat fall into the Generation 1 category. These disk images allow for immediate deployment of preconfigured instances of Red Hat Enterprise Linux Atomic Host as described in Section 25.5.1, “Creating a Virtual Machine in Hyper-V”.

Preconfigured Generation 2 disk images are not provided by Red Hat. If you want to deploy Red Hat Enterprise Linux Atomic Host as a Generation 2 virtual machine, you can use the interactive installer ISO image and perform an installation using Anaconda (either manually or automatically using a Kickstart file). This process is described in earlier sections of this guide, starting with Chapter 6, Installing Using Anaconda; Kickstart installations are discussed in Chapter 23, Kickstart Installations.

2.3.6. Microsoft Azure Installation

Use this procedure to upload a RHEL Atomic Host image to the Microsoft Azure Cloud and run that image as a virtual machine. The basic steps to run from a RHEL server system are:

Get the Azure CLI tool (az command) as described in Install the Azure CLI.
Get the Red Hat Atomic Cloud (qcow2) image from Red Hat Atomic Host Download page.
Convert the image to VHD format.
Get and log into an Azure login account.
Create the following Azure resources (or use existing ones):
- Create a storage account
- Create a container
- Create a virtual network and subnetwork
Upload the Atomic VHD image.
Create a gold custom image (optional).
Start a RHEL Atomic VM.
Add the Azure agent to the VM (optional).

Replace the following resource names used in the example below with ones appropriate for your own setup.

Resource name	Examples
Azure group	myazgroup
Azure storage	myatomicstorage
Azure container	myatomiccontainer
Azure virtual network	myazatomicnet01
Azure subnetwork	myazatomicsubnet01
Atomic image	rhel-atomic-cloud-7.4.vhd
Azure region	southcentralus (use a region that suits you)
Atomic image in Azure	atomiccloud-74.vhd
Azure gold image group	myatomicgold

With an Azure account in hand, use the following procedure to create an Atomic virtual machine in Azure with that image.

Get the Azure CLI tool: Follow the instructions in Install the Azure CLI to get the az command.
Get the Red Hat Atomic Cloud (qcow2) image from Red Hat Atomic Host Download page.
Convert the image to VHD format as follows:
```
$ qemu-img convert -f qcow2 -o subformat=fixed,force_size -O vpc \
    rhel-atomic-cloud-7.4.4-2.x86_64.qcow2 rhel-atomic-cloud-7.4.vhd
```
Note
Azure requires that VHD images be fixed and aligned. The image described here should work properly. If the image fails to upload and run in a later step, check and fix its alignment as described in Convert the RHEL VM Image to VHD.

Log into the Azure Cloud:

$ az login

To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code ABCDEFGH9 to authenticate.
[
  {
    "cloudName": "AzureCloud",
...
    "user": {
      "name": "joe@example.com",
      "type": "user"
    }
  }
]

After following the instructions from your browser, close the browser window and continue from the command line.

Create Azure group resource: If you don’t already have an Azure group, create one as follows:

$ az group create --name myazgroup --location southcentralus

{
  "id": "/subscriptions/xxxxxxxx-xxxx-xxxx.../resourceGroups/myazgroup",
  "location": "southcentralus",
  "managedBy": null,
  "name": "myazgroup",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null
}

Choose an Azure region that is appropriate for you. Refer to Microsoft Azure Regions to see available regions, then type the following to see names you need to identify your region:

$ az account list-locations -o table
DisplayName      Latitude    Longitude   Name
----------       ----------  ----------- ----------
...
South Central US 29.4167     -98.5       southcentralus
...

Create Azure storage account: For your group, create a storage account, replacing southcentralus with your region and selecting a SKU Type:

$ az storage account create -l southcentralus -n myatomicstorage \
    -g myazgroup --sku Standard_LRS

{
  "accessTier": null,
  "creationTime": "2018-01-23T16:14:51.478598+00:00",
...
  "id": "/subscriptions/xxxxxxxx-xxxx.../resourceGroups/myazgroup/providers/Microsoft.Storage/storageAccounts/myatomicstorage",
  "name": "myatomicstorage",
...
  "provisioningState": "Succeeded",
  "resourceGroup": "myazgroup",
...

