Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

How to build RHEL images for edge deployments

April 20, 2023
Chris Santiago
Related topics:
Automation and managementEdge computingLinux
Related products:
Red Hat Ansible Automation Platform for EdgeRed Hat Ansible Automation PlatformRed Hat Enterprise Linux

Share:

    As edge infrastructure scales outside the data center into remote locations, small-factor devices such as IoT, POS, and sensors that have Linux images, need a way to be updated at scale.

    The rpm-ostree core premise is that by default, the updates should base on a whole base image that is created and tested offline, and once ready deployed everywhere into the remote locations, overriding the previous image and lowering the risks of patching at scale.

    An illustration of the image builder.
    Figure 1: The image builder.

    We know many people are working in secure edge environments and need the ability to create and lifecycle manage operating systems. In order to help with this we have created a way to build, host and manage these images using the Red Hat Ansible Automation Platform.

    This article will cover the Ansible collection for management of the osbuild composer to build rpm-ostree based images for Fedora, Red Hat Enterprise Linux, and CentOS Stream. This collection has roles to build an osbuild server, an apache httpd server to host images, and a role to build installer images and rpm-ostree updates.

    2 roles of the infra.osbuild collection

    There are two roles that are part of the infra.osbuild collection:

    1. The infra.osbuild.setup_server role

    The setup_server role checks to see what type of OS the remote system is running, ostree-based or non ostree-based. A remote system running an OS based on ostree will need to have packages already installed via a previous commit or with the initial install to continue. Non-ostree based hosts will have all the necessary packages installed.

    At the same time the setup_server role also ensures all necessary services are enabled and started. Lastly it adds support for rpm custom repositories for adding custom packages to images.

    2. The infra.osbuild.builder role

    This builder role creates a blueprint based on information provided by the playbook variables such as packages, user info, and compose type. A rpm-ostree repository is initialized for the blueprint name to handle commits and upgrades. The builder role creates an image based on the previously created blueprint. Lastly it creates a kickstart file which supports an optional auto registration to be used on a system.

    How to build images for edge deployment

    Note: To test this collection you will need either a RHEL, CentOS Stream, or Fedora system.

    Install the infra.osbuild collection using the ansible-galaxy command as follows:

    ansible-galaxy collection install git+https://github.com/redhat-cop/infra.osbuild

    Once installed we will make an empty directory to store the example playbooks and inventory file.

    mkdir osbuild_example

    Create an inventory file as follows:

    touch inventory.ini

    Inside the inventory file, create a group named all with the remote systems IP address underneath.

    [all]
    <Host IP>

    Now that we have an inventory file and a remote system to point to. Let’s take a look into the setup_role. As explained above, this role simply sets up all the necessary packages and services to get osbuild up and running. If you plan on using a custom rpm repository to add custom packages that you would like to make available to osbuild then we need to add some configuration otherwise we can use the role as is.

    Create a playbook named osbuild_setup_server.yaml with the sample playbook as its contents as follows:

    ---
    
    - name: Run osbuild_server role
    
      hosts: all
    
      become: true
    
      tasks:
    
        - name: Run the role
    
          ansible.builtin.import_role:
    
            name: infra.osbuild.setup_server

    For adding a custom rpm repository, we can pass a list to the setup_server_custom_repos role variable. Each list entry is a YAML dictionary type and has the following attributes:

    • repo_name
    • base_url
    • type
    • check_ssl
    • check_gpg
    • rhsm
    • state

    If you wanted support for custom rpm repositories your playbook should something like the following:

    ---
    
    - name: Run osbuild_server role
    
      hosts: all
    
      become: true
    
      vars:
    
        setup_server_custom_repos:
    
          - name: EPEL Everything
    
            base_url: "https://dl.fedoraproject.org/pub/epel/{{ hostvars[inventory_hostname].ansible_distribution_major_version }}/Everything/x86_64/"
    
            type: yum-baseurl
    
            check_ssl: true
    
            check_gpg: true
    
            state: present
    
          - name: My company custom repo
    
            base_url: "https://repo.example.com/company_repo/x86_64/"
    
            type: yum-baseurl
    
      tasks:
    
        - name: Run the role
    
          ansible.builtin.import_role:
    
            name: infra.osbuild.setup_server

    Now that we have the osbuild_setup_server file completed, we can run the playbook using this command:

    ansible-playbook -i inventory.ini  –ask-become –ask-pass playbooks/osbuild_setup_server.yaml

    Note: We will run the playbook with –ask-become and –ask-pass flags to provide basic authentication, or if you want to set up proper authentication with ssh keys and proper user sudo management.

    Once the playbook has finished running then the osbuild server is ready for us to start building images.

    As explained  in the infra.osbuild.builder section, there are variables that are needed to create a blueprint. You can refer to the full list and their explanations.

    Let’s create another playbook called osbuild_builder.yaml with the sample playbook as its contents as follows:

    ---
    
    - name: Run osbuild_builder role
    
      become: true
    
      hosts: all
    
      vars:
    
        builder_compose_type: edge-commit
    
        builder_blueprint_name: mybuild
    
        builder_pub_key: ~/.ssh/id_rsa.pub
    
        builder_compose_pkgs:
    
          - vim-enhanced
    
          - httpd
    
          - ansible-core
    
          - tmux
    
        builder_compose_customizations:
    
          user:
    
            name: "testuser"
    
            description: "test user"
    
            password: "testpassword"
    
            key: "{{ builder_pub_key }}"
    
            groups: '["users", "wheel"]'
    
      tasks:
    
        - name: Run the role
    
          ansible.builtin.import_role:
    
            name: infra.osbuild.builder

    If you would like to have your image automatically register with Ansible Automation Platform, add builder_aap_url, builder_set_hostname, builder_aap_ks_user and builder_aap_ks_password underneath the vars section in the osbuild_builder.yaml playbook.

    Once you have finished writing your playbook run the osbuild_builder.yml playbook to begin building an image.

    ansible-playbook -i inventory.ini –ask-become –ask-pass playbooks/osbuild_builder.yml

    After the playbook finishes, log in into your remote system http://<ip_addr>/<blueprint_name>/ to see the hosted repo and kickstart file that can be used to provision a new system.

    Find more resources

    In summary, infra.osbuild is an easy-to-use solution for creating customizable images. Ansible validated content for infrastructure osbuild collection, will let you automate the provisioning and configuration of the required osbuild components and build a RHEL image for your edge deployments.

    If you want to learn more about edge automation, here are a few suggestions:

    • Explore resources at Using Red Hat Ansible Automation Platform for edge computing.
    • Download the Automation at the edge e-book.
    • For additional use cases such as industrial protocol integration, read the article, How to automate devices using the Ansible CIP collection. 
    Last updated: November 16, 2023

    Related Posts

    • Developing at the edge: Best practices for edge computing

    • 5 things developers should know about edge computing

    • WildFly server configuration with Ansible collection for JCliff, Part 1

    • 5 examples of security automation with Ansible

    Recent Posts

    • AI meets containers: My first step into Podman AI Lab

    • Live migrating VMs with OpenShift Virtualization

    • Storage considerations for OpenShift Virtualization

    • Upgrade from OpenShift Service Mesh 2.6 to 3.0 with Kiali

    • EE Builder with Ansible Automation Platform on OpenShift

    What’s up next?

    Share Image

    The WiFi automation with Ansible and SD-WAN Meraki cheat sheet gets you started using Ansible to automate tasks on Cisco Meraki, an enterprise-cloud managed networking solution for managing access points, security appliances, L2 and L3 switches, and more.

    Get the cheat sheet
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue