github-personal/matchbox
1
0
Fork 0
mirror of https://github.com/outbackdingo/matchbox.git synced 2026-01-27 10:19:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename bootcfg to matchbox in docs, examples, scripts

Browse Source 
* Verify all examples and docs work correctly
* Exclude contrib k8s and systemd which will be updated
and verified in a followup commit
This commit is contained in:
Dalton Hubble
2017-01-09 03:15:11 -08:00
parent 86f737ff93
commit d496192032
68 changed files with 343 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
Documentation/api.md
View File

@@ -5,8 +5,8 @@
Serves a static iPXE boot script which gathers client machine attributes and chainloads to the iPXE endpoint. Use DHCP/TFTP to point iPXE clients to this endpoint as the next-server.
GET http://bootcfg.foo/boot.ipxe
GET http://bootcfg.foo/boot.ipxe.0 // for dnsmasq
GET http://matchbox.foo/boot.ipxe
GET http://matchbox.foo/boot.ipxe.0 // for dnsmasq
**Response**
@@ -19,7 +19,7 @@ Client's booted with the `/ipxe.boot` endpoint will introspect and make a reques
Finds the profile for the machine and renders the network boot config (kernel, options, initrd) as an iPXE script.
GET http://bootcfg.foo/ipxe?label=value
GET http://matchbox.foo/ipxe?label=value
**Query Parameters**
@@ -32,7 +32,7 @@ Finds the profile for the machine and renders the network boot config (kernel, o
**Response**
#!ipxe
kernel /assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp} coreos.first_boot=1 coreos.autologin
kernel /assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp} coreos.first_boot=1 coreos.autologin
initrd /assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz
boot
@@ -40,7 +40,7 @@ Finds the profile for the machine and renders the network boot config (kernel, o
Finds the profile for the machine and renders the network boot config as a GRUB config. Use DHCP/TFTP to point GRUB clients to this endpoint as the next-server.
GET http://bootcfg.foo/grub?label=value
GET http://matchbox.foo/grub?label=value
**Query Parameters**
@@ -56,16 +56,16 @@ Finds the profile for the machine and renders the network boot config as a GRUB
timeout=1
menuentry "CoreOS" {
echo "Loading kernel"
linuxefi "(http;bootcfg.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz" "coreos.autologin" "coreos.config.url=http://bootcfg.foo:8080/ignition" "coreos.first_boot"
linuxefi "(http;matchbox.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz" "coreos.autologin" "coreos.config.url=http://matchbox.foo:8080/ignition" "coreos.first_boot"
echo "Loading initrd"
initrdefi "(http;bootcfg.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"
initrdefi "(http;matchbox.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"
}
## Cloud Config
Finds the profile matching the machine and renders the corresponding Cloud-Config with group metadata, selectors, and query params.
GET http://bootcfg.foo/cloud?label=value
GET http://matchbox.foo/cloud?label=value
**Query Parameters**
@@ -89,7 +89,7 @@ Finds the profile matching the machine and renders the corresponding Cloud-Confi
Finds the profile matching the machine and renders the corresponding Ignition Config with group metadata, selectors, and query params.
GET http://bootcfg.foo/ignition?label=value
GET http://matchbox.foo/ignition?label=value
**Query Parameters**
@@ -116,7 +116,7 @@ Finds the profile matching the machine and renders the corresponding Ignition Co
Finds the profile matching the machine and renders the corresponding generic config with group metadata, selectors, and query params.
GET http://bootcfg.foo/generic?label=value
GET http://matchbox.foo/generic?label=value
**Query Parameters**
@@ -140,7 +140,7 @@ Finds the profile matching the machine and renders the corresponding generic con
Finds the matching machine group and renders the group metadata, selectors, and query params in an "env file" style response.
GET http://bootcfg.foo/metadata?mac=52-54-00-a1-9c-ae&foo=bar&count=3&gate=true
GET http://matchbox.foo/metadata?mac=52-54-00-a1-9c-ae&foo=bar&count=3&gate=true
**Query Parameters**
@@ -168,17 +168,17 @@ OpenPGPG signature endpoints serve detached binary and ASCII armored signatures
| Endpoint | Signature Endpoint | ASCII Signature Endpoint |
|------------|--------------------|-------------------------|
| iPXE | `http://bootcfg.foo/ipxe.sig` | `http://bootcfg.foo/ipxe.asc` |
| GRUB2 | `http://bootcf.foo/grub.sig` | `http://bootcfg.foo/grub.asc` |
| Ignition | `http://bootcfg.foo/ignition.sig` | `http://bootcfg.foo/ignition.asc` |
| Cloud-Config | `http://bootcfg.foo/cloud.sig` | `http://bootcfg.foo/cloud.asc` |
| Generic | `http://bootcfg.foo/generic.sig` | `http://bootcfg.foo/generic.asc` |
| Metadata | `http://bootcfg.foo/metadata.sig` | `http://bootcfg.foo/metadata.asc` |
| iPXE | `http://matchbox.foo/ipxe.sig` | `http://matchbox.foo/ipxe.asc` |
| GRUB2 | `http://bootcf.foo/grub.sig` | `http://matchbox.foo/grub.asc` |
| Ignition | `http://matchbox.foo/ignition.sig` | `http://matchbox.foo/ignition.asc` |
| Cloud-Config | `http://matchbox.foo/cloud.sig` | `http://matchbox.foo/cloud.asc` |
| Generic | `http://matchbox.foo/generic.sig` | `http://matchbox.foo/generic.asc` |
| Metadata | `http://matchbox.foo/metadata.sig` | `http://matchbox.foo/metadata.asc` |
Get a config and its detached ASCII armored signature.
GET http://bootcfg.foo/ipxe?label=value
GET http://bootcfg.foo/ipxe.asc?label=value
GET http://matchbox.foo/ipxe?label=value
GET http://matchbox.foo/ipxe.asc?label=value
**Response**
@@ -197,9 +197,9 @@ NO+p24BL3PHZyKw0nsrm275C913OxEVgnNZX7TQltaweW23Cd1YBNjcfb3zv+Zo=
## Assets
If you need to serve static assets (e.g. kernel, initrd), `bootcfg` can serve arbitrary assets from the `-assets-path`.
If you need to serve static assets (e.g. kernel, initrd), `matchbox` can serve arbitrary assets from the `-assets-path`.
bootcfg.foo/assets/
matchbox.foo/assets/
└── coreos
└── 1185.3.0
├── coreos_production_pxe.vmlinuz

6
Documentation/bootkube.md
View File

@@ -5,9 +5,9 @@ The self-hosted Kubernetes example provisions a 3 node "self-hosted" Kubernetes
## Requirements
Ensure that you've gone through the [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with docker](getting-started-docker.md) guide and understand the basics. In particular, you should be able to:
Ensure that you've gone through the [matchbox with rkt](getting-started-rkt.md) or [matchbox with docker](getting-started-docker.md) guide and understand the basics. In particular, you should be able to:
* Use rkt or Docker to start `bootcfg`
* Use rkt or Docker to start `matchbox`
* Create a network boot environment with `coreos/dnsmasq`
* Create the example libvirt client VMs
* `/etc/hosts` entries for `node[1-3].example.com` (or pass custom names to `k8s-certgen`)
@@ -47,7 +47,7 @@ Use the `bootkube` tool to render Kubernetes manifests and credentials into an `
## Containers
Use rkt or docker to start `bootcfg` and mount the desired example resources. Create a network boot environment and power-on your machines. Revisit [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with Docker](getting-started-docker.md) for help.
Use rkt or docker to start `matchbox` and mount the desired example resources. Create a network boot environment and power-on your machines. Revisit [matchbox with rkt](getting-started-rkt.md) or [matchbox with Docker](getting-started-docker.md) for help.
Client machines should boot and provision themselves. Local client VMs should network boot CoreOS and become available via SSH in about 1 minute. If you chose `bootkube-install`, notice that machines install CoreOS and then reboot (in libvirt, you must hit "power" again). Time to network boot and provision physical hardware depends on a number of factors (POST duration, boot device iteration, network speed, etc.).

6
Documentation/cloud-config.md
View File

@@ -5,9 +5,9 @@
CoreOS Cloud-Config is a system for configuring machines with a Cloud-Config file or executable script from user-data. Cloud-Config runs in userspace on each boot and implements a subset of the [cloud-init spec](http://cloudinit.readthedocs.org/en/latest/topics/format.html#cloud-config-data). See the cloud-config [docs](https://coreos.com/os/docs/latest/cloud-config.html) for details.
Cloud-Config template files can be added in `/var/lib/bootcfg/cloud` or in a `cloud` subdirectory of a custom `-data-path`. Template files may contain [Go template](https://golang.org/pkg/text/template/) elements which will be evaluated with group metadata, selectors, and query params.
Cloud-Config template files can be added in `/var/lib/matchbox/cloud` or in a `cloud` subdirectory of a custom `-data-path`. Template files may contain [Go template](https://golang.org/pkg/text/template/) elements which will be evaluated with group metadata, selectors, and query params.
