How do I install the qcow2 image provided in the RHEL downloads?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux qcow2 image
  • Red Hat OpenStack Platform
  • Red Hat Enterprise Linux 6, 7 or 8 KVM Hypervisor

Issue

  • What is a qcow2 image and what is it used for?
  • How do Red Hat products support importing of qcow2 images?
  • I don't know what the root password is for the image provided, and I'd like to change it.

Resolution

What is qcow2?

From Wikipedia1


qcow is a file format for disk image files used by QEMU, a hosted virtual machine monitor.  It stands for "QEMU Copy On Write" and uses a disk storage optimization strategy that delays allocation of storage until it is actually needed.  Files in qcow format can contain a variety of disk images which are generally associated with specific guest operating systems.  Two versions of the format exist:  qcow, and qcow2, which use the .qcow and .qcow2 file extensions, respectively.

qcow2 is an updated version of the qcow format, intended to supersede it.  The main difference with the original is that qcow2 supports multiple virtual machine snapshots through a new, flexible model for storing snapshots.


How can I use the Red Hat Enterprise Linux qcow2 image?

The Red Hat Enterprise Linux qcow2 images (example:  RHEL 7 qcow2 image) are for use with Red Hat Enterprise Linux OpenStack Platform, or Red Hat Enterprise Linux 6, 7 or 8 KVM hypervisors.  The images are configured with cloud-init to take advantage of ec2-compatible metadata services for provisioning ssh keys in order to function properly.

Red Hat Enterprise Linux OpenStack Platform is the preferred cloud environment for utilizing qcow2 images.

Red Hat OpenStack Platform

How do I change/update the root password of the qcow2 image?

  • The root account in the image is locked.  The image's /etc/shadow file has "!!" in the root user's second field.
  • Sudo access is granted to a special user named cloud-user.

For an OpenStack instance, we recommend that one generates a ssh keypair from the OpenStack dashboard or command line and use that key combination to perform a ssh public authentication to the instance as root.

When the instance is launched, this public key will be injected to it.  One can then authenticate using the private key downloaded while creating the keypair.

Hard requirements on root passwords

If one still needs to set a root password, please execute:

# virt-customize -a <qcow2 image file name> --root-password password:<password>
[   0.0] Examining the guest ...
[  13.8] Setting a random seed
[  13.8] Setting passwords
[  14.5] Finishing off

Alternatively, one can use guestfish to edit the disk image's /etc/shadow file, directly.  Note in the below example, the file system containing /etc/shadow is /dev/vda1.  This may be different, depending on the image file being edited.

# guestfish --rw -a <qcow2 image file name>
><fs> run
><fs> list-filesystems
><fs> mount /dev/vda1 /
><fs> vi /etc/shadow
><fs> umount /
><fs> exit

To modify the image and insert different root passwords for different instances when they are launched, use cloudinit to apply a password to an instance when they are launched.  For more information, please refer to the upstream documentation:  OpenStack.org Administration Guide.

Red Hat Enterprise Linux KVM

For use in a KVM/QEMU hypervisor on a Red Hat Enterprise Linux machine, one must set a root password and disable the cloud-init service.

# virt-customize -a <qcow2 image file name> --root-password password:<password> --uninstall cloud-init
[   0.0] Examining the guest ...
[  11.5] Setting a random seed
[  11.5] Uninstalling packages: cloud-init
[  13.9] Setting passwords
[  15.6] Finishing off

One then may import the qcow2 image using the virt-manager graphical user interface or the virt-install text command.

Virt-manager will have an "Import existing disk image" option in the first window when creating a new virtual machine.  If one does not see it, one may have to update to a newer version of virt-manager.  Also, virt-manager assumes the storage format is whatever was last used.  Thus, one should Customize configuration before install and edit the disk's advanced options to ensure the storage format is set to "qcow2".

An example virt-install command might be:

# virt-install \
  --name guest1-rhel7 \
  --memory 2048 \
  --vcpus 2 \
  --disk /path/to/imported/disk.qcow2 \
  --import \
  --os-variant rhel7

References

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

14 Comments

what's d password of cloud-user account?

well, noticed that the cloud-user account too is disabled.

Thanks redhat team for "rhel-guest-image-7.0-20140506.1.x86_64.qcow2"

  1. set root passwd in "RHEL6 KVM", follow the exact same steps describe in

Hard requirements on root passwords
If you need to set the root password, please use the following guidelines.
To permanently modify the image to set a root password, perform the following steps with guestfish:
# guestfish --rw -a <.qcow2 image path>

run
list-filesystems
mount /dev/vda1 / -> this /dev/vda1 may vary in your system
vi /etc/shadow

and just remove the !! from the second field of root from /etc/shadow file, and save the file.

  1. Create a new hyperV from virt-manager, and boot the guest, then from login prompt issue/type root and press ENTER and wait till next prompt (three times), as a result of fail login, then the login shell will allow you to set a new passwd for root, after set the new password check #chage -l root

  2. you can create more users like simple useradd

localhost login: root
password:
password:
password:
password:

How can I import this image on RHEV 3.2?

Hey Leonardo can you open a support case to help you on this issue at https://access.redhat.com/support/cases/new/ . Thanks

Would love to see instructions for virt-manager in RHEL7. Even if it can't be done, it would be good to mention that in this article.

Bruce, and others, I made a discussion with instructions for changing the password with guestfish at Red Hat at: https://access.redhat.com/discussions/664843. I made those instructions for a physical host with rhel 6, and the RHEL 7 qcow2 image using guestfish to change the password.

I'll update that bit in the next week or so, yet the instructions for the rhel 7 guest I made should still work.

No love for RHEV?

RHEV 3.4+ has cloud-init that can set the root password when launching the image.

Instead of using guestfish, I find it easier to use virt-customize which comes in the same RPM. Also, I occasionally use the image in an environment that doesn't provide cloud-init data. In those cases, I just remove cloud-init.

Example for RHEL7

$ virt-customize -a rhel-guest-image-7.2-20160302.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[   0.0] Examining the guest ...
[  12.1] Setting a random seed
[  12.1] Uninstalling packages: cloud-init
[  14.5] Setting passwords
[  15.9] Finishing off

It also works for RHEL6

$ virt-customize -a rhel-guest-image-6.8-20160425.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[   0.0] Examining the guest ...
[  14.5] Setting a random seed
[  14.5] Uninstalling packages: cloud-init
[  17.0] Setting passwords
[  18.1] Finishing off

We have used the qcow2 images for Rhel7 in Openstack ubuntu setup, I am able to ping the IP's assigned but not able to ssh to it. There are few more instances in the same project i'm able to access those. ~$ ssh -vvvv cloud-user@10.10.6.6 OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "10.10.6.6" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.10.6.6 [10.10.6.6] port 22. debug1: Connection established. debug1: identity file /home/maasadmin/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/maasadmin/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4 debug1: match: OpenSSH_6.4 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.10.6.6:22 as 'cloud-user' debug3: hostkeys_foreach: reading file "/home/maasadmin/.ssh/known_hosts" debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent

From where can I get RHEL 7.3 qcow2 image for deploying on RHOSP 10

Working well with RHEL 8 :)

For RHEL8, the following kbase article is also worth mentioning:

In RHEL7 kvm host, running virt-customize/virt-sysprep command against a RHEL8 KVM image fails. https://access.redhat.com/solutions/4073061