Get the storage account connection string:

$ az storage account show-connection-string -n myatomicstorage -g myazgroup

{
  "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=myatomicstorage;AccountKey=xxxxxxxx/xxxxx+xxx/w=="
}

Export the connection string: Copy and paste your connection string into the AZURE_STORAGE_CONNECTION_STRING variable:

$ export AZURE_STORAGE_CONNECTION_STRING="DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=myatomicstorage;AccountKey=xxxxxxxx/xxxxx+xxx/w=="

Create the storage container:

$ az storage container create -n myatomiccontainer

{
  "created": true
}

Create virtual network and subnetwork:

$ az network vnet create -g myazgroup -n myazatomicnet01 \
   --subnet-name myazatomicsubnet01

{
  "newVNet": {
    "addressSpace": {
      "addressPrefixes": [
        "10.0.0.0/16"
...
    "id": "/subscriptions/xxxxxxxx-xxxx.../resourceGroups/myazgroup/providers/Microsoft.Network/virtualNetworks/myazatomicnet01",
...

Upload the Atomic VHD image:

$ az storage blob upload --account-name myatomicstorage \
    --container-name myatomiccontainer --type page     \
    --file rhel-atomic-cloud-7.4.vhd --name myatomiccloud-74.vhd

Finished[#####################]  100.0000%
{
  "etag": "\"0x8D123456789ABCD\"",
  "lastModified": "2018-01-25T16:30:41+00:00"
}

Get the URL for the uploaded VHD:

$ az storage blob url -c myatomiccontainer -n myatomiccloud-74.vhd

"https://myatomicstorage.blob.core.windows.net/myatomiccontainer/myatomiccloud-74.vhd"

Create a new resource group for a gold Azure custom Atomic image (optional): This optional step keeps your gold image separate from any non-permanent resources you create. Your new resource group must be created in the same region where you uploaded your vhd file.

$ az group create --name myatomicgold --location southcentralus

{
  "id": "/subscriptions/xxxxxxxx-xxxx-.../resourceGroups/myatomicgold",
  "location": "southcentralus",
  "managedBy": null,
  "name": "myatomicgold",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null
}

Create the gold Atomic custom image for Azure:

$ az image create -n myrhelatomcloud74 -g myatomicgold -l southcentralus \
  --source \
  "https://myatomicstorage.blob.core.windows.net/myatomiccontainer/myatomiccloud-74.vhd" \
  --os-type linux

{
  "additionalProperties": {},
  "id": "/subscriptions/xxxxxxxx-xxxx-.../resourceGroups/myatomicgold/providers/.../images/myrhelatomcloud74",
...
      "additionalProperties": {},
      "blobUri": "https://myatomicstorage.blob.core.windows.net/myatomiccontainer/myatomiccloud-74.vhd",
...
}

Create a virtual machine: This example creates a running virtual machine named myatomic74vm-1. (NOTE: You could further configure this command line by creating a cloud-init script and adding it to the command line. For example: --custom-data RHELCloudInit.yml. See Cloud-Init Support for details.)

$ az vm create -g myatomicgold -l southcentralus -n myatomic74vm-1 \
    --size Standard_A2 --os-disk-name vm-1-osdisk    \
    --admin-username clouduser --generate-ssh-keys --image myrhelatomcloud74

{
  "fqdns": "",
  "id": "/subscriptions/xxxxxxxx-xxxx-.../resourceGroups/myatomicgold/providers/Microsoft.Compute/virtualMachines/myatomic74vm-1",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.5",
  "publicIpAddress": "49.82.154.297",
  "resourceGroup": "myatomicgold",
  "zones": ""
}

Log into the virtual machine: Note the publicIpAddress (49.82.154.297 in this fake address) and use it to log into the virtual machine:

$ ssh clouduser@49.82.154.297
The authenticity of host '49.82.154.297 (49.82.154.297)' can't be established.
ECDSA key fingerprint is bd:fe:12:1b:3c:d3:e2:4c:9f:b5:4a:87:10:48:5d:92.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '49.82.154.297' (ECDSA) to the list of known hosts.
[clouduser@myatomic74vm-1 ~]$

Subscribe the system: Use your Red Hat subscription account to subscribe the system and update to the latest version of Atomic:

$ sudo subscription-manager register
Registering to: subscription.rhsm.redhat.com:443/subscription
Username: yourusername
Password: ********
The system has been registered with ID: e4da51cb-4b89-3c94-30b5-946e5c222e91

$ sudo subscription-manager subscribe --auto
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Atomic Host
Status:       Subscribed
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

$ atomic host upgrade

$ sudo reboot

Add the Azure agent (optional): If you need more advanced Azure functions and accuracy in the Azure Web portal, consider adding the Azure agent to the Atomic host. To do that, enable needed repositories, add the WALinuxAgent package, reboot, disable provisioning, and set up the Azure agent to start, as shown here:

$ ssh clouduser@41.89.184.287
[clouduser@myatomic74vm-1 ~]$

$ sudo subscription-manager repos --disable=*
$ sudo subscription-manager repos --enable rhel-7-server-rpms \
   --enable rhel-7-server-extras-rpms
$ sudo rpm-ostree install WALinuxAgent
$ sudo systemctl reboot
$ sudo vi /etc/waagent.conf
   # Enable instance creation
   Provisioning.Enabled=n
   # Create and use swapfile on resource disk.
   ResourceDisk.EnableSwap=y
   # Size of the swapfile.
   ResourceDisk.SwapSizeMB=2048    <-- or choose different size

$ sudo systemctl enable waagent
$ sudo systemctl start waagent

The Atomic virtual machine should now be running and accessible from your Azure dashboard.

2.3.7. Google Compute Engine Installation

Google Compute Engine (GCE) is a service that provides virtual machines that run on Google infrastructure. This document shows how to run Red Hat Enterprise Linux Atomic Host on GCE.

Red Hat Enterprise Linux Atomic Host has been designed to take advantage of the heritage of powerful technology available in Red Hat Enterprise Linux 7, in a variation of Red Hat Enterprise Linux 7 optimized for Linux containers that run using the Docker engine. Google Compute Engine (GCE) is a service that provides virtual machines (VMs) that run on Google infrastructure. These VMs can be used for running Red Hat Enterprise Linux Atomic Host. This sections explains how to start a virtual machine instance of Red Hat Enterprise Linux Atomic Host on GCE.

If you an interested in more details, refer to The official documentation for Google Compute Engine.

2.3.7.1. Enabling Google Compute Engine

Creating a Project and Setting Up Billing

Perform the following steps to create a project and set up billing for Google Compute Engine:

Log into your Google account, go to the Google Developers Console at https://console.developers.google.com/project. The Developers Console provides a list of projects that are available to you.
Select the project you wish to enable. If you want to create a new project, click on the red Create Project button. You are prompted to select the project name and ID. If your project belongs to a specific domain, your project ID would be in the form \<domain\>:\<your-chosen-project-id\>. Then, you are directed to the project dashboard.
To activate Google Compute Engine, set up billing by clicking on the Billing & Settings menu item on the right bar. Then click on Enable Billing. Fill in the form that appears afterwards. Google Compute Engine will prompt you to set up billing before you can use the service. It is not possible to use Google Compute Engine without activating billing. Note that after activating, your account may take about five minutes to be ready.

Downloading and Setting Up GCE tools

To manage your Google Compute Engine resources, first download and install the gcloud command-line tool:

Execute the following command to install the Google Cloud SDK:
```
$ curl https://sdk.cloud.google.com | bash
```
During the installation, you will be prompted several times to provide necessary information. First, you are asked to specify a destination directory for Google Cloud SDK:
```
Directory to extract under (this will create a directory google-cloud-sdk) (/home/user):
```
Then you are asked whether you wish to allow usage reporting to Google so that they can use this data to improve the tool.
The Google Cloud SDK is then installed. Afterwards, several prompts for configuring your profile follow. You can specify an rc file, change the $PATH variable, and enable bash completion. Adding these programs to your $PATH variable is good because it allows you to run them without having to provide their full path. Enabling bash completion is also helpful because the command consists of multiple arguments that are easier to type with completion.
Restart your terminal to allow changes to your PATH to take affect. For example, you can use:
```
$ source ~/.bash-profile-file
```
Replace bash-profile-file with a path to your bash profile file. This is typically the ~/.bashrc file.

