CoreOS
I keep forgetting stuff, so here I will be placing the useful CoreOS related commands.
building rhcos
A simple recipe to build latest RHCOS image: source: https://github.com/openshift/os/blob/master/docs/development-rhcos.md
$ mkdir rhcos
$ cd rhcos
$ mkdir rhcos-4.15
$ cd rhcos-4.15
$ cosa shell # provided your cosa environment is set up - example below under `cosa func`
$ export COREOS_ASSEMBLER_ADD_CERTS='y'
$ export RHCOS_REPO="https://your.rhcos.repo.example.com/coreos/redhat-coreos.git"
$ cosa init --yumrepos "${RHCOS_REPO}" --branch release-4.15 https://github.com/openshift/os.git
$ cosa fetch
$ cosa build
Final result:
$ ls builds/
415.92.202312121624-0 builds.json latest
$ ls builds/latest/x86_64/
commitmeta.json manifest.json rhcos-415.92.202312121624-0-ostree.x86_64-manifest.json
coreos-assembler-config-git.json manifest-lock.generated.x86_64.json rhcos-415.92.202312121624-0-ostree.x86_64.ociarchive
coreos-assembler-config.tar.gz meta.json rhcos-415.92.202312121624-0-qemu.x86_64.qcow2
coreos-assembler-yumrepos-git.json ostree-commit-object
cosa func
cosa() {
env | grep COREOS_ASSEMBLER
local -r COREOS_ASSEMBLER_CONTAINER_LATEST="quay.io/coreos-assembler/coreos-assembler:latest"
if [[ -z ${COREOS_ASSEMBLER_CONTAINER} ]] && $(podman image exists ${COREOS_ASSEMBLER_CONTAINER_LATEST}); then
local -r cosa_build_date_str="$(podman inspect -f "{{.Created}}" ${COREOS_ASSEMBLER_CONTAINER_LATEST} | awk '{print $1}')"
local -r cosa_build_date="$(date -d ${cosa_build_date_str} +%s)"
if [[ $(date +%s) -ge $((cosa_build_date + 60*60*24*7)) ]] ; then
echo -e "\e[0;33m----" >&2
echo "COSA is outdated." >&2
# echo "podman pull ${COREOS_ASSEMBLER_CONTAINER_LATEST}" >&2
# echo -e "----\e[0m" >&2
pp
sleep 10
fi
fi
set -x
podman run --rm -ti --security-opt=label=disable --privileged \
--uidmap=1000:0:1 --uidmap=0:1:1000 --uidmap=1001:1001:64536 \
-v=${PWD}:/srv/ --device=/dev/kvm --device=/dev/fuse \
--tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa \
${COREOS_ASSEMBLER_CONFIG_GIT:+-v=$COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro} \
${COREOS_ASSEMBLER_GIT:+-v=$COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro} \
${COREOS_ASSEMBLER_ADD_CERTS:+-v=/etc/pki/ca-trust:/etc/pki/ca-trust:ro} \
${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS} \
${COREOS_ASSEMBLER_CONTAINER:-$COREOS_ASSEMBLER_CONTAINER_LATEST} "$@"
rc=$?; set +x; return $rc
}
# Playing around with customisation:
Running the iscisi
adamsky@laptop Work/coreos-assembler (pr/testiscsi %) » podman run --rm -ti --security-opt=label=disable --privileged \
--uidmap=1000:0:1 --uidmap=0:1:1000 --uidmap=1001:1001:64536 \
-v=${PWD}:/srv/ --device=/dev/kvm --device=/dev/fuse \
--tmpfs=/tmp -v=/var/tmp:/var/tmp \
-v=/home/adamsky/Work/coreos-assembler-hacking/:/srv/fcos \
--name=cosa quay.io/coreos-assembler/coreos-assembler:latest shell
[coreos-assembler]$ cd fcos
[coreos-assembler]$ pwd
/srv/fcos
[coreos-assembler]$ ls
builds cache overrides src tmp
[coreos-assembler]$ ../mantle/build kola
Building kola
[coreos-assembler]$ ../bin/kola testiso -S iso-install-iscsi
cosa shell
./mantle/build kola
./bin/kola list | grep coreos.unique.boot.failure
./bin/kola run -b fcos --qemu-image fedora-coreos-38.20230918.dev.0-qemu.x86_64.qcow2 coreos.unique.boot.failure
[coreos-assembler]$ ./mantle/build kola
Building kola
[coreos-assembler]$ ./bin/kola run -b fcos --qemu-image fedora-coreos-38.20230918.dev.0-qemu.x86_64.qcow2 coreos.unique.boot.failure
podman run --rm -ti --security-opt=label=disable --privileged --uidmap=1000:0:1 --uidmap=0:1:1000 --uidmap=1001:1001:64536 -v=${PWD}:/srv/ --device=/dev/kvm --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp -v=/home/adamsky/Work/coreos-assembler-hacking/:/srv/fcos --name=cosa quay.io/coreos-assembler/coreos-assembler:latest shell
cosa spawn and zincati
Here’s how to spawn a new cosa vm on aws, while having direct access to its cli:
10253 mkdir cosa_test
10254 cd cosa_test
10255 cosa init https://github.com/coreos/fedora-coreos-config
10256 cosa buildfetch --stream stable --artifact qemu
10257 cp ../cosa_test/cred .