/var/lib/bootcfg
/var/lib/matchbox
├── cloud
│   ├── cloud.yaml
│   └── script.sh
@@ -16,7 +16,7 @@ Cloud-Config template files can be added in `/var/lib/bootcfg/cloud` or in a `cl
## Reference
Reference a Cloud-Config in a [Profile](bootcfg.md#profiles) with `cloud_id`. When PXE booting, use the kernel option `cloud-config-url` to point to `bootcfg` [cloud-config endpoint](api.md#cloud-config).
Reference a Cloud-Config in a [Profile](matchbox.md#profiles) with `cloud_id`. When PXE booting, use the kernel option `cloud-config-url` to point to `matchbox` [cloud-config endpoint](api.md#cloud-config).
## Examples

78
Documentation/config.md
View File

@@ -5,105 +5,105 @@ Configuration arguments can be provided as flags or as environment variables.
| flag | variable | default | example |
|------|----------|---------|---------|
| -address | BOOTCFG_ADDRESS | 127.0.0.1:8080 | 0.0.0.0:8080 |
| -log-level | BOOTCFG_LOG_LEVEL | info | critical, error, warning, notice, info, debug |
| -data-path | BOOTCFG_DATA_PATH | /var/lib/bootcfg | ./examples |
| -assets-path | BOOTCFG_ASSETS_PATH | /var/lib/bootcfg/assets | ./examples/assets |
| -rpc-address | BOOTCFG_RPC_ADDRESS | (gRPC API disabled) | 0.0.0.0:8081 |
| -cert-file | BOOTCFG_CERT_FILE | /etc/bootcfg/server.crt | ./examples/etc/bootcfg/server.crt |
| -key-file | BOOTCFG_KEY_FILE | /etc/bootcfg/server.key | ./examples/etc/bootcfg/server.key
| -ca-file | BOOTCFG_CA_FILE | /etc/bootcfg/ca.crt | ./examples/etc/bootcfg/ca.crt |
| -key-ring-path | BOOTCFG_KEY_RING_PATH | (no key ring) | ~/.secrets/vault/bootcfg/secring.gpg |
| (no flag) | BOOTCFG_PASSPHRASE | (no passphrase) | "secret passphrase" |
| -address | MATCHBOX_ADDRESS | 127.0.0.1:8080 | 0.0.0.0:8080 |
| -log-level | MATCHBOX_LOG_LEVEL | info | critical, error, warning, notice, info, debug |
| -data-path | MATCHBOX_DATA_PATH | /var/lib/matchbox | ./examples |
| -assets-path | MATCHBOX_ASSETS_PATH | /var/lib/matchbox/assets | ./examples/assets |
| -rpc-address | MATCHBOX_RPC_ADDRESS | (gRPC API disabled) | 0.0.0.0:8081 |
| -cert-file | MATCHBOX_CERT_FILE | /etc/matchbox/server.crt | ./examples/etc/matchbox/server.crt |
| -key-file | MATCHBOX_KEY_FILE | /etc/matchbox/server.key | ./examples/etc/matchbox/server.key
| -ca-file | MATCHBOX_CA_FILE | /etc/matchbox/ca.crt | ./examples/etc/matchbox/ca.crt |
| -key-ring-path | MATCHBOX_KEY_RING_PATH | (no key ring) | ~/.secrets/vault/matchbox/secring.gpg |
| (no flag) | MATCHBOX_PASSPHRASE | (no passphrase) | "secret passphrase" |
## Files and Directories
| Data | Default Location |
|:---------|:--------------------------------------------------|
| data | /var/lib/bootcfg/{profiles,groups,ignition,cloud,generic} |
| assets | /var/lib/bootcfg/assets |
| data | /var/lib/matchbox/{profiles,groups,ignition,cloud,generic} |
| assets | /var/lib/matchbox/assets |
| gRPC API TLS Credentials | Default Location |
|:---------|:--------------------------------------------------|
| CA certificate | /etc/bootcfg/ca.crt |
| Server certificate | /etc/bootcfg/server.crt |
| Server private key | /etc/bootcfg/server.key |
| Client certificate | /etc/bootcfg/client.crt |
| Client private key | /etc/bootcfg/client.key |
| CA certificate | /etc/matchbox/ca.crt |
| Server certificate | /etc/matchbox/server.crt |
| Server private key | /etc/matchbox/server.key |
| Client certificate | /etc/matchbox/client.crt |
| Client private key | /etc/matchbox/client.key |
## Version
./bin/bootcfg -version
sudo rkt run quay.io/coreos/bootcfg:latest -- -version
sudo docker run quay.io/coreos/bootcfg:latest -version
./bin/matchbox -version
sudo rkt run quay.io/coreos/matchbox:latest -- -version
sudo docker run quay.io/coreos/matchbox:latest -version
## Usage
Run the binary.
./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path=examples -assets-path=examples/assets
./bin/matchbox -address=0.0.0.0:8080 -log-level=debug -data-path=examples -assets-path=examples/assets
Run the latest ACI with rkt.
sudo rkt run --mount volume=assets,target=/var/lib/bootcfg/assets --volume assets,kind=host,source=$PWD/examples/assets quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug
sudo rkt run --mount volume=assets,target=/var/lib/matchbox/assets --volume assets,kind=host,source=$PWD/examples/assets quay.io/coreos/matchbox:latest -- -address=0.0.0.0:8080 -log-level=debug
Run the latest Docker image.
sudo docker run -p 8080:8080 --rm -v $PWD/examples/assets:/var/lib/bootcfg/assets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug
sudo docker run -p 8080:8080 --rm -v $PWD/examples/assets:/var/lib/matchbox/assets:Z quay.io/coreos/matchbox:latest -address=0.0.0.0:8080 -log-level=debug
#### With Examples
Mount `examples` to pre-load the [example](../examples/README.md) machine groups and profiles. Run the container with rkt,
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/matchbox/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/matchbox:latest -- -address=0.0.0.0:8080 -log-level=debug
or with Docker.
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/groups/etcd:/var/lib/matchbox/groups:Z quay.io/coreos/matchbox:latest -address=0.0.0.0:8080 -log-level=debug
### gRPC API
The gRPC API allows clients with a TLS client certificate and key to make RPC requests to programmatically create or update `bootcfg` resources. The API can be enabled with the `-rpc-address` flag and by providing a TLS server certificate and key with `-cert-file` and `-key-file` and a CA certificate for authenticating clients with `-ca-file`.
The gRPC API allows clients with a TLS client certificate and key to make RPC requests to programmatically create or update `matchbox` resources. The API can be enabled with the `-rpc-address` flag and by providing a TLS server certificate and key with `-cert-file` and `-key-file` and a CA certificate for authenticating clients with `-ca-file`.
Run the binary with TLS credentials from `examples/etc/bootcfg`.
Run the binary with TLS credentials from `examples/etc/matchbox`.
./bin/bootcfg -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug -data-path=examples -assets-path=examples/assets -cert-file examples/etc/bootcfg/server.crt -key-file examples/etc/bootcfg/server.key -ca-file examples/etc/bootcfg/ca.crt
./bin/matchbox -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug -data-path=examples -assets-path=examples/assets -cert-file examples/etc/matchbox/server.crt -key-file examples/etc/matchbox/server.key -ca-file examples/etc/matchbox/ca.crt
Clients, such as `bootcmd`, verify the server's certificate with a CA bundle passed via `-ca-file` and present a client certificate and key via `-cert-file` and `-key-file` to cal the gRPC API.
./bin/bootcmd profile list --endpoints 127.0.0.1:8081 --ca-file examples/etc/bootcfg/ca.crt --cert-file examples/etc/bootcfg/client.crt --key-file examples/etc/bootcfg/client.key
./bin/bootcmd profile list --endpoints 127.0.0.1:8081 --ca-file examples/etc/matchbox/ca.crt --cert-file examples/etc/matchbox/client.crt --key-file examples/etc/matchbox/client.key
#### With rkt
Run the ACI with rkt and TLS credentials from `examples/etc/bootcfg`.
Run the ACI with rkt and TLS credentials from `examples/etc/matchbox`.
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples,readOnly=true --mount volume=config,target=/etc/bootcfg --volume config,kind=host,source=$PWD/examples/etc/bootcfg --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=$PWD/examples,readOnly=true --mount volume=config,target=/etc/matchbox --volume config,kind=host,source=$PWD/examples/etc/matchbox --mount volume=groups,target=/var/lib/matchbox/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/matchbox:latest -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
A `bootcmd` client can call the gRPC API running at the IP used in the rkt example.
./bin/bootcmd profile list --endpoints 172.18.0.2:8081 --ca-file examples/etc/bootcfg/ca.crt --cert-file examples/etc/bootcfg/client.crt --key-file examples/etc/bootcfg/client.key
./bin/bootcmd profile list --endpoints 172.18.0.2:8081 --ca-file examples/etc/matchbox/ca.crt --cert-file examples/etc/matchbox/client.crt --key-file examples/etc/matchbox/client.key
#### With docker
Run the Docker image with TLS credentials from `examples/etc/bootcfg`.
