RH403 - ch09s04

Bookmark this page

Guided Exercise: Build an Image for Provisioning

Configure an Image Builder host and use it to create a system image for provisioning.

Outcomes

Configure a host to run Red Hat Image Builder.
Create an archive image with the httpd package and use it to provision a content host.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start provision-builder

Instructions

Important

You provision the servere system in multiple exercises in this chapter. Before each exercise, the lab start script deletes the servere host resource record to simulate that you are provisioning a previously unused system.

[student@workstation ~]# ssh student@servera
[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#

Install and configure the Image Builder software.

Install the osbuild-composer, composer-cli, cockpit-composer, and bash-completion packages.

[root@servera ~]# dnf install osbuild-composer composer-cli \
cockpit-composer bash-completion
...output omitted...
Is this ok [y/d/N]: y
...output omitted...
Complete!

Enable and start the osbuild-composer service.

[root@servera ~]# systemctl enable --now osbuild-composer.socket
Created symlink /etc/systemd/system/sockets.target.wants/osbuild-composer.socket → /usr/lib/systemd/system/osbuild-composer.socket.

Configure the auto-completion function for the composer-cli service.
```
[root@servera ~]# source /etc/bash_completion.d/composer-cli
```

Review the rhel-90.json file in the /etc/osbuild-composer/repositories directory. Noticed that the Image Builder tool uses RHEL 9 RPM repositories from the local classroom CDN.

For your convenience, the lab start command creates the directory and the file with the correct values.

{
    "x86_64": [ 
        {
            "name": "baseos", 
            "baseurl": "https://satellite.lab.example.com/pulp/content/Operations/Development/OperationsServerBase/content/dist/rhel9/9/x86_64/baseos/os", 
            "gpgkey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n 
            ...output omitted...
            \n-----END PGP PUBLIC KEY BLOCK-----\n",
            "rhsm": true, 
	           "sslcacert": "/etc/rhsm/ca/katello-server-ca.pem", 
            "sslclientcert": "/etc/pki/entitlement/6489243061793683342.pem", 
            "sslclientkey": "/etc/pki/entitlement/6489243061793683342-key.pem", 
            "sslverify": 1,
            "check_gpg": true
        },
        {
            "name": "appstream",
            "baseurl": "https://satellite.lab.example.com/pulp/content/Operations/Development/OperationsServerBase/content/dist/rhel9/9/x86_64/appstream/os",
            "gpgkey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n
            ...output omitted...
            \n-----END PGP PUBLIC KEY BLOCK-----\n",
            "rhsm": true,
	           "sslcacert": "/etc/rhsm/ca/katello-server-ca.pem",
            "sslclientcert": "/etc/pki/entitlement/6489243061793683342.pem",
            "sslclientkey": "/etc/pki/entitlement/6489243061793683342-key.pem",
            "sslverify": 1,
            "check_gpg": true
        }
    ]
}

	`x86_64` architecture configuration.
	Name of the repository.
	Base URL of the repository. Query the system for the configured URL for the local classroom CDN: [root@servera ~]# dnf -v repolist \| grep Repo-baseurl
	The osbuild-composer uses the gpg key to check that repository metadata.
	The repository requires a subscription.
	Satellite CA certificate.
	Subscribed host entitlement certificate. List the file names for the `servera` system's Satellite entitlement keys: [root@servera ~]# ls /etc/pki/entitlement/
	Subscribed key host entitlement certificate. List the file names for the `servera` system's Satellite entitlement keys: [root@servera ~]# ls /etc/pki/entitlement/

Use the webserver-blueprint.toml file to create the webserver blueprint. The blueprint must contain the httpd-2.4.51 package.

Create the webserver-blueprint.toml file and define the installation of the httpd-2.4.51 package.

The following output shows the expected content of the webserver-blueprint.toml file:

name = "webserver"
description = "Blueprint for webserver systems"
version = "1.0.0"
modules = []
[[groups]]
name = "Minimal Install"
distro = ""
[[packages]]
name = "grub2"
[[packages]]
name = "httpd"
version = "2.4.51"
[[packages]]
name = "lvm2"
[customizations.services]
enabled = ["sshd", "httpd"]

Push the webserver blueprint definition to the Image Builder service. Verify that the blueprint is available to the service.

