Brand Claim Brand Claim

Red Hat Enterprise Linux images for Open Telekom Cloud

Available RedHat Images

We have dropped minor numbers for all distributions except SLES. This is because installing all maintenance updates for most distributions automatically implies moving to the next minor version -- there is no possibility to stay on an old minor version and still have full maintenance, as there are no parallel maintenance streams per major version. (The only exception is SLES, where old service packs are maintained in an own stream in parallel to the latest for a limited amount of time.)

Unfortunately, the ImageFactory team initially had reflected the minor versions in the image names that were provided. So in parallel to a RHEL-6 and RHEL-7 image, you can also find older images with minor version number like RHEL-7.3. So whenever you are looking for a current version of RHEL-7, use the RHEL-7 and do not look a RHEL-7.x. We are staying current with RHEL.

For RHEL, the switch to drop minor version numbers from the images has been done late; the first ones to reflect the dropped minor version numbers are the images from mid November 2017.

There are other directories that you can ignore -- the ImageFactory is these days used for images beyond the OpenTelekomCloud.

Redhat does not want us to include custom packages into the Redhat images; for this reason, the uvp-monitor monitoring data collection tool is not included nor are specific optimized drivers (such as ixgbevf-2.16.4) the bare metal network configuration (bms-network-config) nor OpenStack and OTC client tools like we provide preinstalled and preconfigured in e.g. the CentOS-7 images.
You can install them from the home:garloff:OTC repository in openBuildService. (Sidenote: The openBuildService instance is hosted by the openSUSE project; but it is perfectly capable of and used for building RPMs and DEBs for other distributions as well -- so let this not irritate you.)

cloud-init configuration

The images use cloud-init to do basic configuration and customization at startup. This allows to inject ssh keys, install packages, etc. For emergency access to the VM for administrators, cloud-init generates an account linux with full sudo power and a random password that is displayed at the login prompt. This means that someone with access to the noVNC console in the OTC webinterface can log in to the VM for debugging or recovery purposes. Change the password if you dislike this.

Build process

The images are built automatically using the kiwi tool inside a VM in OTC. Configuration (kiwi config and scripts), log files and changelog are available.

To build these images yourself, install kiwi7 (e.g. from the OBS Virtualization:Appliances repository), zerofree, grub, yum and call the ./create_appliance.sh script in the config tarball.

The images are currently rebuilt every night -- changelogs, logs, package lists and configs are published along with the images. If the rebuild is identical to the previous, the image won't be puslished here. Also there is no automated test beyond the image build success yet.

The images have the upstream repositories and update repositories configured as well as the extra repositories that were used for additional tools. This way, they can be updated easily, although the proper cloud way might be to redeploy everything regularly on a current image.
The images have a minimal configuration and some hardening (network and sshd settings).

The images are registered as private images and are then booted in a sandbox environment and tested by a testsuite. You can find the testsuite results in the .test.*.log files.

Old images will be purged -- if you need them available, you need to download and archive them yourself.

The images have been signed with the OTC Image Builder key 2048R/03067050 or (starting on 2018-06-01) 2048R/C4C85D49.
OTC Image Builder key: 

pub   2048R/03067050 2016-01-07 [expires: 2018-01-06]
      Key fingerprint = 224C DD82 F3E3 8F60 D690  D891 0CDB 8F9F 0306 7050
uid                  OTC Image Builder 
sub   2048R/D8876977 2016-01-07 [expires: 2018-01-06]

pub   2048R/C4C85D49 2018-01-06 [expires: 2020-01-06]
      Key fingerprint = 85C8 D136 9BA0 A102 47E5  F8A3 B52D CBA9 C4C8 5D49
uid       [ultimate] OTC ImageBuilder (OTC ImageFactory image signing key 2018/19) 
sub   2048R/F7DA39F9 2018-01-06 [expires: 2020-01-06]

See the detached signatures in the .asc files. You can get the key from common fileservers. I have signed the keys with my personal key 2BFFC5BF.

Questions: Feel free to contact me at otc-imagefactory-nospam@t-systems.com (remove the -nospam from the address).