Differences

This shows you the differences between two versions of the page.

--- k8s:linux_vm:set_up_flatcar-linux [2023/02/19 18:39] – external edit 127.0.0.1
+++ k8s:linux_vm:set_up_flatcar-linux [2023/11/14 22:43] (current) – admin
@@ Line 3: / Line 3: @@
 [flatcar Linux](https://flatcar.org) is a minimal Linux distribution tailored to running container workloads.
 It ships with docker as well as containerd (alone).
+## Updating
+The update process if fully automated including reboots. These happen at random times during the night so there should not be a problem like two nodes rebooting and disturbing K8s.
+For the time being we check the [stable releases channel of flatcar linux](https://www.flatcar.org/releases#stable-release) manually and update if there is a new release:
+```bash
+update_engine_client -update
+update_engine_client -status
+# if CURRENT_OP=UPDATE_STATUS_UPDATED_NEED_REBOOT
+sudo reboot; exit
+```
 ## Before booting the VM
+### VMWare (vCenter, ESXi)
 Upload a version of flatcar_production_vmware_ova_image.vmdk to one of the VM hosts. Instead of [current](https://stable.release.flatcar-linux.net/amd64-usr/current/) it might be better to upload
-a [previous stable release](https://stable.release.flatcar-linux.net/amd64-usr/) and check that updating works. For example [3033.2.0](https://stable.release.flatcar-linux.net/amd64-usr/3033.2.0/)
+a [previous stable release](https://stable.release.flatcar-linux.net/amd64-usr/) and check that updating works. For example [3510.2.8](https://stable.release.flatcar-linux.net/amd64-usr/3510.2.8/)
-Remove any disks. Add the flatcar_production_vmware_ova_image.vmdk as the first disk (system, sda) and add a second thin provisionen 230 GB disk (container ephemeral, sdb).
+Remove any disks. Add the `flatcar_production_vmware_ova_image.vmdk` as the first disk (system, sda) and add a second thin provisionen 230 GB disk (container ephemeral, sdb).
-You will find a flatcar_production_vmware_ova_image.vmdk.bz2. Use the filter box. Download that and unpack it. It is still in a special format not immedeiately usable by a ESXi host.
+You will find a `flatcar_production_vmware_ova_image.vmdk.bz2`. Use the filter box. Download that and unpack it. It is still in a special format not immedeiately usable by a ESXi host.
 After uploading to one VM host you have to copy the VMDK using vCenter to another host/data storage. The resulting copy is usable.
@@ Line 23: / Line 38: @@
 |--------------|---------|
 |guestinfo.ignition.config.data.encoding|gz+base64|
-|guestinfo.ignition.config.data|<see below>|
+|guestinfo.ignition.config.data| &lt;see below> |
 ```yaml
+variant: flatcar
+version: 1.0.0
 passwd:
   users:
-    - name: core
+  - name: core
-      ssh_authorized_keys:
+    ssh_authorized_keys:
-        - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFBjtMTXcKtVlorGkFwpCs1XmHakFwk3ggShgmHZyJaAhjR81bAFFZVGURBIXUnmi4DpcAV1GaNDNdw0DJvPqRo= Omar Yubikey 5 nano
+      - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFBjtMTXcKtVlorGkFwpCs1XmHakFwk3ggShgmHZyJaAhjR81bAFFZVGURBIXUnmi4DpcAV1GaNDNdw0DJvPqRo= Omar Yubikey 5 nano
-        - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAe26li9Rzcf+iBRftzE3WDddlDI8+HpCm+GFdep5tcWC6Q2Hzbi1GSqFTBSvpKAJRbyq49OkA3gd16ugmzImDU= Omar Yubikey 5 NFC
+      - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAe26li9Rzcf+iBRftzE3WDddlDI8+HpCm+GFdep5tcWC6Q2Hzbi1GSqFTBSvpKAJRbyq49OkA3gd16ugmzImDU= Omar Yubikey 5 NFC
-#kernel_arguments:
+kernel_arguments:
-#  should_not_exist:
+  should_not_exist:
-#    - flatcar.autologin
+  - flatcar.autologin
-locksmith:
-  reboot_strategy: "reboot"
-  window_start: Thu 04:00
-  window_length: 1h
-networkd:
-  units:
-    # change IP and MAC addresses for other nodes!
-    - name: 10-ens1.network
-      contents: |
-        [Match]
-        MACAddress=<MAC address from vCenter kubernetes_public>
-        [Network]
-        Address=10.3.6.xx/24
-        Gateway=10.3.6.1
-        DNS=192.168.1.250
-        Domains=servants.priv
-        NTP=192.168.1.250
-    - name: 10-ens2.network
-      contents: |
-        [Match]
-        MACAddress=MAC address from vCenter kubernetes_internal>
-        [Network]
-        Address=10.6.16.xx/24
 storage:
   filesystems:
-    - name: oem
+    - device: /dev/sdb
-      mount:
+      format: xfs
-        device: /dev/disk/by-label/OEM
+      wipe_filesystem: true
-        format: btrfs
+      label: cont-ephemer
-        label: OEM
-    - name: cont-ephemer
-      mount:
-        device: /dev/sdb
-        format: xfs
-        wipe_filesystem: true
-        label: cont-ephemer
   files:
-    - path: /grub.cfg
-      filesystem: oem
-      mode: 0644
-      contents:
-        inline: |
-          set oem_id="vmware" # or something else like
-          set linux_append=""
     - path: /etc/hostname
-      filesystem: root
       mode: 0644
       contents:
         inline: acdh-clusterx
+      overwrite: true
+    # change IP and MAC addresses for other nodes!
