-
Notifications
You must be signed in to change notification settings - Fork 130
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Provisioning: Add Oracle Cloud Infrastructure
Use: #651
- Loading branch information
Showing
2 changed files
with
287 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,286 @@ | ||
= Provisioning Fedora CoreOS on Oracle Cloud Infrastructure (OCI) | ||
|
||
This guide shows how to provision new Fedora CoreOS (FCOS) nodes on Oracle Cloud Infrastructure. | ||
Fedora CoreOS images are currently not published directly on Oracle Cloud Infrastructure. | ||
Thus you must download a Fedora CoreOS QEMU (QCWO2) image, convert it to an Oracle Cloud Infrastructure image and then upload it to your Oracle Cloud Infrastructure account as a https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/importingcustomimagelinux.htm[custom image]. | ||
|
||
== Prerequisites | ||
|
||
Before provisioning an FCOS machine, you must have an Ignition configuration file containing your customizations. | ||
If you do not have one, see xref:producing-ign.adoc[Producing an Ignition File]. | ||
|
||
NOTE: Fedora CoreOS has a default `core` user that can be used to explore the OS. | ||
If you want to use it, finalize its xref:authentication.adoc[configuration] by providing e.g. an SSH key. | ||
|
||
// If you do not want to use Ignition to get started, you can make use of the https://coreos.github.io/afterburn/platforms/[Afterburn support]. | ||
|
||
You also need to have access to an Oracle Cloud Infrastructure account. | ||
The examples below use the https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm[oci] command-line tool and https://stedolan.github.io/jq/[jq] as a command-line JSON processor. | ||
|
||
NOTE: This guide currently only covers Virtual Machine shapes and not Bare Metal ones. See https://github.com/coreos/fedora-coreos-tracker/issues/414#issuecomment-1795808614[this issue for details]. | ||
|
||
== Creating an Oracle Cloud Infrastructure custom image | ||
|
||
Fedora CoreOS is designed to be updated automatically, with different schedules per stream. | ||
|
||
. Once you have picked the relevant stream, find the QEMU image on the https://fedoraproject.org/coreos/download/?stream=stable#cloud_images[download page] and download it on your system. | ||
|
||
. Copy paste the following Bash script into a file name `convert-image.sh`: | ||
+ | ||
.QEMU to Oracle Cloud Infrastructure image conversion script | ||
[source, bash] | ||
---- | ||
#!/bin/bash | ||
set -euo pipefail | ||
if [[ ${#} -ne 3 ]]; then | ||
echo "Usage: <source image> <dest image> <platform>" | ||
echo "" | ||
echo "Example:" | ||
echo "./$(basename "${0}") fedora-coreos-40.20240616.3.0-{qemu,heztner}.x86_64.qcow2 heztner" | ||
exit 1 | ||
fi | ||
source="${1}" | ||
dest="${2}" | ||
platform="${3}" | ||
if [[ ! -f "${source}" ]]; then | ||
echo "Source image ${source} does not exists" | ||
exit 1 | ||
fi | ||
if [[ -f "${dest}" ]]; then | ||
echo "Destination image ${dest} already exists" | ||
exit 1 | ||
fi | ||
cp --reflink=auto "${source}" "${dest}" | ||
guestfish -a "${dest}" <<EOF | ||
run | ||
mount /dev/sda3 / | ||
download /loader/entries/ostree-1.conf tmp.loader.entries.ostree-1.conf | ||
<! sed -i "s/ignition.platform.id=qemu/ignition.platform.id=${platform}/" tmp.loader.entries.ostree-1.conf | ||