[root@servera ~]# composer-cli blueprints push webserver-blueprint.toml
[root@servera ~]# composer-cli blueprints list
webserver
[root@servera ~]# composer-cli blueprints show webserver
name = "webserver"
description = "Blueprint for webserver systems"
version = "1.0.0"
...output omitted...

Verify that the Image Builder service can resolve the webserver blueprint dependencies.

[root@servera ~]# composer-cli blueprints depsolve webserver
blueprint: webserver v1.0.0
    audit-libs-3.0.7-101.el9_0.2.x86_64
    libseccomp-2.5.2-2.el9.x86_64
    ...output omitted...

Start the compose process for the webserver image. Use tar as the output format.
```
[root@servera ~]# composer-cli compose start webserver tar
Compose fe292682-ca1f-4b02-8329-8cd28c596a0c added to the queue
```
Monitor the status of the compose process. Wait for the process to complete, which is expected to take up to 10 minutes.
```
[root@servera ~]# composer-cli compose status
fe292682-ca1f-4b02-8329-8cd28c596a0c RUNNING  Wed Aug 10 16:32:51 2022 webserver 1.0.0 tar
[root@servera ~]# composer-cli compose status
fe292682-ca1f-4b02-8329-8cd28c596a0c FINISHED Wed Aug 10 16:37:48 2022 webserver 1.0.0 tar
```
Important
The image built by composer will be generated with a unique UUID and contain -root.tar.xz appended to the end of the UUID to create the full filename. In this instance root is the name of the user and the .tar.xz is the file extension.
To simplify the exercise, we will create a friendly filename that can be used throughout this exercise.

Obtain the current image's UUID and set the composed image's friendly file name. Copy the image file to the Capsule Server.

[root@servera ~]# image_id=$(composer-cli compose status | \
awk -F ' ' '{print $1}')

[root@servera ~]# composer-cli compose image $image_id

[root@servera ~]# mv $image_id-root.tar.xz webserver_img.tar.xz
[root@servera ~]# scp webserver_img.tar.xz root@capsule:/var/www/html/pub/
...output omitted...
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'capsule' (ED25519) to the list of known hosts.
root@capsule's password: redhat
...output omitted...

Return to the workstation system as the student user. Log in to the capsule system as the student user and switch to the root user.

[root@servera ~]# exit
logout
[student@servera ~]$ exit
logout
[student@workstation ~]$ ssh student@capsule
[student@capsule ~]$ sudo -i
[sudo] password for student: student
[root@capsule ~]#

Restore the SELinux context on the directory contents. Change the image file's permissions to 0644. Use the image file name that was queried in a previous command.

[root@capsule ~]# restorecon -Rv /var/www/html/pub/
Relabeled /var/www/html/pub/webserver_img.tar.xz from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0

