If you have virtual disks in your on-premises environment with software and configurations that you need (sometimes referred to as golden disks or golden images), you can save time by importing those virtual disks into Compute Engine and using the resulting image to create virtual machines. The import tool supports most virtual disk file formats, including VMDK and VHD.
If you exported your disk from Compute Engine, you can create images from the disk.
For information about how to create an automated system for migrating several virtual machines (VMs), see Migrating VMs to Compute Engine.
Before you begin
- If you want to use the command-line examples in this guide:
- Install or update to the latest version of the gcloud command-line tool.
- Set a default region and zone.
Enable the Cloud Build API
The virtual appliance import tool uses Cloud Build. Enable the Cloud Build service in your project, and grant the Cloud Build service account permissions to create and manage compute resources.
Console
Enable the Cloud Build API.
When you enable the Cloud Build API from the console, Compute Engine grants the Cloud Build service account the following roles so that the Cloud Build service can import instances into Compute Engine:
roles/iam.serviceAccountTokenCreatorroles/compute.adminroles/iam.serviceAccountUser
The import tool also uses the default Compute Engine service account. By default, the Compute Engine service account has the Cloud IAM project editor role. If this role is removed, the import process might fail. To add the role back to the service account, see Granting access. For more information about the Compute Engine default service account, see Compute Engine default service account.
gcloud
To set up the Cloud Build service using gcloud command-line tool, complete the
following steps:
Enable Cloud Build.
gcloud services enable cloudbuild.googleapis.com
The import tool also uses the default Compute Engine service account. By default, the Compute Engine service account has the Cloud IAM project editor role. If this role is removed, the import process might fail. To add the role back to the service account, see Granting access. For more information about the Compute Engine default service account, see Compute Engine default service account.
Add the
compute.adminrole to the service account for the Cloud Build API.gcloud projects add-iam-policy-binding project-id \ --member serviceAccount:project-num@cloudbuild.gserviceaccount.com \ --role roles/compute.admin
Add the
iam.serviceAccountUserrole to the service account for the Cloud Build API.gcloud projects add-iam-policy-binding project-id \ --member serviceAccount:project-num@cloudbuild.gserviceaccount.com \ --role roles/iam.serviceAccountUser
Add the
iam.serviceAccountTokenCreatorrole to the service account for the Cloud Build API.gcloud projects add-iam-policy-binding project-id \ --member serviceAccount:project-num@cloudbuild.gserviceaccount.com \ --role roles/iam.serviceAccountTokenCreator
Replace the following:
project-id: The projectID for your project.project-num: The project number for your project.
Supported operating systems
For your virtual disks to be bootable on Compute Engine, they must run one of the following operating systems.
- Linux operating systems:
- CentOS 6, CentOS 7
- Debian 8, Debian 9
- Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7
- Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
- Windows operating systems:
- Windows Server 2008 R2
- Windows Server 2012, Windows Server 2012 R2,Windows Server 2012 R2 Core
- Windows Server 2016, Windows Server 2016 Core
- Windows Server 2019, Windows Server 2019 Core
- Windows 7 SP1 x64 (supported for BYOL only)
- Windows 8 SP1 x64 (supported for BYOL only)
- Windows 10 Enterprise x64 (supported for BYOL only)
Limitations
This feature has the following limitations:
- Linux virtual disks must use
grubas the bootloader. - UEFI bootloaders are not supported for either Windows or Linux.
- Linux virtual disks must meet the same requirements as custom OS images, including support for Virtio-SCSI Storage Controller devices.
- When installed on Windows virtual disks, application-whitelisting software, such as Cb Protection by Carbon Black, can cause the import process to fail. You might need to uninstall such software prior to import.
- If you are importing a virtual disk running RHEL, bring your own license (BYOL) is supported only if the python-boto package is installed on the virtual disk prior to import.
- Operating systems on virtual disks must support ACPI.
