Merge pull request #9 from flatcar/t-lo/add-oscamp-kubernetes-2024

add oscamp kubernetes 2024
flatcar · Apr 23, 2024 · 6c513ac · 6c513ac
2 parents 29fb927 + a3991f3
commit 6c513ac
Show file tree

Hide file tree

Showing 7 changed files with 315 additions and 0 deletions.
diff --git a/oscamp-kubernetes-2024/OSCamp2024_Headerbild.png b/oscamp-kubernetes-2024/OSCamp2024_Headerbild.png
diff --git a/oscamp-kubernetes-2024/README.md b/oscamp-kubernetes-2024/README.md
@@ -0,0 +1,201 @@
+## Preparation
+
+You need:
+bzip2 curl python qemu ssh vim docker
+
+Get the second-latest Alpha version for the demos.
+Don't use the latest release so update demo will work.
+There's a helper script for that; run
+
+./fetch_os_image.sh
+
+to fetch the OS image into the local directory.
+The script will also create a pristine copy which can be used to re-set the
+base image to the default state (e.g. for re-provisioning).
+
+Lastly, download the latest wasmtime sysext from
+https://github.com/flatcar/sysext-bakery/releases/tag/latest
+(`wasmtime-18.0.1-x86-64.raw` at the time of writing) into the "webserver"
+sub-directory:
+```
+( cd webserver; curl -LO \
+  https://github.com/flatcar/sysext-bakery/releases/download/latest/wasmtime-18.0.1-x86-64.raw \
+)
+```
+
+There are 3 demos:
+- Provision a simple web server + content.
+- Update the node
+- Provision a custom sysext. We use wasmtime.
+
+
+## Provisioning Demo (provision a simple web server)
+
+
+Show web server butane config. Inline HTML and logo image file are interesting.
+Also, the config disasbles updates to not interfere with the demo.
+```
+vim web.yaml
+```
+
+Transpile to ignition. This will also inline the logo into the JSON.
+```
+cat web.yaml | docker run --rm -v $(pwd):/files \
+    -i quay.io/coreos/butane:latest --files-dir /files  > web.json
+```
+
+Open a web browser and point it to http://localhost:8080 - nothing there.
+
+Start the VM, which will provision the web server
+```
+./flatcar_production_qemu.sh -i web.json -p 8080-:80,hostfwd=tcp::2222 -nographic
+```
+This will put you right on the VM's serial console.
+
+Reload http://localhost:8080 - after a few seconds the web page will appear.
+
+Run this on the VM serial console to show the files we provisioned, and that the
+"caddy" webserver is running.
+```
+ls -la /srv/www/html
+docker ps
+```
+
+## Update demo
+
+This can be done with the same deployment used for the web server demo as we're
+not provisioning anything new.
+
+Via the serial console, first enable update engine
+```
+sudo systemctl unmask update-engine
+sudo systemctl start update-engine
+```
+
+Check for update status. Most likely it will report 'idle', and that it never
+checked for updates.
+```
+update_engine_client -status
+```
+
+Make it check for updates. It should find an update.
+```
+update_engine_client -check_for_update
+update_engine_client -status
+```
+
+Run status a number of times to show download progress.
+```
+update_engine_client -status
+```
+Continue after status switched to "reboot required".
+
+Reload the web page at http://localhost:8080 to show the web app is still
+running.
+
+Show OS version and kernel version prior to reboot.
+```
+cat /etc/os-release
+uname -a
+```
+
+Now reboot
+```
+sudo reboot
+```
+The VM will restart and again put the terminal on the VM serial console.
+
+Show the new OS and kernel versions.
+```
+cat /etc/os-release
+uname -a
+```
+
+
+Show the web app alive and happy at http://localhost:8080.
+
+
+# Sysext demo
+
+This is a from-scratch demo with its own provisioning so we need to reset the
+OS image.
+Power off the machine if it's still running
+```
+sudo shutdown now --poweroff
+```
+
+Now overwrite the OS image with the pristine backup
+```
+cp flatcar_production_qemu_image.img.pristine flatcar_production_qemu_image.img
+```
+
+
+The demo will need a temporary web server running on the host (we use python's
+built-in http.server). Flatcar from inside the VM will need a well-known IP
+address to connect to (`wasm.yaml` uses 172.16.0.99), so we add it to the
+loopback interface:
+```
+sudo ip a a 172.16.0.99/32 dev lo
+```
+
+First, show the configuration. It's much simpler this time.
+```
+vim wasm.yaml
+```
+
+Transpile to JSON
+```
+cat wasm.yaml | docker run --rm -i quay.io/coreos/butane:latest > wasm.json
+```
+
+In a separate terminal, start the web server to serve the wasmtime sysext
+```
+cd webserver
+ls -la
+./start.sh
+```
+You will be able to see HTTP requests served by the server in this terminal.
+
+Start Flatcar.
+```
+./flatcar_production_qemu.sh -i wasm.json -nographic
+```
+It's worth looking at the web server terminal while Flatcar is booting so we
+see Ignition requesting and downloading the wasmtime sysext.
+
+Once the Flatcar command line is available, verify the sysext was downloaded.
+```
+ls -la /opt/extensions/wasmtime/
+```
+
+Show that sysext does not yet know of wasmtime.
+```
+sudo systemd-sysext list
+```
+No wasmtime.
+
+Expose wasmtime to systemd-sysext by creating a symlink to `/etc/extensions`
+```
+sudo ln -s /opt/extensions/wasmtime/wasmtime-18.0.1-x86-64.raw \
+         /etc/extensions/wasmtime.raw
+sudo systemd-sysext list
+```
+Systemd knows about wasmtime now but it's not merged.
+
+No wasmtime:
+```
+wasmtime --version
+ls -la /usr/bin/wasmtime
+```
+
+Merge it and check status
+```
+sudo systemd-sysext refresh
+```
+
+Now it's there
+```
+sudo systemd-sysext status
+wasmtime --version
+ls -la /usr/bin/wasmtime
+```
diff --git a/oscamp-kubernetes-2024/fetch_os_image.sh b/oscamp-kubernetes-2024/fetch_os_image.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -euo pipefail
+# This will return the second-to-last alpha version
+version=$(curl -s "https://www.flatcar.org/releases-json/releases.json" \
+           | jq -r 'to_entries[] | select (.value.channel=="alpha") | .key | match("[0-9]+\\.[0-9]+\\.[0-9]+") | .string' \
+           | sort -Vr | head -n2 | tail -n1)
+
+board=amd64-usr
+# board=arm64-usr
+
+echo
+echo    Downloading
+echo
+
+url="https://alpha.release.flatcar-linux.net/${board}/${version}/"
+curl -fLO --progress-bar --retry-delay 1 --retry 60 --retry-connrefused \
+        --retry-max-time 60 --connect-timeout 20 \
+        "${url}/flatcar_production_qemu.sh"
+curl -fLO --progress-bar --retry-delay 1 --retry 60 --retry-connrefused \
+        --retry-max-time 60 --connect-timeout 20 \
+        "${url}/flatcar_production_qemu_image.img"
+
+echo
+echo    Creating pristine copy
+echo
+
+cp flatcar_production_qemu_image.img flatcar_production_qemu_image.img.pristine
diff --git a/...netes-2024/slides/Zero-touch OS Infrastructure for Container and Kubernetes Workloads.pdf b/...netes-2024/slides/Zero-touch OS Infrastructure for Container and Kubernetes Workloads.pdf
diff --git a/oscamp-kubernetes-2024/wasm.yaml b/oscamp-kubernetes-2024/wasm.yaml
@@ -0,0 +1,20 @@
+variant: flatcar
+version: 1.0.0
+
+storage:
+  files:
+    - path: /opt/extensions/wasmtime/wasmtime-18.0.1-x86-64.raw
+      mode: 0644
+      contents:
+        source: "http://172.16.0.99:8000/wasmtime-18.0.1-x86-64.raw"
+    - path: /etc/flatcar/update.conf
+      overwrite: true
+      contents:
+        inline: |
+          REBOOT_STRATEGY=off
+      mode: 0420
+
+systemd:
+  units:
+    - name: update-engine.service
+      mask: true
diff --git a/oscamp-kubernetes-2024/web.yaml b/oscamp-kubernetes-2024/web.yaml
@@ -0,0 +1,64 @@
+variant: flatcar
+version: 1.0.0
+
+passwd:
+  users:
+    - name: caddy
+      no_create_home: true
+      groups: [ docker ]
+
+storage:
+  files:
+    - path: /srv/www/html/index.html
+      mode: 0644
+      user:
+        name: caddy
+      group:
+        name: caddy
+      contents:
+        inline: |
+          <html><body align="center">
+          <h1>Hallo Open Source Camp für Kubernetes!</h1>
+          <img src="OSCamp2024_Headerbild.png" alt="OSCamp logo" width="500px" />
+          </body></html>
+
+    - path: /srv/www/html/OSCamp2024_Headerbild.png
+      mode: 0644
+      user:
+        name: caddy
+      group:
+        name: caddy
+      contents:
+        local: OSCamp2024_Headerbild.png
+
+    - path: /etc/flatcar/update.conf
+      overwrite: true
+      contents:
+        inline: |
+          REBOOT_STRATEGY=off
+      mode: 0420
+
+systemd:
+  units:
+    - name: update-engine.service
+      mask: true
+    - name: demo-webserver.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=example static web server
+        After=docker.service
+        Requires=docker.service
+        [Service]
+        User=caddy
+        TimeoutStartSec=0
+        ExecStartPre=-/usr/bin/docker rm --force caddy
+        ExecStart=/usr/bin/docker run -i -p 80:80 --name caddy \
+                  -v /srv/www/html:/usr/share/caddy \
+                  docker.io/caddy caddy file-server \
+                  --root /usr/share/caddy --access-log
+        ExecStop=/usr/bin/docker stop caddy
+        Restart=always
+        RestartSec=5s
+        [Install]
+        WantedBy=multi-user.target
diff --git a/oscamp-kubernetes-2024/webserver/start.sh b/oscamp-kubernetes-2024/webserver/start.sh
@@ -0,0 +1,3 @@
+set -x
+
+python3 -m http.server