RHEL subscription manager issue when creating RHEL container images using AWS Image Builder


I'm trying to use Image Builder to create RHEL containers. Recently, Red Hat made changes that essentially force your image build to run on a RHEL host. Rather than just running subscription manager (which used to work on non-RHEL hosts, but now results in "subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management."), the Dockerfile needs to copy some Red Hat specific entitlement files from the host to the container in order to use the RHEL yum repositories. Red Hat documentation on this new approach is here: https://docs.openshift.com/container-platform/4.7/cicd/builds/running-entitled-builds.html

Note that I am currently using CDK to configure my Image Builder infrastructure. It seems that about the only option available is image type (e.g., t3-medium) - there is no option to specify a different OS or a specific AMI to use for the EC2 instance that will run the docker build. If there's a non-CDK approach (such as using the aws CLI) to create a RHEL infrastructure configuration I would be open to it, but would prefer a pure CDK solution if possible.

I realize I could launch a RHEL EC2 instance with docker installed, etc., and essentially roll my own solution for doing these docker builds, but I'm already using Image Builder for other container builds, so I'd prefer to find a solution to this problem that doesn't require abandoning using Image Builder just for the RHEL use case.

1 Answer

Good Day!

Thanks for reaching out to us at AWS re:Post. Ramneek this side from AWS Support Engineering from ECR Support Team and here to address your query on the post.

As I can understand that you aren't able to specific instance type accordingly or specific AMI ID of your own choice via CDK Mechanism, hence, you're getting blocked to move next on using the service. Please correct me if I have misunderstood your query.

As AWS Image builder is something out of expertise of ECR Support Team, I consulted EC2 Team to understand the working of the service so that I can guide you at our best capacity. As per your query, they advised for you to use Image-recipe process as shared at [1] via which you can specify desired AMI ID, with OS of your choice.

As a summarized view, you need to follow below steps:

  • Create a new image recipe with desired config (we can't update image recipe like other resources)
  • Update image pipeline to use this new recipe

You can check the API Details here: https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateImageRecipe.html and also CDK Option available on the Documentation.

In case if you have any other follow-up queries/clarifications, please feel free to open a case with EC2 Team at your AWS Support Center [AWS Support Center].

Thanks for your time & cooperation! Have an AWSome Day Ahead & Stay Safe!

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions