Rocky Linux provides official GenericCloud qcow2 images ready for deployment on OpenStack, KVM, and QEMU. These pre-built images work out of the box with cloud-init for automated provisioning. For environments that need custom packages, hardened configs, or specific partitioning, you can build your own qcow2 image using RHEL Image Builder (composer-cli) or customize the official image with virt-customize.
This guide covers three methods to get a Rocky Linux 10 qcow2 image – downloading the official GenericCloud image, building a custom image with Image Builder, and customizing images with virt-customize. We also cover uploading the final image to OpenStack Glance.
Prerequisites
- A Linux workstation running Rocky Linux 10, RHEL 10, AlmaLinux 10, Fedora 42, or Ubuntu 24.04
- Root or sudo access
- At least 10 GB free disk space
- For Method 2 (Image Builder): Rocky Linux 10 or RHEL 10 host required
- For OpenStack upload: python-openstackclient installed and credentials sourced
Method 1: Download Official Rocky Linux 10 GenericCloud Qcow2 Image
The fastest way to get a Rocky Linux 10 qcow2 image is to download the official GenericCloud build from rockylinux.org/download. These images ship with cloud-init pre-installed and are optimized for cloud and virtualization platforms.
Step 1: Download the GenericCloud image
Two variants are available – a standard partition layout and an LVM-based layout. Download the one that fits your environment.
# Standard partitioning (recommended for most deployments)
wget https://dl.rockylinux.org/pub/rocky/10/images/x86_64/Rocky-10-GenericCloud-Base.latest.x86_64.qcow2
# LVM-based partitioning (if you need flexible volume management)
wget https://dl.rockylinux.org/pub/rocky/10/images/x86_64/Rocky-10-GenericCloud-LVM.latest.x86_64.qcow2Step 2: Verify the image checksum
Always verify the download integrity before deploying to production.
wget https://dl.rockylinux.org/pub/rocky/10/images/x86_64/CHECKSUMVerify the checksum against the downloaded image.
sha256sum -c CHECKSUM --ignore-missingExpected output.
Rocky-10-GenericCloud-Base.latest.x86_64.qcow2: OKStep 3: Inspect the image
Check the image details with qemu-img.
qemu-img info Rocky-10-GenericCloud-Base.latest.x86_64.qcow2You can also use virt-filesystems to list the partitions inside the image. Install libguestfs-tools first if not already present.
# RHEL / Rocky / AlmaLinux
sudo dnf install -y libguestfs-tools
# Ubuntu / Debian
sudo apt install -y libguestfs-toolsList filesystems in the image.
virt-filesystems --long -h --all -a Rocky-10-GenericCloud-Base.latest.x86_64.qcow2Method 2: Build Custom Rocky Linux 10 Qcow2 Image with Image Builder
RHEL Image Builder (composer-cli) lets you create custom qcow2 images with specific packages, users, and configurations baked in. This is the recommended approach when you need reproducible, customized images for your infrastructure.
Step 1: Install Image Builder packages
Image Builder requires osbuild-composer and composer-cli. Install them on your Rocky Linux 10 or RHEL 10 host.
sudo dnf install -y osbuild-composer composer-cliEnable and start the osbuild-composer service.
sudo systemctl enable --now osbuild-composer.socketVerify the service is running.
sudo systemctl status osbuild-composer.socketStep 2: Create a blueprint
Blueprints define what goes into your image – packages, users, services, firewall rules, and more. Create a TOML blueprint file.
sudo vi rocky10-cloud.tomlAdd the following blueprint configuration.
name = "rocky10-cloud"
description = "Rocky Linux 10 cloud image for OpenStack and KVM"
version = "1.0.0"
distro = "rocky-10"
[[packages]]
name = "cloud-init"
version = "*"
[[packages]]
name = "cloud-utils-growpart"
version = "*"
[[packages]]
name = "openssh-server"
version = "*"
[[packages]]
name = "vim-enhanced"
version = "*"
[[packages]]
name = "dnf-utils"
version = "*"
[[packages]]
name = "tar"
version = "*"
[[packages]]
name = "rsync"
version = "*"
[[packages]]
name = "bash-completion"
version = "*"
[customizations]
hostname = "rocky10"
[[customizations.user]]
name = "rocky"
groups = ["wheel"]
password = "$6$rounds=4096$randomsalt$hashedpasswordhere"
[customizations.services]
enabled = ["sshd", "cloud-init", "cloud-init-local", "cloud-config", "cloud-final"]
[customizations.firewall.services]
enabled = ["ssh"]Step 3: Push the blueprint and build the image
Push the blueprint to the composer service.
sudo composer-cli blueprints push rocky10-cloud.tomlVerify it was loaded correctly.
sudo composer-cli blueprints show rocky10-cloudCheck for dependency errors before building.
sudo composer-cli blueprints depsolve rocky10-cloudStart the image build. The output type qcow2 produces a KVM/OpenStack-compatible disk image.
sudo composer-cli compose start rocky10-cloud qcow2The build runs in the background. Monitor progress with the status command.
sudo composer-cli compose statusWait until the status shows FINISHED. This typically takes 5-15 minutes depending on the number of packages.
