Importing the Debian 12 Cloud Image into Oracle Cloud Infrastructure

-

Overview

This guide walks through importing the official Debian 12 (Bookworm) generic cloud image into Oracle Cloud Infrastructure (OCI) as a custom image, and launching a compute instance from it. 

As of now, OCI don't have native platform images for Debian Linux. But in some scenarios, we need to use the Debian Linux image for application deployment. However, Debian is listed as a supported Linux or UNIX-like Operating System on OCI - https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/importingcustomimagelinux.htm

Source image used in this walkthrough:

https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2

⚠️ This demonstration is performed in a personal OCI tenancy using test resources only.
No customer data, environments, or screenshots are used.

High-level flow:

         Download the qcow2 in OCI Cloud Shell

         Stage the qcow2 in an Object Storage bucket

         Import the bucket object as a custom compute image

         Launch a compute instance from the custom image

         Validate via SSH and cloud-init checks


Prerequisites

         An active OCI tenancy with sufficient service limits in the target region for: Object Storage, Custom Images, Compute (E4/E5 Flex shapes), and Networking.

         A non-root compartment to hold the bucket, custom image, and compute instance.

         IAM permissions sufficient to manage object-family, instance-images, instance-family, virtual-network-family in that compartment (or use an administrator user for this lab).

         A VCN with at least one public subnet and an internet gateway, or rights to create one via the VCN Wizard.

         An SSH key pair on your workstation (public key in OpenSSH format).

         Access to the OCI Cloud Shell.

Step 1 — Download the Debian qcow2 in Cloud Shell

Open the OCI Cloud Shell from the developer tools icon in the top navigation bar of the OCI Console.



In Cloud Shell, create a working directory and download the qcow2:

mkdir -p ~/debian-import && cd ~/debian-import

wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2

ls -lh debian-12-generic-amd64.qcow2


Step 2 — Create an Object Storage bucket

In the OCI Console, navigate to:

Storage  →  Buckets
Select the target compartment, then click Create Bucket.

         Bucket Name:

         image_import

         Default Storage Tier: Standard

         Visibility: Private (default)

         Encryption: Encrypt using Oracle managed keys (default), unless your standard requires a Vault key

         All other options: default



Step 3 — Upload the qcow2 to the bucket

From the same Cloud Shell session (still in ~/debian-import), upload via OCI CLI. Cloud Shell uses a delegation token, so no profile or key configuration is required:

BUCKET=image_import

oci os object put \

  --bucket-name $BUCKET \

  --file debian-12-generic-amd64.qcow2 \

  --part-size 128
 
Verify the object is present:

oci os object list --bucket-name $BUCKET --output table




Step 4 — Import the bucket object as a Custom Image

In the OCI Console, navigate to:

Compute  →  Custom Images

Select the target compartment, then click Import Image. Fill the dialog as follows:

         Create In Compartment: target compartment

         Name: ★ debian-12-bookworm-amd64 ★

         Operating System: Linux

         Import from an Object Storage bucket: selected

         Bucket: select the debian-image-import bucket

         Object name: debian-12-generic-amd64.qcow2

         Image type: QCOW2

         Launch mode: Paravirtualized mode

Click Import Image. The image goes through an IMPORTING state while OCI converts the qcow2 to its internal format. When complete the state changes to AVAILABLE.


Step 6 — Launch a compute instance from the custom image

Navigate to:

Compute  →  Instances  →  Create Instance

Fill the instance creation form:

         Name:

          ★ debian12-bookworm-test-01 ★

         Create in compartment: target compartment

         Placement: any available availability domain in the region

         Image and shape → Image → Change Image → 'My Images' tab → select your custom image (debian-12-bookworm-amd64)

         Shape:

          VM.Standard.E4.Flex or VM.Standard.E5.Flex (AMD x86_64) — 1 OCPU and 8 GB memory is a reasonable starting point for a test instance.



Click Create. The instance moves from PROVISIONING → RUNNING



I already have one VCN with Public & Private subnet, NSG created earlier and placed this instance in the Public Subnet for this demo, attached the previously created NSG which allows SSH and ping. 

Note: for production deployments, always use private subnet and use more rescrictive NSG rules.




Step 7 — SSH to the instance and validate

Note  Debian official cloud images use the default username 'debian' (not 'opc' as with Oracle Linux). This is set in the upstream cloud-init configuration shipped in the image.