[root@capsule ~]# chmod 644 \
/var/www/html/pub/webserver_img.tar.xz

Log in to the Satellite Server web UI, https://satellite.lab.example.com, as the admin user with redhat as the password.
In the upper-left corner of the web page, set the organization to Operations. Set the location to Boston.
Import the Ansible Role webserver from the capsule.
Click Configure → Ansible and then click the Roles link. Click in the Import from capsule.lab.example.com button. Select webserver and click Submit.
Create a Operations Image Builder host group for the Operations organization by cloning the Operations Provisioning host group. Set the kickstart_liveimg parameter with the path of the webserver image.
1. Click Configure → Host Groups. In the Operations Provisioning row, select Clone in the Nest menu in the Actions column.
2. On the Create Host Group form, enter the details from the following table. Leave all other fields unchanged. Do not submit the form until you complete all of the required tabs.
  Table 9.5. Host Group Details
  Field Value
  Name Operations Image Builder
  Lifecycle Environment Development
  Content View OperationsServerBase
  Content Source capsule.lab.example.com
3. Click the Ansible Roles tab. Assign the webserver role to Assigned Ansible Roles by clicking the + next to webserver.
4. Click the Network tab. Enter the details from the following table. Leave all other fields unchanged. Do not submit the form until you complete all of the required tabs.
  Table 9.6. Host Group Network Details
  Field Value
  Domain boston.lab.example.com
  IPv4 Subnet Boston Data Center (172.25.250.0/24)
5. Click the Operating System tab. Enter the details from the following table. Leave all other fields unchanged. Submit the form only after you complete all of the required tabs.
  Table 9.7. Host Group Operating System Details
  Field Value
  Architecture x86_64
  Operating system RedHat 9.0
  Media Selection Synced Content
  Partition Table Kickstart default
  PXE loader PXELinux BIOS
6. Click the Parameters tab, and then click Add Parameter. Enter the details from the following table. Use the image name from webserver_img.tar.xz that was created in a previous command. Leave all other fields unchanged. Submit the form only after you completed all of the required tabs.
  Table 9.8. Host Group Operating Parameter Details
  Field Value
  Name kickstart_liveimg
  Type string
  Value http://capsule.lab.example.com/pub/webserver_img.tar.xz
7. In the Locations tab, verify that the Boston location is in the Selected items list.
8. In the Organizations tab, verify that the Operations organization is in the Selected items list.
9. In the Activation Keys tab, select OperationsServers in the Activation Keys field.
10. Click Submit.
Create the servere.boston.lab.example.com host resource.
1. Click Hosts → Create Host. Enter the details from the following table. Setting the host group automatically completes the form with that group's parameters. Leave all other fields unchanged. Submit the form only after you completed all of the required tabs.
  Table 9.9. New Host Details
  Field Value
  Name servere
  Organization Operations
  Location Boston
  Host Group Operations Image Builder
2. Click the Operating System tab, and then enter redhat123 in the Root Password field.
3. Click Resolve to confirm that the system can correctly retrieve the templates for provisioning.
4. Click the Interfaces tab In the servere interface row, click Edit. Enter 52:54:00:00:fa:0e in the MAC Address field, and click Ok.
5. Click Submit.
Access the servere console and initiate a PXE boot.
1. Locate your servere system console, as appropriate for your classroom environment. Open the console.
2. Reboot the server system by using the relevant technique for your classroom environment. The provisioning process starts automatically. If the provision process does not start, select Kickstart default PXELinux in the Booting into OS installer menu. Wait for the provisioning to complete.
3. Wait for the servere system to reboot. Select the Chainload the first hard drive (hd0) option and wait for the system to start. On the servere console, log in as the root user with redhat123 as the password.
  Warning
  The Ansible roles assigned to the host take some time to run. After the host is provisioned, it takes around five (5) minutes for the Ansible roles to be scheduled, run, and completed on the host. It is possible to look at the jobs in the Satellite WebUI by selecting Monitor > Jobs. You should see a Run ansible roles job which will install web server the content on your 'servere.boston.lab.example.com'.
  This setting can be configured using Administer > Settings then selecting Ansible tab. The setting to modify is Post-provision timeout.
4. Verify that the httpd service is installed and on the servere content host along with the web content.
```
[root@servere ~]# curl localhost
Hello from servere.boston.lab.example.com. This webserver was installed with the Image Builder template image.

I was provisioned automatically with Ansible using a ROLE in Satellite.
```
5. Exit the servere system and close the console.
```
[root@servere ~]# exit
servere login:
```

Field	Value
Name	`Operations Image Builder`
Lifecycle Environment	`Development`
Content View	`OperationsServerBase`
Content Source	`capsule.lab.example.com`

Field	Value
Domain	`boston.lab.example.com`
IPv4 Subnet	`Boston Data Center (172.25.250.0/24)`

Field	Value
Architecture	`x86_64`
Operating system	`RedHat 9.0`
Media Selection	`Synced Content`
Partition Table	`Kickstart default`
PXE loader	`PXELinux BIOS`

Field	Value
Name	`kickstart_liveimg`
Type	`string`
Value	`http://capsule.lab.example.com/pub/webserver_img.tar.xz`

Field	Value
Name	`servere`
Organization	`Operations`
Location	`Boston`
Host Group	`Operations Image Builder`

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish provision-builder

Discuss Red Hat Satellite 6 Administration

Go to community

Welcome to the Red Hat Satellite 6 Administration (RH403) group in the Red Hat Learning Community!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Satellite 6 Administration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH403.Read more about Red Hat Satellite 6 Administration here.

Revision: rh403-6.11-3ad886e