Authenticating to GCE

Authenticate to the Google Cloud platform by running:

$ gcloud auth login

The above command launches a web browser with a sign-up dialog for your Google account. Sign in to proceed. During the sign-in process you will need to allow Google Compute Engine to access some information about your Google Account. It is possible to authenticate without launching the browser by using the --no-launch-browser option, see https://cloud.google.com/compute/docs/gcloud-compute/#auth for details.

Setting Up Project Defaults

Using the command template, gcloud config set default default_value it is possible to set project defaults so that command options for commonly used flags do not have to be passed to every command. To list the current defaults execute the gcloud config list command. The template, gcloud config unset default will remove a project default. Execute the following command to set the default project:

$ gcloud config set project project_id

Where project_id stands for the id of the project you created in Creating a Project and Setting Up Billing.

Execute the following command to set the default zone:

$ gcloud config set compute/zone zone

Where zone determines a geographical location where your instance should live. See https://developers.google.com/compute/docs/zones#available for a list of available zones.

2.3.7.2. Starting a Red Hat Enterprise Linux Atomic Host Instance

Before the Red Hat Enterprise Linux Atomic Host image can be used in GCE, it needs to be transformed from a qcow2 file into a RAW image. This is done by downloading the qcow2 file and then transforming it into a tar file. This file is uploaded to GCE and then an instance is created.

Creating a Red Hat Enterprise Linux Atomic Host RAW File

Perform the following steps to create a RAW file that can be uploaded to GCE.

Download the Red Hat Enterprise Linux Atomic Host qcow2 file from Download Red Hat Enterprise Linux.
The qcow2 image has been compressed with xz. To decompress the image, enter the following command:

$ xz -d rhel-atomic-cloud-7.1-0.x86_64.qcow2.xz

The qcow2 image must be converted into a RAW disk file in order to used in GCE. This is done with qemu.

$ qemu-img convert -S 4096 -f qcow2 -O raw rhel-atomic-cloud-7.1-0.x86_64.qcow2 disk.raw

The raw disk file needs to be packaged with tar prior to being uploaded to GCE. The raw file has to be named disk.raw.

$ tar -Szcf rhel-atomic-cloud-7.1-0.x86_64.tar.gz disk.raw

The uploaded raw disk file will be stored in a Google Cloud Storage bucket. If you do not already have a bucket created, you can create one using gsutil.

$ gsutil mb gs://bucketname

Upload the raw disk file using gsutil.

$ gsutil cp rhel-atomic-cloud-7.1-0.x86_64.tar.gz gs://bucketname

Before you can use the raw disk file, it has to be created as a GCE image.

$ gcloud compute images create GCE_IMAGE_NAME --source-uri gs://bucketname/rhel-atomic-cloud-7.1-0.x86_64.tar.gz

You can verify the image is uploaded and available by looking for it in the output of gcloud compute images list.

Creating a Red Hat Enterprise Linux Atomic Host Instance

Execute the following command to create an Atomic Host Instance:

$ gcloud compute instances create my-atomic-instance --machine-type n1-standard-1 --image GCE_IMAGE_NAME --metadata-from-file startup-script=<your-statup-script>

where:

my-atomic-instance is a name of an instance for this example. Instance names can contain only lowercase letters, digits, and dashes (except the last character, which cannot be a dash).

--machine-type sets your desired machine types. A machine type determines the memory, number of virtual cores, and persistent disk limits that your instance will have. Refer to https://developers.google.com/compute/docs/machine-types for details.

--image sets the image to be used. An image contains the operating system and root file system that is necessary for starting an instance. GCE automatically creates a root persistent disk to store the root file system. The GCE_IMAGE_NAME is the image you created in the previous step.

--metadata-from-file specifies the metadata to be made available in the instance environment through the local metadata server. Use this flag to specify a script to be executed automatically when the Red Hat Enterprise Linux Atomic Host instance launches for the first time. See “Executing a Custom Script on Instance Creation” section for more information. Note that the user-data key is required and cannot be replaced with a custom key, since the startup scripts for Red Hat Enterprise Linux Atomic Host instance are processed by the cloud-init utility and not by the GCE agent.

Note

This command blocks until the instance is running. When the instances is first created, it must boot and then self-configure. This takes a few moments and may delay your ability to log in to the instance.

