IBM Cloud Docs
Getting started with custom images

Getting started with custom images

A custom image contains an operating system image with specific configurations that are customized by you. You can manage the lifecycle, share the custom image, and use it to create new virtual servers or bare metal servers with your own settings and configurations. You can create a Linux® custom image, a Windows® custom image, a z/OS Wazi aaS custom image, or a generic operating system custom image.

You have a few options for creating a custom image.

When your custom image is created, you can plan and manage the lifecycle of the image by using three statuses: available, deprecated, or obsolete. For more information on these status and how to manage them, see Custom image lifecycle.

You can also share your custom images with other accounts by using a private catalog. For more information on using custom images in a private catalog, see Getting started with Catalog Images on VPC.

On the console, you can find custom images by clicking Menu icon Menu icon > VPC Infrastructure VPC icon > Compute > Images > Custom images. Images that are from a volume are part of the custom images tab.

Creating a custom image

To create a custom image, see one of the following links.

Sharing a custom image

After a custom image is created in IBM Cloud VPC, you can import it into a private catalog, and share it with other accounts with some limitations. For more information about the limitations, see VPC considerations when you use custom images in a private catalog.

Using a custom image to create a server

To create a virtual server by using a custom image, see one of the following links.

Prerequisites and limitations

Before you create a custom image, you must verify that your custom image meets the custom image requirements and that the operating system is supported.

Custom image considerations

All custom images must meet the following requirements:

  • Contain a single file or volume.
  • Be in qcow2 or vhd format.
  • Be cloud-init enabled or bootable by using ESXi kickstart.
  • Size doesn't exceed 250 GB.
  • The minimum size is 10 GB. For any image that is less than 10 GB, the size is rounded up to 10 GB.

Operating system considerations

  • Make sure that the selected operating system specifies the correct user data format type. For more information, see User data format considerations.
  • If you choose to create a custom image with your own license, specify the appropriate operating system version that appends -byol to the name when you import the image. For more information, see Bring your own license.
  • ISO images of licensed operating systems, such as Windows® and Linux®, and open source operating systems, such as CentOS and Ubuntu, aren't provided by IBM Cloud®. If you need these ISO images, you can download them from the respective vendor website.

IBM Cloud Object Storage considerations

If you plan to import an image from a file, you must provision an instance of IBM Cloud Object Storage if you don't already have one. You can then upload the file to a bucket there. You must also create an IAM authorization between the Image Service for VPC and IBM Cloud Object Storage. For more information, see Granting access to IBM Cloud Object Storage to import images.

Custom image lifecycle

You can use the UI, CLI, API, and Terraform to manage the lifecycle of your custom images with three statuses. You can move the image back and forth through all the statuses and set dates to automatically change an image status. All status changes are tracked as an Activity Tracker event. You can filter your list of images based on status to aid in clean-up or tracking of your images. For more information about making status changes, see Managing custom images.

Image lifecycle status
Image status Description
available The most current version of the stock operating system image is available. When a new version of an operating system is made available, the older version image of that guest operating system changes to deprecated. No stock operating system that reaches EOS has an available image.
deprecated Older versions of stock operating systems are deprecated. Also, any stock operating system that reached EOS is also deprecated. You can still provision an instance with these images. The UI doesn't display any deprecated images when you create an instance. These images are still visible in the CLI and API.
obsolete Images that are EOS as defined by the vendor are obsolete. You can't provision instances with these images. If you try to use an obsolete image to create an instance, you receive a message that states that you can't use the image to create an instance. This status allows a reversible disabling of an image before you delete the image.

Any image that is in deprecated or obsolete status is still billed. If you don't want to be billed for the image, you must delete it.

IBM Cloud VPC managed images can be managed only this way. Custom images that are published to a private catalog must be in available status and their statuses are maintained in the private catalog. If you try to change or schedule a change to their status in IBM Cloud VPC, the attempt fails. If a custom image is removed from a private catalog, that image retains its original private catalog status until the status is changed in IBM Cloud VPC.

Catalog image lifecycle status and the corresponding VPC status
Private catalog image status Corresponding VPC image status
published/verified available
deprecated deprecated
archived obsolete

Red Hat Enterprise Linux AI BYOL custom images

The Red Hat Enterprise AI (RHEL AI) operating system can be imported as a bring your own license (BYOL). A RHEL AI qcow2 file is available directly from Red Hat. The operating system name to use when importing the image into IBM Cloud VPC isred-ai-9-amd64-nvidia-byol. For more information, see Red Hat Enterprise Linux AI. To download the RHEL AI image, see Download Red Hat Enterprise Linux AI. You will need a Red Hat account in order to view the documentation and download the image.

