在KVM/OpenStack上安装/运行Fedora CoreOS(FCOS)
时间:2020-02-23 14:31:42 来源:igfitidea点击:
Fedora CoreOS(FCOS)是设计用于安全,大规模地运行容器化工作负载的最小操作系统。这个操作系统的构建块是出色的CoreOS和Fedora Atomic。它具有自动更新的功能,并且不可变以确保操作系统稳定可靠。操作系统会使用rpm-ostree自动更新最新的操作系统改进,错误修复和安全更新。
与其他Linux操作系统不同,Fedora CoreOS(FCOS)没有安装时配置。每个FCOS系统都以通用磁盘镜像开始。对于每种部署机制(云VM,本地VM,裸机),可以在首次引导时提供配置。 FCOS使用Ignition读取并应用配置文件。
在裸机上或者作为带有ISO文件的虚拟机进行Fedora CoreOS安装时,Ignition将在安装时注入配置。但是对于在云环境中完成的部署,Ignition将通过云用户数据机制收集配置。
在KVM/OpenStack上运行/安装Fedora CoreOS(FCOS)
在本教程中,很好地了解了如何在OpenStack和KVM虚拟化环境中运行Fedora CoreOS(FCOS)。以下是在OpenStack/KVM上配置不变的Fedora CoreOS基础结构的标准过程。首先编写一个Fedora CoreOS Config(FCC),这是一个YAML文件,用于指定机器的所需配置。然后,我们将使用Fedora CoreOS Config Transpiler验证FCC并将其转换为Ignition配置。最后一步是启动Fedora CoreOS计算机并传递生成的Ignition配置。计算机成功启动以启动供应后。
下载最新的QCOW2镜像
有两种方法可以为OpenStack和KVM下载FCOS镜像。
使用coreos-installer
coreos-installer是一个程序,用于协助安装Fedora CoreOS(FCOS)和Red Hat Enterprise Linux CoreOS(RHCOS)。该工具可用于下载FCOS的最新图像。
在Fedora上安装coreos-installer:
--- Fedora Workstation/Server - $sudo dnf install coreos-installer --- Fedora COreOS -- $rpm-ostree install coreos-installer
检查命令下载选项:
$coreos-installer download --help
coreos-installer-download
Download a CoreOS image
USAGE:
coreos-installer download [OPTIONS]
OPTIONS:
-s, --stream <name> Fedora CoreOS stream [default: stable]
--architecture <name> Target CPU architecture [default: x86_64]
-p, --platform <name> Fedora CoreOS platform name [default: metal]
-f, --format <name> Image format [default: raw.xz]
-u, --image-url <URL> Manually specify the image URL
-C, --directory <path> Destination directory [default: .]
-d, --decompress Decompress image and don't save signature
--insecure Skip signature verification
--stream-base-url <URL> Base URL for Fedora CoreOS stream metadata
-h, --help Prints help information
列出可下载的Fedora CoreOS镜像:
$coreos-installer list-stream Architecture Platform Format x86_64 aliyun qcow2.xz x86_64 aws vmdk.xz x86_64 azure vhd.xz x86_64 gcp tar.gz x86_64 metal iso x86_64 metal pxe x86_64 metal raw.xz x86_64 openstack qcow2.xz x86_64 qemu qcow2.xz x86_64 vmware ova
下载OpenStack的镜像:
coreos-installer download --stream stable --platform openstack --decompress --format qcow2.xz
Qemu/KVM:
coreos-installer download --stream stable --platform qemu --decompress --format qcow2.xz
命令输出示例:
gpg: Signature made Tue 14 Jan 2017 01:28:28 AM UTC gpg: using RSA key 50CB390B3C3359C4 gpg: Good signature from "Fedora (31) <theitroad@localhost>" [ultimate] > Read disk 431.5 MiB/431.5 MiB (100%) ./fedora-coreos-31.20170113.3.1-openstack.x86_64.qcow2
手动下载FCOS图像
从FCOS下载页面为平台复制最新的图像URL。
OpenStack的:
wget <image-url> -O fedora-coreos-openstack.qcow2.xz unxz fedora-coreos-openstack.qcow2.xz
QEMU/KVM:
wget <image-url> -O fedora-coreos-qemu.qcow2.xz unxz fedora-coreos-qemu.qcow2.xz
对于Openstack,我们需要将Fedora CoreOS镜像上传到OpenStack Glance服务:
openstack image create "fcos" \
--file fedora-coreos-openstack.qcow2 \
--disk-format qcow2 --container-format bare \
--public
确认图像已上传:
$openstack image list +--------------------------------------+-----------------+--------+ | ID | Name | Status | +--------------------------------------+-----------------+--------+ | 6576c788-19e1-4de4-bf63-a769763cd00d | fcos | active | +--------------------------------------+-----------------+--------+
第2步:创建Fedora CoreOS Config(FCC)
FCC是具有所需计算机配置的YAML文件。 FCC支持所有点火功能,并且还提供其他语法(糖),使指定典型配置更改更加容易。
这是我的基本YAML配置文件,用于将SSH密钥添加到默认核心用户。
$vim fcos.fcc
variant: fcos
version: 1.0.0
passwd:
users:
- name: core
ssh_authorized_keys:
- ssh-rsa <ssh-pub-key>
其中:core是FCOS用户的名称<ssh-pub-key>是公用密钥的内容
FCC的完整详细信息及其规格在" FCOS设置和配置"页面中介绍。
将FCC转换为点火配置
现在,使用Fedora CoreOS Config Transpiler验证我们的FCC并将其转换为Ignition配置。
--- Podman -- $podman pull quay.io/coreos/fcct $podman run -i --rm quay.io/coreos/fcct -pretty -strict <fcos.fcc > fcos.ign --- Docker -- $docker pull quay.io/coreos/fcct $docker run -i --rm quay.io/coreos/fcct -pretty -strict <fcos.fcc > fcos.ign
将fcos.fcc替换为FCC文件的名称,将fcos.ign替换为要创建的点火文件的名称。
我们可以使用以下方法手动验证点火配置文件:
--- Podman -- $podman run --rm -i quay.io/coreos/ignition-validate - < fcos.ign --- Docker -- $docker run --rm -i quay.io/coreos/ignition-validate - < fcos.ign
启动Fedora CoreOS计算机
准备好点火文件后,我们可以通过传递创建的Ignition配置来创建Fedora CoreOS计算机。
在OpenStack上
OpenStack CLI:配置和使用OpenStack CLI
$openstack server create \ --image fcos \ --key-name <your-openstack-key-name> \ --flavor m1.small \ --security-group <your-security-group> \ --network private \ --user-data fcos.ign \ fcos
将<your-openstack-key-name>替换为上传到OpenStack的SSH密钥的名称。<your-security-group>替换为上传到OpenStack的安全组的ID
在构建开始时立即输出
+-------------------------------------+---------------------------------------------+ | Field | Value | +-------------------------------------+---------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | ru6YiFeRLWn5 | | config_drive | | | created | 2017-01-24T19:27:11Z | | flavor | m1.small (1) | | hostId | | | id | 6402494f-a2b1-4b6d-b462-7bc54d38d53b | | image | fcos (6576c788-19e1-4de4-bf63-a769763cd00d) | | key_name | jmutai | | name | fcos | | progress | 0 | | project_id | 06bcc3c56ab1489282b65681e782d7f6 | | properties | | | security_groups | name='7fffea2a-b756-473a-a13a-219dd0f1913a' | | status | BUILD | | updated | 2017-01-24T19:27:11Z | | user_id | 336acbb7421f47f8be4891eabf0c9cc8 | | volumes_attached | | +-------------------------------------+---------------------------------------------+
检查虚拟机状态:
$openstack server list --name fcos +--------------------------------------+------+--------+---------------------+-------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+------+--------+---------------------+-------+----------+ | 6402494f-a2b1-4b6d-b462-7bc54d38d53b | fcos | ACTIVE | private=10.10.1.126 | fcos | m1.small | +--------------------------------------+------+--------+---------------------+-------+----------+
让我们看看是否可以ping通VM:
$ping -c 3 10.10.1.126 PING 10.10.1.126 (10.10.1.126) 56(84) bytes of data. 64 bytes from 10.10.1.126: icmp_seq=1 ttl=64 time=0.320 ms 64 bytes from 10.10.1.126: icmp_seq=2 ttl=64 time=0.297 ms 64 bytes from 10.10.1.126: icmp_seq=3 ttl=64 time=0.373 ms --- 10.10.1.126 ping statistics -- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.297/0.330/0.373/0.031 ms
我们可以SSH到实例吗?