Executing a Custom Script on Instance Creation

As mentioned above, you can use the --metadata-from-file option when creating the instance to a specify custom script to be executed in that instance on its first start. You can run any system commands necessary from this script, as these commands are executed with root permissions. For example:

--metadata-from-file startup-script=<your-startup-script>

Invokes the startup.sh script with the following content:

#! /bin/sh
touch newfile

This line creates a new file called newfile.

Note

The startup script for Red Hat Enterprise Linux Atomic Host instance is not processed by the GCE agent, but by the cloud-init utility. Therefore, you cannot use custom keys with --metadata-from-file. Always use the user-data key when configuring custom script for Red Hat Enterprise Linux Atomic Host instance.

As an alternative to locally-stored startup script, you can upload your script to Google Cloud Storage and then access it with the --metadata option. This is required if your script exceeds the metadata value length limit of 32,768 bytes. See http://developers.google.com/compute/docs/howtos/startupscript#googlecloudstorage for more details.

2.3.7.3. Logging into a Red Hat Enterprise Linux Atomic Host Instance

The gcloud tool has a built-in ssh command that enables you to log into an instance using the instance name.

To log into your instance, execute the following command:

$ gcloud compute ssh cloud-user@my-atomic-instance

Here, cloud-user is the default user name. If you have not yet created an SSH key, you will be prompted to create one. Further information is available in Password Protecting Your SSH Keys.

Note

For security reasons, the standard Google images do not provide the ability to connect using SSH directly as root. The instance creator and any users that were added using the --authorized_ssh_keys flag or the metadata sshKeys value are automatically administrators to the account, with the ability to run sudo without requiring a password. Although it is not recommended, advanced users can modify /etc/ssh/sshd_config and restart sshd to change this policy.

Warning

GNOME users can occasionally see the message

Agent admitted failure to sign using the key

+ when trying to connect to the GCE instance trough SSH. This is caused by the GNOME keyring management that tries to use a wrong SSH key. It is specific to the rhel-atomic-host-20141111 image for the GCE environment.

+ To work around this problem, enter the following command before executing gcutil:

$ ssh-add ~/.ssh/google_compute_engine

Once you have logged in, you can work as you would on other Red Hat Enterprise Linux machines. You have root permissions on your instance and full control over everything. To become root, execute:

cloud-user@my-atomic-instance$ sudo -i

If you need to log out of your instance, you can execute the following command:

cloud-user@my-atomic-instance$ exit

Once you have installed Red Hat Enterprise Linux Atomic Host, it is ready to run Linux containers.

Password Protecting Your SSH Keys

The first time you log into an instance with SSH, gcloud creates an ssh public/private key pair on your local machine, and copies the public key to your project. These keys are needed to log into your instance using ssh. When creating these keys for the first time, gcutil will ask you to enter and confirm a passphrase:

WARNING: You don't have an ssh key for Google Compute Engine. Creating one now...
Enter passphrase (empty for no passphrase):

Although you can leave the passphrase empty, we highly recommend entering a passphrase to protect your SSH keys. You will rarely be asked to enter your passphrase, and if you do not password protect these keys, a malicious user could use them to access your instances as you.

2.3.7.4. Monitoring a Red Hat Enterprise Linux Atomic Host Instance

The Google Cloud SDK provides several ways to monitor parameters of your instances. To view general information about the current gcloud environment, run:

$ gcloud info

Execute the describe command to find detailed information about a specific instance:

