Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

In this article I will share the steps to create custom rhel iso using cockpit image builder on a RHEL 8 Linux host. Cockpit Image Builder is a tool for creating deployment-ready customized system images. Using the cockpit image builder you can create custom rhel iso in various formats including QCOW2 for OpenStack, AMI (Amazon Machine Image), VHD (Azure Disk Image) etc. Cockpit has been around for some time already. You may have seen in already in RHEL 7. But in RHEL 8, Cockpit has been developed to a management solution that really has the potential to offer the most common management features to occasional Linux administrators. Cockpit Image builder is introduced in RHEL 8 Linux which can be used for various other tasks and not only limited to create custom rhel iso images. I will write more articles in future to cover more on cockpit.

 

Installing Cockpit Image Builder on RHEL 8

Install the Image Builder and other necessary packages on the virtual machine:

  • lorax-composer
  • composer-cli
  • cockpit-composer
  • bash-completion

The web console is installed as a dependency of the cockpit-composer package.

Enable Image Builder to start after each reboot. Now since the socket is enabled the services will be started automatically after reboot as soon as a thread is connected to the socket.

# systemctl enable lorax-composer.socket
# systemctl enable cockpit.socket
IMPORTANT NOTE:

Make sure that your RHEL 8 Linux host is connected to Red Hat Network or has an offline repo configured or else you will not be able to create custom rhel iso or any other images using cockpit image builder.

Next check the status of lorax-composer.

[root@node4 ~]# systemctl status lorax-composer
● lorax-composer.service - Lorax Image Composer API Server
   Loaded: loaded (/usr/lib/systemd/system/lorax-composer.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-06-18 19:33:43 IST; 9min ago
  Process: 6186 ExecStartPre=/usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/lorax-composer.conf (code=exited, status=0/SUCCESS)
 Main PID: 6188 (lorax-composer)
    Tasks: 2 (limit: 26213)
   Memory: 88.2M
   CGroup: /system.slice/lorax-composer.service
           ├─6188 /usr/libexec/platform-python /usr/sbin/lorax-composer /var/lib/lorax/composer/blueprints/
           └─6190 /usr/libexec/platform-python /usr/sbin/lorax-composer /var/lib/lorax/composer/blueprints/

Jun 18 19:33:43 node4.example systemd[1]: Starting Lorax Image Composer API Server...
Jun 18 19:33:43 node4.example systemd[1]: Started Lorax Image Composer API Server.
Jun 18 19:33:44 node4.example lorax-composer[6188]: 2019-06-18 19:33:44,767: releasever = 8
Jun 18 19:33:44 node4.example lorax-composer[6188]: 2019-06-18 19:33:44,770: Using platform:el8 for module_platform_id
Jun 18 19:33:44 node4.example lorax-composer[6188]: 2019-06-18 19:33:44,777: Updating repository metadata
Jun 18 19:33:50 node4.example lorax-composer[6188]: 2019-06-18 19:33:50,261: Starting lorax-composer-28.14.16-1 on /run/weldr/api.socket with blueprints from /var>
NOTE:

In some cases it is observed that the Cockpit web console fails to display the blueprint details. In such case make sure your repository is accessible by using "dnf clean all" to clean the repo cache and reloading the repo using "dnf repolist". Next restart the lorax-composer service and refresh the cockpit web console.

Load the shell configuration script so that the autocomplete feature for the composer-cli command starts working immediately without reboot:

[root@node4 ~]# source  /etc/bash_completion.d/composer-cli

 

Accessing Image Builder GUI in the RHEL 8 web console

The cockpit-composer plugin for the RHEL 8 web console enables users to manage Image Builder blueprints and composes with a graphical interface.

Open https://localhost:9090/ in a web browser on the system where Image Builder is installed.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

Log into the web console with credentials for an user account with sufficient privileges on the system. We are using root user credential to login to cockpit web console.

To display the Image Builder controls, click the Image Builder icon, which is in the upper-left corner of the window. The Image Builder view opens, listing existing blueprints.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

Creating an Image Builder blueprint using Cockpit

Click Create Blueprint in the top right corner.
A pop-up appears with fields for the blueprint name and description.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

Fill in the Name of the blueprint, its description, then click Create.
The screen changes to blueprint editing mode. I am creating a new blueprint "base-blueprint".

Fill in the name of the blueprint, its description, then click Create.  The screen changes to blueprint editing mode.

 

Add components that you want to include in the system image.On the left, enter all or part of the component name in the Available Components field and press Enter.

The search is added to the list of filters under the text entry field, and the list of components below is reduced to these that match the search.
Click on name of the component you intend to use to display its details. The right pane fills with details of the components, such as its version and dependencies.
Select the version you want to use in the Component Options box, with the Version Release dropdown.
Click Add in the top left.
If you added a component by mistake, remove it by clicking the - button at the far right of its entry in the right pane, and select Remove in the menu.

To save the blueprint, click Commit in the top right A dialog with a summary of the changes pops up. Click Commit.  A small pop-up on the right informs you of the saving progress and then the result.

