Get started with RHEL for Edge

Red Hat Enterprise Linux (RHEL) 8.3 introduces a new deployment option that is well-suited to solve many of the challenges common for edge deployments. In this post, we will walk through the use of Image Builder to create a (custom) RHEL for Edge OSTree commits and how to install those to a disk or a virtual machine image. 

Installing Image Builder

Install or launch an instance of RHEL 8.3

To start, spin up a RHEL 8.3 system on your preferred infrastructure. Image Builder is available via the Application Stream repo and can run on a system with as little as 2 CPUs and 4GB of memory. 

Register the system

Once the system is running it must be registered to install packages:

subscription-manager register --username <redhat_login_username> --password <redhat_login_password> --auto-attach 

Install Image Builder

Image Builder consists of different components: osbuild-composer is the service that sits between the low level osbuild tool and various front ends, such as cockpit-composer (web) and composer-cli (command line). It provides an API that is used by the front-ends, does build queue management, and internally calls out to one or more worker services which, in turn, then use osbuild to assemble the operating system artifacts such as virtual machine images or  RHEL for Edge OSTree commits.

All necessary components are now included in RHEL, and can be installed via:

yum install -y osbuild-composer cockpit-composer

Enable the web console

The Image Builder front end is a plugin to the web console (cockpit), which needs to be enabled.

systemctl enable --now cockpit.socket

Build a RHEL for Edge commit

Navigate to the web console via a browser on the host. URL: http://[hostname]:9090 There, Image Builder is found under Apps in the left menu. Images, or in our case, commits, are generated from Blueprints, which are customizations that are applied to existing Image Types, e.g., "RHEL for Edge commit". Internally there is a queue that will distribute compose requests to workers, which in turn, are building the commits / images. 

The workflow is as follows:

1. Under the Image Builder heading, click Create a Blueprint.

2. Customize the image content. Edge images will produce a small footprint RHEL install, very similar to a base operating system install plus: RHEL container tools, some security tooling, and Greenboot. Additional packages can easily be added. This step is not required but is the recommended way to include additional software in the Image Builder created system images.

3. Create the Image. Select a type of RHEL for Edge Commit (.tar) to build the OSTree Commit you will deploy later.  For the initial creation, we’ll leave both Parent commit and Ref empty. However, for future updates, you would include the Parent commit of the previous image—we will discuss this in more detail in a forthcoming sequel to this article. Leaving Ref blank will create a directory under /directory/location/rhel/8/x86_64/edge to hold data about the commit; it operates similarly to git.

4. Wait for the build to finish.

5. Tarball with the commit is ready to download.

Build via the command line

The above steps can also be accomplished by using the composer-cli command-line tool.  Assuming your blueprint is stored in the blueprint.toml file, here are the quick steps for building a RHEL for the Edge commit using composer-cli.  

Add the blueprint:

$> composer-cli blueprints push blueprint.toml

Create the commit:

$> composer-cli compose start-ostree Edge rhel-edge-commit "" ""
Compose uuid added to the queue

Check the status:

$> composer-cli compose status

<uuid> RUNNING  Thu Jul 30 09:36:14 2020 Edge            0.0.1 rhel-edge-commit

Download the commit:

$> composer-cli compose image <uuid>
<uuid>-commit.tar: 633.73 MB

For more details on using the composer-cli tool, check out Composing a customized RHEL system image: Chapter 3, Creating System Images with Image Builder Command-line Interface.

Install the commit

Set up a webserver

In order to install the commit, it needs to be served via HTTP/HTTPS. Any web server can be used for this. Depending on the number of systems pulling updates in a production environment a CDN may be beneficial. Using this example Dockerfile:

FROM registry.access.redhat.com/ubi8/ubi

RUN yum -y install httpd && yum clean all

ADD edge2.ks edge.ks /var/www/html/

ARG commit=commit.tar

ADD $commit /var/www/html/

EXPOSE 80

CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

We can create a container that contains the OSTree commit as well as an http server to serve it. This example dockerfile will also serve two example kickstart files (edge.ks edge2.ks). Those can be downloaded and modified for your environment or feel free to create your own.

Use Podman to build and serve the content:

podman build -t edge-server --build-arg commit=<uuid>-commit.tar .
podman run --rm -p 8000:80 edge-server

Install to a disk via Anaconda

The Red Hat Enterprise Linux installer, anaconda, is available via the installation medium (ISO/PXE) and will be used to install the commit. If you don’t already have the ISO it can be downloaded here. To configure the installer to use the newly built commit, a "kickstart" configuration edge.ks, is used. It is set up for non-interactive, text-based installation. The important line within the kickstart is the ostreesetup directive which instructs the installer to fetch and deploy the commit. Additionally, a user: core (pw: edge) is created. edge2.ks is a more complete example that will add some relevant configuration options post installation.

For demonstration purposes we will create an empty qcow2 with a size of 5G, to act as the installation target:

qemu-img create -f qcow2 disk.qcow2 5G

And launch a VM using qemu:

qemu-system-x86_64 \
    -m 2048 \
    -enable-kvm \
    -device virtio-net-pci,netdev=n0 \
    -netdev user,id=n0,net=10.0.2.0/24 \
    -drive file=disk.qcow2 \
    -cdrom rhel-8.3-x86_64-boot.iso

To use the prepared kickstart file, instead of the default one of the boot.iso, an additional kernel parameter is needed (hit TAB on the Install Red Hat Enterprise Linux 8.3 entry):

inst.ks=http://[hostname]:8000/edge.ks

That’s it! 

Final Thoughts

This post walks through the basics of getting started with Image Builder to implement an image-based approach to systems running in edge environments. Red Hat built the image defaults to work for what we suspect most users running containers on a small footprint OS will need. 

Once users get comfortable using Image Builder, generating these images can be as straightforward as “4 clicks." The next entry in this series will walk through generating updates for nodes, which is one of the highlights of the technology. We’ll take a deeper look at updating systems running RHEL for edge images and see how this benefits deployments where connectivity and human interaction are not readily available. 

Additional Resources:

Red Hat Enterprise Linux 8 Image Builder: Building custom system images

Red Hat Enterprise Linux 8.3 is ready for the edge

Interested in trying this out yourself?  Try our RHEL for the edge demo!