How do I install the qcow2 image provided in the RHEL 7 downloads?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7 qcow2 image
  • Red Hat OpenStack Platform
  • Red Hat Enterprise Linux 6 KVM Hypervisor

Issue

  • What is a qcow2 image and what is it used for?
  • How do Red Hat products support importing of qcow2 images?
  • I don't know what the root password is for the image provided, and I'd like to change it.

Resolution

What is qcow2?

From Wikipedia1


qcow is a file format for disk image files used by QEMU, a hosted virtual machine monitor. It stands for "QEMU Copy On Write" and uses a disk storage optimization strategy that delays allocation of storage until it is actually needed. Files in qcow format can contain a variety of disk images which are generally associated with specific guest operating systems. Two versions of the format exist: qcow, and qcow2, which use the .qcow and .qcow2 file extensions, respectively.

qcow2 is an updated version of the qcow format, intended to supersede it. The main difference with the original is that qcow2 supports multiple virtual machine snapshots through a new, flexible model for storing snapshots.


How can I use the Red Hat Enterprise Linux 7 qcow2 image?

The Red Hat Enterprise Linux 7 qcow2 images are available for use with Red Hat Enterprise Linux OpenStack Platform, or Red Hat Enterprise Linux 6 KVM hypervisor. The images are configured with cloud-init and therefore must take advantage of ec2-compatible metadata services for provisioning ssh keys in order to function properly.

Red Hat Enterprise Linux OpenStack Platform is the preferred cloud environment for utilizing qcow2 images.

Red Hat OpenStack Platform

How do I change/update the root password of the qcow2 image?

NOTE:

  • The root account in the image is disabled, but sudo access is granted to a special user named cloud-user.
  • There is no root password set for this image.
    • The root password is locked in /etc/shadow by placing !! in the second field.

For an OpenStack instance, we recommend that you generate an ssh keypair from the OpenStack dashboard or command line and use that key combination to perform an ssh public authentication to the instance as root.

When the instance is launched, this public key will be injected to it. You can then authenticate using the private key downloaded while creating the keypair.

Hard requirements on root passwords

If you need to set the root password, please use the following guidelines.
To permanently modify the image to set a root password, perform the following steps with guestfish:

# guestfish --rw -a <image-name>
><fs> run
><fs>list-filesystems
><fs> mount /dev/vda1 /
><fs> vi /etc/shadow

Replace the encrypted password. This will set the password for the image permanently. An encrypted password can be created using openssl.

openssl passwd -1 changeme

To modify the image and insert different root passwords for different instances when they are launched, use cloudinit to apply a password to an instance while they are launched. For more information, please refer to the upstream documentation: OpenStack.org Administration Guide.

Red Hat Enterprise Linux 6 KVM

The following steps should be performed to enable use of the RHEL 7 qcow2 image on a RHEL 6 KVM hypervisor by disabling the cloud-init service within the guest.

NOTE:
Your downloaded image may have a different name to the example below.

  1. Set a root password using the procedure above in "Hard requirements on root passwords"
  2. Disable the cloud-init service

    guestfish -a rhel-guest-image-7.0-20140506.1.x86_64-kvm.qcow2 -i ln-sf /dev/null /etc/systemd/system/cloud-init.service
    

You can then import this using the virt-manager UI or virt-install.

References

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.