Run the Docker image with TLS credentials from `examples/etc/matchbox`.
sudo docker run -p 8080:8080 -p 8081:8081 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/etc/bootcfg:/etc/bootcfg:Z,ro -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
sudo docker run -p 8080:8080 -p 8081:8081 --rm -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/etc/matchbox:/etc/matchbox:Z,ro -v $PWD/examples/groups/etcd:/var/lib/matchbox/groups:Z quay.io/coreos/matchbox:latest -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
A `bootcmd` client can call the gRPC API running at the IP used in the Docker example.
./bin/bootcmd profile list --endpoints 127.0.0.1:8081 --ca-file examples/etc/bootcfg/ca.crt --cert-file examples/etc/bootcfg/client.crt --key-file examples/etc/bootcfg/client.key
./bin/bootcmd profile list --endpoints 127.0.0.1:8081 --ca-file examples/etc/matchbox/ca.crt --cert-file examples/etc/matchbox/client.crt --key-file examples/etc/matchbox/client.key
### OpenPGP [Signing](openpgp.md)
Run with the binary with a test key.
export BOOTCFG_PASSPHRASE=test
./bin/bootcfg -address=0.0.0.0:8080 -key-ring-path bootcfg/sign/fixtures/secring.gpg -data-path=examples -assets-path=examples/assets
export MATCHBOX_PASSPHRASE=test
./bin/matchbox -address=0.0.0.0:8080 -key-ring-path matchbox/sign/fixtures/secring.gpg -data-path=examples -assets-path=examples/assets
Run the ACI with a test key.
sudo rkt run --net=metal0:IP=172.18.0.2 --set-env=BOOTCFG_PASSPHRASE=test --mount volume=secrets,target=/secrets --volume secrets,kind=host,source=$PWD/bootcfg/sign/fixtures --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -key-ring-path secrets/secring.gpg
sudo rkt run --net=metal0:IP=172.18.0.2 --set-env=MATCHBOX_PASSPHRASE=test --mount volume=secrets,target=/secrets --volume secrets,kind=host,source=$PWD/matchbox/sign/fixtures --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/matchbox/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/matchbox:latest -- -address=0.0.0.0:8080 -key-ring-path secrets/secring.gpg
Run the Docker image with a test key.
sudo docker run -p 8080:8080 --rm --env BOOTCFG_PASSPHRASE=test -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z -v $PWD/bootcfg/sign/fixtures:/secrets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -key-ring-path secrets/secring.gpg
sudo docker run -p 8080:8080 --rm --env MATCHBOX_PASSPHRASE=test -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/groups/etcd:/var/lib/matchbox/groups:Z -v $PWD/matchbox/sign/fixtures:/secrets:Z quay.io/coreos/matchbox:latest -address=0.0.0.0:8080 -log-level=debug -key-ring-path secrets/secring.gpg

130
Documentation/deployment.md
View File

@@ -1,11 +1,11 @@
# Installation
This guide walks through deploying the `bootcfg` service on a Linux host (via RPM, rkt, docker, or binary) or on a Kubernetes cluster.
This guide walks through deploying the `matchbox` service on a Linux host (via RPM, rkt, docker, or binary) or on a Kubernetes cluster.
## Provisoner
`bootcfg` is a service for network booting and provisioning machines to create CoreOS clusters. `bootcfg` should be installed on a provisioner machine (CoreOS or any Linux distribution) or cluster (Kubernetes) which can serve configs to client machines in a lab or datacenter.
`matchbox` is a service for network booting and provisioning machines to create CoreOS clusters. `matchbox` should be installed on a provisioner machine (CoreOS or any Linux distribution) or cluster (Kubernetes) which can serve configs to client machines in a lab or datacenter.
Choose one of the supported installation options:
@@ -44,84 +44,84 @@ $ cd coreos-baremetal-v0.4.2-linux-amd64
### RPM-based Distro
On an RPM-based provisioner, install the `bootcfg` RPM from the Copr [repository](https://copr.fedorainfracloud.org/coprs/dghubble/bootcfg/) using `dnf` or `yum`.
On an RPM-based provisioner, install the `matchbox` RPM from the Copr [repository](https://copr.fedorainfracloud.org/coprs/dghubble/matchbox/) using `dnf` or `yum`.
```sh
dnf copr enable dghubble/bootcfg
dnf install bootcfg
dnf copr enable dghubble/matchbox
dnf install matchbox
# requires yum-plugin-copr
yum copr enable dghubble/bootcfg
yum install bootcfg
yum copr enable dghubble/matchbox
yum install matchbox
```
Alternately, download the repo file and place it in `/etc/yum.repos.d/`.
### CoreOS
On a CoreOS provisioner, rkt run `bootcfg` image with the provided systemd unit.
On a CoreOS provisioner, rkt run `matchbox` image with the provided systemd unit.
```sh
$ sudo cp contrib/systemd/bootcfg-on-coreos.service /etc/systemd/system/bootcfg.service
$ sudo cp contrib/systemd/matchbox-on-coreos.service /etc/systemd/system/matchbox.service
```
### General Linux
Pre-built binaries are available for general Linux distributions. Copy the `bootcfg` static binary to an appropriate location on the host.
Pre-built binaries are available for general Linux distributions. Copy the `matchbox` static binary to an appropriate location on the host.
```sh
$ sudo cp bootcfg /usr/local/bin
$ sudo cp matchbox /usr/local/bin
```
#### Set Up User/Group
The `bootcfg` service should be run by a non-root user with access to the `bootcfg` data directory (`/var/lib/bootcfg`). Create a `bootcfg` user and group.
The `matchbox` service should be run by a non-root user with access to the `matchbox` data directory (`/var/lib/matchbox`). Create a `matchbox` user and group.
```sh
$ sudo useradd -U bootcfg
$ sudo mkdir -p /var/lib/bootcfg/assets
$ sudo chown -R bootcfg:bootcfg /var/lib/bootcfg
$ sudo useradd -U matchbox
$ sudo mkdir -p /var/lib/matchbox/assets
$ sudo chown -R matchbox:matchbox /var/lib/matchbox
```
#### Create systemd Service
Copy the provided `bootcfg` systemd unit file.
Copy the provided `matchbox` systemd unit file.
```sh
$ sudo cp contrib/systemd/bootcfg-local.service /etc/systemd/system/
$ sudo cp contrib/systemd/matchbox-local.service /etc/systemd/system/
```
## Customization
Customize bootcfg by editing the systemd unit or adding a systemd dropin. Find the complete set of `bootcfg` flags and environment variables at [config](config.md).
Customize matchbox by editing the systemd unit or adding a systemd dropin. Find the complete set of `matchbox` flags and environment variables at [config](config.md).
sudo systemctl edit bootcfg
sudo systemctl edit matchbox
By default, the read-only HTTP machine endpoint will be exposed on port **8080**.
```ini
# /etc/systemd/system/bootcfg.service.d/override.conf
# /etc/systemd/system/matchbox.service.d/override.conf
[Service]
Environment="BOOTCFG_ADDRESS=0.0.0.0:8080"
Environment="BOOTCFG_LOG_LEVEL=debug"
Environment="MATCHBOX_ADDRESS=0.0.0.0:8080"
Environment="MATCHBOX_LOG_LEVEL=debug"
```
A common customization is enabling the gRPC API to allow clients with a TLS client certificate to change machine configs.
```ini
# /etc/systemd/system/bootcfg.service.d/override.conf
# /etc/systemd/system/matchbox.service.d/override.conf
[Service]
Environment="BOOTCFG_ADDRESS=0.0.0.0:8080"
Environment="BOOTCFG_RPC_ADDRESS=0.0.0.0:8081"
Environment="MATCHBOX_ADDRESS=0.0.0.0:8080"
Environment="MATCHBOX_RPC_ADDRESS=0.0.0.0:8081"
```
The Tectonic [Installer](https://tectonic.com/enterprise/docs/latest/install/bare-metal/index.html) uses this API. Tectonic users with a CoreOS provisioner can start with an example that enables it.
```sh
$ sudo cp contrib/systemd/bootcfg-for-tectonic.service /etc/systemd/system/bootcfg.service
$ sudo cp contrib/systemd/matchbox-for-tectonic.service /etc/systemd/system/matchbox.service
```
Customize `bootcfg` to suit your preferences.
Customize `matchbox` to suit your preferences.
## Firewall
@@ -136,58 +136,58 @@ $ sudo firewall-cmd --zone=MYZONE --add-port=8081/tcp --permanent
*Skip this unless you need to enable the gRPC API*
The `bootcfg` gRPC API allows client apps (`bootcmd` CLI, Tectonic Installer, etc.) to update how machines are provisioned. TLS credentials are needed for client authentication and to establish a secure communication channel. Client machines (those PXE booting) read from the HTTP endpoints and do not require this setup.
The `matchbox` gRPC API allows client apps (`bootcmd` CLI, Tectonic Installer, etc.) to update how machines are provisioned. TLS credentials are needed for client authentication and to establish a secure communication channel. Client machines (those PXE booting) read from the HTTP endpoints and do not require this setup.
If your organization manages public key infrastructure and a certificate authority, create a server certificate and key for the `bootcfg` service and a client certificate and key for each client tool.
If your organization manages public key infrastructure and a certificate authority, create a server certificate and key for the `matchbox` service and a client certificate and key for each client tool.
