-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add presentations for cloudnative meetup Berlin, FOSDEM 2024
Signed-off-by: Thilo Fromm <[email protected]>
- Loading branch information
Showing
13 changed files
with
475 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,195 @@ | ||
## Preparation | ||
|
||
You need: | ||
bzip2 curl python qemu ssh vim docker | ||
|
||
Get the second-latest Alpha version for the demos. | ||
Don't use the latest release so update demo will work. | ||
There's a helper script for that; run | ||
|
||
./fetch_os_image.sh | ||
|
||
to fetch the OS image into the local directory. | ||
The script will also create a pristine copy which can be used to re-set the | ||
base image to the default state (e.g. for re-provisioning). | ||
|
||
Lastly, download the latest wasmtime sysext from | ||
https://github.com/flatcar/sysext-bakery/releases/tag/latest | ||
(`wasmtime-17.0.1-x86-64.raw` at the time of writing) into the "webserver" | ||
sub-directory: | ||
``` | ||
( cd webserver; curl -LO \ | ||
https://github.com/flatcar/sysext-bakery/releases/tag/latest/wasmtime-17.0.1-x86-64.raw \ | ||
) | ||
``` | ||
|
||
There are 3 demos: | ||
- Provision a simple web server + content. | ||
- Update the node | ||
- Provision a custom sysext. We use wasmtime. | ||
|
||
|
||
## Provisioning Demo (provision a simple web server) | ||
|
||
|
||
Show web server butane config. Inline HTML and logo image file are interesting. | ||
Also, the config disasbles updates to not interfere with the demo. | ||
``` | ||
vim web.yaml | ||
``` | ||
|
||
Transpile to ignition. This will also inline the logo into the JSON. | ||
``` | ||
cat web.yaml | docker run --rm -v $(pwd):/files \ | ||
-i quay.io/coreos/butane:latest --files-dir /files > web.json | ||
``` | ||
|
||
Open a web browser and point it to http://localhost:8080 - nothing there. | ||
|
||
Start the VM, which will provision the web server | ||
``` | ||
./flatcar_production_qemu.sh -i web.json -p 8080-:80,hostfwd=tcp::2222 -nographic | ||
``` | ||
This will put you right on the VM's serial console. | ||
|
||
Reload http://localhost:8080 - after a few seconds the web page will appear. | ||
|
||
Run this on the VM serial console to show the files we provisioned, and that the | ||
"caddy" webserver is running. | ||
``` | ||
ls -la /srv/www/html | ||
docker ps | ||
``` | ||
|
||
## Update demo | ||
|
||
This can be done with the same deployment used for the web server demo as we're | ||
not provisoining anything new. | ||
|
||
Via the serial console, first enable update engine | ||
``` | ||
sudo systemctl unmask update-engine | ||
sudo systemctl start update-engine | ||
``` | ||
|
||
Check for update status. Most likely it will report 'idle', and that it never | ||
checked for updates. | ||
``` | ||
update_engine_client -status | ||
``` | ||
|
||
Make it check for updates. It should find an update. | ||
``` | ||
update_engine_client -check_for_update | ||
update_engine_client -status | ||
``` | ||
|
||
Run status a number of times to show download progress. | ||
``` | ||
update_engine_client -status | ||
``` | ||
Continue after status switched to "reboot required". | ||
|
||
Reload the web page at http://localhost:8080 to show the web app is still | ||
running. | ||
|
||
Show OS version and kernel version prior to reboot. | ||
``` | ||
cat /etc/os-release | ||
uname -a | ||
``` | ||
|
||
Now reboot | ||
``` | ||
sudo reboot | ||
``` | ||
The VM will restart and again put the terminal on the VM serial console. | ||
|
||
Show the new OS and kernel versions. | ||
``` | ||
cat /etc/os-release | ||
uname -a | ||
``` | ||
|
||