+    - path: /etc/systemd/network/10-ens1.network
+      contents:
+        inline: |
+          [Match]
+          MACAddress=<MAC address from vCenter kubernetes_public>
+          [Network]
+          Address=10.3.6.xx/24
+          Gateway=10.3.6.1
+          DNS=192.168.1.1
+          Domains=servants.priv
+#          NTP=192.168.1.250
+    - path: /etc/systemd/network/10-ens2.network
+      contents:
+        inline: |
+          [Match]
+          MACAddress=MAC address from vCenter kubernetes_internal>
+          [Network]
+          Address=10.6.16.xx/24
+    - path: /etc/flatcar/update.conf
+      contents:
+        inline: |
+          REBOOT_STRATEGY="reboot"
+          LOCKSMITHD_REBOOT_WINDOW_START="Thu 04:00"
+          LOCKSMITHD_REBOOT_WINDOW_LENGTH="1h"
+      overwrite: true
 systemd:
   units:
-    # Ensure docker starts automatically instead of being socket-activated
-    - name: docker.socket
-      enable: false
     - name: update-engine.service
-      enable: true
+      enabled: true
     - name: locksmithd.service
-      enable: true
+      enabled: true
     - name: systemd-timesyncd.service
-      enable: true
+      enabled: true
-    # Mount a separate disk for all docker data
-    - name: var-lib-docker.mount
-    # Mount a separate disk for all docker data
     - name: var-lib-rancher.mount
-      enable: true
+      enabled: true
       contents: |
         [Unit]
@@ Line 112: / Line 111: @@
         Type=xfs
         [Install]
         WantedBy=local-fs.target
-    - name: docker.service
-      enable: false
 ```
-This confioguration specified as YAML file has to be [transpiled](https://www.flatcar.org/docs/latest/provisioning/config-transpiler/):
+This confioguration specified as YAML file has to be [transpiled](https://www.flatcar.org/docs/latest/provisioning/config-transpiler/)[butane](https://coreos.github.io/butane/config-flatcar-v1_0/):
 ```bash
-cat acdh-clusterx.yaml | docker run --rm -i ghcr.io/flatcar/ct:latest | gzip -c9 | base64 -w0 > acdh-clusterx.json+gz+base64.txt
+cat acdh-clusterx.yaml | podman run --rm -i quay.io/coreos/butane:latest | gzip -c9 | base64 -w0 > acdh-clusterx.json+gz+base64.txt
 ```
@@ Line 132: / Line 128: @@
 The system boots with autologin for the first time. Reboot the system once until it only shows the correct IP addresses and a login prompt (there is no valid password for core).
+### KVM/libvirt
+This follows the [Guide for flatcar on libvirt](https://www.flatcar.org/docs/latest/installing/vms/libvirt/)
+```bash
+mkdir -p /var/lib/libvirt/images/flatcar-linux
+cd /var/lib/libvirt/images/flatcar-linux
+wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu_image.img.bz2{,.sig}
+gpg --verify flatcar_production_qemu_image.img.bz2.sig
+bunzip2 flatcar_production_qemu_image.img.bz2
+```
+Now create a qcow2 image snapshot using the command below:
+```bash
+cd /var/lib/libvirt/images/flatcar-linux
+qemu-img create -f qcow2 -F qcow2 -b flatcar_production_qemu_image.img flatcar-linux1.qcow2
+chown libvirt-qemu:kvm flatcar_production_qemu_image.img flatcar-linux1.qcow2
+```
+Create the configuration (use the YAML from above)
+```bash
+cat acdh-clusterx.yaml | podman run --rm -i quay.io/coreos/butane:latest > /var/lib/libvirt/qemu/nvram/flatcar-linuxX-provision-ign_VARS.fd
+sudo chown libvirt-qemu:kvm /var/lib/libvirt/qemu/nvram/flatcar-linuxX-provision-ign_VARS.fd
+```
+Create the virutal machine, 2 disks, the qcow2 and a rancher partition of about 20GB
+At the end add the following XML
+```xml
+  <qemu:commandline xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+    <qemu:arg value='-fw_cfg'/>
+    <qemu:arg value='name=opt/org.flatcar-linux/config,file=/var/lib/libvirt/qemu/nvram/flatcar-linuxX-provision-ign_VARS.fd'/>
+  </qemu:commandline>
+```