upload tmp.loader.entries.ostree-1.conf /loader/entries/ostree-1.conf | ||
EOF | ||
rm -v ./tmp.loader.entries.ostree-1.conf | ||
echo "Done" | ||
---- | ||
+ | ||
. Convert the QEMU image to an Oracle Cloud Infrastructure one: | ||
+ | ||
[source, bash] | ||
---- | ||
source_image"fedora-coreos-qemu-image-name.qcow2" | ||
image_name="fcos-oraclecloud.qcow2" | ||
./covert-image.sh "${source_image}" "${image_name} oraclecloud | ||
---- | ||
+ | ||
. Figure out your Compartment. To list the compartments in your tenancy: | ||
+ | ||
[source, bash] | ||
---- | ||
oci iam compartment list | ||
---- | ||
+ | ||
. Create one if needed | ||
[source, bash] | ||
---- | ||
compartment_ocid="$(oci iam compartment create \ | ||
--name fedora-coreos-test \ | ||
--compartment-id <root_compartment_id> | ||
--description "Fedora CoreOS test compartement | ||
| jq -r '.data.id')" | ||
---- | ||
+ | ||
. Create a bucket: | ||
+ | ||
[source, bash] | ||
---- | ||
compartment_ocid="ocid1.compartment.oc1..." | ||
bucket_name="fedora-coreos" | ||
oci os bucket create --compartment-id "${compartment_ocid}" --name "${bucket_name}" | ||
---- | ||
+ | ||
. Upload the converted image to a bucket: | ||
+ | ||
[source, bash] | ||
---- | ||
oci os object put --bucket-name "${bucket_name}" --file ${image_name} | ||
---- | ||
+ | ||
. Import the image as a custom image and remember its ID: | ||
+ | ||
[source, bash] | ||
---- | ||
namespace="$(oci os ns get | jq -r '.data')" | ||
image_id="$(oci compute image import from-object \ | ||
--compartment-id "${compartment_ocid}" \ | ||
--namespace "${namespace}" \ | ||
--bucket-name "${bucket_name}" \ | ||
--name "${image_name}" \ | ||
--display-name "Fedora CoreOS" \ | ||
--launch-mode PARAVIRTUALIZED \ | ||
--source-image-type QCOW2 \ | ||
--operating-system "Linux" \ | ||
| jq -r '.data.id')" | ||
---- | ||
+ | ||
. Wait until the import is completed. To list all imported FCOS images: | ||
+ | ||
[source, bash] | ||
---- | ||
oci compute image list --compartment-id "${compartment_ocid}" --display-name "Fedora CoreOS" | ||
---- | ||
+ | ||
. Mark the image as compatible with all https://docs.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm#flexible[flexible shapes]. | ||
. For x86_64: | ||
+ | ||
[source, bash] | ||
---- | ||
shapes_amd64=( | ||
"VM.Standard3" | ||
"VM.Standard3.Flex" | ||
"VM.Standard.E2.1.Micro" | ||
"VM.Standard.E4" | ||
"VM.Standard.E4.Flex" | ||
"VM.Standard.E5" | ||
"VM.Standard.E5.Flex" | ||
"VM.DenseIO.E4" | ||
"VM.DenseIO.E4.Flex" | ||
"VM.DenseIO.E5" | ||
"VM.GPU" | ||
"VM.GPU3" | ||
"VM.GPU.A10" | ||
"VM.Optimized3" | ||
"VM.Optimized3.Flex" | ||
) | ||
for shape in "${shapes_amd64[@]}"; do | ||
oci compute image-shape-compatibility-entry add --image-id "${image_id}" --shape-name "${shape}" | ||
done | ||
---- | ||
+ | ||
. For aarch64: | ||
+ | ||
[source, bash] | ||
---- | ||
shapes_aarch64=( | ||
"VM.Standard.A1" | ||
"VM.Standard.A1.Flex" | ||
) | ||
for shape in "${shapes_aarch64[@]}"; do | ||
oci compute image-shape-compatibility-entry add --image-id "${image_id}" --shape-name "${shape}" | ||
done | ||
---- | ||
+ | ||
. To list all the compatible shapes for an image: | ||
+ | ||
[source, bash] | ||
---- | ||
oci compute image-shape-compatibility-entry list --image-id "${image_id}" | ||