Step 4: Download the built image
Once the build finishes, download the qcow2 image. Replace the UUID with the compose ID from the status output.
sudo composer-cli compose image <COMPOSE-UUID>The image is saved to your current directory. Rename it for clarity.
mv *.qcow2 rocky10-custom.qcow2Customize Rocky Linux 10 Qcow2 Image with virt-customize
Whether you downloaded the official GenericCloud image or built one with Image Builder, you can further customize it using virt-customize. This tool modifies disk images without booting them – it mounts the image and applies changes directly to the filesystem.
Step 1: Install libguestfs-tools
Skip this if you already installed it earlier.
# RHEL / Rocky / AlmaLinux
sudo dnf install -y libguestfs-tools
# Ubuntu / Debian
sudo apt install -y libguestfs-toolsStep 2: Set root password and install packages
Use virt-customize to set the root password, install additional packages, and enable services – all in a single command.
sudo virt-customize -a Rocky-10-GenericCloud-Base.latest.x86_64.qcow2 \
--root-password password:YourStrongPassword \
--install vim-enhanced,bash-completion,wget,bind-utils,net-tools \
--run-command 'systemctl enable sshd' \
--run-command 'sed -i "s/^#PermitRootLogin.*/PermitRootLogin yes/" /etc/ssh/sshd_config' \
--selinux-relabelKey flags explained:
| Flag | Purpose |
|---|---|
--root-password password:VALUE | Sets the root password in the image |
--install PKG1,PKG2 | Installs packages using dnf inside the image |
--run-command 'CMD' | Runs a shell command inside the image |
--selinux-relabel | Relabels SELinux contexts (required for RHEL-based images) |
--ssh-inject USER:file:KEY | Injects an SSH public key for the specified user |
Step 3: Inject SSH keys
For passwordless SSH access, inject your public key into the image.
sudo virt-customize -a Rocky-10-GenericCloud-Base.latest.x86_64.qcow2 \
--ssh-inject root:file:/home/your-user/.ssh/id_rsa.pub \
--selinux-relabelStep 4: Add a non-root user
Create a regular user with sudo privileges and inject their SSH key.
sudo virt-customize -a Rocky-10-GenericCloud-Base.latest.x86_64.qcow2 \
--run-command 'useradd -m -s /bin/bash -G wheel rocky' \
--password rocky:password:YourUserPassword \
--ssh-inject rocky:file:/home/your-user/.ssh/id_rsa.pub \
--selinux-relabelStep 5: Resize the image disk (optional)
The default GenericCloud image has a small virtual disk size. Resize it if your workloads need more space.
qemu-img resize Rocky-10-GenericCloud-Base.latest.x86_64.qcow2 20GThe guest filesystem will expand automatically on first boot if cloud-init and growpart are present in the image.
Upload Rocky Linux 10 Qcow2 Image to OpenStack Glance
Once the qcow2 image is ready, upload it to OpenStack Glance so it can be used to launch instances.
Step 1: Source your OpenStack credentials
Source the RC file for your OpenStack project.
source ~/admin-openrc.shStep 2: Upload the image to Glance
openstack image create \
--disk-format qcow2 \
--container-format bare \
--public \
--file Rocky-10-GenericCloud-Base.latest.x86_64.qcow2 \
"Rocky-Linux-10-GenericCloud"Step 3: Verify the image upload
Confirm the image is active in Glance.
openstack image list --name Rocky-Linux-10-GenericCloudYou should see the image with status active. Set additional metadata properties to help with instance scheduling and driver selection.
openstack image set \
--property hw_disk_bus=virtio \
--property hw_vif_model=virtio \
--property os_type=linux \
--property os_distro=rocky \
--property os_version=10 \
"Rocky-Linux-10-GenericCloud"Step 4: Launch a test instance
Boot a test VM from the uploaded image to confirm it works. Replace the flavor, network, and key-name with values from your environment.
openstack server create \
--image "Rocky-Linux-10-GenericCloud" \
--flavor m1.small \
--network private-net \
--key-name mykey \
rocky10-testCheck that the instance reaches ACTIVE status.
openstack server show rocky10-test -c status -c addressesLaunch Rocky Linux 10 Qcow2 Image on KVM
To run the image directly on a KVM hypervisor without OpenStack, copy it to the libvirt images directory and create a VM with virt-install.
sudo cp Rocky-10-GenericCloud-Base.latest.x86_64.qcow2 /var/lib/libvirt/images/rocky10.qcow2Resize the image if needed.
sudo qemu-img resize /var/lib/libvirt/images/rocky10.qcow2 20GCreate the VM using virt-install with the imported disk.
sudo virt-install \
--name rocky10-vm \
--memory 2048 \
--vcpus 2 \
--import \
--disk /var/lib/libvirt/images/rocky10.qcow2,bus=virtio \
--network bridge=virbr0,model=virtio \
--os-variant rocky10 \
--graphics none \
--noautoconsoleThe --import flag tells virt-install to skip the installation phase and boot directly from the existing disk image. Verify the VM is running.
sudo virsh list --allAccess the console.
sudo virsh console rocky10-vmConclusion
We covered three approaches to get a Rocky Linux 10 qcow2 image – downloading the official GenericCloud build for quick deployments, building a fully custom image with Image Builder for reproducible infrastructure, and customizing existing images with virt-customize. The official GenericCloud image works for most use cases, while Image Builder gives you full control over the image contents when standardization matters.
For production environments, disable root SSH login after injecting user keys, configure SELinux in enforcing mode, and set up automated image rebuilds to keep your base images patched.