$ gcloud compute instances describe my-atomic-instance
canIpForward: false
creationTimestamp: '2014-11-11T02:15:58.372-08:00'
disks:
- autoDelete: true
  boot: true
  deviceName: persistent-disk-0
  index: 0
  interface: SCSI
  kind: compute#attachedDisk
  mode: READ_WRITE
  source: https://www.googleapis.com/compute/v1/projects/eighth-saga-761/zones/europe-west1-b/disks/my-atomic-instance2
  type: PERSISTENT
id: '6632858316955862880'
kind: compute#instance
machineType: https://www.googleapis.com/compute/v1/projects/eighth-saga-761/zones/europe-west1-b/machineTypes/n1-standard-1
metadata:
  fingerprint: owFsCDPRlkY=
  kind: compute#metadata
name: my-atomic-instance2
networkInterfaces:
- accessConfigs:
  - kind: compute#accessConfig
	name: external-nat
	natIP: 23.251.142.75
	type: ONE_TO_ONE_NAT
  name: nic0
  network: https://www.googleapis.com/compute/v1/projects/eighth-saga-761/global/networks/default
  networkIP: 10.240.184.150
scheduling:
  automaticRestart: true
  onHostMaintenance: MIGRATE
selfLink: https://www.googleapis.com/compute/v1/projects/eighth-saga-761/zones/europe-west1-b/instances/my-atomic-instance2
serviceAccounts:
- email: 464767924601-compute@developer.gserviceaccount.com
  scopes:
  - https://www.googleapis.com/auth/devstorage.read_only
status: RUNNING
tags:
  fingerprint: 42WmSpB8rSM=
zone: https://www.googleapis.com/compute/v1/projects/eighth-saga-761/zones/europe-west1-b

To get data from the serial port of your Red Hat Enterprise Linux Atomic Host instance, run:

$ gcloud compute instances get-serial-port-output my-atomic-instance

This command returns the output of the GCE instance’s serial port. With this command, you get information about the instance without logging into it, which is useful for diagnostic purposes.

Finding the External IP Address of an Instance

By default, your instance is assigned a new ephemeral external IP address. You can to find this address along with other information in the output of gcutil getinstance shown above. Alternatively, you can enter the following command to get addresses of all your instances:

$ gcloud compute instances list
NAME                ZONE           MACHINE_TYPE  INTERNAL_IP    EXTERNAL_IP   STATUS
my-atomic-instance  us-central1-a  n1-standard-1 10.240.184.150 23.251.142.75 RUNNING

2.3.7.5. Creating a Firewall Rule

By default, Google Compute Engine blocks all connections to and from an instance to the Internet. To open ports for services like httpd, you must manually create a firewall rule. Every project comes with three default firewalls:

A firewall that allows SSH access to any instance.
A firewall that allows all communication between instances in the same network.
A firewall that allows ICMP traffic from any source to any instance on the network.

For example, to permit HTTP requests to your instance, create a new firewall using the following gcutil command:

$ gcloud compute firewall-rules create http-allow --allow tcp:80

By executing the above command, you have:

Created a new firewall named http-allow that allows port 80 tcp traffic.
Assigned the firewall to the default network in the project.
Allowed all sources inside and outside the network (including over the Internet) to make requests to the server. We did not specify a permitted source for the firewall, so all sources are allowed to make requests to instances assigned to the default network.
Applied this firewall rule to all instances on the network. Because we did not specify a target for your firewall, the firewall applies this rule to all instances in the network.

To review information about your firewall, run:

$ gcloud compute firewall-rules list
NAME                   NETWORK SRC_RANGES    RULES                        SRC_TAGS TARGET_TAGS
default-allow-icmp     default 0.0.0.0/0     icmp
default-allow-internal default 10.240.0.0/16 tcp:1-65535,udp:1-65535,icmp
default-allow-rdp      default 0.0.0.0/0     tcp:3389
default-allow-ssh      default 0.0.0.0/0     tcp:22
http-allow             default 0.0.0.0/0     tcp:80

It is possible to restrict the sources and targets to specific callers and instances using appropriate addfirewall flags. To see a complete list of supported flags, run the command gcutil help addfirewall, or see https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/.

Firewalls only regulate incoming traffic to an instance; they cannot block outgoing packets. Once a connection has been established with an instance, traffic is permitted in both directions over that connection. To prevent an instance from sending outgoing packets, use another technology such as iptables.

Note

By default, GCE drops TCP connections to instances after 10 minutes of inactivity. To prevent this, configure TCP keep-alives as described in https://developers.google.com/compute/docs/troubleshooting#communicatewithinternet

2.3.7.6. Removing a Red Hat Enterprise Linux Atomic Host Instance

Execute the following command to remove my-atomic-instance:

$ gcloud compute instances delete my-atomic-instance

You are prompted to confirm your decision before the instance is deleted. Deleting the instance may take several seconds time. As a part of the deletion confirmation dialog, gcloud informs you that disks will be deleted unless also used by another instance.

