Project News

When Project Atomic got off the ground in April, I wrote a blog post about how anyone could Build Your Own Atomic host, based on Fedora 20. Since that time, there have been some changes in the rpm-ostree tooling used to produce these images.

What’s more, there’s a new distro on the block, CentOS 7, that you may wish to build into an Atomic host. Part of what’s great about the Atomic model is the way it can apply to different distributions. Here’s our chance to play with that.

The tooling around creating Atomic images is still in flux, and will continue to change (for the better). For now, tough, here’s an updated guide to building your own Atomic host(s), based on Fedora 20 or on CentOS 7.

First, build and configure the builder:

Install Fedora 20 (CentOS 7 can work, too, with some tweaking, but here I’m stick with Fedora). You can build trees and images for Fedora or CentOS from the same builder.

Disable selinux by changing enforced to disabled in /etc/selinux/config and then systemctl reboot to complete selinux disabling. While we’re never happy about disabling SELinux, it’s necessary (for now) to disable it on your builder in order to enable it on the Atomic instances you build.

The rpm-ostree commands below need to be run as root or w/ sudo, but for some reason, the image-building part of the process is only working for me while running as root (not sudo), so I log in as root and work in /root.

# yum install -y git
# git clone https://github.com/jasonbrooks/byo-atomic.git
# mv byo-atomic/walters-rpm-ostree-fedora-20-i386.repo /etc/yum.repos.d/
# yum install -y rpm-ostree rpm-ostree-toolbox nss-altfiles yum-plugin-protectbase httpd

Now, edit /etc/nsswitch.conf change lines passwd: files and group: files to passwd: files altfiles and group: files altfiles (details).

Then, edit /etc/libvirt/qemu.conf to uncomment the line user = "root" and systemctl restart libvirtd.

Now, we’ll set up a repository from which our eventual Atomic hosts will fetch upgrades:

# mkdir -p /srv/rpm-ostree/repo && cd /srv/rpm-ostree/ && sudo ostree --repo=repo init --mode=archive-z2
# cat > /etc/httpd/conf.d/rpm-ostree.conf <<EOF
DocumentRoot /srv/rpm-ostree
<Directory "/srv/rpm-ostree">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
EOF
# systemctl daemon-reload &&
systemctl enable httpd &&
systemctl start httpd &&
systemctl reload httpd &&
firewall-cmd --add-service=http &&
firewall-cmd --add-service=http --permanent

Next, build the Atomic host:

The *.json files in the c7 and f20 directories contain the definitions for these Atomic hosts. The *-atomic-base.json file contains the list of repositories to include. The git repo I’ve pointed to includes the *.repo files you need. If you wish to add others, put them in the c7 or f20 folder and reference them in centos-atomic-base.json or fedora-atomic-base.json.

The *-atomic-server-docker-host.json files pull in the base json files, and add additional packages. To add or remove packages, edit fedora-atomic-server-docker-host.json or centos-atomic-server-docker-host.json.

For CentOS 7:

# cd /root/byo-atomic/c7
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo centos-atomic-server-docker-host.json
# rpm-ostree-toolbox create-vm-disk /srv/rpm-ostree/repo centos-atomic-host centos-atomic/7/x86_64/server/docker-host c7-atomic.qcow2

For Fedora 20:

# cd /root/byo-atomic/f20
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo fedora-atomic-server-docker-host.json
# rpm-ostree-toolbox create-vm-disk /srv/rpm-ostree/repo fedora-atomic-host fedora-atomic/20/x86_64/server/docker-host f20-atomic.qcow2

After you’ve created your image(s), future runs of the rpm-ostree compose tree command will add updated packages to your repo, which you can pull down to an Atomic instance. For more information on updating, see Configuring your Atomic instance to receive updates, below.

Converting images to .vdi (if desired)

These scripts produce qcow2 images, which are ready to use with OpenStack or with virt-manager/virsh. To produce *.vdi images, use qemu-img to convert:

qemu-img convert -f qcow2 c7-atomic.qcow2 -O vdi c7-atomic.vdi

How to log in?

Your atomic images will be born with no root password, so it’s necessary to supply a password or key to log in using cloud-init. If you’re using a virtualization application without cloud-init support, such as virt-manager or VirtualBox, you can create a simple iso image to provide a key or password to your image when it boots.

To create this iso image, you must first create two text files.

Create a file named meta-data that includes an instance-id name and a local-hostname. For instance:

instance-id: Atomic0
local-hostname: atomic-00

The second file is named user-data, and includes password and key information. For instance:

#cloud-config
password: atomic
chpasswd: {expire: False}
ssh_pwauth: True
ssh_authorized_keys:
  - ssh-rsa AAA...SDvz user1@yourdomain.com
  - ssh-rsa AAB...QTuo user2@yourdomain.com

Once you have completed your files, they need to packaged into an ISO image. For instance:

# genisoimage -output atomic0-cidata.iso -volid cidata -joliet -rock user-data meta-data

You can boot from this iso image, and the auth details it contains will be passed along to your Atomic instance.

For more information about creating these cloud-init iso images, see http://cloudinit.readthedocs.org/en/latest/topics/datasources.html#config-drive.

Configuring your Atomic instance to receive updates

As created using these instructions, your Atomic image won’t be configured to receive updates. To configure your image to receive updates from your build machine, edit (as root) the file /ostree/repo/config and add a section like this:

[remote "centos-atomic-host"]
url=http://$YOUR_BUILD_MACHINE/repo
branches=centos-atomic/7/x86_64/server;
gpg-verify=false

Or, for Fedora:

[remote "fedora-atomic-host"]
url=http://$YOUR_BUILD_MACHINE/repo
branches=fedora-atomic/20/x86_64/server;
gpg-verify=false

With your repo configured, you can check for updates with the command sudo rpm-ostree upgrade, followed by a reboot. Don’t like the changes? You can rollback with rpm-ostree rollback, followed by another reboot.

