Kubernetes exposes DNS for service discovery, but the DNS server itself must be configured after you install Kubernetes. In the future it will be integrated into kubernetes as part of the platform (see PR11599) but for now you have to setup and run the SkyDNS container yourself.

I have seen some tutorials on how to get skydns working, but almost all of them are rather involved. However, if you just want a simple setup on a single node for testing then it is actually rather easy to get skydns set up.

Read More »

Introduction

Openshift Origin is the upstream project that builds on top of the Kubernetes platform and feeds into the OpenShift Container Platform product that is available from Red Hat today. Origin is a great way to get started with Kubernetes, and what better place to run a container orchestration layer than on top of Fedora Atomic Host?

We recently released Fedora 25, along with the first biweekly release of Fedora 25 Atomic Host. This blog post will show you the basics for getting a production installation of Origin running on Fedora 25 Atomic Host using the OpenShift Ansible Installer. The OpenShift Ansible installer will allow you to install a production-worthy OpenShift cluster. If you’d like to just try out OpenShift on a single node instead, you can set up OpenShift with the oc cluster up command, which we will detail in a later blog post.

Read More »

Introduction

In part 1 of this series, we used the OpenShift Ansible Installer to install Openshift Origin on three servers that were running Fedora 25 Atomic Host. The three machines we’ll be using have the following roles and IP address configurations:

|    Role     |  Public IPv4   | Private IPv4 |
|-------------|----------------|--------------|
| master,etcd | 54.175.0.44    | 10.0.173.101 |
| worker      | 52.91.115.81   | 10.0.156.20  |
| worker      | 54.204.208.138 | 10.0.251.101 |

In this blog, we’ll explore the installed Origin cluster and then launch an application to see if everything works.

Read More »

TL;DR: The default Fedora cadence for updates in the RPM streams is once a day. Until now, the OSTree-based updates cadence has matched this, but we’re changing the default OSTree update stream to match the Fedora Atomic Host image release cadence (once every two weeks).

Read More »

With the latest release of Fedora Atomic Host we are now live in DigitalOcean! This was a popular user request. Thanks to the folks at DigitalOcean and the Fedora Atomic Working Group, we now have Fedora Atomic Host as an option when creating a droplet. Go ahead and spin up a droplet in the web interface or via the doctl CLI today!

Read More »

A new Fedora Atomic Host update is available via an OSTree commit:

Commit: 0715ce81064c30d34ed52ef811a3ad5e5d6a34da980bf35b19312489b32d9b83
Version: 26.91

This is the second release for Fedora 26 Atomic Host. This contains a newer version of Kubernetes with fixes for the bug that was in the original release of the Fedora Atomic 26 tree.

Users of built-in Kubernetes on Fedora Atomic Host can now rebase onto the version 26 ref. We will be releasing a few blogs shortly about upgrading your existing hosts.

Read More »

Introduction

In July we put out the first and second releases of Fedora 26 Atomic Host. In this blog post we’ll cover updating an existing Fedora 25 Atomic Host system to Fedora 26. We’ll cover preparing the system for upgrade and performing the upgrade.

Read More »

A new Fedora Atomic Host update is available via an OSTree commit:

Commit: f6331bcd14577e0ee43db3ba5a44e0f63f74a86e3955604c20542df0b7ad8ad6
Version: 26.101

In this release we have fixed an issue with our qcow and vagrant images from the 20170723 release. If you used the qcow or vagrant images from that release then please make sure you are following the fedora/26/x86_64/atomic-host ref. See this Atomic Working Group issue for more details.

Read More »

A new Fedora Atomic Host update is available via an OSTree commit:

Commit: 13ed0f241c9945fd5253689ccd081b5478e5841a71909020e719437bbeb74424
Version: 26.110

Warnings

Hardware Issue: During our testing phase we found an issue where on a specific hardware platform we could not boot after installing from the ISO images, or after updating to this release. If you experience similar behavior please use the previous ISO image. For existing machines, users with affected hardware should either wait for the next two-week release to upgrade, or switch to the updates ref where the issue is already fixed.

Kubernetes: We have also been notified by users that there are firewall issues with Docker 1.13 and Kubernetes.

Read More »

Introduction

This week we put out the first release of Fedora 27 Atomic Host. Some quick notes:

• In Fedora 27 Atomic Host we removed kubernetes from the base OSTree. We will have a post tomorrow about the upgrade steps for Kubernetes users.

• For Fedora 27 we are currently sticking with the non-unified repo approach as opposed to a unified repo. TL;DR nothing is changing for now but we expect to implement a unified repo as described here during the F27 release cycle.

For today we’ll talk about updating an existing Fedora 26 Atomic Host system to Fedora 27. We’ll cover preparing the system for upgrade and performing the upgrade.

Read More »

A new Fedora Atomic Host update is available via an OSTree commit. This update contains an important security patch.

Version: 27.47
Commit(x86_64): 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76
Commit(aarch64): 25965b64256417d7dfed37511ffe0cf842ebe64bd6adc8c57a3c603dcfd79885
Commit(ppc64le): c0d0a28a01fd363dfc317e3418935efae6d728a718320dfb3709c4282160f20f

This is a security related release of Fedora Atomic Host to address CVE-2017-5754 (Meltdown). This release does not yet handle the Spectre vulnerabilities, CVE-2017-5753 and CVE-2017-5715. Those will come in a future update. For more information see the Red Hat knowledgebase article.

kernel-4.14.11-300.fc27.x86_64 fixes BZ1530826 related to CVE-2017-5754. It also fixes some other CVEs as well. See the attached bugs to the bodhi update for more information.

Read More »

In this week’s release of Fedora Atomic Host we have an updated kernel (the spectre patches are slowly working their way out), and an updated docker with a security fix. We also are including firewalld in the ostree now, but we are not enabling it by default. I’ll post a follow up blog post on this topic in the next day or two.