Otherwise, generate a self-signed `ca.crt`, a server certificate (`server.crt`, `server.key`), and client credentials (`client.crt`, `client.key`) with the `examples/etc/bootcfg/cert-gen` script. Export the DNS name or IP (discouraged) of the provisioner host.
Otherwise, generate a self-signed `ca.crt`, a server certificate (`server.crt`, `server.key`), and client credentials (`client.crt`, `client.key`) with the `examples/etc/matchbox/cert-gen` script. Export the DNS name or IP (discouraged) of the provisioner host.
```sh
$ cd examples/etc/bootcfg
# DNS or IP Subject Alt Names where bootcfg can be reached
$ export SAN=DNS.1:bootcfg.example.com,IP.1:192.168.1.42
$ cd examples/etc/matchbox
# DNS or IP Subject Alt Names where matchbox can be reached
$ export SAN=DNS.1:matchbox.example.com,IP.1:192.168.1.42
$ ./cert-gen
```
Place the TLS credentials in the default location:
```sh
$ sudo mkdir -p /etc/bootcfg
$ sudo cp ca.crt server.crt server.key /etc/bootcfg/
$ sudo mkdir -p /etc/matchbox
$ sudo cp ca.crt server.crt server.key /etc/matchbox/
```
Save `client.crt`, `client.key`, and `ca.crt` to use with a client tool later.
## Start bootcfg
## Start matchbox
Start the `bootcfg` service and enable it if you'd like it to start on every boot.
Start the `matchbox` service and enable it if you'd like it to start on every boot.
```sh
$ sudo systemctl daemon-reload
$ sudo systemctl start bootcfg
$ sudo systemctl enable bootcfg
$ sudo systemctl start matchbox
$ sudo systemctl enable matchbox
```
## Verify
Verify the bootcfg service is running and can be reached by client machines (those being provisioned).
Verify the matchbox service is running and can be reached by client machines (those being provisioned).
```sh
$ systemctl status bootcfg
$ dig bootcfg.example.com
$ systemctl status matchbox
$ dig matchbox.example.com
```
Verify you receive a response from the HTTP and API endpoints.
```sh
$ curl http://bootcfg.example.com:8080
bootcfg
$ curl http://matchbox.example.com:8080
matchbox
```
If you enabled the gRPC API,
```sh
$ openssl s_client -connect bootcfg.example.com:8081 -CAfile /etc/bootcfg/ca.crt -cert examples/etc/bootcfg/client.crt -key examples/etc/bootcfg/client.key
$ openssl s_client -connect matchbox.example.com:8081 -CAfile /etc/matchbox/ca.crt -cert examples/etc/matchbox/client.crt -key examples/etc/matchbox/client.key
CONNECTED(00000003)
depth=1 CN = fake-ca
verify return:1
@@ -203,7 +203,7 @@ Certificate chain
## Download CoreOS (optional)
`bootcfg` can serve CoreOS images in development or lab environments to reduce bandwidth usage and increase the speed of CoreOS PXE boots and installs to disk.
`matchbox` can serve CoreOS images in development or lab environments to reduce bandwidth usage and increase the speed of CoreOS PXE boots and installs to disk.
Download a recent CoreOS [release](https://coreos.com/releases/) with signatures.
@@ -211,14 +211,14 @@ Download a recent CoreOS [release](https://coreos.com/releases/) with signatures
$ ./scripts/get-coreos stable 1185.3.0 . # note the "." 3rd argument
```
Move the images to `/var/lib/bootcfg/assets`,
Move the images to `/var/lib/matchbox/assets`,
```sh
$ sudo cp -r coreos /var/lib/bootcfg/assets
$ sudo cp -r coreos /var/lib/matchbox/assets
```
```
/var/lib/bootcfg/assets/
/var/lib/matchbox/assets/
├── coreos
│   └── 1185.3.0
│   ├── CoreOS_Image_Signing_Key.asc
@@ -233,7 +233,7 @@ $ sudo cp -r coreos /var/lib/bootcfg/assets
and verify the images are acessible.
```
$ curl http://bootcfg.example.com:8080/assets/coreos/1185.3.0/
$ curl http://matchbox.example.com:8080/assets/coreos/1185.3.0/
<pre>...
```
@@ -244,43 +244,43 @@ For large production environments, use a cache proxy or mirror suitable for your
Review [network setup](https://github.com/coreos/coreos-baremetal/blob/master/Documentation/network-setup.md) with your network administrator to set up DHCP, TFTP, and DNS services on your network. At a high level, your goals are to:
* Chainload PXE firmwares to iPXE
* Point iPXE client machines to the `bootcfg` iPXE HTTP endpoint `http://bootcfg.example.com:8080/boot.ipxe`
* Ensure `bootcfg.example.com` resolves to your `bootcfg` deployment
* Point iPXE client machines to the `matchbox` iPXE HTTP endpoint `http://matchbox.example.com:8080/boot.ipxe`
* Ensure `matchbox.example.com` resolves to your `matchbox` deployment
CoreOS provides [dnsmasq](https://github.com/coreos/coreos-baremetal/tree/master/contrib/dnsmasq) as `quay.io/coreos/dnsmasq`, if you wish to use rkt or Docker.
## rkt
Run the most recent tagged and signed `bootcfg` [release](https://github.com/coreos/coreos-baremetal/releases) ACI. Trust the [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/) for image signature verification.
Run the most recent tagged and signed `matchbox` [release](https://github.com/coreos/coreos-baremetal/releases) ACI. Trust the [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/) for image signature verification.
```sh
$ sudo rkt trust --prefix coreos.com/bootcfg
$ sudo rkt trust --prefix coreos.com/matchbox
# gpg key fingerprint is: 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E
$ sudo rkt run --net=host --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=/var/lib/bootcfg quay.io/coreos/bootcfg:v0.4.2 --mount volume=config,target=/etc/bootcfg --volume config,kind=host,source=/etc/bootcfg,readOnly=true -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
$ sudo rkt run --net=host --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=/var/lib/matchbox quay.io/coreos/matchbox:v0.4.2 --mount volume=config,target=/etc/matchbox --volume config,kind=host,source=/etc/matchbox,readOnly=true -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
```
Create machine profiles, groups, or Ignition configs at runtime with `bootcmd` or by using your own `/var/lib/bootcfg` volume mounts.
Create machine profiles, groups, or Ignition configs at runtime with `bootcmd` or by using your own `/var/lib/matchbox` volume mounts.
## Docker
Run the latest or the most recently tagged `bootcfg` [release](https://github.com/coreos/coreos-baremetal/releases) Docker image.
Run the latest or the most recently tagged `matchbox` [release](https://github.com/coreos/coreos-baremetal/releases) Docker image.
```sh
sudo docker run --net=host --rm -v /var/lib/bootcfg:/var/lib/bootcfg:Z -v /etc/bootcfg:/etc/bootcfg:Z,ro quay.io/coreos/bootcfg:v0.4.2 -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
sudo docker run --net=host --rm -v /var/lib/matchbox:/var/lib/matchbox:Z -v /etc/matchbox:/etc/matchbox:Z,ro quay.io/coreos/matchbox:v0.4.2 -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
```
Create machine profiles, groups, or Ignition configs at runtime with `bootcmd` or by using your own `/var/lib/bootcfg` volume mounts.
Create machine profiles, groups, or Ignition configs at runtime with `bootcmd` or by using your own `/var/lib/matchbox` volume mounts.
## Kubernetes
Create a `bootcfg` Kubernetes `Deployment` and `Service` based on the example manifests provided in [contrib/k8s](../contrib/k8s).
Create a `matchbox` Kubernetes `Deployment` and `Service` based on the example manifests provided in [contrib/k8s](../contrib/k8s).
```
$ kubectl apply -f contrib/k8s/bootcfg-deployment.yaml
$ kubectl apply -f contrib/k8s/bootcfg-service.yaml
$ kubectl apply -f contrib/k8s/matchbox-deployment.yaml
$ kubectl apply -f contrib/k8s/matchbox-service.yaml
```
This runs the `bootcfg` service exposed on NodePort `tcp:31488` on each node in the cluster. `BOOTCFG_LOG_LEVEL` is set to debug.
This runs the `matchbox` service exposed on NodePort `tcp:31488` on each node in the cluster. `MATCHBOX_LOG_LEVEL` is set to debug.
```sh
$ kubectl get deployments
@@ -289,8 +289,8 @@ $ kubectl get pods
$ kubectl logs POD-NAME
```
The example manifests use Kubernetes `emptyDir` volumes to back the `bootcfg` FileStore (`/var/lib/bootcfg`). This doesn't provide long-term persistent storage so you may wish to mount your machine groups, profiles, and Ignition configs with a [gitRepo](http://kubernetes.io/docs/user-guide/volumes/#gitrepo) and host image assets on a file server.
The example manifests use Kubernetes `emptyDir` volumes to back the `matchbox` FileStore (`/var/lib/matchbox`). This doesn't provide long-term persistent storage so you may wish to mount your machine groups, profiles, and Ignition configs with a [gitRepo](http://kubernetes.io/docs/user-guide/volumes/#gitrepo) and host image assets on a file server.
### Documentation
View the [documentation](https://github.com/coreos/coreos-baremetal#coreos-on-baremetal) for `bootcfg` service docs, tutorials, example clusters and Ignition configs, PXE booting guides, or machine lifecycle guides.
