This is a small tool to import and manage private images to cloud providers. It basically automate (and optimize) the commands you would need to run otherwise to import an image as a image on a cloud provider.
In addition to the import command it offers a share command to allow share images accross accounts. Initially the image imported is private
to the account which run the tool. In order to allow to use the image from a different account we would need to run the share command.
In order to test RHEL AI on AWS we need to import the image according to RHEL AI installation guide this tool will run those steps for us. Alhough previously the raw image should be donwloaded by an authenticated user to agree with EULA License.
To run the tool we can use the OCI container:
podman run --rm --name import-rhelai -d \
-v ${PWD}:/workspace:z \
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
-e AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
ghcr.io/mapt-oss/cloud-importer:latest rhelai aws \
--backed-url "file:///workspace" \
--raw-image-path "/workspace/rhel-ai-nvidia-aws-1.5-1747399384-x86_64.raw" \
--ami-name "rhel-ai-nvidia-aws-1.5.0" \
--debug \
--debug-level 9
podman logs -f import-rhelaiTo import a VHD image to Azure, you can use the rhelai azure command. This command will create a managed disk, upload the VHD, and create a VM image.
Authentication with Azure is handled by DefaultAzureCredential from the Azure SDK for Go. This allows for multiple authentication methods. The most common method is to use a service principal by setting the following environment variables:
AZURE_TENANT_ID: Your Azure tenant ID.AZURE_CLIENT_ID: The client ID of the service principal.AZURE_CLIENT_SECRET: The client secret of the service principal.
In addition to authentication, the following environment variables are required to specify the target resources for the image upload:
AZURE_SUBSCRIPTION_ID: Your Azure subscription ID.AZURE_RESOURCE_GROUP: The name of the resource group where the image will be created (e.g.,Default).AZURE_LOCATION: The Azure region where the resources will be deployed (e.g.,eastus).
To run the tool we can use the OCI container:
podman run --rm --name import-rhelai-azure -d \
-v ${PWD}:/workspace:z \
-e AZURE_TENANT_ID=${AZURE_TENANT_ID} \
-e AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \
-e AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \
-e AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} \
-e AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} \
-e AZURE_LOCATION=${AZURE_LOCATION} \
ghcr.io/mapt-oss/cloud-importer:latest rhelai azure \
--backed-url "file:///workspace" \
--raw-image-path "/workspace/rhel-ai-nvidia-azure-1.5-1747399384-x86_64.vhd" \
--image-name "rhel-ai-nvidia-azure-1.5.0" \
--debug \
--debug-level 9
podman logs -f import-rhelai-azureIn order to run Openshift Local we need to transform the bundle generated by snc then the image will be uploaded as cloud provider image and will be available to create ephemeral clusters.
To run the tool we can use the OCI container:
podman run --rm --name import-openshift-local -d \
-v ${PWD}:/workspace:z \
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
-e AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
ghcr.io/mapt-oss/cloud-importer:latest openshift-local aws \
--backed-url "file:///workspace" \
--bundle-url ${BUNDLE_URL} \
--shasum-url ${SHASUM_URL} \
--arch ${ARCH} \
--debug \
--debug-level 9
podman logs -f import-openshift-local