Blog

How-to: Install Fedora CoreOS at Hetzner Cloud

Introduction

This tutorial will guide you how to provision vServer machines at Hetzner Cloud with the latest version of Fedora CoreOS, using Terraform Infrastructure as Code (IaC).

Prerequisites

Step 1 – Install Terraform Hetzner Cloud Provider

Create a new folder as the working directory for the next steps, e.g. terraform-coreos, and create a versions.tf file with the following content:

# versions.tf

terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
    }
  }
  required_version = ">= 0.13"
}

Now execute terraform init to install the Terraform Hetzner Cloud Provider.

Step 2 – Build coreos-installer ๐Ÿ”จ

Currently the coreos-installer is not available as a binary. Therefore, you need to install rust’s package manager cargo and build the binary on a linux-machine with cargo install --target-dir . coreos-installer.

The resulting binary will later be copied by Terraform to the vServer in rescue mode, so you have to move it as coreos-installer into your working directory. Building the binary in rescue mode on the vServer will fail, if there is not enough space on the initramfs (like on cx11).

Step 3 – Terraform configuration ๐Ÿค“

Step 3.1 – Required configuration files

To instruct Terraform how to setup and configure your servers, create a main.tf file:

# main.tf

####
# Variables
##

variable "hcloud_token" {
  description = "Hetzner Cloud API Token"
  type = string
}

variable "ssh_public_key_file" {
  description = "Local path to your public key"
  type = string
  default = "~/.ssh/id_rsa.pub"
}

variable "ssh_public_key_name" {
  description = "Name of your public key to identify at Hetzner Cloud portal"
  type = string
  default = "My-SSH-Key"
}

variable "hcloud_server_type" {
  description = "vServer type name, lookup via `hcloud server-type list`"
  type = string
  default = "cx11"
}

variable "hcloud_server_datacenter" {
  description = "Desired datacenter location name, lookup via `hcloud datacenter list`"
  type = string
  default = "fsn1-dc14"
}

variable "hcloud_server_name" {
  description = "Name of the server"
  type = string
  default = "www1"
}

# Update version to the latest release of fcct
variable "tools_fcct_version" {
  description = "See https://github.com/coreos/fcct/releases for available versions"
  type = string
  default = "0.6.0"
}



####
# Infrastructure config
##

provider "hcloud" {
  token = var.hcloud_token
}

resource "hcloud_ssh_key" "key" {
  name = var.ssh_public_key_name
  public_key = file(var.ssh_public_key_file)
}

resource "hcloud_server" "master" {
  name = var.hcloud_server_name
  labels = { "os" = "coreos" }

  server_type = var.hcloud_server_type
  datacenter = var.hcloud_server_datacenter

  # Image is ignored, as we boot into rescue mode, but is a required field
  image = "fedora-32"
  rescue = "linux64"
  ssh_keys = [hcloud_ssh_key.key.id]

  connection {
    host = hcloud_server.master.ipv4_address
    timeout = "5m"
    agent = true
    # Root is the available user in rescue mode
    user = "root"
  }

  # Copy config.yaml and replace $ssh_public_key variable
  provisioner "file" {
    content = replace(file("config.yaml"), "$ssh_public_key", trimspace(file(var.ssh_public_key_file)))
    destination = "/root/config.yaml"
  }

  # Copy coreos-installer binary, as initramfs has not sufficient space to compile it in rescue mode
  provisioner "file" {
    source = "coreos-installer"
    destination = "/usr/local/bin/coreos-installer"
  }

  # Install Fedora CoreOS in rescue mode
  provisioner "remote-exec" {
    inline = [
      "set -x",
      # Convert ignition yaml into json using fcct
      "wget -O /usr/local/bin/fcct 'https://github.com/coreos/fcct/releases/download/v${var.tools_fcct_version}/fcct-x86_64-unknown-linux-gnu'",
      "chmod +x /usr/local/bin/fcct",
      "fcct --strict < config.yaml > config.ign",
      # coreos-installer binary is copied, if you have sufficient RAM available, you can also uncomment the following
      # two lines and comment-out the `chmod +x` line, to build coreos-installer in rescue mode
      # "apt install cargo",
      # "cargo install coreos-installer",
      "chmod +x /usr/local/bin/coreos-installer",
      # Download and install Fedora CoreOS to /dev/sda
      "coreos-installer install /dev/sda -i /root/config.ign",
      # Exit rescue mode and boot into coreos
      "reboot"
    ]
  }