Permissions
The image import tool performs several steps when you import a virtual disk file including uploading your file to Cloud Storage, creating a new bucket if necessary, downloading the file to Compute Engine, and then creating an image in Compute Engine from the disk file. This process happens automatically. To enable a seamless experience when using this feature, Google recommends that your account have the following roles:
roles/storage.adminroles/viewerroles/resourcemanager.projectIamAdmin
The import process uses the
default Compute Engine Service account
as part of its workflow. By default, this account has the roles/editor
permission, which is sufficient for the process. However, if you have modified
the default roles and permissions for the Compute Engine
Service account, ensure that the service account still has the following roles
applied:
roles/compute.storageAdminroles/storage.objectViewer
Importing virtual disks
Checking for compatibility
Before you attempt to import the disk for your VM, download and run the precheck tool inside your VM. The precheck tool scans for any compatibility issues that might cause the import process to fail or the disk to not work properly on Compute Engine.
Importing a bootable virtual disk
Console
- In the Google Cloud Console, upload the virtual disk file to Cloud Storage.
- Go to the Create an image page .
- Specify a Name for your image.
- Under Source, select Virtual disk (VMDK, VHD,..).
- Browse to or manually input the storage location for the Cloud Storage file.
Select the operating system that is available on the imported disk. You can also make the following changes:
You can choose to Install guest packages. Google recommends that you install the guest environment. For more information about the guest environment, see guest environment.
For Windows or Red Hat Enterprise Linux (RHEL) operating systems, you can also choose a licensing option. You can either allow Compute Engine to provide a license or you can bring your own license. For more information about bringing your own license on Windows, see Bring your own license.
(Optional) Specify additional properties for your image. For example, you can organize this image as part of an image family.
Click Create to import the image.
gcloud
Use the gcloud compute images import
command to create a bootable Compute Engine image. Although
Compute Engine can boot most boot disk images, the import
command ensures that the disk has the required drivers and latest
guest environment
packages, which are required to start an instance and connect to it using
SSH or RDP.
You can import virtual disk files from either a Cloud Storage bucket or from your local workstation.
If you import the virtual disk file from your workstation, the import tool automatically uploads the file to a Cloud Storage bucket for you.
If you prefer, you can upload the virtual disk file to Cloud Storage yourself before you start the import process, but you must upload the file to a storage bucket in the same project that will be used for the import process.
gcloud beta compute images import image-name \
--source-file source-file \
--os os
Replace the following:
image-name: The name of your destination image.source-file: Your virtual disk file. It can be a local file or a file stored in Cloud Storage. If your virtual disk is a local file, you can provide an absolute or relative path. If your virtual disk file is already stored in Cloud Storage, the file must exist in a storage bucket in the project that is used for the import process, and you must specify the full path of the file in thegs://bucket-name/object-nameformat.os: The operating system of the--source-file. It must either be a BYOL-licensed image or one of the following:centos-6,centos-7debian-8,debian-9rhel-6,rhel-7ubuntu-1404,ubuntu-1604windows-2008r2,windows-2012,windows-2012r2,windows-2016, orwindows-2019
Support for bring your own license (beta)
By default, virtual disks that use Windows Server and Red Hat Enterprise Linux (RHEL) operating systems are imported and configured as premium OS images that incur additional charges.
If you want to use your own software subscriptions for RHEL, you can import the disks as bring your own license BYOL-licensed images by specifying one of the following BYOL values for the
--osflag:rhel-6-byolrhel-7-byol
If you want to bring your own license for Windows, you can import the disks as BYOL-licensed images by specifying one of the following BYOL values for the
--osflag:windows-2008r2-byolwindows-2012-byolwindows-2012r2-byolwindows-2016-byolwindows-2019-byolwindows-7-byolwindows-8-1-x64-byolwindows-10-byol
If you specify a local file, the upload operation can take a long time depending on the size of your virtual disk and the speed of your network connection. The import operation can take tens of minutes to run depending on the size of the disk.
Sample command
The following example imports a debian-9 virtual disk named my_server.vmdk
stored in gs://your_gcs_bucket.
gcloud beta compute images import my-imported-image \
--source-file gs://your_gcs_bucket/my_server.vmdk \
--os debian-9
Optional parameters
By default
guest environment packages
are added to all imported boot disk images. If you do not want these
packages, add the --no-guest-environment flag to your import command.
