Platform Request: Oracle Cloud Infrastructure (OCI)

[chris93111]

Initial request

Hello

I would like use fedora coreos in oracle cloud , i try with vmdk it's work the os boot but i can't login with ssh key or password , i have inderstand cloud-init it's not compatible for inject ign

How i can i do ? It's possible to edit my vmdk for inject a basic ign in waiting better solution ?

Thanks

---

New platform template

In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can.

• [ ] Why is the platform important? Who uses it?

• [ ] What is the official name of the platform? Is there a short name that's commonly used in client API implementations?

• [ ] How can the OS retrieve instance userdata? What happens if no userdata is provided?

• [ ] Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided?

• [ ] How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service?

• [ ] In particular, how can the OS retrieve the system hostname?

• [ ] Does the platform require the OS to have a specific console configuration?

• [ ] Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required?

• [ ] Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository?

• [ ] How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected?

• [ ] Are there any other platform quirks we should know about?

[dustymabe]

migrated here from https://discussion.fedoraproject.org/t/how-install-fedora-coreos-on-other-cloud-provider/17801

[chris93111]

baremetal is not available with custom image , coreos.autologin=tty1 it's available in fedora coreos ?

[dustymabe]

baremetal is not available with custom image ,

you could try using the vmdk and try catching the machine on bootup and supply a ignition.config.url=http://example.com/config.ign kernel arg and see if that works for you.

coreos.autologin=tty1 it's available in fedora coreos ?

see https://github.com/coreos/fedora-coreos-tracker/issues/112

[chris93111]

no i not see error in boot log , but also i not see load config ignition

@dustymabe kernel arg it's ok ?

''' load_video
set gfxpayload=keep
insmod gzio
linux ($root)/ostree/fedora-coreos-19190477fad0e60d605a623b86e06bb92aa318b6b79\ f78696b06f68f262ad5d6/vmlinuz-5.4.17-200.fc31.x86_64 mitigations=auto,nosmt sy\ stemd.unified_cgroup_hierarchy=0 console=tty0 console=ttyS0,115200n8 ostree=/\ ostree/boot.1/fedora-coreos/19190477fad0e60d605a623b86e06bb92aa318b6b79f78696b\ 06f68f262ad5d6/0 ignition.config.url=https://$mybucket/chris.ign
initrd ($root)/ostree/fedora-coreos-19190477fad0e60d605a623b86e06bb92aa318b6b7\ 9f78696b06f68f262ad5d6/initramfs-5.4.17-200.fc31.x86_64.img '''

[chris93111]

@dustymabe thanks the #112 worked for me :D

i tryed ignition.config.url with ignition.firstboot and it's partial work , the url is request but i think the network is not up

[dustymabe]

i tryed ignition.config.url with ignition.firstboot and it's partial work , the url is request but i think the network is not up

make sure you're also passing rd.neednet=1 and ip=dhcp

[bgilbert]

OCI was briefly supported in Ignition and Afterburn under the platform name oracle-oci. https://github.com/coreos/ignition/pull/537 and https://github.com/coreos/afterburn/pull/86 were the PRs that removed it.

At that time, OCI bare metal nodes (at least) had an iSCSI-based root disk. I don't know if that has changed.

[lucab]

I recently noticed that OCI now offers aarch64 machines on Ampere Altra processors, so I gave it a try (but didn't otherwise check the x86_64 instances).

It looks like the actual instances (VM.Standard.A1.Flex shape) are paravirtualized machines running on qemu/kvm with UEFI support. They support booting through a virtualized "Boot Volume" directly attached to the VM, which allows avoiding the iSCSI mess. There seem to be advanced options to enable TPM and SecureBoot, but I wasn't able to turn them on (possibly due to a limitation on my account/resources). I tried all our streams and didn't see particular issues, current stable that I'm running is 35.20211029.3.0 booted through UEFI on a metal image. I had to bootstrap/install them with coreos-installer through another distro/VM in order to pre-provision the boot volumes for FCOS machines. No particular tricks, other than a --append-karg "ignition.config.url=..." for the Ignition configuration.

Networking goes through DHCP, and it has options to separately provide the hostname and the search-domain. It seems to work fine on FCOS, in the initramfs too (ignition-files stage was happy when fetching some remote resources). I didn't check the metadata endpoint, but it seems well covered in the docs and overall sane.

There is a JS-based virtual console which can be attached to a VM on demand. It doesn't require extra plugins, it's text-based, and for a quick check it worked quite well.

[dustymabe]

Thanks @lucab for the insight into the platform!

[travier]

Updated to match new platform issue template.

[dominikbayerl]

I am currently working on this over here: https://github.com/dominikbayerl/ignition/tree/feat/oraclecloud

I am planning to use the instance metadata service (IMDS) to fetch the extendedMetadata attribute for the VM instance. Some notes:

• essentially, all you need is a single cURL request to fetch the configuration. Thus, I am not yet sure, if Ignition is the correct place to add this, or if one should just add a custom systemd-Unit to fetch the config on first boot. Comments on this are very welcome!
• the extendedMetadata-attribute has a size limit of 32 KB. For larger configurations you'll probably have to use a shim config to load the real configuration from f.e. a HTTP object storage bucket
• there are also some changes necessary in afterburn to support the handling of network config and SSH keys. No progress on that yet.

[bgilbert]

Instance metadata fetch usually only requires a single HTTP request. :slightly_smiling_face: It should still be done in Ignition, though. Note that Ignition and Afterburn previously had support for OCI, so you may be able to dig through the Git history (https://github.com/coreos/fedora-coreos-tracker/issues/414#issuecomment-596855759) and use the old code as a starting point.

[lucab]

@bgilbert if we re-add support for this platform, do you want to keep the previous platform ID (oracle-oci) or introduce a new one (I see @dominikbayerl's commit is using oraclecloud)?

[bgilbert]

oracle-oci was always kind of awkward. oraclecloud seems reasonable to me.

[travier]

Folks interested for initial support for this platform in Fedora CoreOS should open an issue with the emerging platform template and follow the steps there. Thanks!

[jlebon]

Some info re. Oracle Cloud support in https://github.com/coreos/fedora-coreos-tracker/issues/1590#issuecomment-1795626520.

Filling in more details mentioned in some of the discussions above. Oracle Cloud has both VM and bare metal shapes/instance types with differences that affect us.

VMs don't require any special handling and just a platform ID restamp should suffice.

For bare metal, the boot disk is exposed as an iSCSI target and the OS must be configured to look for it. This is done with rd.iscsi.firmware=1. Adding ip=ibft is also preferable (that karg is deprecated in favour of rd.iscsi.ibft=1 but Afterburn needs to be enhanced to treat it as it would an ip karg and not emit the default ip=auto karg).

To avoid having to have separate images for each, I think what we could do is have logic that injects rd.iscsi.firmware=1 into /etc/cmdline.d if it detects that we booted off of iSCSI (e.g. iscsiadm -m fw, or just looking at the iBFT parameters in sysfs). To leverage the regular iSCSI activation paths in dracut, that needs to happen before dracut-cmdline.service.

Note that OCP is looking to add support for Oracle Cloud in the near future, but in a way that completely sidesteps this by treating it like a bare metal target (AFAICT you can't boot live ISOs in Oracle Cloud, but they're planning to boot a "live qcow2" for the install phase).

[chris93111]

Hi @jlebon , i try to boot fedora coreos on OCI Oracle cloud with vm x86_64 and (Openstack Qcow2) but nothing appear as boot With OCP and rhcos is work correctly nothing is needed just import qcow and boot

They are something needed to do with the plateformID ?

[jlebon]

Oracle Cloud is not yet supported as is. In OCP, we actually treat it like a bare metal installation on top of iSCSI. That same logic should work with FCOS, but of course ideally we have proper platform support.

[chris93111]

it's work on vm, is needed to unpack de xz of the fedora coreos on oci, rhcos is gz

i have now okd on vm with ccm/csi oci without probleme thanks

[travier]

I started documenting what we have in https://github.com/coreos/fedora-coreos-docs/pull/652