Installing RHEL 8 on Hetzner root servers

Hetzner is a very popular provider for so-called root servers and VPS (Virtual private Servers) located in Germany with data centers in Germany and Finland. They are quite affordable and have good services as well.

The default installation image, sorry Hetzner, is crap (i.e. no logical volumes). The rescue system is not only a nice tool to recover from botched system configurations, but it also comes with an image installer which allows users to install a custom system. The default selection is Arch, CentOS 7.6, some Debian and Ubuntu versions but no CentOS8 or even RHEL of any version.

Game over? No, you can create an own image, just put it on a web server and configure the installation accordingly.

Create your image

I just installed a VM from the ISO image that can be downloaded here.

Select the “Minimal” installation, register the machine at Red Hat with subscription-manager register, attach the RHEL OS with subscription-manager attach –auto and install tar and mdadm.

Caution! You need to put the image on a public available web space! Unregister your system and delete the SSH host keys!

subscription-manager unregister
subscription-manager clean
rm -rf /etc/ssh/ssh_host_*

An other important fact is that the Hetzner installer only knows about CentOS and only about version 7. On CentOS8 and RHEL8, the dracut binary is located elsewhere than on RHEL7, you need to create a Symlink.

[root@localhost /]# ln -s /usr/bin/dracut /sbin/dracut

For the same reason you need to name the tarball CentOS-<something>

The next step is to create the tarball. Important to know is that the tarball must not contain /dev, /proc and /sys folders.

[root@localhost /]# tar cJvf CentOS-80-el-x86_64-minimal.tar.xz --exclude=/dev/* --exclude=/proc/* --exclude=/sys/* --exclude=/CentOS-80-el-x86_64-minimal.tar.xz /

Copy the resulting tarball to a public web space:

[root@localhost /]# scp CentOS-80-el-x86_64-minimal.tar.xz blog.delouw.ch:/var/www/html/blog.delouw.ch/pub

Yes, you can use my image if you like: http://blog.delouw.ch/pub/CentOS-80-el-x86_64-minimal.tar.xz

Reboot your server into the rescue mode

Point your browser to https://robot.your-server.de/server, select your server, click on “Rescue” on the server menue, select “64 bit” and click on “Activate Rescue System”. The root password will be shown which will be needed to log in to the system.

Configure the installer

Configuring the installer is straight forward. Create a file called config.txt with the following content:

DRIVE1 /dev/sda
DRIVE2 /dev/sdb
SWRAID 1
SWRAIDLEVEL 1
BOOTLOADER grub
HOSTNAME localhost.localdomain
PART /boot ext2     1024M
PART lvm   rhel       all

LV rhel   root   /       xfs     20G
LV rhel   swap   swap    swap     16G
LV rhel   tmp    /tmp    xfs      1G
LV rhel   home   /home   xfs      4G
LV rhel   var   /var   xfs      4G
LV rhel   var_log   /var/log   xfs      4G
LV rhel   var_log_audit   /var/log/audit   xfs      4G

IMAGE http://blog.delouw.ch/pub/CentOS-80-el-x86_64-minimal.tar.xz

The partitioning is according to PCI-DSS. Note that the installer can not set the mount options needed by PCI-DSS (and a lot of other regularities).

Side note: The Hetzner installer refuses to install the image if /boot is of type xfs. You need to choose ext2,3 or ext4. I’m using ext2 as this is the most efficient file system, fsck on unclean shutdown for 1GByte takes just a few seconds, it does not matter.

Run the installer

Just run it and expect an error….

installimage -a -c config.txt

Hetzner Installer

The installer tries to install some packages which will, of course, fail as the system is not registered to RHSM yet.

[14:26:11] # Running some centos specific functions
[14:26:11] # chroot: chkconfig iptables off
[14:26:11] :   error reading information on service iptables: No such file or directory
[14:26:11] # chroot: chkconfig ip6tables off
[14:26:11] :   error reading information on service ip6tables: No such file or directory
[14:26:11] # chroot: chkconfig postfix off
[14:26:11] :   error reading information on service postfix: No such file or directory
[14:26:11] # Testing and setup of cpanel image
[14:26:11] # chroot: yum check-update
[14:26:12] :   Updating Subscription Management repositories.
[14:26:12] :   Unable to read consumer identity
[14:26:12] :   This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
[14:26:12] :   Error: There are no enabled repos.
[14:26:12] # chroot: yum -y install polkit
[14:26:12] :   Updating Subscription Management repositories.
[14:26:12] :   Unable to read consumer identity
[14:26:12] :   This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
[14:26:13] :   Error: There are no enabled repos.
[14:26:13] => FAILED
[14:26:13] :   report install.conf to rz-admin: 1281870
[14:26:13] :   report debug.txt to rz-admin: ok
[14:26:13] cleaning up

You can just ignore that error messages, it does not matter.

Finalizing

Reboot the system and log in with the root password provided for the rescue system when activating the rescue system at https://robot.your-server.de/server.

Change the password (needless to say?)

Continue to configure the system according to your needs.

Have fun 🙂

3 thoughts on “Installing RHEL 8 on Hetzner root servers

  1. Sascha Siekmann says:

    Hi Luc, thanks for this document. I just now installed RHEL 9.2 on a Hetzner server, but got a few errors due to the gpg signatures now required. Hetzner seems to require signed images now.

    [21:00:33] # Downloading image (http)
    [21:02:07] : gpg: key 8DCF370A053D922B: public key “Siekmann signing key ” imported
    [21:02:07] : gpg: Total number processed: 1
    [21:02:07] : gpg: imported: 1
    [21:02:07] # Validating image before starting extraction
    [21:02:11] : gpg: Signature made Thu 03 Aug 2023 08:45:35 PM CEST
    [21:02:11] : gpg: using RSA key CDDDB0D1ED9CCBFEBFF269518DCF370A053D922B
    [21:02:11] : gpg: Good signature from “Siekmann signing key ” [unknown]
    [21:02:11] : gpg: WARNING: This key is not certified with a trusted signature!
    [21:02:11] : gpg: There is no indication that the signature belongs to the owner.
    [21:02:11] : Primary key fingerprint: CDDD B0D1 ED9C CBFE BFF2 6951 8DCF 370A 053D 922B
    [21:02:11] # Extracting image (http)

    In order to sign your image, perform the following steps:

    gpg –full-generate-key
    gpg –output CentOS-80-el-x86_64-minimal.tar.xz.sig –detach-sig CentOS-80-el-x86_64-minimal.tar.xz
    gpg –output CentOS-80-el-x86_64-minimal.tar.xz.asc –armor –export sascha@MYEMAIL

    Finally, Copy CentOS-80-el-x86_64-minimal.tar.xz, CentOS-80-el-x86_64-minimal.tar.xz.sig and public-key.asc to web server. That should do it.

    Kind regards,

    Sascha.

Leave a Reply

Your email address will not be published. Required fields are marked *