I’ve just spun up my first install of CoreOS. I found the process a little confusing at times as the doco isn’t terribly clear in places. CoreOS is a work in progress, so doco will improve I’m sure. In the meantime, hopefully this post will be of some help to others.
The host machine I used was a standard VPS from my hosting provider running on top of KVM. My hosting provider provides a console facility using NoVNC and the ability to attach bootable ISO media.
Using the supplied ISO from CoreOS, boot the machine. You will end up at a shell prompt, logged in as user
core. At this point, you’re simply running the LiveCD and nothing has been installed to disk yet (something the doco does not make clear!)
In my case the network had not yet been configured, so I needed to do that manually as follows:
sudo ifconfig <network port> <ip address> netmask <netmask>
sudo route add default gw <default gateway IP>
/etc/resolv.conf your nameserver IP. I used Google’s e.g.
Once network is configured, the next thing to do is grab a config file which will be used each time your new CoreOS installation boots from disk. On another host, reachable via the network, I created the following file named
- name: etcd.service
- name: fleet.service
- name: static.network
- name: core
- ssh-rsa AAAA<rest of ssh key goes here>
ssh-rsa sections to suit yourself.
IMPORTANT: be sure to run your config file through a YAML parser to check for any silly errors. For example, I accidentally left off a
- in front of one of the keys which caused the entire config to fail to load!
- copy the config file to the CoreOS host e.g.
- now install CoreOS to the local disk with the following command:
coreos-install -d /dev/vda -c cloud-config.yml
/dev/vda with your device name and
cloud-config.yml with your config file name. The install only takes about 30 seconds. Once finished, unmount the ISO media and reboot your machine.
Once booted you’ll arrive at a login prompt. If your config was loaded successfully, you should see the IP address and hostname (you specified in the config) listed just above the login prompt. You should also be able to SSH in (using the SSH key supplied in the config) e.g.
By default, CoreOS boots up with a completely open firewall policy. In most cases this is fine as your host’s management interface would be isolated from the wider network. In my case, using a public VPS, I needed to configure some basic iptables rules.
This was done by adding the following additional unit to
- name: iptables.service
Description=Packet Filtering Framework
ExecStart=/usr/sbin/iptables-restore /etc/iptables.rules ; /usr/sbin/ip6tables-restore /etc/ip6tables.rules
ExecReload=/usr/sbin/iptables-restore /etc/iptables.rules ; /usr/sbin/ip6tables-restore /etc/ip6tables.rules
ExecStop=/usr/sbin/iptables --flush;/usr/sbin/ip6tables --flush
I then created files
/etc/ip6tables.rules containing appropriate rulesets. These are applied every time the host boots.
(Thanks to this Github gist for the idea)
If, for some reason, your config doesn’t load:
- reboot using the ISO media
- mount the ninth partition on the disk e.g.
sudo mount /dev/vda9 /mnt. (to view all partitions on the disk you can use
sudo parted /dev/vda print)
journalctl to view the boot messages, looking for any errors associated with the config file created earlier e.g.
journalctl -D /mnt/var/log/journal | grep cloud
- Edit the file
/mnt/var/lib/coreos-install/user_data and make any modifications required
- Unmount ISO media and reboot