View the [documentation](https://github.com/coreos/coreos-baremetal#coreos-on-baremetal) for `matchbox` service docs, tutorials, example clusters and Ignition configs, PXE booting guides, or machine lifecycle guides.

6
Documentation/dev/develop.md
View File

@@ -52,14 +52,14 @@ Run the binary.
Run the container image with rkt, on `metal0`.
sudo rkt --insecure-options=image run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=config,target=/etc/bootcfg --volume config,kind=host,source=$PWD/examples/etc/bootcfg --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd matchbox.aci -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
sudo rkt --insecure-options=image run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=$PWD/examples --mount volume=config,target=/etc/matchbox --volume config,kind=host,source=$PWD/examples/etc/matchbox --mount volume=groups,target=/var/lib/matchbox/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd matchbox.aci -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
Alternately, run the Docker image on `docker0`.
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z coreos/matchbox:latest -address=0.0.0.0:8080 -log-level=debug
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/groups/etcd:/var/lib/matchbox/groups:Z coreos/matchbox:latest -address=0.0.0.0:8080 -log-level=debug
### bootcmd
Run `bootcmd` against the gRPC API of the service running via rkt.
./bin/bootcmd profile list --endpoints 172.18.0.2:8081 --cacert examples/etc/bootcfg/ca.crt
./bin/bootcmd profile list --endpoints 172.18.0.2:8081 --cacert examples/etc/matchbox/ca.crt

14
Documentation/dev/release.md
View File

@@ -21,8 +21,8 @@ Tag, sign the release version, and push it to Github.
Travis CI will build the Docker image and push it to Quay.io when the tag is pushed to master. Verify the new image and version.
sudo docker run quay.io/coreos/bootcfg:$VERSION -version
sudo rkt run --no-store quay.io/coreos/bootcfg:$VERSION -- -version
sudo docker run quay.io/coreos/matchbox:$VERSION -version
sudo rkt run --no-store quay.io/coreos/matchbox:$VERSION -- -version
## Github Release
@@ -37,7 +37,7 @@ Build the release tarballs.
Verify the reported version.
./_output/coreos-baremetal-v0.4.2-linux-amd64/bootcfg -version
./_output/coreos-baremetal-v0.4.2-linux-amd64/matchbox -version
## ACI
@@ -47,18 +47,18 @@ Build the rkt ACI on a Linux host with `acbuild`,
Check that the listed version is correct/clean.
sudo rkt --insecure-options=image run bootcfg.aci -- -version
sudo rkt --insecure-options=image run matchbox.aci -- -version
Add the ACI to `output` for signing.
mv bootcfg.aci _output/bootcfg-$VERSION-linux-amd64.aci
mv matchbox.aci _output/matchbox-$VERSION-linux-amd64.aci
## Signing
Sign the release tarballs and ACI with a [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/) subkey.
cd _output
gpg2 -a --default-key FC8A365E --detach-sign bootcfg-$VERSION-linux-amd64.aci
gpg2 -a --default-key FC8A365E --detach-sign matchbox-$VERSION-linux-amd64.aci
gpg2 -a --default-key FC8A365E --detach-sign coreos-baremetal-$VERSION-linux-amd64.tar.gz
gpg2 -a --default-key FC8A365E --detach-sign coreos-baremetal-$VERSION-darwin-amd64.tar.gz
gpg2 -a --default-key FC8A365E --detach-sign coreos-baremetal-$VERSION-linux-arm.tar.gz
@@ -66,7 +66,7 @@ Sign the release tarballs and ACI with a [CoreOS App Signing Key](https://coreos
Verify the signatures.
gpg2 --verify bootcfg-$VERSION-linux-amd64.aci.asc bootcfg-$VERSION-linux-amd64.aci
gpg2 --verify matchbox-$VERSION-linux-amd64.aci.asc matchbox-$VERSION-linux-amd64.aci
gpg2 --verify coreos-baremetal-$VERSION-linux-amd64.tar.gz.asc coreos-baremetal-$VERSION-linux-amd64.tar.gz
gpg2 --verify coreos-baremetal-$VERSION-darwin-amd64.tar.gz.asc coreos-baremetal-$VERSION-darwin-amd64.tar.gz
gpg2 --verify coreos-baremetal-$VERSION-linux-arm.tar.gz.asc coreos-baremetal-$VERSION-linux-arm.tar.gz

14
Documentation/getting-started-docker.md
View File

@@ -1,7 +1,7 @@
# Getting Started with Docker
In this tutorial, we'll run `bootcfg` on your Linux machine with Docker to network boot and provision a cluster of QEMU/KVM CoreOS machines locally. You'll be able to create Kubernetes clusters, etcd clusters, and test network setups.
In this tutorial, we'll run `matchbox` on your Linux machine with Docker to network boot and provision a cluster of QEMU/KVM CoreOS machines locally. You'll be able to create Kubernetes clusters, etcd clusters, and test network setups.
*Note*: To provision physical machines, see [network setup](network-setup.md) and [deployment](deployment.md).
@@ -36,14 +36,14 @@ For development convenience, add `/etc/hosts` entries for nodes so they may be r
## Containers
Run the latest `bootcfg` Docker image from `quay.io/coreos/bootcfg` with the `etcd-docker` example. The container should receive the IP address 172.17.0.2 on the `docker0` bridge.
Run the latest `matchbox` Docker image from `quay.io/coreos/matchbox` with the `etcd-docker` example. The container should receive the IP address 172.17.0.2 on the `docker0` bridge.
sudo docker pull quay.io/coreos/bootcfg:latest
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug
sudo docker pull quay.io/coreos/matchbox:latest
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/groups/etcd:/var/lib/matchbox/groups:Z quay.io/coreos/matchbox:latest -address=0.0.0.0:8080 -log-level=debug
or run the latest tagged release.
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:v0.4.2 -address=0.0.0.0:8080 -log-level=debug
sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/groups/etcd:/var/lib/matchbox/groups:Z quay.io/coreos/matchbox:v0.4.2 -address=0.0.0.0:8080 -log-level=debug
Take a look at the [etcd groups](../examples/groups/etcd) to get an idea of how machines are mapped to Profiles. Explore some endpoints exposed by the service, say for QEMU/KVM node1.
@@ -57,7 +57,7 @@ Since the virtual network has no network boot services, use the `dnsmasq` image
sudo docker run --name dnsmasq --cap-add=NET_ADMIN -v $PWD/contrib/dnsmasq/docker0.conf:/etc/dnsmasq.conf:Z quay.io/coreos/dnsmasq -d
In this case, dnsmasq runs a DHCP server allocating IPs to VMs between 172.17.0.43 and 172.17.0.99, resolves `bootcfg.foo` to 172.17.0.2 (the IP where `bootcfg` runs), and points iPXE clients to `http://bootcfg.foo:8080/boot.ipxe`.
In this case, dnsmasq runs a DHCP server allocating IPs to VMs between 172.17.0.43 and 172.17.0.99, resolves `matchbox.foo` to 172.17.0.2 (the IP where `matchbox` runs), and points iPXE clients to `http://matchbox.foo:8080/boot.ipxe`.
## Client VMs
@@ -97,5 +97,5 @@ Clean up the containers and VM machines.
## Going Further
Learn more about [bootcfg](bootcfg.md) or explore the other [example](../examples) clusters. Try the [k8s example](kubernetes.md) to produce a TLS-authenticated Kubernetes cluster you can access locally with `kubectl`.
Learn more about [matchbox](matchbox.md) or explore the other [example](../examples) clusters. Try the [k8s example](kubernetes.md) to produce a TLS-authenticated Kubernetes cluster you can access locally with `kubectl`.

12
Documentation/getting-started-rkt.md
View File

@@ -1,7 +1,7 @@
# Getting Started with rkt
In this tutorial, we'll run `bootcfg` on your Linux machine with `rkt` and `CNI` to network boot and provision a cluster of QEMU/KVM CoreOS machines locally. You'll be able to create Kubernetes clustes, etcd clusters, and test network setups.
In this tutorial, we'll run `matchbox` on your Linux machine with `rkt` and `CNI` to network boot and provision a cluster of QEMU/KVM CoreOS machines locally. You'll be able to create Kubernetes clustes, etcd clusters, and test network setups.
*Note*: To provision physical machines, see [network setup](network-setup.md) and [deployment](deployment.md).
@@ -64,13 +64,13 @@ For development convenience, add `/etc/hosts` entries for nodes so they may be r
## Containers
Run the latest `bootcfg` ACI with rkt and the `etcd` example.
Run the latest `matchbox` ACI with rkt and the `etcd` example.
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/matchbox/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/matchbox:latest -- -address=0.0.0.0:8080 -log-level=debug
or run the latest tagged release signed by the [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/).
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd coreos.com/bootcfg:v0.4.2 -- -address=0.0.0.0:8080 -log-level=debug
sudo rkt run --net=metal0:IP=172.18.0.2 --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/matchbox/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd coreos.com/matchbox:v0.4.2 -- -address=0.0.0.0:8080 -log-level=debug
If you get an error about the IP assignment, stop old pods and run garbage collection.