Till Next Time

If you run into trouble following this walkthrough, I’ll be happy to help you get up and running or get pointed in the right direction. Ping me at jbrooks in #atomic on freenode irc or @jasonbrooks on Twitter. Also, be sure to check out the Project Atomic Q&A site.

These days it’s easier than ever to contribute to Cockpit. Here’s how.

Make sure you have it installed and running. Then checkout the cockpit sources and link the modules directory into your home directory.

$ git clone https://github.com/cockpit-project/cockpit.git
$ mkdir -p ~/.local/share
$ ln -snf $(pwd)/cockpit/modules ~/.local/share/cockpit

Now log into Cockpit with your own user login. Any changes you make in the modules subdirectory of the cockpit javascript or HTML that you checked out, should be visible immediately after a refresh.

If you want to hack on other parts of Cockpit, such as the backend, there’s a handy guide here:

https://github.com/cockpit-project/cockpit/blob/master/HACKING.md

You can file issues you run into here:

https://github.com/cockpit-project/cockpit/issues/new

And finally you can see what we’re working on at our Trello board:

https://trello.com/b/mtBhMA1l/cockpit

Have fun!

One of the most interesting things about Project Atomic is how much work is going on, even as the project seems to be standing still. After the discussions Joe and I have had at OSCON this past week, I can safely say the work around containers is moving so fast that it almost seems that if you blink you will miss it.

Atomic is not the usual open source project, in that there’s not really code to download and install as a separate package. Rather, Project Atomic a combination of a lot of upstream projects that will be integrated within CentOS and Fedora. And, of course, Red Hat plans to build and distribute its own Red Hat Enterprise Linux Atomic Host.

Because Atomic’s small but growing community is using upstream projects like Apache Mesos, Google’s Kubernetes, and Docker, community members are submitting new code and features to those projects on almost a daily basis.

Case in point: yesterday Red Hat’s Derek Carr let us know that a new feature he was working on for Kubernetes had been merged into that project: the capability to manage Vagrant clusters with Kubernetes.

Kubernetes is just one of the orchestration tools that will be included in Atomic for container management, and the inclusion of Vagrant support is a key move to get more developer involvement. While developers have long coded Linux applications, many programmers prefer Apple’s hardware for their needs. Vagrant is very useful tool enabling them to have the best of both worlds.

Specifically, Kubernetes users will be able to spin up a local Vagrant cluster of Fedora machines running a single master with N minions. Kubernetes will reuse existing Salt configuration scripts to provision master and minions. Carr has also added support to run on Red Hat-based operating systems, where systemd manages installed services.

Carr has tested this on Vagrant 1.6.2, and it is recommended that users who want to test this feature use this version or higher of Vagrant. Head on over to GitHub and test this new feature today.

If you’ve been hoping for a bare-metal version of a Fedora Atomic host, there’s good news! I’ve finally gotten time to work on Fedora/Atomic more, and have created a functional installer ISO based on Fedora Rawhide.

You can grab the ISO from http://rpm-ostree.cloud.fedoraproject.org/project-atomic/install/rawhide/20140708.0/.

Unlike the other images we’ve produced for Atomic proof-of-concepts, this is designed to be installed on bare metal. None of the trees contain cloud-init, but this will install directly using Anacona to bare metal.

It contains a cache of the tree content inside it, similar to how the Fedora DVD includes many packages, and the Fedora LiveCD just copies itself.

To Receive Updates

To get updates after installation, you’ll need to run a few commands:

# ostree remote add fedora-atomic http://rpm-ostree.cloud.fedoraproject.org/repo
# atomic rebase fedora-atomic:

Let me explain those two commands a bit more. The first adds a new remote with the location of the current (hopefully temporary) OSTree repository. (For more information on the temporary part, see: https://lists.fedoraproject.org/pipermail/infrastructure/2014-June/014447.html.

Now the second command is effectively shorthand for:

atomic rebase fedora-atomic:fedora-atomic/rawhide/x86_64/server/docker-host

Basically that way you don’t have to retype the branch name. It’s shorthand, because you could also rebase to one of the other available trees (such as server/virt-host).

An important next step here is going to be integrating cloud init by default so that we can use the same tree on both baremetal and cloud. (Unlike mainline where cloud-init is a package only installed on the cloud images by default; we can’t do that without ~doubling the number of trees right now).

If you have feedback, questions, or ideas on improving the Atomic host, please join the atomic-devel mailing list, ask over on ask.projectatomic.io, or leave a comment here. This is still a work in progress, and we’re looking forward to your feedback!

Today we proposed a CentOS Atomic Host Special Interest Group (SIG) on the CentOS Devel mailing list. Since Project Atomic isn’t in the business of producing its own distribution, the idea is to work within the CentOS community to develop an Atomic Host based on CentOS.

If you’re interested in participating, the discussion about the SIG will take place on the CentOS devel mailing list. Work on the project will be coordinated on the Atomic devel mailing list.

The next step for the proposal is to have it reviewed by the CentOS Board. The next board meeting is on July 9th, so we hope to have the SIG accepted at that time and make headway towards getting the first CentOS Atomic Host release out the door.

The full proposal is below. If you have comments, please raise them on the CentOS devel or Atomic devel mailing lists.

Read More »