|
||
Show the web app alive and happy at http://localhost:8080. | ||
|
||
|
||
# Sysext demo | ||
|
||
This is a from-scratch demo with its own provisioning so we need to reset the | ||
OS image. | ||
|
||
``` | ||
cp flatcar_production_qemu_image.img.pristine flatcar_production_qemu_image.img | ||
``` | ||
|
||
The demo will need a temporary web server running on the host (we use python's | ||
built-in http:server). Flatcar from inside the VM will need a well-known IP | ||
address to connect to (`wasm.yaml` uses 172.16.0.99), so we add it to the | ||
loopback interface: | ||
``` | ||
sudo ip a a 172.16.0.99/32 dev lo | ||
``` | ||
|
||
First, show the configuration. It's much simpler this time. | ||
``` | ||
vim wasm.yaml | ||
``` | ||
|
||
Transpile to JSON | ||
``` | ||
cat wasm.yaml | docker run --rm -i quay.io/coreos/butane:latest > wasm.json | ||
``` | ||
|
||
In a separate terminal, start the web server | ||
``` | ||
cd webserver | ||
./start.sh | ||
``` | ||
You will be able to see HTTP requests served by the server in this terminal. | ||
|
||
Start Flatcar. | ||
``` | ||
./flatcar_production_qemu.sh -i wasm.json -nographic | ||
``` | ||
It's worth looking at the web server terminal while Flatcar is booting so we | ||
see Ignition requesting and downloading the wasmtime sysext. | ||
|
||
Once the Flatcar command line is available, verify the sysext was downloaded. | ||
``` | ||
ls -la /opt/extensions/wasmtime/ | ||
``` | ||
|
||
Show that sysext does not yet know of wasmtime. | ||
``` | ||
sudo systemd-sysext list | ||
``` | ||
No wasmtime. | ||
|
||
Expose wasmtime to systemd-sysext by creating a symlink to `/etc/extensions` | ||
``` | ||
sudo ln -s /opt/extensions/wasmtime/wasmtime-17.0.1-x86-64.raw \ | ||
/etc/extensions/wasmtime.raw | ||
sudo systemd-sysext list | ||
``` | ||
Systemd knows about wasmtime now but it's not merged. | ||
|
||
No wasmtime: | ||
``` | ||
wasmtime --version | ||
ls -la /usr/bin/wasmtime | ||
``` | ||
|
||
Merge it and check status | ||
``` | ||
systemd-sysext status | ||
systemd-sysext refresh | ||
systemd-sysext status | ||
``` | ||
|
||
Now it's there | ||
``` | ||
wasmtime --version | ||
ls -la /usr/bin/wasmtime | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#!/bin/bash | ||
set -euo pipefail | ||
# This will return the second-to-last alpha version | ||
version=$(curl -s "https://www.flatcar.org/releases-json/releases.json" \ | ||
| jq -r 'to_entries[] | select (.value.channel=="alpha") | .key | match("[0-9]+\\.[0-9]+\\.[0-9]+") | .string' \ | ||
| sort -Vr | head -n2 | tail -n1) | ||
|
||
board=amd64-usr | ||
# board=arm64-usr | ||
|
||
echo | ||
echo Downloading | ||
echo | ||
|
||
url="https://alpha.release.flatcar-linux.net/${board}/${version}/" | ||
curl -fLO --progress-bar --retry-delay 1 --retry 60 --retry-connrefused \ | ||
--retry-max-time 60 --connect-timeout 20 \ | ||
"${url}/flatcar_production_qemu.sh" | ||
curl -fLO --progress-bar --retry-delay 1 --retry 60 --retry-connrefused \ | ||
--retry-max-time 60 --connect-timeout 20 \ | ||
"${url}/flatcar_production_qemu_image.img.bz2" | ||
|
||
echo | ||
echo Uncompressing | ||
echo | ||
|
||
bunzip2 flatcar_production_qemu_image.img.bz2 | ||
chmod 755 flatcar_production_qemu.sh | ||
|
||
echo | ||
echo Creating pristine copy | ||
echo | ||
|
||
cp flatcar_production_qemu_image.img flatcar_production_qemu_image.img.pristine |
Binary file added
BIN
+3.86 MB
FOSDEM2024/slides/Zero-touch OS Infrastructure for Container Applications.pdf
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
variant: flatcar | ||
version: 1.0.0 | ||
|
||
storage: | ||
files: | ||
- path: /opt/extensions/wasmtime/wasmtime-13.0.0-x86-64.raw | ||
mode: 0644 | ||
contents: | ||
source: "http://172.16.0.99:8000/wasmtime-13.0.0-x86-64.raw" | ||
- path: /etc/flatcar/update.conf | ||
overwrite: true | ||
contents: | ||
inline: | | ||
REBOOT_STRATEGY=off | ||
mode: 0420 | ||
|
||
systemd: | ||
units: | ||
- name: update-engine.service | ||
mask: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
variant: flatcar | ||
version: 1.0.0 | ||
|
||
passwd: | ||
users: | ||
- name: caddy | ||
no_create_home: true | ||
groups: [ docker ] | ||
|
||
storage: | ||
files: | ||
- path: /srv/www/html/index.html | ||
mode: 0644 | ||
user: | ||
name: caddy | ||
group: | ||
name: caddy | ||
contents: | ||
inline: | | ||
<html><body align="center"> | ||
<h1>Hello FOSDEM Containers Devroom!</h1> | ||
<img src="2034px-FOSDEM_logo.svg.png" alt="FOSDEM logo" width="500px" /> | ||
</body></html> | ||
- path: /srv/www/html/2034px-FOSDEM_logo.svg.png | ||
mode: 0644 | ||
user: | ||
name: caddy | ||
group: | ||
name: caddy | ||
contents: | ||
local: 2034px-FOSDEM_logo.svg.png | ||
- path: /etc/flatcar/update.conf | ||
overwrite: true | ||
contents: | ||
inline: | | ||
REBOOT_STRATEGY=off | ||
mode: 0420 | ||
|
||
systemd: | ||
units: | ||
- name: update-engine.service | ||
mask: true | ||
- name: demo-webserver.service | ||
enabled: true | ||
contents: | | ||
[Unit] | ||
Description=KCD example static web server | ||
After=docker.service | ||
Requires=docker.service | ||
[Service] | ||
User=caddy | ||
TimeoutStartSec=0 | ||
ExecStartPre=-/usr/bin/docker rm --force caddy | ||
ExecStart=/usr/bin/docker run -i -p 80:80 --name caddy \ | ||
-v /srv/www/html:/usr/share/caddy \ | ||
docker.io/caddy caddy file-server \ | ||
--root /usr/share/caddy --access-log | ||
ExecStop=/usr/bin/docker stop caddy | ||
Restart=always | ||
RestartSec=5s | ||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
set -x | ||
|
||
python3 -m http.server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
## Provisioning Demo | ||
|
||
|
||
cat web.yaml | docker run --rm -v $(pwd):/files \ | ||
-i quay.io/coreos/butane:latest --files-dir /files > web.json | ||
|
||
./flatcar_production_qemu.sh -i web.json \ | ||
-p 8080-:80,hostfwd=tcp::2222 --nographic | ||
|
||
http://localhost:8080 | ||
|
||
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" \ | ||
core@localhost -p 2222 | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
## Update demo | ||
|
||
sudo systemctl unmask update-engine | ||
sudo systemctl start update-engine | ||
|
||
update_engine_client -status | ||
|
||
update_engine_client -check_for_update | ||
watch update_engine_client -status | ||
|
||
cat /etc/os-release | ||
uname -a | ||
sudo reboot | ||
cat /etc/os-release | ||
uname -a | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
# Sysext demo | ||
|
||
cp flatcar_production_qemu_image.img.pristine flatcar_production_qemu_image.img | ||
|
||
vim wasm.yaml (change ip address to local IP) | ||
|
||
cat wasm.yaml | docker run --rm -i quay.io/coreos/butane:latest > wasm.json | ||
|
||
./flatcar_production_qemu.sh -i wasm.json -nographic | ||
|
||
sudo ln -s /opt/extensions/wasmtime/wasmtime-13.0.0-x86-64.raw \ | ||
/etc/extensions/wasmtime.raw | ||
|
||
wasmtime | ||
ls -la /usr/bin/wasmtime | ||
|
||
systemd-sysext list | ||
systemd-sysext status | ||
systemd-sysext refresh | ||
systemd-sysext status | ||
|
||
wasmtime | ||
ls -la /usr/bin/wasmtime |
Binary file added
BIN
+3.05 MB
...e-berlin-jan-2024/Zero-touch OS Infrastructure for Container and Kubernetes Workloads.pdf
Binary file not shown.
Binary file not shown.
Oops, something went wrong.