@@ -95,7 +95,7 @@ Run the `coreos.com/dnsmasq` ACI with rkt.
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=metal0:IP=172.18.0.3 --mount volume=config,target=/etc/dnsmasq.conf --volume config,kind=host,source=$PWD/contrib/dnsmasq/metal0.conf
In this case, dnsmasq runs a DHCP server allocating IPs to VMs between 172.18.0.50 and 172.18.0.99, resolves `bootcfg.foo` to 172.18.0.2 (the IP where `bootcfg` runs), and points iPXE clients to `http://bootcfg.foo:8080/boot.ipxe`.
In this case, dnsmasq runs a DHCP server allocating IPs to VMs between 172.18.0.50 and 172.18.0.99, resolves `matchbox.foo` to 172.18.0.2 (the IP where `matchbox` runs), and points iPXE clients to `http://matchbox.foo:8080/boot.ipxe`.
## Client VMs
@@ -134,5 +134,5 @@ Press ^] three times to stop a rkt pod. Clean up the VM machines.
## Going Further
Learn more about [bootcfg](bootcfg.md) or explore the other [example](../examples) clusters. Try the [k8s example](kubernetes.md) to produce a TLS-authenticated Kubernetes cluster you can access locally with `kubectl`.
Learn more about [matchbox](matchbox.md) or explore the other [example](../examples) clusters. Try the [k8s example](kubernetes.md) to produce a TLS-authenticated Kubernetes cluster you can access locally with `kubectl`.

10
Documentation/grub.md
View File

@@ -9,11 +9,11 @@ For local development, install the dependencies for libvirt with UEFI.
* [UEFI with QEMU](https://fedoraproject.org/wiki/Using_UEFI_with_QEMU)
Ensure that you've gone through the [bootcfg with rkt](getting-started-rkt.md) and [bootcfg](bootcfg.md) guides and understand the basics.
Ensure that you've gone through the [matchbox with rkt](getting-started-rkt.md) and [matchbox](matchbox.md) guides and understand the basics.
## Containers
Run `bootcfg` with rkt, but mount the [grub](../examples/groups/grub) group example.
Run `matchbox` with rkt, but mount the [grub](../examples/groups/grub) group example.
## Network
@@ -23,7 +23,7 @@ On Fedora, add the `metal0` interface to the trusted zone in your firewall confi
Run the `coreos.com/dnsmasq` ACI with rkt.
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=metal0:IP=172.18.0.3 -- -d -q --dhcp-range=172.18.0.50,172.18.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-match=set:efi-bc,option:client-arch,7 --dhcp-boot=tag:efi-bc,grub.efi --dhcp-userclass=set:grub,GRUB2 --dhcp-boot=tag:grub,"(http;bootcfg.foo:8080)/grub","172.18.0.2" --log-queries --log-dhcp --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:pxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --address=/bootcfg.foo/172.18.0.2
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=metal0:IP=172.18.0.3 -- -d -q --dhcp-range=172.18.0.50,172.18.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-match=set:efi-bc,option:client-arch,7 --dhcp-boot=tag:efi-bc,grub.efi --dhcp-userclass=set:grub,GRUB2 --dhcp-boot=tag:grub,"(http;matchbox.foo:8080)/grub","172.18.0.2" --log-queries --log-dhcp --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:pxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --address=/matchbox.foo/172.18.0.2
## Client VM
@@ -33,9 +33,9 @@ Create UEFI VM nodes which have known hardware attributes.
## Docker
If you use Docker, run `bootcfg` according to [bootcfg with Docker](getting-started-docker.md), but mount the [grub](../examples/groups/grub) group example. Then start the `coreos/dnsmasq` Docker image, which bundles a `grub.efi`.
If you use Docker, run `matchbox` according to [matchbox with Docker](getting-started-docker.md), but mount the [grub](../examples/groups/grub) group example. Then start the `coreos/dnsmasq` Docker image, which bundles a `grub.efi`.
sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-match=set:efi-bc,option:client-arch,7 --dhcp-boot=tag:efi-bc,grub.efi --dhcp-userclass=set:grub,GRUB2 --dhcp-boot=tag:grub,"(http;bootcfg.foo:8080)/grub","172.17.0.2" --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:pxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --address=/bootcfg.foo/172.17.0.2
sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-match=set:efi-bc,option:client-arch,7 --dhcp-boot=tag:efi-bc,grub.efi --dhcp-userclass=set:grub,GRUB2 --dhcp-boot=tag:grub,"(http;matchbox.foo:8080)/grub","172.17.0.2" --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:pxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --address=/matchbox.foo/172.17.0.2
Create a VM to verify the machine network boots.

12
Documentation/ignition.md
View File

@@ -5,15 +5,15 @@ Ignition is a system for declaratively provisioning disks during the initramfs,
## Fuze Configs
Ignition 2.0.0+ configs are versioned, *machine-friendly* JSON documents (which contain encoded file contents). Operators should write and maintain configs in a *human-friendly* format, such as CoreOS [fuze](https://github.com/coreos/fuze) configs. As of `bootcfg` v0.4.0, Fuze configs are the primary way to use CoreOS Ignition.
Ignition 2.0.0+ configs are versioned, *machine-friendly* JSON documents (which contain encoded file contents). Operators should write and maintain configs in a *human-friendly* format, such as CoreOS [fuze](https://github.com/coreos/fuze) configs. As of `matchbox` v0.4.0, Fuze configs are the primary way to use CoreOS Ignition.
The [Fuze schema](https://github.com/coreos/fuze/blob/master/doc/configuration.md) formalizes and improves upon the YAML to Ignition JSON transform. Fuze provides better support for Ignition 2.0.0+, handles file content encoding, patches Ignition bugs, performs better validations, and lets services (like `bootcfg`) negotiate the Ignition version required by a CoreOS client.
The [Fuze schema](https://github.com/coreos/fuze/blob/master/doc/configuration.md) formalizes and improves upon the YAML to Ignition JSON transform. Fuze provides better support for Ignition 2.0.0+, handles file content encoding, patches Ignition bugs, performs better validations, and lets services (like `matchbox`) negotiate the Ignition version required by a CoreOS client.
## Adding Fuze Configs
Fuze template files can be added in the `/var/lib/bootcfg/ignition` directory or in an `ignition` subdirectory of a custom `-data-path`. Template files may contain [Go template](https://golang.org/pkg/text/template/) elements which will be evaluated with group metadata, selectors, and query params.
Fuze template files can be added in the `/var/lib/matchbox/ignition` directory or in an `ignition` subdirectory of a custom `-data-path`. Template files may contain [Go template](https://golang.org/pkg/text/template/) elements which will be evaluated with group metadata, selectors, and query params.
/var/lib/bootcfg
/var/lib/matchbox
├── cloud
├── ignition
│   └── k8s-controller.yaml
@@ -24,11 +24,11 @@ Fuze template files can be added in the `/var/lib/bootcfg/ignition` directory or
### Reference
Reference an Fuze config in a [Profile](bootcfg.md#profiles) with `ignition_id`. When PXE booting, use the kernel option `coreos.first_boot=1` and `coreos.config.url` to point to the `bootcfg` [Ignition endpoint](api.md#ignition-config).
Reference an Fuze config in a [Profile](matchbox.md#profiles) with `ignition_id`. When PXE booting, use the kernel option `coreos.first_boot=1` and `coreos.config.url` to point to the `matchbox` [Ignition endpoint](api.md#ignition-config).
### Migration from v0.3.0
In v0.4.0, `bootcfg` switched to using the CoreOS [fuze](https://github.com/coreos/fuze) library, which formalizes and improves upon the YAML to Ignition JSON transform. Fuze provides better support for Ignition 2.0.0+, handles file content encoding, patches Ignition bugs, and performs better validations.
In v0.4.0, `matchbox` switched to using the CoreOS [fuze](https://github.com/coreos/fuze) library, which formalizes and improves upon the YAML to Ignition JSON transform. Fuze provides better support for Ignition 2.0.0+, handles file content encoding, patches Ignition bugs, and performs better validations.
Upgrade your Ignition YAML templates to match the [Fuze config schema](https://github.com/coreos/fuze/blob/master/doc/configuration.md). Typically, you'll need to do the following:

18
Documentation/index.md
View File

@@ -9,22 +9,22 @@ Guides and a service for network booting and provisioning CoreOS clusters on vir
* [Machine Lifecycle](machine-lifecycle.md)
* [Background: PXE Booting](network-booting.md)
## bootcfg
## matchbox
`bootcfg` is an HTTP and gRPC service that renders signed [Ignition configs](https://coreos.com/ignition/docs/latest/what-is-ignition.html), [cloud-configs](https://coreos.com/os/docs/latest/cloud-config.html), network boot configs, and metadata to machines to create CoreOS clusters. Groups match machines based on labels (e.g. MAC, UUID, stage, region) and use named Profiles for provisioning. Network boot endpoints provide PXE, iPXE, and GRUB. `bootcfg` can be deployed as a binary, as an [appc](https://github.com/appc/spec) container with [rkt](https://coreos.com/rkt/docs/latest/), or as a Docker container.
`matchbox` is an HTTP and gRPC service that renders signed [Ignition configs](https://coreos.com/ignition/docs/latest/what-is-ignition.html), [cloud-configs](https://coreos.com/os/docs/latest/cloud-config.html), network boot configs, and metadata to machines to create CoreOS clusters. Groups match machines based on labels (e.g. MAC, UUID, stage, region) and use named Profiles for provisioning. Network boot endpoints provide PXE, iPXE, and GRUB. `matchbox` can be deployed as a binary, as an [appc](https://github.com/appc/spec) container with [rkt](https://coreos.com/rkt/docs/latest/), or as a Docker container.
* [bootcfg Service](bootcfg.md)
* [Profiles](bootcfg.md#profiles)
* [Groups](bootcfg.md#groups)
* [matchbox Service](matchbox.md)
* [Profiles](matchbox.md#profiles)
* [Groups](matchbox.md#groups)
* Machine Configs
* [Ignition](ignition.md)
* [Cloud-Config](cloud-config.md)
* Tutorials (QEMU/KVM)
* [bootcfg with rkt](getting-started-rkt.md)
* [bootcfg with Docker](getting-started-docker.md)
* [matchbox with rkt](getting-started-rkt.md)
* [matchbox with Docker](getting-started-docker.md)
* [Configuration](config.md)
* [HTTP API](api.md)
* [gRPC API](https://godoc.org/github.com/coreos/coreos-baremetal/bootcfg/client)
* [gRPC API](https://godoc.org/github.com/coreos/coreos-baremetal/matchbox/client)
* Installation
* [CoreOS / Linux distros](deployment.md)
* [rkt](deployment.md#rkt) / [docker](deployment.md#docker)
@@ -33,7 +33,7 @@ Guides and a service for network booting and provisioning CoreOS clusters on vir
* bootcmd CLI (POC)
* Tectonic Installer ([guide](https://tectonic.com/enterprise/docs/latest/deployer/platform-baremetal.html), [blog](https://tectonic.com/blog/tectonic-1-3-release.html))
* Backends
* [FileStore](bootcfg.md#data)
* [FileStore](matchbox.md#data)
* [Troubleshooting](troubleshooting.md)
* Going Further
* [gRPC API Usage](config.md#grpc-api)

6
Documentation/kubernetes.md
View File

@@ -5,9 +5,9 @@ The Kubernetes example provisions a 3 node Kubernetes v1.5.1 cluster with one co
## Requirements
Ensure that you've gone through the [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with docker](getting-started-docker.md) guide and understand the basics. In particular, you should be able to:
Ensure that you've gone through the [matchbox with rkt](getting-started-rkt.md) or [matchbox with docker](getting-started-docker.md) guide and understand the basics. In particular, you should be able to:
* Use rkt or Docker to start `bootcfg`
* Use rkt or Docker to start `matchbox`
* Create a network boot environment with `coreos/dnsmasq`
* Create the example libvirt client VMs
* `/etc/hosts` entries for `node[1-3].example.com` (or pass custom names to `k8s-certgen`)
@@ -37,7 +37,7 @@ Generate a root CA and Kubernetes TLS assets for components (`admin`, `apiserver
## Containers
Use rkt or docker to start `bootcfg` and mount the desired example resources. Create a network boot environment and power-on your machines. Revisit [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with Docker](getting-started-docker.md) for help.
Use rkt or docker to start `matchbox` and mount the desired example resources. Create a network boot environment and power-on your machines. Revisit [matchbox with rkt](getting-started-rkt.md) or [matchbox with Docker](getting-started-docker.md) for help.
Client machines should boot and provision themselves. Local client VMs should network boot CoreOS in about a 1 minute and the Kubernetes API should be available after 3-4 minutes (each node downloads a ~160MB Hyperkube). If you chose `k8s-install`, notice that machines install CoreOS and then reboot (in libvirt, you must hit "power" again). Time to network boot and provision Kubernetes clusters on physical hardware depends on a number of factors (POST duration, boot device iteration, network speed, etc.).

2
Documentation/machine-lifecycle.md
View File

@@ -3,7 +3,7 @@
Physical machines [network boot](network-booting.md) in an network boot environment with DHCP/TFTP/DNS services or with [coreos/dnsmasq](../contrib/dnsmasq).
`bootcfg` serves iPXE, GRUB, or Pixiecore boot configs via HTTP to machines based on Group selectors (e.g. UUID, MAC, region, etc.) and machine Profiles. Kernel and initrd images are fetched and booted with Ignition to install CoreOS. The "first boot" Ignition config if fetched and CoreOS is installed.
`matchbox` serves iPXE, GRUB, or Pixiecore boot configs via HTTP to machines based on Group selectors (e.g. UUID, MAC, region, etc.) and machine Profiles. Kernel and initrd images are fetched and booted with Ignition to install CoreOS. The "first boot" Ignition config if fetched and CoreOS is installed.
CoreOS boots ("first boot" from disk) and runs Ignition to provision its disk with systemd units, files, keys, and more to become a cluster node. Systemd units may fetch metadata from a remote source if needed.

38
Documentation/bootcfg.md → Documentation/matchbox.md
View File

@@ -1,18 +1,18 @@
# bootcfg
# matchbox
`bootcfg` is an HTTP and gRPC service that renders signed [Ignition configs](https://coreos.com/ignition/docs/latest/what-is-ignition.html), [cloud-configs](https://coreos.com/os/docs/latest/cloud-config.html), network boot configs, and metadata to machines to create CoreOS clusters. `bootcfg` maintains **Group** definitions which match machines to *profiles* based on labels (e.g. MAC address, UUID, stage, region). A **Profile** is a named set of config templates (e.g. iPXE, GRUB, Ignition config, Cloud-Config, generic configs). The aim is to use CoreOS Linux's early-boot capabilities to provision CoreOS machines.
`matchbox` is an HTTP and gRPC service that renders signed [Ignition configs](https://coreos.com/ignition/docs/latest/what-is-ignition.html), [cloud-configs](https://coreos.com/os/docs/latest/cloud-config.html), network boot configs, and metadata to machines to create CoreOS clusters. `matchbox` maintains **Group** definitions which match machines to *profiles* based on labels (e.g. MAC address, UUID, stage, region). A **Profile** is a named set of config templates (e.g. iPXE, GRUB, Ignition config, Cloud-Config, generic configs). The aim is to use CoreOS Linux's early-boot capabilities to provision CoreOS machines.
Network boot endpoints provide PXE, iPXE, GRUB support. `bootcfg` can be deployed as a binary, as an [appc](https://github.com/appc/spec) container with rkt, or as a Docker container.
Network boot endpoints provide PXE, iPXE, GRUB support. `matchbox` can be deployed as a binary, as an [appc](https://github.com/appc/spec) container with rkt, or as a Docker container.
![Bootcfg Overview](img/overview.png)
## Getting Started
Get started running `bootcfg` on your Linux machine, with rkt or Docker.
Get started running `matchbox` on your Linux machine, with rkt or Docker.
* [bootcfg with rkt](getting-started-rkt.md)
* [bootcfg with Docker](getting-started-docker.md)
* [matchbox with rkt](getting-started-rkt.md)
* [matchbox with Docker](getting-started-docker.md)
## Flags
@@ -21,15 +21,15 @@ See [configuration](config.md) flags and variables.
## API
* [HTTP API](api.md)
* [gRPC API](https://godoc.org/github.com/coreos/coreos-baremetal/bootcfg/client)
* [gRPC API](https://godoc.org/github.com/coreos/coreos-baremetal/matchbox/client)
## Data
A `Store` stores machine Groups, Profiles, and associated Ignition configs, cloud-configs, and generic configs. By default, `bootcfg` uses a `FileStore` to search a `-data-path` for these resources.
A `Store` stores machine Groups, Profiles, and associated Ignition configs, cloud-configs, and generic configs. By default, `matchbox` uses a `FileStore` to search a `-data-path` for these resources.
Prepare `/var/lib/bootcfg` with `groups`, `profile`, `ignition`, `cloud`, and `generic` subdirectories. You may wish to keep these files under version control.
Prepare `/var/lib/matchbox` with `groups`, `profile`, `ignition`, `cloud`, and `generic` subdirectories. You may wish to keep these files under version control.
/var/lib/bootcfg
/var/lib/matchbox
├── cloud
│   ├── cloud.yaml.tmpl
│   └── worker.sh.tmpl
@@ -65,7 +65,7 @@ Profiles reference an Ignition config, Cloud-Config, and/or generic config by na
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"coreos.autologin"
]
@@ -74,17 +74,17 @@ Profiles reference an Ignition config, Cloud-Config, and/or generic config by na
The `"boot"` settings will be used to render configs to network boot programs such as iPXE, GRUB, or Pixiecore. You may reference remote kernel and initrd assets or [local assets](#assets).
To use Ignition, set the `coreos.config.url` kernel option to reference the `bootcfg` [Ignition endpoint](api.md#ignition-config), which will render the `ignition_id` file. Be sure to add the `coreos.first_boot` option as well.
To use Ignition, set the `coreos.config.url` kernel option to reference the `matchbox` [Ignition endpoint](api.md#ignition-config), which will render the `ignition_id` file. Be sure to add the `coreos.first_boot` option as well.