Importing a non-bootable virtual disk
Console
- In the Google Cloud Console, upload the virtual disk file to Cloud Storage.
- Go to the Create an image page.
- Specify a Name for your image.
- Under Source, select Virtual disk (VMDK, VHD, ...).
- Browse to or manually input the storage location for the Cloud Storage file.
- Under operating system, select No operating system. Data only.
- (Optional) Specify additional properties for your image. For example, you can organize this image as part of an image family.
- Click Create to import the image.
gcloud
You can use the gcloud compute images import
command to create a non-bootable Compute Engine image.
If your virtual disk does not have a bootable operating system
installed on it,
you can still import it using the --data-disk flag in place of the --os
flag. This skips over the step that installs drivers and guest environment
packages to make the image bootable on Compute Engine.
gcloud compute images import image-name \
--source-file source-file \
--data-disk
Replace the following:
image-name: The name of your destination image.source-file: Your virtual disk file. It can be a local file or a file stored in Cloud Storage. If your virtual disk is a local file, you can use an absolute or relative path. If your virtual disk file is already stored in Cloud Storage, the file must exist in a storage bucket in the project that is used for the import process, and you must specify the full path of the file in thegs://bucket-name/object-nameformat.
Sample command
The following example imports a virtual disk named my-disk.vmdk
stored in gs://my-gcs-bucket/.
gcloud compute images import my-imported-image \
--source-file gs://my-gcs-bucket/my-disk.vmdk \
--data-disk
Making an image bootable
If you have a Compute Engine custom image that has a bootable operating system on it but does not have the necessary Compute Engine drivers or guest environment packages, you can use the image import tool to make that image bootable on Compute Engine.
Use the --source-image flag to specify a custom image to make bootable,
instead of using the --source-file flag that specifies a new disk to import.
gcloud compute images import image-name \
--source-image source-image-name \
--os os
Replace the following:
image-name: The name of your destination image.source-image-name: The name of your source image.os: The operating system of the--source-image. This must be a BYOL-licensed image or one of the following:centos-6,centos-7debian-8,debian-9rhel-6,rhel-7ubuntu-1404,ubuntu-1604windows-2008r2,windows-2012,windows-2012r2,windows-2016orwindows-2019
Support for bring your own license
If you are using your own software subscriptions from RHEL, you can make the bring your own license BYOL-licensed image bootable by specifying one of the following BYOL values for the
--osflag:rhel-6-byolrhel-7-byol
If you are using a bring your own license image for Windows, you can make the BYOL-licensed image bootable by specifying one of the following BYOL values for the
--osflag:windows-2008r2-byolwindows-2012-byolwindows-2012r2-byolwindows-2016-byolwindows-2019-byolwindows-7-byolwindows-8-1-x64-byolwindows-10-byol
Sample command
The following example turns a Compute Engine image named
my-image into a bootable image named my-bootable-image.
In this example, the operating system installed on the image is Ubuntu 16.04.
gcloud compute images import my-bootable-image --source-image=my-image --os=ubuntu-1604
Resource cleanup
Files stored on Cloud Storage and images in Compute Engine incur charges. The import tool imports the virtual disk file to Cloud Storage and creates one Compute Engine custom image.
After you verify that the image is imported correctly and that it boots
correctly as a Compute Engine instance, you can delete the virtual
disk file from Cloud Storage. The tool prints the URI of the file as
it uploads it to Cloud Storage. This URI has the following form:
gs://bucket-name/tmpimage/image-name.
If you imported an image using the --data-disk flag and then ran the
import tool a second time with the --source-image flag to make that image
bootable, then the first image still exists. If you have no need for it,
consider deleting that image. If you specify the same image name for both
the --image and --source-image flags, then the image is
automatically overwritten and no further cleanup is required.
What's next
- Create a new VM instance that uses your bootable image.
- Share your image across projects.
