Ignition Illustrated: The CoreOS node provisioner

Transcript

Josh Wood - DocOps - CoreOS @joshixisjosh9 | [email protected] |

coreos.com/docs Ignition Illustrated: The CoreOS provisioner

None

We’re hiring in all departments! Email: [email protected] Positions: coreos.com/ careers

90+ Projects on GitHub, 1,000+ Contributors OPEN SOURCE CoreOS.com - @coreoslinux - github/coreos Secure solutions, support plans, training + more ENTERPRISE [email protected] - tectonic.com - quay.io CoreOS Runs the World’s Containers

Branding: A cautionary tale ;-)

None

Early-boot provisioning utility - for clusters at scale Set up

machine given a configuration Atomic: Boot or die! Infrastructure must be dynamic; immutable by version CoreOS Ignition

Runs during the first boot only The clear distinction: Ignition

is not config management Static configuration Written in Go - self-contained; community; CoreOS fit Configuration specification and JSON How is it different than CloudInit?

CloudInit runs before networkd... ...so it can’t start services that

depend on the network Ignition runs early configures networkd with the unit interface… ...and services with systemd units, then pivots “Let systemd do it.” How is it different than CloudInit (2)?

systemd dependency tree, knowledge, tools, community… systemd is CoreOS service

management Atomic provisioning (“Don’t reconfigure. Reprovision.”) Static config - no “2-stage cloud-config” invoking a sh script Same semantics across environments Why use Ignition?

Relatively easy to read (well, ok…) Machine oriented, machine legible,

machine generated Difficult to write - let’s generate and validate it Easy to generate - wide language and library support But why JSON?!?

What can Ignition do?

Storage - disks, partitions, md (RAID), file systems systemd &

networkd units - services and networks - configure etcd, kubelet Users and groups - ssh and keys Remote configs - HTTP, validate a sha for the target What can Ignition do?