Running RHEL on Hetzner hosted servers

Hetzner (http://www.hetzner.de) is a quite popular and affordable server hoster in Germany.

Unfortunately, their automated install procedure supports only Debian, Ubuntu, OpenSUSE or CentOS distributions. As a Red Hat Developer (and Employee) I want to run a real RHEL operating system.

To prepare for the automated installation with the “installimage” tool, we need to prepare an operating system image.

On a local virtual machine, we start with  installing a minimal RHEL server. The following kickstart file can be used for this:

#version=DEVEL
# System authorization information
auth --enableshadow --passalgo=sha512
repo --name="Server-HighAvailability" --baseurl=file:///run/install/repo/addons/HighAvailability
repo --name="Server-ResilientStorage" --baseurl=file:///run/install/repo/addons/ResilientStorage

# Use CDROM installation media
cdrom

# Use graphical install
graphical

# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=vda

# Keyboard layouts
keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)','us'

# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate
network  --hostname=localhost.localdomain

# Root password
rootpw --iscrypted <hash>

# System services
services --enabled="chronyd"

# System timezone
timezone Europe/Berlin --isUtc

# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=vda
autopart --type=lvm

# Partition clearing information
clearpart --none --initlabel

%packages
@^minimal
@core
chrony
kexec-tools
%end

%addon com_redhat_kdump --enable --reserve-mb='auto'
%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

Then we boot up the server and log in to change same settings:

  1. The Hetzner tool does only tolerate one kernel in boot, so we need to remove the rescue kernel:
    rm /boot/vmlinuz-0-rescue-adcc72dfe3ed4c049ffff0ec950a90d9
    rm /boot/initramfs-0-rescue-adcc72dfe3ed4c049ffff0ec950a90d9.img
  2.  We need to install the mdadm  utitlity. We could have done it via kickstart, but sometimes you get the information too late ;-):
    subscription-manager register --auto-attach
    yum install -y mdadm
    subscription-manager unregister
  3. Now we can create the image file using tar. Note that we have to exclude the directories /proc /sys and /dev (and the image itsself). Note that we need to name the image “CentOS” and also the version “7.5” in this case needs to be coded into the filename.
    tar cJvf CentOS-75-el-x86_64-minimal.tar.xz --exclude=/dev/* --exclude=/proc/* --exclude=/sys/* --exclude=/CentOS-75-el-x86_64-minimal.tar.xz

Hetzners “installimage” tool will then use these names to decide how the system is adminitrated. “Red Hat” is not known here… Their documentation can be found here:

https://wiki.hetzner.de/index.php/Eigene_Images_installieren

This image now has to retrieved from the VM and saved on a publicly available web server. In my case:

http://boernig.de/CentOS-75-el-x86_64-minimal.tar.xz

Now the Hetzner rescue system can be started and one can log in into system and start the installimage-tool.

You have to chose “Custom-image” in the interactive mode. When you are in the editor choose your disk layout as you like for your purpose, but close the file with the “IMAGE” parameter which points tor your custom build image:

IMAGE http://boernig.de/CentOS-75-el-x86_64-minimal.tar.xz

Then you can save&exit and the automatic installation starts. Do not worry, if the you run into an error, for me the installation failed on the last step: The script tried to install updates, but since the system is not registered yet, this was not possible.

However, the image is there, the kernel in place, grub installed and the network and ssh-keys are set! Just use reboot to boot into the image and you can login!

Don’t forget to disable PasswortLogins in /etc/ssh/sshd_config!

Have fun!