*: Change default FileStore data location to /var/lib/bootcfg

* Change assets download location to examples/assets
* FileStore should default to /var/lib/bootcfg/{profiles,groups,
ignition,cloud}
* Assets location should default to /var/lib/bootcfg/assets
* Fix -rpcAddress flag to be -rpc-address

CHANGES.md

@@ -4,25 +4,31 @@
 
 * Add initial gRPC client and server packages
 * Add initial Grub net boot support and an example
+* Add initial command line client tool
 * Add detached OpenPGP signature endpoints (`.sig`)
 
 #### Changes
 
 * Profiles
+    - Move Profiles to JSON files under `/var/lib/bootcfg/profiles`
     - Rename `Spec` to `Profile`
-    - Move Profiles to JSON files under `/etc/bootcfg/profiles`
 * Groups
-    - Move Groups to JSON files under `/etc/bootcfg/groups`
+    - Move Groups to JSON files under `/var/lib/bootcfg/groups`
     - Require Group metadata to be valid JSON
     - Rename groups field `spec` to `profile`
-* Discontinue reading groups from the `-config` file. Remove the flag.
-* Change default `-data-path` to `/etc/bootcfg`
-* Change default `-assets-path` to `/var/bootcfg`
+* Stop parsing Groups from the `-config` YAML file. Remove the flag.
+* Change default `-data-path` to `/var/lib/bootcfg`
+* Change default `-assets-path` to `/var/lib/bootcfg/assets`
+* Change the default assets download location to `examples/assets`
 * Remove HTTP `/spec/id` JSON endpoint
 
 #### New Examples
 
 * Examples which PXE boot with or without a root partition
+* Example Kubernetes cluster installed to disk
+* Example etcd cluster installed to disk
+* Setup fleet in multi-node example clusters
+* Convert all Cloud-Configs to Ignition
 
 ## v0.2.0 (2016-02-09)
 

Documentation/config.md

@@ -5,10 +5,10 @@ Configuration arguments can be provided as flags or as environment variables.
 
 | flag | variable | example |
 |------|----------|---------|
-| -address | BOOTCFG_ADDRESS | 127.0.0.1:8080 |
-| -config | BOOTCFG_CONFIG | /etc/bootcfg.conf |
-| -data-path | BOOTCFG_DATA_PATH | /etc/bootcfg |
-| -assets-path | BOOTCFG_ASSETS_PATH | /var/bootcfg |
+| -address | BOOTCFG_ADDRESS | 0.0.0.0:8080 |
+| -rpc-address | BOOTCFG_RPC_ADDRESS | 127.0.0.1:8081
+| -data-path | BOOTCFG_DATA_PATH | /var/lib/bootcfg |
+| -assets-path | BOOTCFG_ASSETS_PATH | /var/lib/bootcfg/assets |
 | -key-ring-path | BOOTCFG_KEY_RING_PATH | ~/.secrets/vault/bootcfg/secring.gpg |
 | Disallowed | BOOTCFG_PASSPHRASE | secret passphrase |
 | -log-level | BOOTCFG_LOG_LEVEL | critical, error, warning, notice, info, debug |
@@ -17,9 +17,8 @@ Configuration arguments can be provided as flags or as environment variables.
 
 | Contents  | Default Location  |
 |-----------|-------------------|
-| conf file | /etc/bootcfg.conf |
-| configs   | /etc/bootcfg/{profiles,ignition,cloud} |
-| assets    | /var/bootcfg/     |
+| data      | /var/lib/bootcfg/{profiles,groups,ignition,cloud} |
+| assets    | /var/lib/bootcfg/assets |
 
 ## Check Version
 
@@ -27,31 +26,43 @@ Configuration arguments can be provided as flags or as environment variables.
     sudo rkt --insecure-options=image run quay.io/coreos/bootcfg:latest -- -version
     sudo docker run quay.io/coreos/bootcfg:latest -version
 
+## Minimal
+
+Start the latest ACI with rkt.
+
+    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=assets,target=/var/lib/bootcfg/assets --volume data,kind=host,source=$PWD/examples/assets quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug
+
+Start the latest Docker image.
+
+    sudo docker run -p 8080:8080 --rm -v $PWD/examples/assets:/var/lib/bootcfg/assets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug
+
+To start containers with the example machine Groups and Profiles, see the commands below.
+
 ## Examples
 
 Run the binary.
 
-    ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path examples/ -config examples/etcd-rkt.yaml
+    ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path=examples -assets-path=examples/assets
 
-Run the latest ACI with rkt.
+Run the latest ACI with rkt. Mounts are used to add the provided examples.
 
-    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=assets,target=/var/bootcfg --volume assets,kind=host,source=$PWD/assets --mount volume=data,target=/etc/bootcfg --volume data,kind=host,source=$PWD/examples quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug -config /etc/bootcfg/etcd-rkt.yaml
+    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug
 
-Run the latest Docker image.
+Run the latest Docker image. Mounts are used to add the provided examples.
 
-    sudo docker run -p 8080:8080 --rm -v $PWD/examples:/etc/bootcfg:Z -v $PWD/assets:/var/bootcfg:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -config /etc/bootcfg/etcd-docker.yaml
+    sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug
 
 #### With [OpenPGP Signing](openpgp.md)
 
 Run with the binary with a test key.
 
     export BOOTCFG_PASSPHRASE=test
-    ./bin/bootcfg -address=0.0.0.0:8080 -key-ring-path bootcfg/sign/fixtures/secring.gpg -data-path examples/ -config examples/etcd-rkt.yaml
+    ./bin/bootcfg -address=0.0.0.0:8080 -key-ring-path bootcfg/sign/fixtures/secring.gpg -data-path=examples -assets-path=examples/assets
 
 Run the ACI with a test key.
 
-    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --set-env=BOOTCFG_PASSPHRASE=test --mount volume=secrets,target=/secrets --volume secrets,kind=host,source=$PWD/bootcfg/sign/fixtures --mount volume=assets,target=/var/bootcfg --volume assets,kind=host,source=$PWD/assets --mount volume=data,target=/etc/bootcfg --volume data,kind=host,source=$PWD/examples quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -config /etc/bootcfg/etcd-rkt.yaml -key-ring-path secrets/secring.gpg
+    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --set-env=BOOTCFG_PASSPHRASE=test --mount volume=secrets,target=/secrets --volume secrets,kind=host,source=$PWD/bootcfg/sign/fixtures --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -key-ring-path secrets/secring.gpg
 
 Run the Docker image with a test key.
 
-    sudo docker run -p 8080:8080 --rm --env BOOTCFG_PASSPHRASE=test -v $PWD/examples:/etc/bootcfg:Z -v $PWD/assets:/var/bootcfg:Z -v $PWD/bootcfg/sign/fixtures:/secrets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -config /etc/bootcfg/etcd-docker.yaml -key-ring-path secrets/secring.gpg
+    sudo docker run -p 8080:8080 --rm --env BOOTCFG_PASSPHRASE=test -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z -v $PWD/bootcfg/sign/fixtures:/secrets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -key-ring-path secrets/secring.gpg

Documentation/dev/develop.md

@@ -33,12 +33,12 @@ Alternately, build a Docker image `coreos/bootcfg:latest`.
 
 Run the binary.
 
-    ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path examples -assets-path assets
+    ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path examples -assets-path examples/assets
 
 Run the ACI with rkt on `metal0`.
 
-    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=assets,target=/var/bootcfg --volume assets,kind=host,source=$PWD/assets --mount volume=data,target=/etc/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/etc/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd bootcfg.aci -- -address=0.0.0.0:8080 -log-level=debug
+    sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd bootcfg.aci -- -address=0.0.0.0:8080 -log-level=debug
 
 Alternately, run the Docker image on `docker0`.
 
-    sudo docker run -p 8080:8080 --rm -v $PWD/examples:/etc/bootcfg:Z -v $PWD/assets:/var/bootcfg:Z -v $PWD/examples/groups/etcd:/etc/bootcfg/groups:Z coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug
+    sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug

cmd/bootcfg/main.go

@@ -37,9 +37,9 @@ func main() {
 		help        bool
 	}{}
 	flag.StringVar(&flags.address, "address", "127.0.0.1:8080", "HTTP listen address")
-	flag.StringVar(&flags.rpcAddress, "rpcAddress", "", "RPC listen address")
-	flag.StringVar(&flags.dataPath, "data-path", "/etc/bootcfg", "Path to data directory")
-	flag.StringVar(&flags.assetsPath, "assets-path", "/var/bootcfg", "Path to static assets")
+	flag.StringVar(&flags.rpcAddress, "rpc-address", "", "RPC listen address")
+	flag.StringVar(&flags.dataPath, "data-path", "/var/lib/bootcfg", "Path to data directory")
+	flag.StringVar(&flags.assetsPath, "assets-path", "/var/lib/bootcfg/assets", "Path to static assets")
 	flag.StringVar(&flags.keyRingPath, "key-ring-path", "", "Path to a private keyring file")
 	// available log levels https://godoc.org/github.com/coreos/pkg/capnslog#LogLevel
 	flag.StringVar(&flags.logLevel, "log-level", "info", "Set the logging level")

examples/README.md

@@ -43,7 +43,7 @@ The Kubernetes examples create Kubernetes clusters with CoreOS hosts and TLS aut
 
 ### Assets
 
-Download the CoreOS PXE image assets to `assets/coreos`. These images are served to network boot machines by `bootcfg`.
+Download the CoreOS PXE image assets to `examples/assets/coreos`. These images are served to network boot machines by `bootcfg`.
 
