22.08.2017

Customizing a CoreOS image/iso: Ignition

After the first steps with coreos (virtualbox installation) and a successful ssh login, it is clear, that the coreos image has to be customized. If not, every reboot will clean up every configuration provided after reboot.

CoreOS provides a coreos-install script to do this.
coreos-install -help
Usage: ./coreos-install [-C channel] -d /dev/device
Options:
    -d DEVICE   Install Container Linux to the given device.
    -V VERSION  Version to install (e.g. current) [default: current]
    -B BOARD    Container Linux board to use [default: amd64-usr]
    -C CHANNEL  Release channel to use (e.g. beta) [default: stable]
    -o OEM      OEM type to install (e.g. ami) [default: (none)]
    -c CLOUD    Insert a cloud-init config to be executed on boot.
    -i IGNITION Insert an Ignition config to be executed on boot.
    -b BASEURL  URL to the image mirror (overrides BOARD)
    -k KEYFILE  Override default GPG key for verifying image signature
    -f IMAGE    Install unverified local image file to disk instead of fetching
    -n          Copy generated network units to the root partition.
    -v          Super verbose, for debugging.
    -h          This ;-)

This tool installs CoreOS Container Linux on a block device. If you PXE booted
Container Linux on a machine then use this tool to make a permanent install.
First you have to add a 8GB partition to your core os installation:

 

Then enable ssh login (please refer to this posting). And transfer the coreos-install script and the following ingnition.json file:
{
  "ignition": {
    "version": "2.0.0",
    "config": {}
  },
  "storage": {},
  "systemd": {},
  "networkd": {},
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa AAAAB3NzaC....  "
        ]
      }
    ]
  }
}
Please use this validator to check your ignition.json!
And here we go:
core@localhost ~ $ ./coreos-install -d /dev/sda -i ignition.json
./coreos-install: Target block device (/dev/sda) is not writable (are you root?)
Ok.
sudo bash
bash-4.3#./coreos-install -d /dev/sda -i ignition.json
Downloading the signature for https://stable.release.core-os.net/amd64-usr/1409.6.0/coreos_production_image.bin.bz2...
wget --no-verbose -O /tmp/coreos-install.JROwzOsi1W/coreos_production_image.bin.bz2.sig https://stable.release.core-os.net/amd64-usr/1409.6.0/coreos_production_image.bin.bz2.sig
2017-08-22 19:01:28 URL:https://stable.release.core-os.net/amd64-usr/1409.6.0/coreos_production_image.bin.bz2.sig [543/543] -> "/tmp/coreos-install.JROwzOsi1W/coreos_production_image.bin.bz2.sig" [1]
Downloading, writing and verifying coreos_production_image.bin.bz2...
2017-08-22 19:02:31 URL:https://stable.release.core-os.net/amd64-usr/1409.6.0/coreos_production_image.bin.bz2 [288249718/288249718] -> "-" [1]
gpg: Signature made Thu Jul  6 01:34:01 2017 UTC
gpg:                using RSA key 07FA9ED31CB5FA26
gpg: key 50E0885593D2DCB4 marked as ultimately trusted
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "CoreOS Buildbot (Offical Builds) " [ultimate]
Installing Ignition config ignition.json...
Success! CoreOS Container Linux stable 1409.6.0 is installed on /dev/sda
Then umount the cd drive from your coreos virtual machine:



and reboot:
But this does not work:

Failed to start Ignition (disks)
and
See 'systemctl status ignition-disks.service'

Hmmm... I found nothing with google, so i file an issue at github:
https://github.com/coreos/bugs/issues/2118
And got a the solution within 6 minutes!!!

I missed the closing quite in line 14:
"ssh-rsa AAAAB3NzaC....  "
And now it worked:


Really cool...

If you are interested in more details please check this site:

Keine Kommentare:

Kommentar veröffentlichen