 

To save the blueprint, click Commit in the top right. A dialog with a summary of the changes pops up. Click Commit.
A small pop-up on the right informs you of the saving progress and then the result.

 

Adding users and groups to an Image Builder blueprint

Cockpit Image Builder is a tool for creating custom system images. This procedure describes how to edit an existing Image Builder blueprint in the command line interface.

Save (export) the blueprint to a local text file using which we will create our custom rhel iso. Here base-blueprint is the name of my blueprint.

[root@node4 ~]# composer-cli blueprints save base-blueprint

Now you can view the configuration of our blueprint file using any editor:

[root@node4 ~]# cat base-blueprint.toml
name = "base-blueprint"
description = ""
version = "0.0.5"
modules = []
groups = []

[[packages]]
name = "bash"
version = "4.4.19"

[[packages]]
name = "cockpit"
version = "180"

[root@node4 ~]# cat base-blueprint.toml
name = "base-blueprint"
description = ""
version = "0.0.5"
modules = []
groups = []

[[packages]]
name = "bash"
version = "4.4.19"

[[packages]]
name = "cockpit"
version = "180"

 

Create User for our custom rhel iso

Now since we have our package list ready we will create some users using which we can login to our custom rhel iso once installed. To achieve this I have created a file "customizations.txt". You can use any other name for this file as the file name is not important here.

[root@node4 ~]# touch customizations.txt

Below is the template to be followed for adding a user in the custom rhel iso.

[[customizations.user]]
name = "USER-NAME"
description = "USER-DESCRIPTION"
password = "PASSWORD-HASH"
key = "ssh-rsa (...) key-name"
home = "/home/USER-NAME/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]
uid = NUMBER
gid = NUMBER

Here you can choose only the required arguments for your use case and no need to use every defined variable here. For our use case I will create two users with below details:

[[customizations.user]]
name = "deepak"
description = "testuser1"
password = "$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0"
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example"
home = "/home/deepak/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]

[[customizations.user]]
name = "rahul"
description = "testuser2"
password = "$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0"
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example"
home = "/home/rahul/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]

 

How to get encrypted password for blueprint?

As you must have observed I have provided an encrypted form of the password for both the users. To generate the hash, you must install python3 on your system. The following command will install the python3 package.

# yum install python3

Replace PASSWORD-HASH with the actual password hash in customizations.txt file. To generate the hash, use eg. this command:

[root@node4 ~]# python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
Password:
Confirm:
$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0

 

How to get SSH key for blueprint?

Now if you wish to enable a passphrase based login for your custom rhel iso then you can create a set of public and private key using ssh-keygen. Store the private key on localhost while provide the public key details here.

[root@node4 ~]# ssh-keygen -t rsa -P "redhat"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QncWUoaUWP6lLjwiXLOLWN2Z0DHPMnFHG5eGBafX/pE root@node4.example
The key's randomart image is:
+---[RSA 2048]----+
|       ++++ +++. |
|      ..oo o.*o. |
|      . * + =.. .|
|     . o @ + . ..|
|      = S =    E.|
|   . o B *      o|
|    + + B .     .|
|   o o o o       |
|  . . .          |
+----[SHA256]-----+

Here I am storing my public key in customizations.txt file.

[root@node4 ~]# cd .ssh/
[root@node4 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example

Next it is time to update our blueprint file with the customizations file content for our custom rhel iso.

[root@node4 ~]# cat customizations.txt >> base-blueprint.toml

Verify the content once again before we push these changes to our cockpit image builder:

[root@node4 ~]# cat base-blueprint.toml
name = "base-blueprint"
description = ""
version = "0.0.5"
modules = []
groups = []

[[packages]]
name = "bash"
version = "4.4.19"

[[packages]]
name = "cockpit"
version = "180"
[[customizations.user]]
name = "deepak"
description = "testuser1"
password = "$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0"
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example"
home = "/home/deepak/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]

[[customizations.user]]
name = "rahul"
description = "testuser2"
password = "$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0"
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example"
home = "/home/rahul/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]

Next push (import) the blueprint to cockpit image builder:

[root@node4 ~]# composer-cli blueprints push base-blueprint.toml

Verify the content of the blueprint available on cockpit image builder:

[root@node4 ~]# composer-cli blueprints show base-blueprint
name = "base-blueprint"
description = ""
version = "0.0.6"
modules = []
groups = []

[[packages]]
name = "bash"
version = "4.4.19"

[[packages]]
name = "cockpit"
version = "180"

[customizations]

[[customizations.user]]
name = "deepak"
description = "testuser1"
password = "$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0"
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example"
home = "/home/deepak/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]

