Skip to main content
Redhat Developers  Logo
  • Products

    Platforms

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat AI
      Red Hat AI
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • View All Red Hat Products

    Featured

    • Red Hat build of OpenJDK
    • Red Hat Developer Hub
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenShift Dev Spaces
    • Red Hat OpenShift Local
    • Red Hat Developer Sandbox

      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Secure Development & Architectures

      • Security
      • Secure coding
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • Product Documentation
    • API Catalog
    • Legacy Documentation
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Optimize RHEL for edge and IoT deployments

July 23, 2025
Pablo Iranzo Gómez
Related topics:
Edge computingLinux
Related products:
Image mode for Red Hat Enterprise LinuxRed Hat Enterprise Linux

Share:

    Deploying a full-featured Linux distribution such as Red Hat Enterprise Linux (RHEL) on resource-constrained edge or Internet of Things (IoT) devices presents unique challenges. While image mode for RHEL offers immutability and customization, further optimization is often required to meet strict memory and storage limitations.

    Initial considerations for system minimization

    The first step in building a minimal system involves reducing both memory and storage footprints. The methods employed will vary depending on the desired level of optimization. However, it is important to highlight that many of these methods involve altering system components in ways that can complicate debugging and impact supportability, especially when modifying files installed via RPM packages, as this compromises package integrity.

    Identifying major space consumers

    Typical targets for reduction in a RHEL environment include:

    1. Installation-level customizations
      • Custom partitioning strategies for more efficient disk use.
      • Minimal package selection.
      • Elimination of unnecessary dependencies.
    2. Post-installation optimizations
      • Limiting the number of retained kernel versions.
      • Removing leftover temporary files.
      • Configuring log rotation and compression.
      • Removing unused locales and documentation (/usr/share/doc, /usr/share/man, etc.)
    3. Enforcing clean state across updates
      • Use of custom RPMs with %post scripts to reapply optimizations.
      • Automation with Ansible Playbooks for post-deployment configuration.

    Additional considerations for RAM optimization

    To further reduce memory usage:

    • Disable unneeded services and daemons.
    • Replace full desktop environments like GNOME with lighter alternatives or minimal UI frameworks.
    • Disable autostart for device hotplug daemons.
    • Use static network configurations to eliminate the need for NetworkManager.

    Navigating trade-offs in optimization

    While standard RHEL deployments aim for flexibility and compatibility, edge use cases often benefit from eliminating unnecessary components. However, many applications are compiled with additional features, pulling in unused dependencies. Since recompiling the entire software stack is impractical and unsupported, the focus should remain on minimizing the package set and reducing the attack surface at the same time due to this reduction of installed software.

    BaseOS installation and kickstart automation

    To streamline deployments, begin with the @Core group in the kickstart configuration, adding only essential utilities, such as SSH. Including certain tools may inadvertently pull additional dependencies (e.g., Kerberos with OpenSSH). Avoiding these requires custom-built binaries, which complicates maintenance and supportability.

    After finalizing a minimal package list, you can use it for kickstart and container image creation. Container base images may include more tooling, requiring additional cleanup post-deployment.

    Package and service reduction

    A non-exhaustive list of packages that may be safely removed include:

    • fwupd: Firmware update daemon

    • tracker*: File indexing services

    • nano: Text editor

    • wireplumber: Audio support

    • sssd*: Security Services Daemon

    • ntpd: NTP service

    • NetworkManager-*: Network management daemon

    • langpacks-*: Extra language support

    • pipewire: Audio stack

    • man-db: Manual pages database

    • kexec-tools: Kernel crash tools

    • firmware: Hardware firmware blobs

    • insights-client: System Insights client

    • *devel*: Development headers and libraries

    Note:

    On edge devices, removing firmware-related packages should be carefully evaluated, as they may be required for updates and compatibility.

    Removing documentation and locales

    To further reduce disk usage:

    rm -Rfv /usr/share/info/ /usr/share/man/ /usr/share/doc/
    /usr/share/locale/

    Disable unnecessary services, such as:

    systemctl disable rhsmcertd

    However, you must be aware of trade-offs. Disabling RHSM will block access to official repositories, removing chronyd will stop time synchronization, and disabling NetworkManager will prevent the system from responding to network changes.

    GUI alternatives

    For graphical environments, you can replace or omit GNOME, depending on application requirements. Alternatives like Weston (available via EPEL) may be appropriate in locked-down scenarios.

    Kickstart scripting and automation

    Kickstart supports automation via %pre and %post sections and is useful for tasks, such as static IP configuration or system naming. However, debugging can be complex. Configuration management tools like Ansible are often preferable for ongoing configuration.

    Here is a sample Kickstart snippet:

    %packages
    @^minimal-environment
    %end
    firstboot --disable
    timezone Europe/Madrid --utc
    rootpw --iscrypted --allow-ssh <your-password-hash>

    You can handle the post-installation configuration via Ansible for flexibility and version control.

    Persistent cleanup via RPM triggers

    To prevent RPM upgrades from restoring removed files, use RPM triggers. For example, deploy a cleanup script:

    /usr/bin/systemtrimdown.sh:

    #!/bin/bash
    rm -Rfv /usr/share/info/ /usr/share/man/ /usr/share/doc/
    /usr/share/locale/

    Create an RPM spec file:

    Name:           systemtrimdown
    Version:        1.0
    Release:        1%{?dist}
    Summary:        Executes cleanup after selected package installations
    License:        GPL
    BuildArch:      noarch
    %files
    %triggerin -- linux-firmware
    sh /usr/bin/systemtrimdown.sh

    Build the package:

    rpmbuild -bb systemtrimdown.spec

    Configuration via Ansible

    Ansible Playbooks simplify reapplication and tracking of changes. A sample playbook might include the following:

    - hosts: all
      tasks:
        - name: Remove rescue images
          file: path={{ item }} state=absent
          loop: "{{ query('fileglob', '/boot/*rescue*') }}"
        - name: Remove unneeded packages
          package:
            name: "{{ item }}"
            state: absent
          with_items:
            - abrt*
            - langpacks-*
            - pipewire
        - name: Configure journald
          ini_file:
            path: /etc/systemd/journald.conf
            section: Journal
            option: SystemMaxUse
            value: 200M

    Results

    After deploying RHEL 9.4 and applying the described optimizations, disk usage reduced significantly, as shown in the following table:

    Configuration

    RAM usage

    Disk usage

    Boot usage

    @Standard

    342 MB

    2.0 GB

    275 MB

    @Minimal

    305 MB

    1.6 GB

    237 MB

    PostCleanup

    305 MB

    1.1 GB

    237 MB

    This 33% reduction in disk usage allows for better use of limited storage resources, such as fitting an entire OS into a 2 GB SD card, making it suitable for remote deployments or IoT applications.

    Related Posts

    • Developing at the edge: Best practices for edge computing

    • Announcing image mode for Red Hat Enterprise Linux

    • 5 things developers should know about edge computing

    • What is edge computing and what makes it so different?

    Recent Posts

    • Migrating Ansible Automation Platform 2.4 to 2.5

    • Multicluster resiliency with global load balancing and mesh federation

    • Simplify local prototyping with Camel JBang infrastructure

    • Smart deployments at scale: Leveraging ApplicationSets and Helm with cluster labels in Red Hat Advanced Cluster Management for Kubernetes

    • How to verify container signatures in disconnected OpenShift

    What’s up next?

    Discover how automation at the edge can help your organization improve scalability, security, agility, and overall efficiency. This e-book describes seven use cases and examples demonstrating automation at the edge of the network.

    Get the e-book
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue