How to create and distribute IBM Cloud Virtual Private Cloud (VPC) instances from custom images.
I use the IBM Cloud VPC virtual server instances (VSI) for some workloads. I have specific requirements for the operating system version, applications and data, and I use VPC custom images created to my exact specifications so that the compute instances are provisioned with content that meet my requirements.
Large projects with distributed development over multiple accounts typically may have corporate requirements for images. Hardened base images can be created centrally and required for all production workloads. The corporate base images can be provisioned directly or used as a starting point to derive department images.
VPC custom images can be created and distributed in a number of different ways to fit your needs. Below is a diagram capturing most of the details of such an endeavor. This blog post will drill down into subsections of this diagram and describe the details so you can apply them to your environment:
Image basics
This diagram captures the basic usage of VPC custom images:
Images are the starting point for virtual server instances (VSIs), as represented by the dashed line. They contain the initial file system that will be used to populate the boot volume. They also contain a specification of the boot parameters.
Images are regional based and can be used to start an instance in any of the availability zones in the region. In the image above, eu-de is used to provision an instance in Zone 1. This means that an image in us-south can not be used in eu-de. A copy of the image must be created in each region.
IBM uses cloud-init, the industry standard multi-distribution method for cross-platform cloud instance initialization. Read Getting started with custom images to get an introduction to IBM images.
Creating custom images from IBM-provided stock images
The most straightforward way to create a custom image is to provision a VPC VSI with one of the IBM stock images. The running instance boot volume can be prepared by using the cloud-init user data or SSH. Follow the instructions to create an image from a volume:
There are tools like Packer that automate the steps of creating an instance, copying data, executing scripts to install software and creating an image. This blog post provides an example.
On-premises images
On-premises virtual machine image files can be exported to local storage as qcow2 or vhd files. These files can be uploaded to a IBM Cloud Object Storage (COS) bucket. A VPC image can be imported from the bucket object. Make sure the requirements specified in Creating a Linux custom image or Creating a Windows custom image are satisfied:
It is also possible to export IBM VPC custom images to a COS bucket and import them as VPC custom images in a different region or download them for use in your virtual environment. You can try this using the desktop QEMU work flow. The core tutorial with QEMU is a good starting point.
Most Linux distros supply “cloud images.” Search for “distro cloud images” like this and you will likely find them:
Example of ubuntu 20.04 (jammy) current:
This is a qcow2 file, and you can download this to your laptop and verify the checksum. Change the name to jammy-server-cloudimg-amd64.qcow2.
Upload to a COS bucket and import it in the IBM Cloud Console VPC custom images dialog by clicking on the Create button and selecting the Image source of Cloud Object Storage.
The information message will explain how to authorize access if the bucket is not visible:
The authorization will look something like this:
Back in the image import create dialog:
When the VPC custom image creation completes, you can use the Cloud console to create a VPC VSI with the custom image:
Distributing images across accounts using the private catalog
There is a private catalog product type specifically for VPC custom images. A catalog product version contains a list of VPC regional images. When a VPC VSI is provisioned from a catalog product version, the appropriate regional image will be used. Terraform, Packer and CLI accept catalog product versions in addition to images when creating VSIs:
In the diagram, note the three steps:
- Create a private catalog, product x and version. The version will contain a list of identical images—each in a different region.
- Provision an instance specifying the private catalog, product x and one of the versions.
- The VSI will be started with the image in the local region.
Private catalog products can be shared across accounts in an enterprise. This makes private catalog products ideal for distributing hardened corporate images across an enterprise.
To create a private catalog product and version, open the catalog in the IBM Cloud console and click Catalog settings:
- Select Private catalogs on the left and click Create to begin the wizard.
- Add a Software product and a Delivery method of Virtual server image for VPC.
- Choose the jammy-server-cloudimg-amd64 that you imported earlier with Software version 1.0.1 to match the diagrams.
- Choose a Category of Compute / Virtual Machines:
To reference multiple identical images in more than one region, cancel this dialog and import the image in the desired regions:
- To continue, click Add product.
- Click on the version and walk through the wizard for the version.
- You will need to validate the image by providing a VPC, SSH key and subnet. This step will create a IBM Cloud Schematics workspace to create an instance with the provided image and will take a few minutes.
- Click the refresh arrow to see progress.
No other data is required. Click Next to continue through all of the steps. The final step for a version is the following:
Finally, use the IBM Cloud Console to create a new VSI for VPC. In the Operating system section, choose a Catalog image for Image type and then the version you just created:
Sharing products with users in your account, enterprise, or account groups is also possible.
Conclusions
Using VPC custom images when creating VSIs can save time during provisioning. It can also ensure that the instance is initialized to meet application and corporate requirements. VSIs are provisioned from regional images. Private catalog product versions are a single ID for a collection of identical images distributed across regions to insure consistency. Catalog products can also be shared across enterprise accounts.
Learn more about IBM Cloud VPC.
If you have feedback, suggestions or questions about this post, please email me or reach out to me on Mastodon (@powellquiring@mastodon.social), LinkedIn or Twitter (@powellquiring).