10258 ls
10259 cosa kola spawn -b fcos --stream=stable -p=aws --aws-region=us-east-1 --aws-type=i3.large --aws-credentials-file cred
Format of the credentials file:
[default]
aws_access_key_id=ABRACADABRA
aws_secret_access_key=50m35ecr3t4w5k3y
region = us-east-1
output = text
Checking zincati logs
[bound] -bash-5.2$ journalctl -u zincati
May 22 10:32:48 ip-172-31-41-244 systemd[1]: Starting zincati.service - Zincati Update Agent...
May 22 10:32:48 ip-172-31-41-244 zincati[1910]: [INFO zincati::cli::agent] starting update agent (zincati 0.0.30)
May 22 10:32:49 ip-172-31-41-244 zincati[1910]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
May 22 10:32:49 ip-172-31-41-244 zincati[1910]: [INFO zincati::cli::agent] agent running on node '7bd11cadfe1a457cbfebe3118fae9a56', in update group 'default'
May 22 10:32:49 ip-172-31-41-244 zincati[1910]: [WARN zincati::update_agent::actor] initialization complete, auto-updates logic disabled by configuration
May 22 10:32:49 ip-172-31-41-244 systemd[1]: Started zincati.service - Zincati Update Agent.
When however updates are [automatically disabled](https://github.com/coreos/coreos-assembler/blob/6ec2120eca938b4678a9c683a567dd562a73b7b7/mantle/platform/cluster.go#L271-L272) look for the *disable-auto-updates.toml in:
[bound] -bash-5.2$ pwd
/etc/zincati/config.d
[bound] -bash-5.2$ cat 90-disable-auto-updates.toml
[updates]
enabled = false
After the above is found, remove it and restart zincati (it now should work fine):
[bound] -bash-5.2$ systemctl restart zincati
[bound] -bash-5.2$ journalctl -u zincati
May 22 12:05:29 ip-172-31-24-128 systemd[1]: Starting zincati.service - Zincati Update Agent...
May 22 12:05:29 ip-172-31-24-128 zincati[1908]: [INFO zincati::cli::agent] starting update agent (zincati 0.0.30)
May 22 12:05:30 ip-172-31-24-128 zincati[1908]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
May 22 12:05:30 ip-172-31-24-128 zincati[1908]: [INFO zincati::cli::agent] agent running on node '9450a569670a4d5cbf5495b6ee33dc7b', in update group 'default'
May 22 12:05:30 ip-172-31-24-128 zincati[1908]: [WARN zincati::update_agent::actor] initialization complete, auto-updates logic disabled by configuration
May 22 12:05:30 ip-172-31-24-128 systemd[1]: Started zincati.service - Zincati Update Agent.
May 22 12:07:11 ip-172-31-24-128 systemd[1]: Stopping zincati.service - Zincati Update Agent...
May 22 12:07:11 ip-172-31-24-128 systemd[1]: zincati.service: Deactivated successfully.
May 22 12:07:11 ip-172-31-24-128 systemd[1]: Stopped zincati.service - Zincati Update Agent.
May 22 12:07:11 ip-172-31-24-128 systemd[1]: Starting zincati.service - Zincati Update Agent...
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::cli::agent] starting update agent (zincati 0.0.30)
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::cli::agent] agent running on node '9450a569670a4d5cbf5495b6ee33dc7b', in update group 'default'
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::update_agent::actor] registering as the update driver for rpm-ostree
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::update_agent::actor] initialization complete, auto-updates logic enabled
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::strategy] update strategy: immediate
May 22 12:07:12 ip-172-31-24-128 systemd[1]: Started zincati.service - Zincati Update Agent.
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::update_agent::actor] reached steady state, periodically polling for updates
May 22 12:07:12 ip-172-31-24-128 zincati[2276]: [INFO zincati::cincinnati] current release detected as not a dead-end
Notice the key line changed from auto-updates logic disabled by configuration to auto-updates logic enabled — this confirms zincati is now actively polling for updates.