CoreOS Container Server
Create an Image
# get coreos image
podman run --pull=always --rm -v $HOME/.local/share/libvirt/images/:/data -w /data quay.io/coreos/coreos-installer:release download -s "${STREAM}" -p qemu -f qcow2.xz --decompress
alias coreos-dl='podman run --pull=always --rm -v $(pwd):/data -w /data quay.io/coreos/coreos-installer:release download -s stable --decompress'
# for vultr run:
coreos-dl -p vultr -f raw.xz
# for others run:
coreos-dl -p metal -f raw.xz
# upload to temporary storageyou can also create an iso with the ign embedded:
boot rescue mode, ssh to server: get the link for the raw image from:
- https://getfedora.org/en/coreos/download?tab=metal_virtualized&stream=stable&arch=x86_64 or from:
- https://builds.coreos.fedoraproject.org/streams/stable.json
curl "https://builds.coreos.fedoraproject.org/streams/stable.json" | jq '{metal_raw_xz: .architectures.x86_64.artifacts.metal.formats."raw.xz".disk.location, vultr_raw_xz: .architectures.x86_64.artifacts.vultr.formats."raw.xz".disk.location, do_qcow2_xz: .architectures.x86_64.artifacts.digitalocean.formats."qcow2.gz".disk.location}'In this example we set up a knot dns server
export COREOS_DISK="https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/36.20220703.3.1/x86_64/fedora-coreos-36.20220703.3.1-metal.x86_64.raw.xz"
# write image directlt to disk:
curl -sL $COREOS_DISK | xz -d | dd of=/dev/sda status=progress
# generate ignition file:
alias butane="podman run --interactive --rm quay.io/coreos/butane:release --pretty --strict"
butane < coreos-knot.bu > coreos-knot.ign
# mount boot and write ignition file
mount /dev/sda3 /mnt
mkdir /mnt/ignition
vi /mnt/ignition/config.ign
umount /mnt
systemctl rebootAfter setting up the server we need to configure it
sudo podman run -it --rm -v /tmp/knot-rundir:/rundir:Z docker.io/cznic/knot:latest knotcIn the shell that opens we can configure the server to listen on port 53 with the following commands
conf-begin
conf-set server.listen 0.0.0.0@53
conf-set server.listen ::@53
conf-commit
exitafter the configuration we have to restart the server with one of the follwing ways
sudo podman stop knot-dns
sudo rm /tmp/knot-rundir/knot.pid
sudo podman start knot-dns
# or run
sudo systemctl restart knot-dnscheck that it’s now listening on the correct port
sudo ss -tulpnexample butan config
base config
variant: fcos
version: 1.4.0
passwd:
users:
- name: core
groups:
- wheel
ssh_authorized_keys:
- >-
ssh-ed25519
AAAAC3......
example@example.comKnot DNS example
variant: fcos
version: 1.4.0
passwd:
users:
- name: core
groups:
- wheel
ssh_authorized_keys:
- >-
ssh-ed25519
AAAAC3......
example@example.com
storage:
files:
- path: /etc/systemd/resolved.conf
mode: 0644
overwrite: true
contents:
inline: |
[Resolve]
DNSStubListener=no
systemd:
units:
- name: knot-dns.service
enabled: true
contents: |
[Unit]
Description=Knot DNS
After=network-online.target
Wants=network-online.target
[Service]
Environment=POD=docker.io/cznic/knot:latest
Environment=POD_NAME=knot-dns
Environment=POD_DATA=/var/knot
Environment=POD_RUN=/tmp/knot-rundir
Environment=POD_ID=53
ExecStartPre=-/bin/podman kill ${POD_NAME}
ExecStartPre=-/bin/podman rm ${POD_NAME}
ExecStartPre=-/bin/rm -f ${POD_RUN}/knot.pid
ExecStartPre=-/bin/podman pull ${POD}
ExecStartPre=-sh -c '/bin/test -f "${POD_DATA}" || /bin/install -d -o ${POD_ID} -g ${POD_ID} "${POD_DATA}" && /bin/podman run --rm -v ${POD_DATA}:/storage:Z ${POD} knotc conf-init'
ExecStartPre=-/bin/install -d -o ${POD_ID} -g ${POD_ID} ${POD_RUN}
ExecStart=/bin/podman run --name ${POD_NAME} -v ${POD_DATA}:/storage:Z -v ${POD_RUN}:/rundir:Z --network host ${POD} knotd
ExecStop=/bin/podman stop ${POD_NAME}
[Install]
WantedBy=multi-user.targetrestart
![[Pasted image 20221019232427.png]]