Installing Fedora CoreOS on a VPS in OVHcloud (OVH)

3 minute read

This is a guide to install a Fedora CoreOS on a VPS in OVHcloud (OVH). Although this guide is focused on OVHcloud, those steps should work on any bare-metal offering with an option to boot on a live rescue system based on a classic Linux distribution.

Why Fedora CoreOS?

Fedora CoreOS is an automatically-updating, minimal operating system for running containerized workloads securely and at scale. It is currently available on multiple platforms, with more coming soon.

See also the main Fedora CoreOS page and the Getting started guide. The main advantages of Fedora CoreOS are:

  • Fresh software: As it is based on Fedora, you regularly get fresh and updated software with all the latest features, from the Linux kernel and systemd to podman.
  • Safe updates: Updates are performed atomically and can be roll-backed in case of issues.
  • Containers focused: The system only contains the strict necessary without sacrificing security and everything else can be run in SELinux isolated containers.

Why an OVHcloud VPS?

The OVHcloud VPS are low cost virtual servers with unmetered network traffic, replicated storage and KVM console access. Those features make them a good option for personal servers.

Preparing an Ignition config

Fedora CoreOS does not have a classic installer but instead relies on Ignition for first boot configuration when launched in supported cloud providers and on bare-metal.

For this article, we will create the most basic configuration that only sets an SSH public key.

Setting up fcct

To create Ignition configs, we will use the Fedora CoreOS Config Transpiler (fcct) that will convert an easy to read YAML file into the JSON configuration that is understood by Ignition. To get fcct, you can pick your favorite option from the documentation.

Setting up an SSH Key for the core user

We will start with the following configuration:

$ cat config.yaml
variant: fcos
version: 1.1.0
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-ed25519 XYZ...

Verify it and convert it to Ignition format with:

$ fcct --strict config.yaml --output config.ign

We are now ready to install Fedora CoreOS on the system.

Installation from rescue mode

Booting up in rescue mode

As there is currently no official support for Fedora CoreOS on OVHcloud, we will do a bare-metal-like installation from a rescue boot.

To boot into the Rescue mode, you need to go into your OVHcloud console and select the Boot -> Reboot into rescue mode option in the interface. You should then receive temporary credentials to access the rescue system.

Installing Fedora CoreOS

To install Fedora CoreOS, we will use the official coreos-installer container image. The rescue system is a Debian 10 based live system on which we can easily install podman:

$ apt-get -y install gnupg2
$ echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list
$ echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
$ curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/Release.key | sudo apt-key add -
$ apt-get update
$ apt-get -y -t buster-backports install libseccomp2
$ apt-get -y install podman

You can then copy your Ignition config into a file on the serverwith scp, use lsblk to figure out which disk is the system disk and finally use this command to install Fedora CoreOS:

$ podman run --pull=always --privileged --rm \
    -v /dev:/dev -v /run/udev:/run/udev -v .:/data -w /data \
    quay.io/coreos/coreos-installer:release \
    install /dev/sdb -i config.ign

This will download the latest stable Fedora CoreOS release and install it on the disk.

Make sure to reboot your VPS out of the rescue mode via the interface in order to boot the freshly install system (and not the rescue image again).

Accessing the freshly installed server

You should now be able to connect to your freshly installed Fedora CoreOS system using the correponding SSH key.

Conclusion

We now have a simple Fedora CoreOS server installed on a VPS in OVHcloud. Stay tuned for a longer post that will cover a more automated and hardened installation from an Ignition configuration.

Updated:

Comments


Comments are disabled on this blog. Please contact me directly if you have feedback.