[[customizations.user]]
name = "rahul"
description = "testuser2"
password = "$6$PDghsIELxH5QZBfH$Eafg9.U8b0olzaz0OQVF559Gunal1LftY0buYcXlgTrJ9i9FcJgF4Yav83Tb2bB4iVzx0aHp7pJUpqiCecW1e0"
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbdvsMQy46/QDGlXfzU6976b8sDD1sz/9Aa7rr6vu+eFffKGoZZWkSzvk83plp8VQgZDaODyudP80jQP82fOk6kPZ5JDIwDYZ6jIVSxWbnE5QQHQdbib3i4cJ3MZJSOpJFx/ywNcr32F8NdVCQperw+iNzT7oWcW3bwEStUIjo+aD15yF7aatLXhkbjpNQTPJub1sduikhTZY3+bplP5l/dX0anrZX5h8R3x+xufbcOoXAtlMjA8ewgbrP9T9jOh9mdKiiPjvLFjKmTd3tarehohMG4lySguWt7XEkmj5q0AodQZ0okH09EmH3X1DB3BEi+spoQO8ZTcgus+c8P8LH root@node4.example"
home = "/home/rahul/"
shell = "/usr/bin/bash"
groups = ["users", "wheel"]

So we are all set to create our first image from the blueprint using cockpit image builder on our rhel 8 linux host..

 

Create Custom RHEL ISO with Cockpit Image Builder

On the right side of the blueprint, press the Create Image button that belongs to the blueprint.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

A pop-up window appears. Select the Image type and Architecture and press Create.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

A small pop-up in the top right informs you that the image creation has been added to the queue.

Click the Images tab to switch to it. The image that is being created is listed with the status In Progress.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

Once the image is successfully created, the Stop button is replaced by a Download button. Click this button to download the image to your system.

 

Deploy Custom RHEL ISO to VM

Now since our custom RHEL ISO is prepared using cockpit image builder, I will create a virtual machine using the live iso which we have created. I will not be able to share the steps to create a VM as that is out of the scope of this article. Once we have booted the ISO in a VM, we will directly get a login console as shown below.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

You can login here using any of the user which was created using customizations.txt file in the blueprint. I have logged in using user 'deepak' and the password which I used to create hash password.

Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)

 

Similarly you can add more details to the blueprint such as add custom hostname, append entries to GRUB and create images with different architecture such as QCOW2 for OpenStack, AMI (Amazon Machine Image), VHD (Azure Disk Image) and many more.

 

Lastly I hope the steps from the article to create Custom RHEL ISO using Cockpit Image Builder Web Console and CLI in RHEL 8 Linux was helpful. So, let me know your suggestions and feedback using the comment section.

 

 

14 thoughts on “Create Custom RHEL ISO using Cockpit Image Builder (CentOS/RHEL 8)”

  1. Very nice write up.

    I am currently create a “hardened: RedHat distro which involves tasks such

    Def security updates
    Anti-Virus install
    Execute Ansible Playbooks derived from the OpenSCAP compliance app
    Setup the GDM login warrning banner
    Etc

    How would I use the nCockpit Image Builder to do this?

    Also, is the Cockpit Image Builder unique to RedHat 8? Could it also be used with CentOS 8 *someday”?

    I’m open to ideas

    Reply
    • Thank you Ron for your feedback. You can look out for matching modules under cockpit to do these activities (if available). Cockpit is also available with RHEL 7. I assume starting with RHEL 7.6. I could find the required packages in CentOS 7.6
      lorax-composer.x86_64 : Lorax Image Composer API Server
      composer-cli.x86_64
      cockpit-composer.noarch : Composer GUI for use with Cockpit

      Reply
  2. hello,
    i have some questions to ask you, first all thank you for your tutorial.
    i'd like to know how can i make this instructions with my command-line interface:

    The workflow for the command-line interface can be summarized as follows:

    1. Export (save) the blueprint definition to a plain text file
    2. Edit this file in a text editor
    3. Import (push) the blueprint text file back into Image Builder
    4.Run a compose to build an image from the blueprint
    5.Export the image file to download it

    cause i think you made this instruction with your web console, right?

    Reply
    • i am sorry, i wanted to say how can i create my blueprint on the command-line interface without using the web console ? cause i see you created your blueprint and the following steps on web console and then you export (save) it on the command-line interface.

      thank you in advance

      Reply
      • Hello,

        Thanks for your feedback and questions, I am on vacation and won't be able to test this until I am back. Once I have setup the environment and verified this, will update the answers for your questions here.

        Reply
  3. I resolved it but thank you for your good intention. I have an other issue i launched the image creation process but the process have a bug it's still show me "running" and i can't cancel the compose or delete it, it shows me "not finish or failed" for the delete and "no space left on device" for cancel. so what kind of problem could that be? thank you

    Reply
  4. I've not been able to get Image Builder to work using the instructions provided. I'm getting the error: "An occurred not permitted to perform this action". Any suggestions about what I might be doing wrong?

    Reply
  5. It appears that I've solved the permission issue. I'm now getting the error message:
    An Error has Occurred. Server has closed the connection.

    What server is it referencing?

    Reply
  6. I continue to have problems getting Image Builder to work properly. I've narrowed my issue from the log as follow:
    Failed to update metadata: Failed to download metadata for repo 'Stream-AppStream': Cannot prepare internal mirrorlist: No URLs in mirrorlist
    My OS is CENTOS 8 Standard, I'm not sure why this is happening. Do you have any insight to what might be causing the above error to occur causing the Image Builder to fail?
    Thanks

    Reply

Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.