For information regarding the supported profiles and use cases, see Red Hat Enterprise Linux AI hardware requirements.

For more information about importing the image into IBM Cloud VPC, see Bring your own license and Importing and validating custom images into VPC. For more information on the GPU profiles, see the x86 GPU profiles.

Generic operating system custom images

You can use a specific operating system that is not listed in IBM Cloud by specifying a generic operating system when you import a custom image. You have multiple generic operating system options. You can select a generic operating system that is based on the CPU architecture and initialization strategy appropriate for your custom image operating system.

Generic operating system custom images are supported for x86 (amd64) architecture. These images are listed in the custom images list. Bare metal server generic operating system custom images must follow requirements for all bare metal server custom images. For more information, see Bare metal server custom images.

The generic operating systems use a generic value for some of their properties, such as generic for the vendor property and Generic for the family property. When you create a generic operating system custom image, select the generic operating system based on the initialization type of the actual operating system. For more information, see User data format considerations.

When you provision a server by using a generic operating system custom image, most operating system-specific provisioning steps aren't performed, such as console setup and automatic registration. You must provide the appropriate user data if you want your generic operating system custom image to perform these steps. You are also responsible for handling licensing and related costs because IBM is not aware of the actual operating system installed.

User data format considerations

When you create a server that specifies your custom image, the initialization strategy determines how the user data is used. The user_data_format property of an image specifies this initialization strategy. This property is set from the image operating system user_data_format property, which contains one of the following values.

  • cloud_init

  • esxi_kickstart (This value works only for bare metal servers.)

  • For cloud-init, user data and SSH keys are provided to the operating system on a cloud-init disk. A default user account is not created. You must use your SSH key to log in unless you set up another login mechanism through cloud-init. For virtual server instances, you might need to set up networking during initialization. For example,

    See Creating a custom Linux image or Creating a custom Windows image documentation for details about using cloud-init data.

  • For ESXi kickstart, user data is provided to the operating system in a kickstart script. A default user account is created. Retrieve the server's initialization data to obtain the generated password. See VMware documentation for details of kickstart scripts.

Use security best practices to limit access to any files that you expose on the internet.

Bare metal server custom images

Bare metal servers have some limitations that you need to be aware of.

  • Encrypted images aren't supported.

To create a custom image for bare metal servers, the custom image must support the following information:

  • UEFI boot
    • UEFI boot requires a dedicated EFI partition that contains EFI firmware. Traditional BIOS boot isn't supported.
  • Pensando iconic network device drivers
  • Intel chip set device drivers
    • These device drivers are usually part of the default kernel build options. Windows requires extra device drivers, but you can install these drivers later.

For more information, see Custom Linux kernel build options for bare metal servers.

For more information about bare metal server images, see Bare metal server images.

Secure boot-supported custom images

Select availability

Secure boot helps make sure that the system runs only authentic software by verifying the digital signature of all boot components. Secure boot halts the boot process if the signature verification fails. Secure boot prevents the loading of unsigned or malicious code during boot.

Custom images that support secure boot have some requirements that you need to be aware of.

  • UEFI boot
    • UEFI boot requires a dedicated EFI partition that contains EFI firmware. Traditional BIOS boot is not supported.
  • GPT partitioned disk

You can verify that the image successfully booted in secure boot mode by using the following mokutil command.

mokutil --sb-state

For more information about secure boot, see Confidential computing with secure boot for Virtual Servers for VPC.

z/OS Wazi aaS custom images

You can use IBM Wazi Image Builder to create your own custom z/OS-based IBM Wazi as a Service (Wazi aaS) image and import the custom image into IBM Cloud® Virtual Private Cloud.

IBM Wazi Image Builder is a separately orderable product from IBM Passport Advantage. Extra requirements are needed to use Wazi Image Builder. The image cost is the premium that is applied to cover the cost of technologies that allows for z/OS dev and test images to run on IBM Z hardware on IBM’s cloud infrastructure as a service layer.

The z/OS Wazi aaS custom image must meet the following requirements:

  • qcow2 format
  • z/OS 2.4 or z/OS 2.5 operating system

For more information, see Bringing your own image with Wazi Image Builder.

More information about custom images