Red Hat Enterprise Linux (RHEL) 8.3 introduces a new deployment option that is well-suited to solve many of the challenges common for edge deployments. In this post, we will walk through the use of Image Builder to create a (custom) RHEL for Edge OSTree commits and how to install those to a disk or a virtual machine image.
Installing Image Builder
Install or launch an instance of RHEL 8.3
To start, spin up a RHEL 8.3 system on your preferred infrastructure. Image Builder is available via the Application Stream repo and can run on a system with as little as 2 CPUs and 4GB of memory.
Register the system
Once the system is running it must be registered to install packages:
subscription-manager register --username <redhat_login_username> --password <redhat_login_password> --auto-attach
Install Image Builder
Image Builder consists of different components:
osbuild-composer is the service that sits between the low level osbuild tool and various front ends, such as
cockpit-composer (web) and
composer-cli (command line). It provides an API that is used by the front-ends, does build queue management, and internally calls out to one or more worker services which, in turn, then use
osbuild to assemble the operating system artifacts such as virtual machine images or RHEL for Edge OSTree commits.
All necessary components are now included in RHEL, and can be installed via:
yum install -y osbuild-composer cockpit-composer
Enable the web console
The Image Builder front end is a plugin to the web console (cockpit), which needs to be enabled.
systemctl enable --now cockpit.socket
Build a RHEL for Edge commit
Navigate to the web console via a browser on the host. URL: http://[hostname]:9090 There, Image Builder is found under Apps in the left menu. Images, or in our case, commits, are generated from Blueprints, which are customizations that are applied to existing Image Types, e.g., "RHEL for Edge commit". Internally there is a queue that will distribute compose requests to workers, which in turn, are building the commits / images.
The workflow is as follows:
1. Under the Image Builder heading, click Create a Blueprint.
2. Customize the image content. Edge images will produce a small footprint RHEL install, very similar to a base operating system install plus: RHEL container tools, some security tooling, and Greenboot. Additional packages can easily be added. This step is not required but is the recommended way to include additional software in the Image Builder created system images.
3. Create the Image. Select a type of RHEL for Edge Commit (.tar) to build the OSTree Commit you will deploy later. For the initial creation, we’ll leave both
Parent commit and
Ref empty. However, for future updates, you would include the Parent commit of the previous image—we will discuss this in more detail in a forthcoming sequel to this article. Leaving
Ref blank will create a directory under /directory/location/rhel/8/x86_64/edge to hold data about the commit; it operates similarly to git.
4. Wait for the build to finish.
5. Tarball with the commit is ready to download.
Build via the command line
The above steps can also be accomplished by using the composer
-cli command-line tool. Assuming your blueprint is stored in the blueprint.toml file, here are the quick steps for building a RHEL for the Edge commit using composer
Add the blueprint:
$> composer-cli blueprints push blueprint.toml
Create the commit:
$> composer-cli compose start-ostree Edge rhel-edge-commit "" "" Compose
uuidadded to the queue
Check the status:
$> composer-cli compose status <uuid> RUNNING Thu Jul 30 09:36:14 2020 Edge 0.0.1 rhel-edge-commit
Download the commit:
$> composer-cli compose image <uuid> <uuid>-commit.tar: 633.73 MB
For more details on using the composer-cli tool, check out Composing a customized RHEL system image: Chapter 3, Creating System Images with Image Builder Command-line Interface.
Install the commit
Set up a webserver
In order to install the commit, it needs to be served via HTTP/HTTPS. Any web server can be used for this. Depending on the number of systems pulling updates in a production environment a CDN may be beneficial. Using this example Dockerfile:
FROM registry.access.redhat.com/ubi8/ubi RUN yum -y install httpd && yum clean all ADD edge2.ks edge.ks /var/www/html/ ARG commit=commit.tar ADD $commit /var/www/html/ EXPOSE 80 CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
We can create a container that contains the OSTree commit as well as an http server to serve it. This example dockerfile will also serve two example kickstart files (edge.ks edge2.ks). Those can be downloaded and modified for your environment or feel free to create your own.
Use Podman to build and serve the content:
podman build -t edge-server --build-arg commit=<uuid>-commit.tar . podman run --rm -p 8000:80 edge-server
Install to a disk via Anaconda
The Red Hat Enterprise Linux installer, anaconda, is available via the installation medium (ISO/PXE) and will be used to install the commit. If you don’t already have the ISO it can be downloaded here. To configure the installer to use the newly built commit, a "kickstart" configuration edge.ks, is used. It is set up for non-interactive, text-based installation. The important line within the kickstart is the ostreesetup directive which instructs the installer to fetch and deploy the commit. Additionally, a user:
core (pw: edge) is created. edge2.ks is a more complete example that will add some relevant configuration options post installation.
For demonstration purposes we will create an empty qcow2 with a size of 5G, to act as the installation target:
qemu-img create -f qcow2 disk.qcow2 5G
And launch a VM using qemu:
qemu-system-x86_64 \ -m 2048 \ -enable-kvm \ -device virtio-net-pci,netdev=n0 \ -netdev user,id=n0,net=10.0.2.0/24 \ -drive file=disk.qcow2 \ -cdrom rhel-8.3-x86_64-boot.iso
To use the prepared kickstart file, instead of the default one of the boot.iso, an additional kernel parameter is needed (hit TAB on the Install Red Hat Enterprise Linux 8.3 entry):
This post walks through the basics of getting started with Image Builder to implement an image-based approach to systems running in edge environments. Red Hat built the image defaults to work for what we suspect most users running containers on a small footprint OS will need.
Once users get comfortable using Image Builder, generating these images can be as straightforward as "4 clicks." The next entry in this series will walk through generating updates for nodes, which is one of the highlights of the technology. We’ll take a deeper look at updating systems running RHEL for edge images and see how this benefits deployments where connectivity and human interaction are not readily available.
Interested in trying this out yourself? Try our RHEL for the edge demo!