CoreOS - THE Docker OS

CoreOS - THE Docker OS

Note: I decided to finally abandon using CoreOS. Yes, it was fast and somehow strangely beautiful, but I simply couldn’t cope anymore with annoying simple problems arising from it’s read-only file system. The cup has spilled over by not being able to run svendowideit/samba container.

Local server on CoreOS

CoreOS is automatically updating itself.

Sources & Articles

Install CoreOS on bare metal

Installing to Disk

wget https://raw.githubusercontent.com/coreos/init/master/bin/coreos-install -O coreos-install
# or short URL: wget http://goo.gl/Vs9qXx -O coreos-install

wget https://www.dropbox.com/s/cza3ew78w8s7tum/cloud-config.yaml?dl=1 -O cloud-config.yaml
# or short URL: wget http://goo.gl/wqHVZv -O cloud-config.yaml

chmod +x coreos-install
./coreos-install -d /dev/sda -C stable -c cloud-config.yaml

Connect to a CoreOS machine via SSH as the user core, and su to root.

ssh core@192.168.0.20
sudo su -

What to do immediately after install:

  • set hostname: (foo in foo.example.com) to lanserver
  • set static IP adresses

Modify configuration

coreos-install script copies the .yaml config you provide to /var/lib/coreos-install/user_data and if you delete that file it will stop re-applying settings on boot.

There can be addidional .yml config files, and the parsing order is something like:

  1. /usr/share/oem/cloud-config.yml
  2. /var/lib/coreos-install/user_data

In the future the oem config will strictly run before user configs (coreos-install, configdrive, metadata, etc) but this ordering is not currently enforced.

Set hostname
hostname: lanserver
Set static IP address

By default, CoreOS will assign itself an IP via DHCP. I want to change that.

So, let’s detect network card’s interface name (enp2s0*) by typing ifconfig. In our case, it was _enp2s0f0_.

coreos:
  units:
    - name: 10-static-ip.network
      runtime: true
      content: |
        [Match]
        Name=enp2s0f0

        [Network]
        Address=192.168.0.11/24
        Gateway=192.168.0.1
        DNS=8.8.8.8

Without any specific reason, only by being idle for dome time, my system was losing it’s IP configuration. So I set network configuration with classic method using networkd:

cat <<'EOF' >> /etc/systemd/network/10-static.network
[Match]
Name=enp2s0f0

[Network]
Address=192.168.0.11/24
Gateway=192.168.0.1
DNS=8.8.8.8
EOF

And apply configuration:

sudo systemctl restart systemd-networkd
Welcome message
write_files:
  - path: /etc/motd.d/etaktiker.conf
    content: "\nWelcome to the eTaktiker Docker Cluster\n\n"
Change the system timezone

Check the current timezone with:

timedatectl

And set it with:

sudo timedatectl set-timezone Europe/Berlin
Ease power consumption

Just type and reboot after modprobe:

modprobe cpufreq_conservative
echo "conservative" | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
Add users and their SSH public keys

We can set SSH key from external sources, and I really like this method. Note that the ssh_authorized_keys parameter adds public SSH keys which will be authorized for the core user.

users:
  - name: cvladan
    coreos-ssh-import-github: cvladan
    groups:
      - sudo
      - docker

We can also set public SSH keys from GitHub or we can do it with any URL in JSON format.

Enable docker remote socket

If we want to execute Docker commands from remote (my laptop) we need to enable Docker’s remote service - Enable the Remote API

coreos:
  units:
    - name: docker-tcp.socket
      command: start
      enable: yes
      content: |
        [Unit]
        Description=Docker Socket for the API

        [Socket]
        ListenStream=2375
        BindIPv6Only=both
        Service=docker.service

        [Install]
        WantedBy=sockets.target

    - name: enable-docker-tcp.service
      command: start
      content: |
        [Unit]
        Description=Enable the Docker Socket for the API

        [Service]
        Type=oneshot
        ExecStart=/usr/bin/systemctl enable docker-tcp.socket
Change reboot-strategy
update:
    reboot-strategy: best-effort
Apply custom configuration

By reading /etc/profile I found out where to put my initial files. I had to use /etc/profile.d as /usr/share/profile.d could not be used

  • it is Read-only file system?

I also noted that specifying $public_ipv4 and $private_ipv4 did not work for me, so I had to write 192.168.0.11.

write_files:
  - path: /etc/environment
    permissions: 0644
    content: |
      COREOS_PUBLIC_IPV4=192.168.0.11
      COREOS_PRIVATE_IPV4=192.168.0.11
  - path: /etc/profile.d/custom-settings.sh
    content: |
      # typing * will include hidden (dot .*) files
      shopt -s dotglob

      # both ctrl-r and ctrl-s should work on history log
      stty -ixon

      # basic aliases
      alias ls="ls -a --color=tty"  # show all and in color
      alias ll='ls -l --color=tty'

      # docker alias helpers
      alias d='docker'
      alias ds='docker ps'
      alias di='docker images'
      alias drm='docker rm -f $(docker ps -qa)'

Disable sleep on lid closed

systemctl is a command to control services.

To disable, do the following:

vim /etc/systemd/logind.conf
# set 'HandleLidSwitch=ignore'
# press <i> to edit. Then <esc>, pa ':wq' to write and quit.
systemctl restart systemd-logind
Test cloudinit file

You can apply and test your cloudinit file:

coreos-cloudinit --from-file=/var/lib/coreos-install/user_data

Working inside CoreOS

Videos:

Panamax? Thanks but no

Panamax seems incredible - but it’s not. Too complicated and bloated. Shipyard or Docker UI are much simpler and good enough.

curl -O http://download.panamax.io/installer/panamax-latest.tar.gz && mkdir -p /var/panamax && tar -C /var/panamax -zxvf panamax-latest.tar.gz
cd /var/panamax
./coreos install --stable

Once the installer completes, you can access Panamax on port 3000:

http://192.168.0.11:3000/

Fleet?

You can think of fleet as an extension of systemd that operates at the cluster level instead of the machine level. Systemd is a single machine init system; fleet is a cluster init system.

Ubuntu was using upstartd as init system, but it is switching to systemd.

Docker Compose on CentOS

Docker Compose was called Fig before.

I tried every directory inside echo $PATH and I found out that /opt really is ideal and only viable. It wasn’t even created.

mkdir -p /opt/bin
curl -L https://github.com/docker/compose/releases/download/1.2.0/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose
chmod +x /opt/bin/docker-compose

Articles & sources:

date 01. Jan 0001 | modified 28. May 2021
filename: Infrastructure - CoreOS