Running fedora core os on openstack with ansible.
-
First get the correct
.qcow2image from the fedora core os download page.curl -O <download-link>
The bare metal version should be perfectly fine.
-
Upload the image to openstack:
openstack image create \ --disk-format qcow2 \ --container-format bare \ --file <qcow-image-name>.qcow \ --min-disk 10 \ --min-ram 2048 <desired-openstack-image-name-here>
-
Create network:
openstack network create <desired-network-name>
-
Create subnet of network:
openstack subnet create <desired-subnet-name> \ --subnet-range <desired-subnet-range> \ --dns-nameserver <dns-ip> \ --network <name-of-network-to-add-subnet-to>
<desired-subnet-range>could for example be10.5.5.0/24.<dns-ip>could for example be8.8.8.8(googles dns nameserver).
-
Create router:
openstack router create <desired-router-name>
-
Link router to subnet:
openstack router add subnet <created-router-name> <created-subnet-name>
-
Link router to external provider network:
openstack router set <created-router-name> --external-gateway <external-network-name>
We want to enable pings and ssh traffic in the security group (possibly default) that belongs to our openstack project
-
Allow incoming pings (icmp) for all requesting ips:
openstack security group rule create --src-ip 0.0.0.0/0 --protocol icmp --ingress <security-group-name>
-
Allow incoming tcp for all requesting ips on dest port 22 (ssh):
openstack security group rule create --src-ip 0.0.0.0/0 --dst-port 22 --protocol tcp --ingress <security-group-name>
-
Create the floating ip and allocate the ip from the public network:
openstack floating ip create <public-network-name>
-
Create a volume in openstack with the desired capacity:
openstack volume create --size <desired-size> <desired-volume-name>
This volume will be accessible in fedora core os as
/dev/disk/by-id/virtio-<truncated-volume-id>, where<truncated-volume-id>is the openstack volume id truncated to a length of 20 chars (taken from chris cowley).
-
Generate ssh keys using
ssh-keygen. This link will help. The key pair will be needed at a later point in this tutorial! The following command creates a 4096 bit rsa key pair. It will prompt for a password to protect the private key with encryptionssh-keygen -f <desired-path-to-ssh-key> -t rsa -b 4096
<desired-path-to-ssh-key>could be~/.ssh/my_key. In that casessh-keygenwill output two files:~/.ssh/my_keyand~/.ssh/my_key.pub.
-
It might be wise to pass ssh key management to
ssh-agent. This link will help. It is important that you remember the passwort for the private key!
- Create a fedora core os configuration file ending with
...fcc.yaml.-
Minimal example:
variant: fcos version: 1.0.0 passwd: users: - name: core ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1...
The ssh key is omitted on purpose. Replace
ssh-rsa AAAAB3NzaC1...with the complete contents of the public key file<public-key-file-name>.pubgenerated in the previous chapter Generate ssh keys. -
Example specifying a ssh user, device partition and partition formatting:
variant: fcos version: 1.0.0 passwd: users: - name: core ssh_authorized_keys: - ssh-rsa AAAAB3Nza... storage: disks: - device: /dev/disk/by-id/virtio-<openstack-volume-id-20-chars> wipe_table: true partitions: # Since type_guid is not specified, it will be a Linux native # partition. # We assign a descriptive label to the partition. This is important # for referring to it in a device-agnostic way in other parts of the # configuration. - label: <desired-partition-label> start_mib: 0 size_mib: 0 number: 1 wipe_partition_entry: true filesystems: - path: /var/<desired-mount-point> device: /dev/disk/by-partlabel/<desired-partition-label> format: ext4
In this example we are creating a partition the full size of the specified disk. We do not mount it though.
-
The ignition file generation can be easily done using fcct. I recommend the following procedure for obtaining fcct and using it (requires docker and/or podman, both cli commands can be used interchangeably):
-
Obtain fcct according to above link. As of today:
podman pull quay.io/coreos/fcct:release
-
Run fcct on configuration file according to above link. Powershell command is slightly different than bash. As of today for powershell:
Get-Content <example-fcc-path>.yaml | docker run -i --rm quay.io/coreos/fcct --pretty --strict > <transpiled-config-path>.ign
-
Create fedora core os openstack server (taken from link:
openstack server create \ --block-device-mapping <desired-dev-name>=<openstack-volume-id>:<type>:<size(GB)>:<delete-on-terminate> --flavor <flavor-name> \ --image <image-name> \ --nic net-id=<network-name> \ --user-data <path-to-ignition-file>.ign \ --config-drive True \ <desired-instance-name><desired-dev-name>is the symlink in/dev/at which the volume should be added, although it seems that core os can also randomly decide to choose a<desired-dev-name>of its liking.<openstack-volume-id>should be the uuid of the volume we created.<type>can bevolumeorsnapshot, but in this case choosevolume.<size (GB)>is optional but in this case please just leave it blank.<delete-on-terminate>is optional as well but here we supplyfalse.- Choose
<flavor-name>to respect the minimum resource requirements of our image! - Supply our created internal network (not the subnet) as
<network-name>.
A real life example of the above command could look like this:
openstack server create \ --block-device-mapping sdb=0f53abcf-95d7-4397-af5d-1368d21eae4a:volume::false \ --flavor standard.1.1905 \ --image 4259881c-3011-409f-93cc-bde1330d72c5 \ --nic net-id=35b07761-34bb-4e74-a853-f1aa489f4000 \ --user-data ./transpiled_config.ign \ --config-drive True \ fedora_coreOs_test1The
--block-device-mappingoption is used to attach our created volume to the server during creation.
-
Bind floating ip to the recently created instance:
openstack server add floating ip <instance-name> <floating-ip>
-
Now you can access fedora core os via ssh:
ssh -i <path-to-private-key> core@<floating-ip-of-instance>