Ignition Illustrated: The CoreOS node provisioner

Transcript

1. Josh Wood - DocOps - CoreOS @joshixisjosh9 | [email protected] |

   coreos.com/docs Ignition Illustrated: The CoreOS provisioner
2. None

3. We’re hiring in all departments! Email: [email protected] Positions: coreos.com/ careers

   90+ Projects on GitHub, 1,000+ Contributors OPEN SOURCE CoreOS.com - @coreoslinux - github/coreos Secure solutions, support plans, training + more ENTERPRISE [email protected] - tectonic.com - quay.io CoreOS Runs the World’s Containers

4. Branding: A cautionary tale ;-)

5. None
6. None
7. None
8. None
9. None
10. None

11. Early-boot provisioning utility - for clusters at scale Set up

    machine given a configuration Atomic: Boot or die! Infrastructure must be dynamic; immutable by version CoreOS Ignition

12. Runs during the first boot only The clear distinction: Ignition

    is not config management Static configuration Written in Go - self-contained; community; CoreOS fit Configuration specification and JSON How is it different than CloudInit?

13. CloudInit runs before networkd... ...so it can’t start services that

    depend on the network Ignition runs early configures networkd with the unit interface… ...and services with systemd units, then pivots “Let systemd do it.” How is it different than CloudInit (2)?

14. systemd dependency tree, knowledge, tools, community… systemd is CoreOS service

    management Atomic provisioning (“Don’t reconfigure. Reprovision.”) Static config - no “2-stage cloud-config” invoking a sh script Same semantics across environments Why use Ignition?

15. Relatively easy to read (well, ok…) Machine oriented, machine legible,

    machine generated Difficult to write - let’s generate and validate it Easy to generate - wide language and library support But why JSON?!?

16. What can Ignition do?

17. Storage - disks, partitions, md (RAID), file systems systemd &

    networkd units - services and networks - configure etcd, kubelet Users and groups - ssh and keys Remote configs - HTTP, validate a sha for the target What can Ignition do?

18. Illustrated Ignition boot process How does this work?

19. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

20. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

21. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

22. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

23. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

24. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

25. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

26. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

27. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

28. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

29. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

30. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

31. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

32. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

33. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

34. Early Userspace Userspace Bootload Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

35. Userspace Bootload Early Userspace Boot Process Ignition coreos-m etadata m

    ulti-user journald netw orkd GRUB etcd pivot netw orkd

36. Cici n’est pas un demo

37. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT ext4

38. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT ext4 /dev/vdb

39. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT ext4 /dev/vdb /dev/vdc

40. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT ext4 /dev/vdb /dev/vdc

41. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

42. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

43. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

44. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

45. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

46. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

    DATA ext4 (RAID 0)

47. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

    DATA ext4 (RAID 0)

48. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

    DATA ext4 (RAID 0) /config.json

49. Demo /dev/vda USR-A ext4 USR-B ext4 ROOT btrfs /dev/vdb /dev/vdc

    DATA ext4 (RAID 0) /config.json

50. Demo - Ignition config JSON

51. "ignition": { "version": "2.0.0" } Demo

52. "ignition": { "version": "2.0.0" } Demo

53. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

54. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

55. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

56. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

57. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

58. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

59. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

60. "disks": [ { "device": "/dev/vdb", "wipeTable": true, "partitions": [{ "label":

    "raid.1.1" }] }, { "device": "/dev/vdc", "wipeTable": true, "partitions": [{ "label": "raid.1.2" }] } ] Demo

61. "raid": [{ "devices": [ "/dev/disk/by-partlabel/raid.1.1", "/dev/disk/by-partlabel/raid.1.2" ], "level": "stripe", "name":

    "data" }] Demo

62. "raid": [{ "devices": [ "/dev/disk/by-partlabel/raid.1.1", "/dev/disk/by-partlabel/raid.1.2" ], "level": "stripe", "name":

    "data" }] Demo

63. "raid": [{ "devices": [ "/dev/disk/by-partlabel/raid.1.1", "/dev/disk/by-partlabel/raid.1.2" ], "level": "stripe", "name":

    "data" }] Demo

64. "raid": [{ "devices": [ "/dev/disk/by-partlabel/raid.1.1", "/dev/disk/by-partlabel/raid.1.2" ], "level": "stripe", "name":

    "data" }] Demo

65. "raid": [{ "devices": [ "/dev/disk/by-partlabel/raid.1.1", "/dev/disk/by-partlabel/raid.1.2" ], "level": "stripe", "name":

    "data" }] Demo

66. "filesystems": [ { "mount": { "device": "/dev/md/data", "format": "ext4", "create":

    { "force": true } }, "name": "our filesystem" } ] Demo

67. "filesystems": [ { "mount": { "device": "/dev/md/data", "format": "ext4", "create":

    { "force": true } }, "name": "our filesystem" } ] Demo

68. "filesystems": [ { "mount": { "device": "/dev/md/data", "format": "ext4", "create":

    { "force": true } }, "name": "our filesystem" } ] Demo

69. "filesystems": [ { "mount": { "device": "/dev/md/data", "format": "ext4", "create":

    { "force": true } }, "name": "our filesystem" } ] Demo

70. "filesystems": [ { "mount": { "device": "/dev/md/data", "format": "ext4", "create":

    { "force": true } }, "name": "our filesystem" } ] Demo

71. "filesystems": [ { "mount": { "device": "/dev/md/data", "format": "ext4", "create":

    { "force": true } }, "name": "our filesystem" } ] Demo

72. "files": [{ "filesystem": "our filesystem", "path": "/config.json", "mode": 292, "contents":

    { "source": "http://192.168.179.1/demo.ignition" } }] Demo

73. "files": [{ "filesystem": "our filesystem", "path": "/config.json", "mode": 292, "contents":

    { "source": "http://192.168.179.1/demo.ignition" } }] Demo

74. "files": [{ "filesystem": "our filesystem", "path": "/config.json", "mode": 292, "contents":

    { "source": "http://192.168.179.1/demo.ignition" } }] Demo

75. "files": [{ "filesystem": "our filesystem", "path": "/config.json", "mode": 292, "contents":

    { "source": "http://192.168.179.1/demo.ignition" } }] Demo

76. "files": [{ "filesystem": "our filesystem", "path": "/config.json", "mode": 292, "contents":

    { "source": "http://192.168.179.1/demo.ignition" } }] Demo

77. "files": [{ "filesystem": "our filesystem", "path": "/config.json", "mode": 292, "contents":

    { "source": "http://192.168.179.1/demo.ignition" } }] Demo

78. { "ignition": { "version": "2.0.0", "config": { "replace": { "source":

    "http://192.168.179.1/demo.ign", "verification": { "hash": "sha512-98d…" } } } } } Demo

79. • Bare metal and PXE • EC2 • Azure •

    Google GCP GCE • VMware • coreos.com/ignition/docs/latest/supported-platforms. html Where? - Platforms and providers

80. Config verification/encryption/transport sec (HTTPS) Config generation tooling (YAML → Ignition.json)

    More supported platforms Your ingenious contributions! What’s next?

81. See also: • coreos.com/ignition • github.com/coreos/ignition • github.com/coreos/fuze (EXPERIMENTAL) •

    https://youtu.be/rYZ4Lb_n5i4

82. Thank you! Josh Wood @joshixisjosh9 | [email protected] | github.com/joshix We’re

    hiring in all departments! Email: [email protected] Positions: coreos.com/ careers