$ssh theitroad@localhost Warning: Permanently added '10.10.1.126' (ECDSA) to the list of known hosts. Enter passphrase for key '/home/centos/.ssh/id_rsa': Fedora CoreOS 31.20170113.3.1 Tracker: https://github.com/coreos/fedora-coreos-tracker
检查操作系统版本:
$cat /etc/os-release NAME=Fedora VERSION="31.20170113.3.1 (CoreOS)" ID=fedora VERSION_ID=31 VERSION_CODENAME="" PLATFORM_ID="platform:f31" PRETTY_NAME="Fedora CoreOS 31.20170113.3.1" ANSI_COLOR="0;34" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:31" HOME_URL="https://getfedora.org/coreos/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora-coreos/" SUPPORT_URL="https://github.com/coreos/fedora-coreos-tracker/" BUG_REPORT_URL="https://github.com/coreos/fedora-coreos-tracker/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=31 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=31 PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy" VARIANT="CoreOS" VARIANT_ID=coreos OSTREE_VERSION='31.20170113.3.1' $uname -a Linux host-10-10-1-126 5.4.8-200.fc31.x86_64 #1 SMP Mon Jan 6 16:44:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
在KVM/QEMU上
将下载的镜像复制到虚拟机安装目录,例如:
sudo cp fedora-coreos-qemu.qcow2 /var/lib/libvirt/images/fedora-coreos-qemu.qcow2
使用virt-install:
$virt-install -n fcos --vcpus 2 -r 2048 \ --os-variant=fedora31 --import \ --network bridge=virbr0 \ --disk=/var/lib/libvirt/images/fedora-coreos-qemu.qcow2,format=qcow2,bus=virtio \ --noautoconsole \ --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/path/to/fcos.ign"
在Fedora CoreOS上安装软件包
我们可以在Fedora CoreOS上安装的软件包数量有限制。更新Fedora CoreOS和安装应用程序的主要方法是rpm-ostree。
rpm-ostree通过修改FCOS安装来扩展构成Silverblue的软件包。程序包分层会创建新的部署或者可引导文件系统根,并且必须在程序包分层后重新引导系统。这样可以保留回滚和事务模型。首先,生成rpm repo元数据:
$sudo rpm-ostree refresh-md Enabled rpm-md repositories: updates fedora Updating metadata for 'updates'... done rpm-md repo 'updates'; generated: 2017-01-24T14:56:09Z Updating metadata for 'fedora'... done rpm-md repo 'fedora'; generated: 2019-10-23T22:52:47Z Importing rpm-md... done
可以使用以下方法在Silverblue上安装软件包:
$sudo rpm-ostree install <package name> Example: $sudo rpm-ostree install vim Checking out tree f480038... done Enabled rpm-md repositories: updates fedora rpm-md repo 'updates' (cached); generated: 2017-01-24T14:56:09Z rpm-md repo 'fedora' (cached); generated: 2019-10-23T22:52:47Z Importing rpm-md... done Resolving dependencies... done Will download: 13 packages (20.0 MB) Downloading from 'fedora'... done Downloading from 'updates'... done Importing packages... done Checking out packages... done Running pre scripts... done Running post scripts... done Running posttrans scripts... done Writing rpmdb... done Writing OSTree commit... done Staging deployment... done ......
软件包安装后需要重新启动:
$sudo systemctl reboot
