The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/

Portal:MicroOS/Ignition

Jump to: navigation, search

Configuration of openSUSE MicroOS and openSUSE Kubic with Ignition

Ignition is supposed to provide a lightweight alternative to cloud-init. For a short comparison of those two provisioning tools see Ignition vs cloud-init.

This Wiki page will contain SUSE specific information; for general usage of Ignition please refer to the documentation on https://github.com/coreos/ignition/tree/master/doc.

Installation

Ignition is bundled with our pre-made Kubic & MicroOS VM images.

On other systems use the following commands to install the current stack:

zypper in ignition-dracut

or

transactional-update pkg in ignition-dracut

For development builds see https://build.opensuse.org/project/show/devel:kubic:ignition.

Usage

Ignition configuration files

See the current Ignition documentation for creating Ignition files.

Default mounts

During the files stage (i.e. when files, users and systemd services will be created) all mounts containing the mount option x-initrd.mount in /etc/fstab will be mounted. In an openSUSE MicroOS based image these are the root file system /, /var, /etc and /root by default. If access to other subvolumes / partitions such as /home or /opt is required, those will have to be defined in Ignition's configuration file explicitly (see the examples below). As an alternative add the mount option to all mount points in /etc/fstab where you need access to.

Triggering Ignition

Premade images

On first boot the system will try to configure itself using Ignition.

Package installation

If the ignition-dracut package was installed manually, Ignition will be triggered on the next boot automatically.

The packages' post script will try to detect the current platform and set ignition.platform.id in /etc/default/grub accordingly. If the platform could not be detected metal is used as the default value.

Manual invocation

Ignition will be triggered if the ignition.firstboot kernel parameter is set. This can be achieved by using one of the following methods:

  1. Manually add the parameter ignition.firstboot to the kernel command line.
  2. Create the file /boot/writable/ignition.firstboot (which may contain further kernel parameters).

Note that Ignition also needs the ignition.platform.id parameter to be set.

USB flash drive

In addition to the platform specific methods on openSUSE it is possible to load a so called user configuration from a USB flash drive. This is especially useful with the metal platform, as there is no platform specific configuration mechanism there.

To use this feature:

  • Format your USB flash drive with any Linux file system (e.g. EXT4)
  • Set the partition label to ignition (lower case; for an EXT4 formatted drive with one partition, use e2label /dev/sdX1 ignition)
  • Mount that partition
  • Create a directory with the name ignition
  • Copy the Ignition configuration to a file called config.ign within that directory.

Examples (json)

Add password and SSH key for root user

{
	"ignition": { "version": "3.1.0" },
	"passwd": {
		"users": [
			{
				"name": "root",
				"passwordHash": "hash, created with e.g. `openssl passwd -6`",
				"sshAuthorizedKeys": [
					"ssh-rsa long...key user@host"
				]
			}
		]
	}
}

Create new user

By default the user's home directory will be located in /home/<username>. As /home is not mounted in the initrd by default (see #Default mounts), the mount has to be defined explicitly.

{
	"ignition": { "version": "3.1.0" },
	"storage": {
		"filesystems": [
			{
				"path": "/home",
				"device": "Path to the root device such as /dev/sda3, /dev/mmcblk0p2 or /dev/disk/by-label/ROOT",
				"format": "btrfs",
				"wipeFilesystem": false,
				"mountOptions": [
					"subvol=/@/home"
				]
			}
		]
	},
	"passwd": {
		"users": [
			{
				"name": "username",
				"passwordHash": "hash, created with e.g. `openssl passwd -6`",
				"sshAuthorizedKeys": [
					"ssh-rsa long...key user@host"
				]
			}
		]
	}
}

Creating files

Like in the #Create new user example before, if you want to create files outside of the default initrd mount directories you will also have to add storage -> filesystem for the corresponding device in addition to the snippet below.

{
	"ignition": { "version": "3.0.0" },
	"storage": {
		"files": [
			{
				"path": "/var/test.txt",
				"mode": 420,
				"contents": {
					"source": "data:,testcontents"
				},
				"overwrite": true
			}
		]
	}
}

Change hostname

According to the example before, we can set the hostname by creating the /etc/hostname file.

{
	"ignition": { "version": "3.0.0" },
	"storage": {
		"files": [{
			"filesystem": "root",
			"path": "/etc/hostname",
			"mode": 420,
			"overwrite": true,
			"contents": { "source": "data:,kubic-1" }
		}]
	}
}

Enabling services

Ignition can also enable systemd services

 {
 	"ignition": { "version": "3.0.0" },
 	"systemd": {
 		"units": [{
 			"name": "sshd.service",
 			"enabled": true
 		}]
 	}
 }

Examples (yaml)

Kubic Node with Network (dhcp), SSH and Salt

 variant: fcos
 version: 1.0.0
 passwd:
   users:
     - name: root
       password_hash: "$6$YYY$XXX"
     ssh_authorized_keys:
       - ssh-rsa AAAAZZZ== mail@example.com
 storage:
   filesystems:
   files:
     - path: /etc/sysconfig/network/ifcfg-eth0
       mode: 0644
       overwrite: true
       contents:
         inline: |
           BOOTPROTO='dhcp'
           BROADCAST=
           ETHTOOL_OPTIONS=
           IPADDR=
           MTU=
           NAME=
           NETMASK=
           NETWORK=
           REMOTE_IPADDR=
           STARTMODE='auto'
           DHCLIENT_SET_DEFAULT_ROUTE='yes'
           DHCLIENT_SET_HOSTNAME='yes'
     - path: /etc/salt/minion.d/master.conf
       contents:
         inline: 'master: salt-master'
       mode: 0644
 systemd:
   units:
     - name: salt-minion.service
       enabled: true