     ./scripts/get-coreos alpha 983.0.0
 
@@ -51,11 +51,11 @@ Download the CoreOS PXE image assets to `assets/coreos`. These images are served
 
 Generate a root CA and Kubernetes TLS assets for components (`admin`, `apiserver`, `worker`).
 
-    rm -rf assets/tls
+    rm -rf examples/assets/tls
     # for Kubernetes on CNI metal0, i.e. rkt
-    ./scripts/tls/k8s-certgen -d assets/tls -s 172.15.0.21 -m IP.1=10.3.0.1,IP.2=172.15.0.21 -w IP.1=172.15.0.22,IP.2=172.15.0.23
+    ./scripts/tls/k8s-certgen -d examples/assets/tls -s 172.15.0.21 -m IP.1=10.3.0.1,IP.2=172.15.0.21 -w IP.1=172.15.0.22,IP.2=172.15.0.23
     # for Kubernetes on docker0
-    ./scripts/tls/k8s-certgen -d assets/tls -s 172.17.0.21 -m IP.1=10.3.0.1,IP.2=172.17.0.21 -w IP.1=172.17.0.22,IP.2=172.17.0.23
+    ./scripts/tls/k8s-certgen -d examples/assets/tls -s 172.17.0.21 -m IP.1=10.3.0.1,IP.2=172.17.0.21 -w IP.1=172.17.0.22,IP.2=172.17.0.23
 
 See the [Cluster TLS OpenSSL Generation](https://coreos.com/kubernetes/docs/latest/openssl.html) document or [Kubernetes Step by Step](https://coreos.com/kubernetes/docs/latest/getting-started.html) for more details.
 
@@ -64,11 +64,11 @@ See the [Cluster TLS OpenSSL Generation](https://coreos.com/kubernetes/docs/late
 Install the `kubectl` CLI on your host. Use the provided kubeconfig's to access the Kubernetes cluster created on rkt `metal0` or `docker0`.
 
     cd /path/to/coreos-baremetal
-    kubectl --kubeconfig=assets/tls/kubeconfig get nodes
+    kubectl --kubeconfig=examples/assets/tls/kubeconfig get nodes
 
 Get all pods.
 
-    kubectl --kubeconfig=assets/tls/kubeconfig get pods --all-namespaces
+    kubectl --kubeconfig=examples/assets/tls/kubeconfig get pods --all-namespaces
 
 On my laptop, VMs download and network boot CoreOS in the first 45 seconds, the Kubernetes API becomes available after about 150 seconds, and add-on pods are scheduled by 180 seconds. On physical hosts and networks, OS and container image download times are a bit longer.
 

scripts/get-coreos

@@ -4,7 +4,7 @@
 
 CHANNEL=${1:-"alpha"}
 VERSION=${2:-"983.0.0"}
-DEST=${PWD}/assets/coreos/$VERSION
+DEST=${PWD}/examples/assets/coreos/$VERSION
 BASE_URL=http://$CHANNEL.release.core-os.net/amd64-usr/$VERSION
 
 # check channel/version exist based on the header response

scripts/pixiecore

@@ -1,7 +0,0 @@
-#!/bin/bash -e
-
-CONFIG_SERVICE=bootcfg
-CONFIG_SERVICE_IP=$(docker inspect --format {{.NetworkSettings.IPAddress}} ${CONFIG_SERVICE})
-CONFIG_SERVICE_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' ${CONFIG_SERVICE})
-
-docker run -v $PWD/assets:/assets:Z danderson/pixiecore -api http://$CONFIG_SERVICE_IP:$CONFIG_SERVICE_PORT/pixiecore

scripts/tls/k8s-certgen

@@ -2,14 +2,14 @@
 
 USAGE="Usage: $(basename $0)
 Options:
-  -d DEST     Destination for generated files (default: ./assets/tls)
+  -d DEST     Destination for generated files (default: .examples/assets/tls)
   -s SERVER   Reachable Server IP for kubeconfig (e.g. 172.15.0.21)
   -m MASTERS  Master Node Names/Addresses in SAN format (e.g. IP.1=10.3.0.1,IP.2=172.15.0.21).
   -w WORKERS  Worker Node Names/Addresses in SAN format (e.g. IP.1=172.15.0.22,IP.2=172.15.0.23)
   -h          Show help.
 "
 
-DEST="./assets/tls"
+DEST="./examples/assets/tls"
 SERVER="172.15.0.21"
 MASTERS="IP.1=10.3.0.1,IP.2=172.15.0.21"
 WORKERS="IP.1=172.15.0.22,IP.2=172.15.0.23"