Red Hat Enterprise Linux bring-your-own-subscription Gold Images in Azure

Applies to: ✔️ Linux VMs

Red Hat Enterprise Linux (RHEL) images are available in Azure via a pay-as-you-go or bring-your-own-subscription (BYOS) (Red Hat Gold Image) model. This article provides an overview of the Red Hat Gold Images in Azure.

Note

RHEL BYOS Gold Images are available in Azure Public (commercial) and Azure Government clouds. They're not available in Microsoft Azure operated by 21Vianet or Azure Blackforest clouds.

Important points to consider

  • The Red Hat Gold Images provided in this program are production-ready RHEL images similar to the RHEL pay-as-you-go images in Azure Marketplace.
  • The images follow the current policies described in Red Hat Enterprise Linux images on Azure.
  • Standard support policies apply to VMs created from these images.
  • The VMs provisioned from Red Hat Gold Images don't carry RHEL fees associated with RHEL pay-as-you-go images.
  • The images are unentitled. You must use Red Hat Subscription-Manager to register and subscribe the VMs to get updates from Red Hat directly.
  • It's possible to switch from pay-as-you-go images to BYOS using the Azure Hybrid Benefit. To convert from RHEL BYOS to pay-as-you-go, follow the steps in Azure Hybrid Benefit for bring-your-own-subscription Linux virtual machines

Requirements and conditions to access the Red Hat Gold Images

  1. Get familiar with the Red Hat Cloud Access program terms. Enable your Red Hat subscriptions for Cloud Access at Red Hat Subscription-Manager. You need to have on hand the Azure subscriptions that are going to be registered for Cloud Access.

  2. If the Red Hat subscriptions you enabled for Cloud Access meet the eligibility requirements, your Azure subscriptions are automatically enabled for Gold Image access.

Expected time for image access

After you finish the Cloud Access enablement steps, Red Hat validates your eligibility for the Red Hat Gold Images. If validation is successful, you receive access to the Gold Images within three hours.

Use the Red Hat Gold Images from the Azure portal

  1. After your Azure subscription receives access to Red Hat Gold Images, you can locate them in the Azure portal. Go to Create a Resource > MarketPlace.

  2. At the top of the page, you'll see that you have private offers.

    Marketplace private offers

  3. Select the purple link, or scroll down to the bottom of the page to see your private offers.

  4. The rest of provisioning in the UI is no different to any other existing Red Hat image. Choose your RHEL version, and follow the prompts to provision your VM. This process also lets you accept the terms of the image at the final step.

Note

These steps so far won't enable your Red Hat Gold Image for programmatic deployment. An additional step is required as described in the "Additional information" section.

The rest of this document focuses on the CLI method to provision and accept terms on the image. The UI and CLI are fully interchangeable as far as the final result (a provisioned RHEL Gold Image VM) is concerned.

Use the Red Hat Gold Images from the Azure CLI

The following instructions walk you through the initial deployment process for a RHEL VM by using the Azure CLI. These instructions assume that you have the Azure CLI installed.

Important

Make sure you use all lowercase letters in the publisher, offer, plan, and image references for all the following commands.

  1. Check that you're in your desired subscription.

    az account show -o=json
    
  2. Create a resource group for your Red Hat Gold Image VM.

    az group create --name <name> --location <location>
    
  3. Accept the image terms.

    Option 1

    az vm image terms accept --publisher redhat --offer rhel-byos --plan <SKU value here> -o=jsonc
    

    Example

    az vm image terms accept --publisher redhat --offer rhel-byos --plan rhel-lvm87 -o=jsonc
    

    Option2

    az vm image terms accept --urn <SKU value here>
    

    Example

    az vm image terms accept --urn RedHat:rhel-byos:rhel-lvm87:8.7.2023021503
    

    Note

    These terms need to be accepted once per Azure subscription, per image SKU.

  4. (Optional) Validate your VM deployment with the following command:

    az vm create -n <VM name> -g <resource group name> --image <image urn> --validate
    

    Example:

    az vm create -n rhel-byos-vm -g rhel-byos-group --image redhat:rhel-byos:rhel-lvm8:latest --validate
    
  5. Provision your VM by running the same command as shown in the previous example without the --validate argument.

    az vm create -n <VM name> -g <resource group name> --image <image urn>
    

    Example:

    az vm create -n rhel-byos-vm -g rhel-byos-group --image redhat:rhel-byos:rhel-lvm8:latest
    
  6. SSH into your VM, and verify that you have an unentitled image. To do this step, run sudo yum repolist. For RHEL 8, use sudo dnf repolist. The output asks you to use Subscription-Manager to register the VM with Red Hat.

Note

On RHEL 8, dnf and yum are interchangeable. For more information, see the RHEL 8 admin guide.

Use the Red Hat Gold Images from PowerShell

The following script is an example. Replace the resource group, location, VM name, login information, and other variables with the configuration of your choice. Publisher and plan information must be lowercase.

Note

All versions of the AzureRM PowerShell module are outdated. The Az PowerShell module is now the recommended PowerShell module for interacting with Azure For more information, see Migrate Azure PowerShell from AzureRM to Az.

    # Variables for common values
    $resourceGroup = "testbyos"
    $location = "canadaeast"
    $vmName = "test01"

    # Define user name and blank password
    $securePassword = ConvertTo-SecureString 'TestPassword1!' -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PSCredential("azureuser",$securePassword)
    Get-AzureRmMarketplaceTerms -Publisher redhat -Product rhel-byos -Name rhel-lvm87 | Set-AzureRmMarketplaceTerms -Accept

    # Create a resource group
    New-AzureRmResourceGroup -Name $resourceGroup -Location $location

    # Create a subnet configuration
    $subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24

    # Create a virtual network
    $vnet = New-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Location
    $location `-Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig

    # Create a public IP address and specify a DNS name
    $pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location
    $location `-Name "mypublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4

    # Create an inbound network security group rule for port 22
    $nsgRuleSSH = New-AzureRmNetworkSecurityRuleConfig -Name
    myNetworkSecurityGroupRuleSSH -Protocol Tcp `
    -Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -
    DestinationAddressPrefix * `-DestinationPortRange 22 -Access Allow

    # Create a network security group
    $nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location
    $location `-Name myNetworkSecurityGroup -SecurityRules $nsgRuleSSH

    # Create a virtual network card and associate with public IP address and NSG
    $nic = New-AzureRmNetworkInterface -Name myNic -ResourceGroupName $resourceGroup -
    Location $location `-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id

    # Create a virtual machine configuration
    $vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_D3_v2 |
    Set-AzureRmVMOperatingSystem -Linux -ComputerName $vmName -Credential $cred |
    Set-AzureRmVMSourceImage -PublisherName redhat -Offer rhel-byos -Skus rhel-lvm87 -Version latest | Add-AzureRmVMNetworkInterface -Id $nic.Id
    Set-AzureRmVMPlan -VM $vmConfig -Publisher redhat -Product rhel-byos -Name "rhel-lvm87"

    # Configure SSH Keys
    $sshPublicKey = Get-Content "$env:USERPROFILE\.ssh\id_rsa.pub"
    Add-AzureRmVMSshPublicKey -VM $vmconfig -KeyData $sshPublicKey -Path "/home/azureuser/.ssh/authorized_keys"

    # Create a virtual machine
    New-AzureRmVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig