Flatcar Container Linux
“Flatcar Container Linux is a container optimized OS that ships a minimal OS image, which includes only the tools needed to run containers. The OS is shipped through an immutable filesystem and includes automatic atomic updates.”
Ignition
For bootstrapping Flatcar Container Linux a ignition.json can be used. It is
possible to create it directly in json but for ease of use the project provides
a config transpiler called butane where you can create a config in yaml.
A butane config for running technitium dns server might look like this:
variant: flatcar
version: 1.0.0
passwd:
users:
- name: core
shell: /sbin/nologin
- name: thorados
ssh_authorized_keys:
- ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Thorados
groups:
- wheel
- docker
systemd:
units:
- name: technitium.service
enabled: true
contents: |
[Unit]
Description=Technitium DNS Server
[Service]
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker rm --force technitium
ExecStart=/usr/bin/docker run --name technitium --env "DNS_SERVER_DOMAIN=technitium" -p "5380:5380/tcp" -p "53:53/udp" -p "53:53/tcp" --volume "config:/etc/dns" --restart unless-stopped --pull always --log-driver=journald --sysctl "net.ipv4.ip_local_port_range=1024 65535" technitium/dns-server:latest
ExecStop=/usr/bin/docker stop technitium
Restart=always
RestartSec=5s
[Install]
WantedBy=multi-user.target
storage:
directories:
- path: /etc/systemd/resolved.conf.d
overwrite: true
mode: 0644
user:
id: 0
group:
id: 0
files:
- path: /etc/ssh/sshd_config.d/custom.conf
overwrite: true
mode: 0600
contents:
inline: |
PermitRootLogin no
AllowUsers thorados
- path: /etc/sudoers.d/core-passwd
mode: 0644
contents:
inline: |
core ALL=(ALL) ALL
- path: /etc/sudoers.d/thorados-passwd
mode: 0644
contents:
inline: |
thorados ALL=(ALL) NOPASSWD: ALL
- path: /etc/systemd/resolved.conf #.d/00-technitium.conf
mode: 0644
append:
- inline: |
#[Resolve]
DNS=192.168.20.1
DNSStubListener=noButane
The ignition.yaml can then be transpiled with the docker image as follows:
docker run --rm -i quay.io/coreos/butane:latest < butane.yaml > ignition.jsonInstalling Flatcar Container Linux on Proxmox
To install Flatcar Container Linux on Proxmox first it is required to pull the
image via wget and then create the vm via with its ignition config. To do so
one can use terraform or the provided shell script from the docs like shown
below.
For the ignition file the shell script uses the cloudinit CD-ROM drive. Thefore
it is not possible to use both at the same time. Forthermore flatcar does not
come with python preinstalled which means that it is necessary to install it
via e.g. systemd-sysex.
The transpiled ignition.json needs to be safed in /var/lib/vz/snippets/user-data.
export VM_ID=123
# create the vm and import the image to it's disk
qm create $VM_ID --cores 2 --memory 4096 --net0 "virtio,bridge=vmbr0" --ipconfig0 "ip=dhcp"
qm disk import $VM_ID flatcar_production_proxmoxve_image.img local-lvm
# tell the vm to boot from the imported image
qm set $VM_ID --scsi0 local-lvm:vm-$VM_ID-disk-0
qm set $VM_ID --boot order=scsi0
# Create the cloud-init CD-ROM drive which activates the cloud-init options for the VM.
# This is required for using ignition config as well.
qm set $VM_ID --ide2 local-lvm:cloudinit
# Providing a ignition.json
qm set $VM_ID --cicustom "user=local:snippets/user-data"Resetting Flatcar
It is also possible to reset Flatcar to reapply the ignition.json and its
state. To do so the flatcar-reset tool is available which can be run via ssh
as sudo. With the next reboot flatcar will be reset.