Here I have used Devolutions Remote Desktop Manager to connect


Run the following validation commands:

cat /etc/os-release

uname -a

hostnamectl

cloud-init status

ip -br addr

free -h

df -hT /

Output

Troubleshooting

Custom image import fails or stalls

         Re-verify the SHA512 of the qcow2 against the upstream SHA512SUMS file.

         Confirm the Image type was set to QCOW2 (not VMDK).

         Try re-importing in Emulated mode if Paravirtualized mode imports succeed but instances fail to boot. The launch mode set on the custom image is the default for instances launched from it.

 

Instance is RUNNING but SSH is refused or times out

         Confirm a public IPv4 was assigned (instance details → Primary VNIC → Public IP).

         Confirm the public subnet's security list or NSG allows TCP 22 from your source IP.

         Confirm your VCN has a route to 0.0.0.0/0 via an Internet Gateway in the public subnet's route table.

         Use the Console Connection / Serial Console under Instance details to view boot output and verify cloud-init injected the SSH key.

SSH connects but login is rejected for the 'debian' user

         Confirm the public key you pasted into the Create Instance form matches the private key you are using with ssh -i. If cloud-init failed to fetch the metadata, the authorized_keys file may be empty.

         Check cloud-init logs via the serial console: `sudo cat /var/log/cloud-init-output.log` and `sudo cloud-init status --long`.

 Cannot select 'Debian' as the Operating System in the Import dialog

         Expected. Choose 'Linux' as the OS family during import; the actual distro identification comes from the image's own /etc/os-release at runtime.

Conclusion

The same procedure applies to other Debian releases, Debian-derived images (e.g., Kali, Devuan), and most upstream Linux cloud images that ship in qcow2 form: stage in Object Storage, import as a custom image with Paravirtualized launch mode, and launch the compute instance with a public-key-only SSH config. The image's own cloud-init handles user creation, SSH key injection, and first-boot configuration.

About the Author

Debapriya Biswas

Oracle ACE Associate | Sr. Consultant – Cloud Technologies

Focused on OCI Compute, Networking, and Automation

















Comments

Post a Comment

Popular posts from this blog

Access Oracle OCI Object Storage through GUI Client

-
Image
 As we already know that there are several GUI clients available for Amazon AWS S3 Object storage like - S3 Browser (https://s3browser.com/), CloudBerry Explorer (https://www.msp360.com/explorer/windows/amazon-s3.aspx), CyberDuck (https://cyberduck.io/) etc. Using these tools we can easily connect to the Object Storage service, upload & download "objects" i.e files and folders and also do some advance management like Bucket Policies, Replication, Versioning, lifecycle policies etc. Now these tools can also be used with Oracle OCI Object storage, but there are some prerequisites to get the proper credentials. You need to get following information before you can connect to you OCI Object storage - Object Storage Namespace: REST Endpoint: Access Key: Secret Key ID: How to get these details - Login to your OCI Account, head over to - Hamburger Icon on left hand top corner -> Storage -> Under Object Storage & Archive -> Buckets. It will list all the buckets in thi...
Read more

Instance OS Baseline Configuration Runbook

-
Overview & Scope This runbook defines the standard baseline configuration procedure for new OCI compute instances across five supported operating system families. It is intended for use by Cloud SRE and operations personnel during initial instance provisioning. Objectives Each OS configuration procedure achieves the following baseline state: •        Set system timezone to Asia/Kolkata (IST, UTC+05:30) •        Apply all available OS security and feature updates •        Enable and configure the host-based firewall to permit SSH (Linux) or RDP (Windows) ingress exclusively from the VCN CIDR block •        Enable EPEL repository where applicable (Oracle Linux, Rocky Linux, Alma Linux) •        Create a named administrative user account separate from the default OCI-provisioned user (opc / Administrator) •   ...
Read more

Accessing OCI Compute Instances Using VNC Console (Instance Console Connection)

-
Image
  Overview In Oracle Cloud Infrastructure (OCI), administrators occasionally face scenarios where SSH access to a compute instance is unavailable —for example, due to network misconfiguration, firewall issues, or OS-level boot problems. To handle such situations, OCI provides Instance Console Connection , which enables VNC-based graphical console access and serial console access to compute instances. In this post, I demonstrate how to access an OCI Compute instance using the VNC console , explain when to use it, and highlight best practices for secure and effective troubleshooting. ⚠️ This demonstration is performed in a personal OCI tenancy using test instances. No customer environments or confidential information are exposed. Oracle Products Used Oracle Cloud Infrastructure OCI Compute Instance Console Connection OCI IAM Virtual Cloud Network (VCN) What Is Instance Console Connection? Instance Console Connection provides ou...
Read more