Unattended Atomic deployments with Foreman

Project Atomic is a new initiative to have a family of well-known, enterprise-tested operating systems ready for massive container deployments.

Atomic operating systems focus on:

  • Minimal size
  • Immutable
  • Easy to update and rollback
  • Container cluster and runtime provided (currently via Docker and Kubernetes)

It comes with a set of tools. ostree, fleet, kubectl to manage your OS updates, network configurations and cluster health. As I manage my virtual machines using Foreman, and I used to spend some time developing the Docker plugin, the project piqued my interest, as it helps me work with containers more efficiently.

For this deployment, I will assume you have a Foreman host with a Smart Proxy with at least TFTP. I will be using domains in the examples, but you could use IPs instead. I think it could be possible to skip the TFTP part for PXE too, but I have not got that far yet. You need a subnet in which you can PXE boot hosts, an example of such a subnet on Libvirt can be found on Dominic Cleal’s blog.

Step one, download Fedora 22 Atomic iso or RHEL 7 (installer) Atomic iso in your Foreman host. For the Fedora case, it’ll be possible to fetch the content straight from the repo through ostreeupdate , however for the moment we will need the image to get vmlinux, initrd, and a few other files.

# wget https://dl.fedoraproject.org/pub/alt/stage/current/Cloud_Atomic/x86_64/iso/Fedora-Cloud_Atomic-x86_64-22.iso -O fedora-atomic.iso

Mount these images in a public directory so that they can be reached from the virtual machine. To keep any existent vmlinux available for non-atomic hosts, we will copy and rename it to vmlinuz_atomic from the mounted iso. By default /var/www/html/pub/atomic would work:

# mkdir /var/www/html/pub/atomic
# mount -o loop fedora-atomic.iso /var/www/html/pub/atomic/
# cp /var/www/html/pub/atomic/isolinux/vmlinuz /var/lib/tftpboot/vmlinuz_atomic

We will need now an installation medium in Foreman pointing to this location. Go to Host > Installation media and create a mirror:

Screenshot from 2015-05-29 16:41:28

 

Create the operating system. We will go back to this operating system to associate it with the appropriate partition table and templates afterwards. For the moment, just make sure you choose the right major version 7 for RHEL, 22 in the case of Fedora, as these are the only Atomic ones. Go to Hosts > Operating systems and click on New operating system.

Create a new partition table in Foreman to provide an initial /boot and / in the Atomic virtual machine.  Go to Hosts > Partition tables, and click on New partition table.

zerombr
clearpart --all --initlabel
part /boot --size=300 --fstype="ext4"
part pv.01 --grow
volgroup atomicos pv.01
logvol / --size=3000 --fstype="xfs" --name=root --vgname=atomicos

Head to /config_templates (or Hosts > Provisioning templates) and create a new PXE template. Choose a name, then go click on the type tab and select PXELinux. Associate the template with the operating system you created previously, and use this as the content:

DEFAULT pxeboot
TIMEOUT 20
PROMPT 0
LABEL pxeboot
kernel vmlinuz_atomic
append initrd=<%= @host.medium.path %>isolinux/initrd.img repo=<%= @host.medium.path %> ks=<%= foreman_url('provision')%> ks.device=bootif network ks.sendmac
IPAPPEND 2

Stay on provisioning templates, and create the kickstart. To do so,  click on New Template, choose a type ‘provision’, associate it with the operating system you created previously, and add this code in the editor:

lang <%= @host.params['lang'] || 'en_US.UTF-8' %>
keyboard <%= @host.params['keyboard'] || 'us' %>
timezone --utc <%= @host.params['time-zone'] || 'UTC' %>

# Partition table should create /boot and a volume atomicos
<% if @dynamic -%>
%include /tmp/diskpart.cfg
<% else -%>
<%= @host.diskLayout %>
<% end -%>


bootloader --timeout=3
<% if @host.operatingsystem.name =~ /.*Fedora.*/ -%>
ostreesetup --nogpg --osname=fedora-atomic --remote=fedora-atomic --url=<%= @host.medium.path %>/content/repo/ --ref=fedora-atomic/f<%= @host.os.major %>/<%= @host.architecture %>/docker-host
<% else -%>
ostreesetup --nogpg --osname=rhel-atomic-host --remote=rhel-atomic-host --url=file:///install/ostree --ref=rhel-atomic-host/<%= @host.os.major %>/<%= @host.architecture %>/standard
<% end -%>
services --disabled cloud-init,cloud-config,cloud-final,cloud-init-local
rootpw --iscrypted <%= root_pass %>

reboot

%post
(
# Report success back to Foreman
curl -s -o /dev/null --insecure <%= foreman_url %>
) 2>&1 | tee /mnt/sysimage/root/install.post.log

exit 0

%end

This template will pull the content from the –ref you specify, and the URL would be $FOREMANSERVER/pub/atomic/content/repo/. If you visit this URL, you should be able to find the docker-host file at the end of the hierarchy, specifically heads/fedora-atomic/f22/x86_64/docker-host. If you cannot find docker-host there because you’re using this tutorial for Fedora 23 and it has changed, I would recommend you to peruse your /pub/atomic folder and find the correct URL. Currently this is the structure for RHEL 7 and Fedora 22.

It’s time to associate these templates with the operating system, and deploy the host. Go back to Hosts > Operating systems, and click on your Atomic operating system to associate the templates:

Screenshot from 2015-05-29 17:22:42 Screenshot from 2015-05-29 17:22:51 Screenshot from 2015-05-29 17:23:00 We’re all set. Time to deploy the host. I’m doing this in Libvirt as it’s where my PXE network is configured.  Go to Hosts > New host and choose a name for your Atomic host. The Puppet options are irrelevant, as Puppet is not able to modify the Atomic ostree for the moment. Select the right domain and subnet, to ensure you’re booting in a PXE-enabled network. Something I found is that Anaconda tends to get stuck when I have tried to provision Atomic systems with less than 1GB of RAM, so I would recommend to assign that amount of RAM to your Atomic host at least.

The operating systems tab should look similar to this. Remember this is network-based provisioning.

Screenshot from 2015-05-29 17:35:52If everything went well, your system will PXE boot and start Anaconda right away. If you have VNC access to the machine, it will look similar to this:

Screenshot from 2015-05-29 17:39:32 Screenshot from 2015-05-29 17:40:33After Anaconda finishes the installation, you should be able to SSH into that machine using the root password you provided in Foreman.

Screenshot from 2015-05-29 17:43:20We’re done! I suggest you use this host as a Kubernetes master, minion, or as a Docker host. For now, I will investigate how to pass the proper parameters through Foreman to provide Atomic/Kubernetes cluster provisioning.

  • Don’t you have the line “ks.device…” twice in the PXELinux template? And are you sure that IPAPPEND should be without “2” parameter?

    • You’re totally right, I had that mistake (the repeated line) in the template I deploy actually but it seems to work regardless. About the IPAPPEND *2*, I just forgot to copy it, thanks!

  • Pingback: CoreOS cluster deployments with Foreman Daniel Lobato |()