The new Fedora Atomic Host update is available via an OSTree update:

Version: 27.61

• Commit(x86_64): 772ab185b0752b0d6bc8b2096d08955660d80ed95579e13e136e6a54e3559ca9
• Commit(aarch64): 598626fd61dc6ed4b702159e50b6029ee70a527e855fce7d8e61a870b141f893
• Commit(ppc64le): 16ce78ee689066f582dbfc0672dab1706051fefab496fcebd8109d58738eb8fe

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy. Systems on Fedora Atomic 26 can be upgraded using rpm-ostree rebase. Refer to the upgrade guide for more details.

Read More »

TL;DR

Fedora Atomic Host (and derivatives) will now include the firewalld package in the base OSTree that is tested, delivered, and released every two weeks. Existing users should observe no change as it won’t be enabled by default.

Firewalld in Atomic Host

In the past we have had requests to have firewalld in Atomic Host to enable a better interface into firewall management for administrators and management software. It turns out that if you have lots of rules to manage, or even multiple pieces of software trying to manage different sets of rules on a single system, then iptables becomes a limitation pretty quickly.

Atomic Host users do have the ability to package layer firewalld, but live changes to the host are currently experimental. Since rebooting during system provisioning in certain environments is not desirable, and firewalld is relatively small, the Fedora Atomic Working Group decided to include firewalld in the base OSTree.

In order to not affect existing users the firewalld service will be disabled by default. Existing users should observe no change in behavior. Users who want to use firewalld can enable/start the service and start using it immediately.

Read More »

In this week’s release of Fedora Atomic Host we have a new kernel, ostree/rpm-ostree, glibc, and cloud-utils-growpart (fixes for aarch64 partition resize issues).

The new Fedora Atomic Host update is available via an OSTree update:

Version: 27.72

• Commit(x86_64): 39848372585a65dc63fb3052f997139b8b30d6b55ce378337db3664177489d28
• Commit(aarch64): 8048d384f231f90a7479cf94bfe94053970fb9a0f196ba4485d779696db81fa1
• Commit(ppc64le): 3fce2908406e41e2ffe533908e840f44311576befe7e49396d1894407341aef9

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy.

Read More »

In this week’s release of Fedora Atomic Host we have a new kernel, Atomic CLI, and runc.

A new Fedora Atomic Host update is available via an OSTree update:

Version: 27.81

• Commit(x86_64): b25bde0109441817f912ece57ca1fc39efc60e6cef4a7a23ad9de51b1f36b742
• Commit(aarch64): bb5bc5afbf27333a70c1f3bf8d0117baa45e862e0440be5c779cd5f0bb35aab4
• Commit(ppc64le): e484af3c5a5c88c0de486eee195dff4c6c7ef41d07c41b5d356305db237066d7

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy.

Read More »

Fedora Atomic Host 27.93 is available. We have a new kernel (4.15), ostree, and rpm-ostree in this release.

It is also worth noting that now the rpm-ostree status output will prefix the remote:ref with ostree:// in order to denote the system is following an ostree repository remote (see example below). This is in preparation of some upstream changes related to rpm-ostree rojig, where updates can be delivered via a special rpm in a yum repo rather than an ostree server/remote.

Read More »

Fedora Atomic Host Version 27.122 update is available via an OSTree update:

• Commit(x86_64): 931ebb3941fc49af706ac5a90ad3b5a493be4ae35e85721dabbfd966b1ecbf99
• Commit(aarch64): 837cd0c5e3a5656316ebf6142315ac107c8592d5c8d64a02e8a62919eee9f46f
• Commit(ppc64le): a1f565d73f1f1b6f6d7ef992251f21a704c4a8de40c41fc62be69c5ec2a65329

We apologize for the delay in getting this release out the door. As a bonus for the wait we have AMIs that are available in additional regions (ap-northeast-2, ap-south-1). We’ll be adding additional regions (the remaining missing regions) next release.

Additionally, this will most likely be our last release of Fedora 27 Atomic Host. Very soon Fedora 28 will be released and we will be picking up with our releases in the Fedora 28 stream. We will have plenty of announcements and content around Fedora 28 release time so watch this space for that!

Read More »

Introduction

RPM-OSTree/OSTree conveniently allows you to rollback if you upgrade and don’t like the upgraded software. This is done by keeping around the old deployment; the old software you booted in to. After a single upgrade you’ll have a booted deployement and the rollback deployment. On the next upgrade the current rollback deployment will be discarded and the current booted deployment will become the new rollback deployment.

Typically these two deployments are all that is kept around. However, recently a new pinning feature was added that allows the user to pin a deployment to make sure it doesn’t get garbage collected.

Read More »

Welcome to Fedora CoreOS

Earlier this year Red Hat acquired CoreOS, Inc.. In the past few months we have been working hard to evaluate the different technologies in the CoreOS Container Linux and Project Atomic spaces. Since Container Linux and Atomic Host overlap in functionality quite a bit we have decided to merge future development of the two projects so that we can combine our efforts and bring two great communities of people together to solve future challenges in the transactional update and container operating system landscape.

Read More »

Introduction

This week we put out the first release of Fedora 29 Atomic Host. This will be the last major release of Fedora Atomic Host as we prepare for Fedora CoreOS which will be released in Fedora 30.

In this post we’ll quickly list some known issues and then talk about updating an existing Fedora 28 Atomic Host system to Fedora 29. We’ll cover preparing the system for upgrade and performing the upgrade.

Read More »

TL;DR Fedora 29 will be End Of Life soon. With it Fedora Atomic Host will have its last incremental release (based on the Fedora 29 stream). Please move to the Fedora CoreOS preview if you can.

Read More »