Bringing the Cloud to your Laptop: Provisioning Fedora CoreOS VMs in minutes on Mac OSX with QEMU+Ignition
I recently wrote an article for how to get a Ubuntu 20.04 VM booted in QEMU with cloud-init and wanted to provide similar steps for another popular cloud provisioning utility: Ignition. Ignition is the provisioning tool used by Red Hat CoreOS and Fedora CoreOS to initialize a machine from a base cloud image. Ignition is utilized whenever a Red Hat CoreOS machine first boots up in any Openshift 4 environment. This article provides a technical walkthrough of the Ignition process by executing the bootup of a Fedora CoreOS machine on Mac OSX with the QEMU machine emulator. There is a script in the “Fully Automated Approach” section of this article that results in a running Fedora CoreOS VM for those that want to skip the technical walkthrough.
To accomplish this goal, the QEMU virtual machine monitor for Mac needs to be installed so VMs can be launched. Brew can be used to install these packages:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
brew install qemu
brew install jqNow that those dependencies are installed the cloud image from Fedora needs to be downloaded. Note the default cloud image only has a couple Gigabytes of primary disk space so the commands below will resize the primary disk to 30 Gigabytes to give the reader more disk space for any experiments he or she wants to run in the Fedora CoreOS VM.
mkdir -p /tmp/fedoracoreosqemu/image
cd /tmp/fedoracoreosqemu/image
DOWNLOAD_URL=$(curl https://builds.coreos.fedoraproject.org/streams/stable.json | jq -r '.architectures.x86_64.artifacts.qemu.formats["qcow2.xz"].disk.location')
curl "$DOWNLOAD_URL" --output fedora-coreos-qemu.x86_64.qcow2.xz
unxz fedora-coreos-qemu.x86_64.qcow2.xz
qemu-img resize /tmp/fedoracoreosqemu/image/fedora-coreos-qemu.x86_64.qcow2 30GNext, the Ignition configuration file needs to be generated. This file will be sent into the VM which the Ignition process will read to determine how to configure the machine when it first boots. The config generated below will add a public ssh key into the authorized keys file of the core user.
mkdir -p /tmp/fedoracoreosqemu/ignitionmetadata
cd /tmp/fedoracoreosqemu/ignitionmetadata
ssh-keygen -b 2048 -t rsa -f id_rsa_fedoracoreosboot -P ""
chmod 0600 /tmp/fedoracoreosqemu/ignitionmetadata/id_rsa_fedoracoreosboot
PUBLIC_KEY=$(cat /tmp/fedoracoreosqemu/ignitionmetadata/id_rsa_fedoracoreosboot.pub)
cat <<EOF >/tmp/fedoracoreosqemu/ignitionmetadata/ignitionconfig.ign
{
"ignition": {
"config": {
"replace": {
"source": null,
"verification": {}
}
},
"security": {
"tls": {}
},
"timeouts": {},
"version": "3.0.0"
},
"passwd": {
"users": [
{
"name": "core",
"sshAuthorizedKeys": [
"${PUBLIC_KEY}"
]
}
]
},
"storage": {},
"systemd": {}
}
EOFEverything is now in place to boot the Fedora CoreOS VM. The following command is going to pass the ignition metadata to the machine as a firmware configuration (fw_cfg) device and allow the reader to connect to the Fedora CoreOS VM over ssh. The command below takes in the image, metadata, and specs of the VM (memory, CPU, network) and boots the machine up in the QEMU environment.
qemu-system-x86_64 -m 2048 -smp 4 -hda /tmp/fedoracoreosqemu/image/fedora-coreos-qemu.x86_64.qcow2 -fw_cfg name=opt/com.coreos/config,file=/tmp/fedoracoreosqemu/ignitionmetadata/ignitionconfig.ign -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5556-:22 -nographicThe VM is now beginning the boot process. Monitor the boot logs until messages similar to the following appear (exact values will change over time but the message format will be mostly the same).
Fedora CoreOS 31.20200420.3.0
Kernel 5.5.17-200.fc31.x86_64 on an x86_64 (ttyS0)SSH host key: SHA256:QHEhs++2kpN/andhrFYTks2K5PJdyi2vuyFPZB2AcRM (ECDSA)
SSH host key: SHA256:XuvmMP30SRfZAsxiNlv9a9uylpICSoikBHaK5kwjuu0 (ED25519)
SSH host key: SHA256:5HkObSrs4Aldn/5jCzSAyayQqGnaIajwvu0HWVLJRIs (RSA)
Once those are logged, open a new terminal to ssh into the VM using the following command:
ssh -o UserKnownHostsFile=/dev/null -p 5556 -i /tmp/fedoracoreosqemu/ignitionmetadata/id_rsa_fedoracoreosboot core@localhostThe authenticity of host '[localhost]:5556 ([127.0.0.1]:5556)' can't be established.
ECDSA key fingerprint is SHA256:QHEhs++2kpN/andhrFYTks2K5PJdyi2vuyFPZB2AcRM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yesWarning: Permanently added '[localhost]:5556' (ECDSA) to the list of known hosts.Fedora CoreOS 31.20200420.3.0
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/c/server/coreos/[core@localhost ~]$
Congratulations! You now have a Fedora CoreOS machine that you can run experiments in. If you are interested in learning more about Ignition or QEMU there is online documentation listed in the “Want to Learn More” section of this article.
Fully Automated Approach
Terminal window 1 run:
Terminal window 2 run after the VM has booted up:
ssh -o UserKnownHostsFile=/dev/null -p 5556 -i /tmp/fedoracoreosqemu/ignitionmetadata/id_rsa_fedoracoreosboot core@localhostWant to Learn More
- QEMU Documentation: https://wiki.qemu.org/Documentation
- Ignition Documentation: https://docs.fedoraproject.org/en-US/fedora-coreos/fcct-config/