2.3.8. Amazon Web Services Installation

Amazon Web Services (AWS) is a service that provides virtual machines that run on Amazon infrastructure. This section shows how to run Red Hat Enterprise Linux Atomic Host on AWS.

For more details about AWS, refer to Amazon Elastic Compute Cloud Documentation.

Launching a Red Hat Enterprise Linux Atomic Host Instance on Amazon Web Services

The following procedure will guide you through creating a new instance of Red Hat Enterprise Linux Atomic Host on Amazon Web Services. The procedure assumes that you already have a user account on AWS. This procedure assumes some familiarity with AWS.

Note

In order for this procedure to work, you must first have moved your subscriptions to Amazon through the Cloud Access Program. To move your subscriptions to Amazon through the Cloud Access Program complete this form: https://engage.redhat.com/forms/cloud-access-registration. The Cloud Access Program is described in greater detail at http://www.redhat.com/en/technologies/cloud-computing/cloud-access.

Log in to and open the Amazon EC2 console.
In the navigation bar at the top of the screen, the current region is displayed. Select the region in which you wish to launch your instance of Red Hat Enterprise Linux Atomic Host. This choice is important because some Amazon EC2 resources can be shared between regions, while others cannot.
From the console dashboard, click Launch Instance.
Select My AMIs and select the Shared with Me check box. It is now possible to search for the AMI.
Choose Community AMIs and search for the Red Hat Enterprise Atomic Host AMI instance for your particular region.
Warning
Make sure that the ID of AMI you choose is listed in the Atomic Host Release Notes. You can also get IDs of AMIs supplied by Red Hat by running this command in the AWS Command Line Interface:
```
aws ec2 describe-images --owners 309956199498
```
The command shows information about AMIs published by account 309956199498, which is Red Hat’s AWS account for publishing AMIs.
For details on searching for AMIs provided by Red Hat, see this Knowledgebase Article.
Click the Select button next to the AMI.
On the Choose an Instance Type page, select your Instance Type. The Instance Type should meet the minimum requirements for Red Hat Enterprise Linux Atomic Host. See Disk Space and Memory Requirements for more information.
Click Review and Launch.
Note
In some Amazon EC2 regions, for example, US East (N. Virginia), Instance Types that use EBS storage require the creation of a VPC before they can be launched. In those cases, Review and Launch is not clickable. Click Next: Configure Instance Details instead and proceed to the Instance Details screen. Review the defaults and modify them if necessary for your environment, and click Review and Launch when ready to proceed.
On the Review Instance Launch page, assign a security group by clicking Edit security groups. You should select an existing security group or create one that opens the ports you will need for your instance. It is encouraged to leave port 22 open so that SSH will work. AWS accounts can be set up in a manner that restricts the ability of users of that account to create or add security groups. If this occurs, contact the administrator of the AWS account.
When you are satisfied with the settings, click Review and Launch to go to the Review Instance Launch page. Once you are satisfied with all settings, click Launch to start your instance.
In the Select an existing key pair or create a new key pair modal dialog, select an existing key pair or create a new one. A key pair is critical as all access to your launched instance is through private SSH key. The key pair is either one that you have already uploaded or one that you will create at this moment. AWS accounts can be set up in a manner that restricts the ability of users of that account to create or add key pairs. If this occurs, contact the administrator of the AWS account.
Click the View Instances button to track the progress of your instances launch.

Logging into a Red Hat Enterprise Linux Atomic Host Instance

Once your instance is listed as running, you may connect to it by following the steps below.

From your command prompt, connect to the instance using SSH.
```
$ ssh cloud-user@instancedns.compute.amazonaws.com
```
Note
You may need to include the -i /path/key_pair.pem option to specify the proper private key file.
In the Description tab at the bottom, locate the Public DNS information.
On the Instances page, select your instance.
At this point you are logged into your instance and may continue working with Red Hat Enterprise Linux Atomic Host and run Linux containers.

Verifying authenticity of an Atomic Host instance on AWS

You can verify that an Atomic Host instance is the authentic software provided by Red Hat. To do this, run this command on the Atomic Host instance:

ostree show rhel-atomic-host/7/x86_64/standard

If the last line of output is this:

Good signature from "Red Hat, Inc. <security@redhat.com>"

Then your Atomic Host instance has passed the verification.

2.4. PXE Installation

Configuring a PXE server to boot Red Hat Enterprise Linux Atomic Host from it does not differ from the standard procedure for Red Hat Enterprise Linux. You can use the detailed instructions in the, Preparing for a Network Installation chapter from the Red Hat Enterprise Linux Installation Guide.

Here is an example entry for Atomic for the /var/lib/tftpboot/pxelinux/pxelinux.cfg/default file:

label Atomic-7.3
  menu label ^1. RHEL Atomic Host 7.3 kickstart
  kernel atomic7.3/vmlinuz
  append initrd=atomic7.3/initrd.img inst.stage2=http://192.168.122.1/distros/atomic xdriver=vesa nomodeset quiet ks=http://192.168.122.1/ks/atomic.ks

Make sure the kernel, inird image, installation program runtime image (inst.stage2), and the Kickstart file are present in the locations that are specified.

Select Your Language

Red Hat Training

Chapter 2. Types of Installation

2.1. Developer Mode

2.2. Physical Machine Installations

2.2.1. Manual Partitioning

2.2.2. Anaconda Installation

2.2.3. Kickstart Installation

2.3. Virtual Machine Installations

2.3.1. Linux Hypervisor Installation with qcow2 Media

2.3.1.1. Preparing for Installation

2.3.1.2. Starting Red Hat Enterprise Linux Atomic Host for the First Time

2.3.2. Red Hat Enterprise Virtualization Environment Installation

2.3.2.1. Installing Red Hat Enterprise Linux Atomic Host from an .ova File

2.3.2.2. Installing Red Hat Enterprise Linux Atomic Host from an ISO Image

2.3.3. Red Hat Enterprise Linux OpenStack Platform Installation

2.3.4. VMWare Installation

2.3.4.1. Setting up a Red Hat Enterprise Linux Atomic Host Virtual Machine in VMware*

2.3.5. Microsoft Hyper-V Installation

2.3.6. Microsoft Azure Installation

2.3.7. Google Compute Engine Installation

2.3.7.1. Enabling Google Compute Engine

2.3.7.2. Starting a Red Hat Enterprise Linux Atomic Host Instance

2.3.7.3. Logging into a Red Hat Enterprise Linux Atomic Host Instance

2.3.7.4. Monitoring a Red Hat Enterprise Linux Atomic Host Instance

2.3.7.5. Creating a Firewall Rule

2.3.7.6. Removing a Red Hat Enterprise Linux Atomic Host Instance

2.3.8. Amazon Web Services Installation

2.4. PXE Installation

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Language and Page Formatting Options

Red Hat Training

Chapter 2. Types of Installation

2.1. Developer Mode

2.2. Physical Machine Installations

2.2.1. Manual Partitioning

2.2.2. Anaconda Installation

2.2.3. Kickstart Installation

2.3. Virtual Machine Installations

2.3.1. Linux Hypervisor Installation with qcow2 Media

2.3.1.1. Preparing for Installation

2.3.1.2. Starting Red Hat Enterprise Linux Atomic Host for the First Time

2.3.2. Red Hat Enterprise Virtualization Environment Installation

2.3.2.1. Installing Red Hat Enterprise Linux Atomic Host from an .ova File

2.3.2.2. Installing Red Hat Enterprise Linux Atomic Host from an ISO Image

2.3.3. Red Hat Enterprise Linux OpenStack Platform Installation

2.3.4. VMWare Installation

2.3.4.1. Setting up a Red Hat Enterprise Linux Atomic Host Virtual Machine in VMware*

2.3.5. Microsoft Hyper-V Installation

2.3.6. Microsoft Azure Installation

2.3.7. Google Compute Engine Installation

2.3.7.1. Enabling Google Compute Engine

2.3.7.2. Starting a Red Hat Enterprise Linux Atomic Host Instance

2.3.7.3. Logging into a Red Hat Enterprise Linux Atomic Host Instance

2.3.7.4. Monitoring a Red Hat Enterprise Linux Atomic Host Instance

2.3.7.5. Creating a Firewall Rule

2.3.7.6. Removing a Red Hat Enterprise Linux Atomic Host Instance

2.3.8. Amazon Web Services Installation

2.4. PXE Installation

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links