This is a guide to install a Fedora CoreOS on a VPS in OVHcloud (OVH). Although this guide is focused on OVHcloud, those steps should work on any bare-metal offering with an option to boot on a live rescue system based on a classic Linux distribution.
Why Fedora CoreOS?
Fedora CoreOS is an automatically-updating, minimal operating system for running containerized workloads securely and at scale. It is currently available on multiple platforms, with more coming soon.
- Fresh software: As it is based on Fedora, you regularly get fresh and updated software with all the latest features, from the Linux kernel and systemd to podman.
- Safe updates: Updates are performed atomically and can be roll-backed in case of issues.
- Containers focused: The system only contains the strict necessary without sacrificing security and everything else can be run in SELinux isolated containers.
Why an OVHcloud VPS?
The OVHcloud VPS are low cost virtual servers with unmetered network traffic, replicated storage and KVM console access. Those features make them a good option for personal servers.
Preparing an Ignition config
Fedora CoreOS does not have a classic installer but instead relies on Ignition for first boot configuration when launched in supported cloud providers and on bare-metal.
For this article, we will create the most basic configuration that only sets an SSH public key.
To create Ignition configs, we will use the Fedora CoreOS Config Transpiler (
fcct) that will convert an easy to read YAML file into the JSON configuration that is understood by Ignition. To get
fcct, you can pick your favorite option from the documentation.
Setting up an SSH Key for the
We will start with the following configuration:
$ cat config.yaml variant: fcos version: 1.1.0 passwd: users: - name: core ssh_authorized_keys: - ssh-ed25519 XYZ...
Verify it and convert it to Ignition format with:
$ fcct --strict config.yaml --output config.ign
We are now ready to install Fedora CoreOS on the system.
Installation from rescue mode
Booting up in rescue mode
As there is currently no official support for Fedora CoreOS on OVHcloud, we will do a bare-metal-like installation from a rescue boot.
To boot into the Rescue mode, you need to go into your OVHcloud console and select the
Boot -> Reboot into rescue mode option in the interface. You should then receive temporary credentials to access the rescue system.
Installing Fedora CoreOS
To install Fedora CoreOS, we will use the official
coreos-installer container image. The rescue system is a Debian 10 based live system on which we can easily install podman:
$ apt-get -y install gnupg2 $ echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list $ echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list $ curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/Release.key | sudo apt-key add - $ apt-get update $ apt-get -y -t buster-backports install libseccomp2 $ apt-get -y install podman
You can then copy your Ignition config into a file on the serverwith
lsblk to figure out which disk is the system disk and finally use this command to install Fedora CoreOS:
$ podman run --pull=always --privileged --rm \ -v /dev:/dev -v /run/udev:/run/udev -v .:/data -w /data \ quay.io/coreos/coreos-installer:release \ install /dev/sdb -i config.ign
This will download the latest stable Fedora CoreOS release and install it on the disk.
Make sure to reboot your VPS out of the rescue mode via the interface in order to boot the freshly install system (and not the rescue image again).
Accessing the freshly installed server
You should now be able to connect to your freshly installed Fedora CoreOS system using the correponding SSH key.
We now have a simple Fedora CoreOS server installed on a VPS in OVHcloud. Stay tuned for a longer post that will cover a more automated and hardened installation from an Ignition configuration.