---- | ||
|
||
=== Launching an instance | ||
|
||
. Create a Virtual Cloud Network: | ||
+ | ||
[source, bash] | ||
---- | ||
vcn_id="$(oci network vcn create \ | ||
--compartment-id "${compartment_ocid}" \ | ||
--cidr-blocks "[\"10.0.0.0/16\"]" \ | ||
--display-name "fedora-coreos-vcn" \ | ||
--dns-label "fcos.example.com" \ | ||
--wait-for-state AVAILABLE \ | ||
| jq -r '.data.id')" | ||
---- | ||
+ | ||
// Add a Security List Ingress Rule? oci network security-list create -h | ||
. Pick an availability domain: | ||
+ | ||
[source, bash] | ||
---- | ||
availability_domain="$(oci iam availability-domain list | jq -r '.data[0].id')" | ||
---- | ||
+ | ||
. Add a subnet | ||
+ | ||
[source, bash] | ||
---- | ||
subnet_id="$(oci network subnet create \ | ||
--cidr-block "10.0.0.0/24" \ | ||
--compartment-id "${compartment_ocid}" \ | ||
--vcn-id "${vcn_id}" \ | ||
--availability-domain "${availability_domain}" \ | ||
--display-name "fedora-coreos-subnet" \ | ||
--dns-label "fcos.example.com" | ||
| jq -r '.data.id')" | ||
---- | ||
// --security-list-ids "["<default_security_list_id>","<new_security_list_id>"]" | ||
+ | ||
. Create an Internet Gateway: | ||
+ | ||
[source, bash] | ||
---- | ||
getway_id="$(oci network internet-gateway create \ | ||
--compartment-id "${compartment_ocid}" \ | ||
--vcn-id "${vcn_id}" \ | ||
--is-enabled true \ | ||
--display-name "fedora-coreos-gateway" | ||
| jq -r '.data.id')" | ||
---- | ||
+ | ||
. Add a Rule to the Route Table: | ||
+ | ||
[source, bash] | ||
---- | ||
route_table="$(oci network route-table list \ | ||
--compartment-id "${compartment_ocid}" \ | ||
--vcn-id "${vcn_id}" | ||
| jq -r '.data[0].id')" | ||
oci network route-table update \ | ||
--rt-id "${route_table}" \ | ||
--route-rules "[{"cidrBlock":"0.0.0.0/0","networkEntityId":"${getway_id}"}] \ | ||
--force | ||
---- | ||
+ | ||
// TODO: Set boot volume size | ||
// TODO: Add setup for SSH keys with Afterburn support | ||
. Launch an instance. Your Ignition configuration can be passed to the VM as its user data, or you can skip passing user data if you just want SSH access. This provides an easy way to test out FCOS without first creating an Ignition config. | ||
+ | ||
.Example launching FCOS on Oracle Cloud Infrastructure using an Ignition configuration file | ||
[source, bash] | ||
---- | ||
ignition_config="oraclecloud.ign" | ||
oci compute instance launch \ | ||
--compartment-id "${compartment_ocid}" \ | ||
--availability-domain "${availability_domain}" \ | ||
--display-name "fedora-coreos" \ | ||
--image-id "${image_id}" \ | ||
--instance-options "{\"areLegacyImdsEndpointsDisabled\": false}" \ | ||
--shape "VM.Standard.E2.1.Micro" \ | ||
--assign-public-ip true \ | ||
--user-data-file "${ignition_config}" \ | ||
--subnet-id "${vcn_id}" | ||
---- | ||
+ | ||
NOTE: While the Oracle Cloud Infrastructure documentation mentions `cloud-init`, FCOS does not support cloud-init. It accepts only Ignition configuration files. | ||
+ | ||
. Get the public IP adress of your instance: | ||
+ | ||
---- | ||
oci compute instance list-vnics --instance-id <instance_id> | ||
---- | ||
+ | ||
. You now should be able to SSH into the instance using the associated IP address. | ||
+ | ||
.Example connecting | ||
[source, bash] | ||
---- | ||
ssh core@<ip address> | ||
---- |