  # Configure CoreOS after installation
  provisioner "remote-exec" {
    connection {
      host = hcloud_server.master.ipv4_address
      timeout = "1m"
      agent = true
      # This user is configured in config.yaml
      user = "core"
    }

    inline = [
      "sudo hostnamectl set-hostname ${hcloud_server.master.name}"
      # Add additional commands if needed
    ]
  }
}

Additionally we need a Fedore CoreOS Configuration file named config.yaml:

# For docs, see: https://docs.fedoraproject.org/en-US/fedora-coreos/fcct-config/

variant: fcos
version: 1.1.0

passwd:
  users:
    - name: core
      groups:
        - docker
        - wheel
        - sudo
      ssh_authorized_keys:
        # Will be replaced by terraform script
        - $ssh_public_key
      # If you need ssh password login, generate hash via `openssl passwd -1` and insert it below
      # password_hash: $1$1234567890abcdef...

# If you need ssh password login, uncomment the following lines
#
# storage:
#   files:
#     - path: /etc/ssh/sshd_config.d/20-enable-passwords.conf
#       mode: 0644
#       contents:
#         inline: |
#           # Fedora CoreOS disables SSH password login by default.
#           # Enable it.
#           # This file must sort before 40-disable-passwords.conf.
#           PasswordAuthentication yes

Step 3.2 – Adjust the configuration files

In the section Variables of the main.tf, adjust the default values for ssh_public_keyssh_public_key_namehcloud_server_typehcloud_server_datacenter and hcloud_server_name to your needs or add a terraform.tfvars file to set your desired settings.

Optionally, have a look at the config.yaml. This file will be used by the coreos-installer to configure the OS. For the first try, you should leave it as it is. But after successful provisioning, you want to add systemd service definitions to run containers on it.

Step 4 – Get it up and running! ๐Ÿš€

Run terraform apply, enter your Hetzner Cloud API Token if prompted, and let the magic be done!

After a successful installation, you will see the message Apply complete! Resources: 2 added, 0 changed, 0 destroyed..

terraform show now outputs you all information about your new machine:

# hcloud_server.master:
resource "hcloud_server" "master" {
    backups      = false
    datacenter   = "fsn1-dc14"
    id           = "1234567"
    image        = "fedora-32"
    ipv4_address = "<88.xxx.xxx.xxx>"
    ipv6_address = "<2a01:xxxx:xxxx:xxxx::1>"
    ipv6_network = "<2a01:xxxx:xxxx:xxxx::/64>"
    keep_disk    = false
    labels       = {
        "os" = "coreos"
    }
    location     = "fsn1"
    name         = "www1"
    rescue       = "linux64"
    server_type  = "cx11"
    ssh_keys     = [
        "1234567",
    ]
    status       = "running"
}

As defined in the config.yaml, a new user core has been added, so you can ssh via ssh core@<88.xxx.xxx.xxx> to your fresh Fedora CoreOS machine!

Step 5 – Do it again ๐Ÿ”‚

You can now incrementally fill the two configuration files, to setup your services/containers. Run terraform destroy, confirm with yes and now adjust the files and recreate the infrastructure via terraform apply. But keep a look at the Hetzner Cloud Portal to ensure that there haven’t been spawned any “ghost machines” ๐Ÿ‘ป

Conclusion

You have now a fully working Fedora CoreOS machine at Hetzner Cloud, set up with Terraform.ย 

Repint:https://community.hetzner.com/tutorials/howto-hcloud-terraform-fedora-coreos

Posted

in

by

admin

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *