If you'd like to:
- Build your own copy of the Atomic Fedora or Atomic CentOS test images, or
- Compose and serve up updates or different package sets for an Atomic host...
...then this might be the howto for you.
Atomic hosts are made of regular, already-built RPMs, composed into trees with rpm-ostree. These trees are built into qcow2 images (or into installable ISOs, but I'm not covering that here, yet).
Once up and running, an Atomic host can be updated by pointing to an updated tree. (If the update isn't satisfactory, you can then roll back, atomicly)
You don't have to build your own qcow2 to have a custom Atomic host. You can compose your own updates and apply them, or even rebase to a completely different tree. (I've rebased between CentOS and Fedora, for instance)
If you're going to start with an existing Atomic host (for instance, one installed from this or that image), you can compose and serve up a new tree from a Docker container.
# git clone https://github.com/jasonbrooks/byo-atomic.git
# docker build --rm -t $USER/atomicrepo byo-atomic/.
# docker run --privileged -d -p 80:80 --name atomicrepo $USER/atomicrepo
# docker exec -it atomicrepo bash
Once inside the container, start by running nscd
, which addresses an issue with how yum, when run through rpm-ostree, resolves repositories.
# cd sig-atomic-buildscripts
If you'd like to add some more packages to your tree, add them in the file centos-atomic-host.json
before proceeding with the compose command:
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo centos-atomic-host.json
The CentOS sig-atomic-buildscripts repo currently includes some key packages built in and hosted from the CentOS Community Build System. The CBS repos rebuild every 10 minutes, so if your rpm-ostree fails out w/ a repository not found sort of error, wait a few minutes and run the command again.
The master branch of the fedora-atomic repo contains the definitions required to compose a rawhide-based Fedora Atomic host. If you'd rather compose a f21-based Fedora Atomic host, you'll need to:
# cd fedora-atomic
# git checkout f21
If you'd like to add some more packages to your tree, add them in the file fedora-atomic-docker-host.json
before proceeding with the compose command:
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo fedora-atomic-docker-host.json
The compose step will take some time to complete. When it's done, you should be able to visit $YOURHOSTIP/repo and see your new rpm-ostree repo.
To configure an Atomic host to receive updates from your build machine, edit (as root) the file /etc/ostree/remotes.d/centos-atomic.conf
or /etc/ostree/remotes.d/fedora-atomic.conf
and replace the address in the line beginning with url=
with your host IP. If gpg-verify=true
, you'll need to change it to false.
With your repo configured, you can check for updates with the command sudo rpm-ostree upgrade
, followed by a reboot. Don't like the changes? You can rollback with sudo rpm-ostree rollback
, followed by another reboot.
This section is in need of update. Check out Brent Baude's blog post for your image-building needs.
First, build and configure the builder. Install Fedora 21 (Fedora 20 or CentOS 7 can work, too, but F21 includes the rpm-ostree packages we need by default, now, so that's what I'm using here). You can build trees and images for Fedora or CentOS from the same builder, and the versions don't have to match.
Disable selinux by changing enforced
to disabled
in /etc/selinux/config
and then systemctl reboot
to complete selinux disabling. While we're never happy about disabling SELinux, it's necessary (for now) to disable it on your builder in order to enable it on the Atomic instances you build.
The rpm-ostree commands below need to be run as root or w/ sudo, but for some reason, the image-building part of the process is only working for me while running as root (not sudo), so I log in as root and work in /root
.
# yum install -y git rpm-ostree rpm-ostree-toolbox nss-altfiles yum-plugin-protectbase
# git clone --recursive https://github.com/jasonbrooks/byo-atomic.git
Initialize the ostree repository:
# mkdir -p /srv/rpm-ostree/repo && ostree --repo=/srv/rpm-ostree/repo init --mode=archive-z2
Now, we'll set up hosting of the repository from which our eventual Atomic hosts will fetch upgrades (optional if only building images):
# yum install -y httpd firewalld
# cat > /etc/httpd/conf.d/rpm-ostree.conf <<EOF
DocumentRoot /srv/rpm-ostree
<Directory "/srv/rpm-ostree">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
EOF
# systemctl daemon-reload &&
systemctl enable httpd &&
systemctl start httpd &&
systemctl reload httpd &&
firewall-cmd --add-service=http &&
firewall-cmd --add-service=http --permanent
Next, we compose a tree for our Atomic host image:
This repository includes submodules that provide the *.json files maintained by the Fedora Cloud SIG (keeper of the Atomic Fedora definition) and the Atomic CentOS SIG. If you'd like to add some more packages to your tree, add them in the file sig-atomic-buildscripts/centos-atomic-cloud-docker-host.json
or fedora-atomic/fedora-atomic-docker-host.json
before proceeding.
# cd /root/byo-atomic/sig-atomic-buildscripts
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo centos-atomic-cloud-docker-host.json
This step will take a while to complete. When it's finished, you can move on to creating the disk image:
# export LIBGUESTFS_BACKEND=direct
# rpm-ostree-toolbox create-vm-disk /srv/rpm-ostree/repo centos-atomic-host centos/7/atomic/x86_64/cloud-docker-host centos-atomic.qcow2
# cd /root/byo-atomic/fedora-atomic
# git checkout f21
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo fedora-atomic-docker-host.json
This step will take a while to complete. When it's finished, you can move on to creating the disk image:
# export LIBGUESTFS_BACKEND=direct
# rpm-ostree-toolbox create-vm-disk /srv/rpm-ostree/repo fedora-atomic-host fedora-atomic/f21/x86_64/docker-host f21-atomic.qcow2
After you've created your image(s), future runs of the rpm-ostree compose tree
command will add updated packages to your repo, which you can pull down to an Atomic instance. For more information on updating, see "Configuring your Atomic instance to receive updates," below.
These scripts produce qcow2 images, which are ready to use with OpenStack or with virt-manager/virsh. To produce *.vdi images, use qemu-img to convert:
qemu-img convert -f qcow2 c7-atomic.qcow2 -O vdi c7-atomic.vdi
Your atomic images will be born with no root password, so it's necessary to supply a password or key to log in using cloud-init. If you're using a virtualization application without cloud-init support, such as virt-manager or VirtualBox, you can create a simple iso image to provide a key or password to your image when it boots.
To create this iso image, you must first create two text files.
Create a file named "meta-data" that includes an "instance-id" name and a "local-hostname." For instance:
instance-id: Atomic0
local-hostname: atomic-00
The second file is named "user-data," and includes password and key information. For instance:
#cloud-config
password: atomic
chpasswd: {expire: False}
ssh_pwauth: True
ssh_authorized_keys:
- ssh-rsa AAA...SDvz user1@yourdomain.com
- ssh-rsa AAB...QTuo user2@yourdomain.com
Once you have completed your files, they need to packaged into an ISO image. For instance:
# genisoimage -output atomic0-cidata.iso -volid cidata -joliet -rock user-data meta-data
You can boot from this iso image, and the auth details it contains will be passed along to your Atomic instance.
For more information about creating these cloud-init iso images, see http://cloudinit.readthedocs.org/en/latest/topics/datasources.html#config-drive.