To use cloud-config, set the `cloud-config-url` kernel option to reference the `bootcfg` [Cloud-Config endpoint](api.md#cloud-config), which will render the `cloud_id` file.
To use cloud-config, set the `cloud-config-url` kernel option to reference the `matchbox` [Cloud-Config endpoint](api.md#cloud-config), which will render the `cloud_id` file.
### Groups
Groups define selectors which match zero or more machines. Machine(s) matching a group will boot and provision according to the group's `Profile`.
Create a group definition with a `Profile` to be applied, selectors for matching machines, and any `metadata` needed to render templated configs. For example `/var/lib/bootcfg/groups/node1.json` matches a single machine with MAC address `52:54:00:89:d8:10`.
Create a group definition with a `Profile` to be applied, selectors for matching machines, and any `metadata` needed to render templated configs. For example `/var/lib/matchbox/groups/node1.json` matches a single machine with MAC address `52:54:00:89:d8:10`.
# /var/lib/bootcfg/groups/node1.json
# /var/lib/matchbox/groups/node1.json
{
"name": "node1",
"profile": "etcd",
@@ -98,7 +98,7 @@ Create a group definition with a `Profile` to be applied, selectors for matching
}
}
Meanwhile, `/var/lib/bootcfg/groups/proxy.json` acts as the default machine group since it has no selectors.
Meanwhile, `/var/lib/matchbox/groups/proxy.json` acts as the default machine group since it has no selectors.
{
"name": "etcd-proxy",
@@ -150,9 +150,9 @@ Note that `.request` is reserved for these purposes so group metadata with data
## Assets
`bootcfg` can serve `-assets-path` static assets at `/assets`. This is helpful for reducing bandwidth usage when serving the kernel and initrd to network booted machines. The default assets-path is `/var/lib/bootcfg/assets` or you can pass `-assets-path=""` to disable asset serving.
`matchbox` can serve `-assets-path` static assets at `/assets`. This is helpful for reducing bandwidth usage when serving the kernel and initrd to network booted machines. The default assets-path is `/var/lib/matchbox/assets` or you can pass `-assets-path=""` to disable asset serving.
bootcfg.foo/assets/
matchbox.foo/assets/
└── coreos
└── VERSION
├── coreos_production_pxe.vmlinuz
@@ -164,7 +164,7 @@ See the [get-coreos](../scripts/README.md#get-coreos) script to quickly download
## Network
`bootcfg` does not implement or exec a DHCP/TFTP server. Read [network setup](network-setup.md) or use the [coreos/dnsmasq](../contrib/dnsmasq) image if you need a quick DHCP, proxyDHCP, TFTP, or DNS setup.
`matchbox` does not implement or exec a DHCP/TFTP server. Read [network setup](network-setup.md) or use the [coreos/dnsmasq](../contrib/dnsmasq) image if you need a quick DHCP, proxyDHCP, TFTP, or DNS setup.
## Going Further

4
Documentation/network-booting.md
View File

@@ -49,7 +49,7 @@ This approach has a number of drawbacks. TFTP can be slow, managing config files
![iPXE flow](img/ipxe.png)
A DHCPOFFER to iPXE client firmware specifies an HTTP boot script such as `http://bootcfg.foo/boot.ipxe`.
A DHCPOFFER to iPXE client firmware specifies an HTTP boot script such as `http://matchbox.foo/boot.ipxe`.
Here is an example iPXE script for booting the remote CoreOS stable image.
@@ -64,7 +64,7 @@ boot
A TFTP server is used only to provide the `undionly.kpxe` boot program to older PXE firmware in order to bootstrap into iPXE.
CoreOS `bootcfg` can render signed iPXE scripts to machines based on their hardware attributes. Setup involves configuring your DHCP server to point iPXE clients to the `bootcfg` [iPXE endpoint](api.md#ipxe).
CoreOS `matchbox` can render signed iPXE scripts to machines based on their hardware attributes. Setup involves configuring your DHCP server to point iPXE clients to the `matchbox` [iPXE endpoint](api.md#ipxe).
## DHCP

50
Documentation/network-setup.md
View File

@@ -1,9 +1,9 @@
# Network Setup
This guide shows how to create a DHCP/TFTP/DNS network boot environment to work with `bootcfg` to boot and provision PXE, iPXE, or GRUB2 client machines.
This guide shows how to create a DHCP/TFTP/DNS network boot environment to work with `matchbox` to boot and provision PXE, iPXE, or GRUB2 client machines.
`bootcfg` serves iPXE scripts or GRUB configs over HTTP to serve as the entrypoint for CoreOS cluster bring-up. It does not implement or exec a DHCP, TFTP, or DNS server. Instead, you can configure your own network services to point to `bootcfg` or use the convenient [coreos/dnsmasq](../contrib/dnsmasq) container image (used in libvirt demos).
`matchbox` serves iPXE scripts or GRUB configs over HTTP to serve as the entrypoint for CoreOS cluster bring-up. It does not implement or exec a DHCP, TFTP, or DNS server. Instead, you can configure your own network services to point to `matchbox` or use the convenient [coreos/dnsmasq](../contrib/dnsmasq) container image (used in libvirt demos).
*Note*: These are just suggestions. Your network administrator or system administrator should choose the right network setup for your company.
@@ -13,14 +13,14 @@ Client hardware must have a network interface which supports PXE or iPXE.
## Goals
* Add a DNS name which resolves to a `bootcfg` deploy.
* Add a DNS name which resolves to a `matchbox` deploy.
* Chainload PXE firmware to iPXE or GRUB2
* Point iPXE clients to `http://bootcfg.foo:port/boot.ipxe`
* Point GRUB clients to `http://bootcfg.foo:port/grub`
* Point iPXE clients to `http://matchbox.foo:port/boot.ipxe`
* Point GRUB clients to `http://matchbox.foo:port/grub`
## Setup
Many companies already have DHCP/TFTP configured to "PXE-boot" PXE/iPXE clients. In this case, machines (or a subset of machines) can be made to chainload from `chain http://bootcfg.foo:port/boot.ipxe`. Older PXE clients can be made to chainload into iPXE or GRUB to be able to fetch subsequent configs via HTTP.
Many companies already have DHCP/TFTP configured to "PXE-boot" PXE/iPXE clients. In this case, machines (or a subset of machines) can be made to chainload from `chain http://matchbox.foo:port/boot.ipxe`. Older PXE clients can be made to chainload into iPXE or GRUB to be able to fetch subsequent configs via HTTP.
On simpler networks, such as what a developer might have at home, a relatively inflexible DHCP server may be in place, with no TFTP server. In this case, a proxy DHCP server can be run alongside a non-PXE capable DHCP server.
@@ -32,23 +32,23 @@ The setup of DHCP, TFTP, and DNS services on a network varies greatly. If you wi
## DNS
Add a DNS entry (e.g. `bootcfg.foo`, `provisoner.mycompany-internal`) that resolves to a deployment of the CoreOS `bootcfg` service from machines you intend to boot and provision.
Add a DNS entry (e.g. `matchbox.foo`, `provisoner.mycompany-internal`) that resolves to a deployment of the CoreOS `matchbox` service from machines you intend to boot and provision.
dig bootcfg.foo
dig matchbox.foo
If you deployed `bootcfg` to a known IP address (e.g. dedicated host, load balanced endpoint, Kubernetes NodePort) and use `dnsmasq`, a domain name to IPv4/IPv6 address mapping could be added to the `/etc/dnsmasq.conf`.
If you deployed `matchbox` to a known IP address (e.g. dedicated host, load balanced endpoint, Kubernetes NodePort) and use `dnsmasq`, a domain name to IPv4/IPv6 address mapping could be added to the `/etc/dnsmasq.conf`.
# dnsmasq.conf
address=/bootcfg.foo/172.18.0.2
address=/matchbox.foo/172.18.0.2
## iPXE
Servers with DHCP/TFTP/ services which already network boot iPXE clients can use the `chain` command to make clients download and execute the iPXE boot script from `bootcfg`.
Servers with DHCP/TFTP/ services which already network boot iPXE clients can use the `chain` command to make clients download and execute the iPXE boot script from `matchbox`.
# /var/www/html/ipxe/default.ipxe
chain http://bootcfg.foo:8080/boot.ipxe
chain http://matchbox.foo:8080/boot.ipxe
You can chainload from a menu entry or use other [iPXE commands](http://ipxe.org/cmd) if you have needs beyond just delegating to the iPXE script served by `bootcfg`.
You can chainload from a menu entry or use other [iPXE commands](http://ipxe.org/cmd) if you have needs beyond just delegating to the iPXE script served by `matchbox`.
## GRUB
@@ -56,7 +56,7 @@ Needs docs.
### Configuring DHCP
Configure your DHCP server to supply options to older PXE client firmware to specify the location of an iPXE or GRUB network boot program on your TFTP server. Send clients to the `bootcfg` iPXE script or GRUB config endpoints.
Configure your DHCP server to supply options to older PXE client firmware to specify the location of an iPXE or GRUB network boot program on your TFTP server. Send clients to the `matchbox` iPXE script or GRUB config endpoints.
Here is an example `/etc/dnsmasq.conf`:
@@ -70,15 +70,15 @@ tftp-root=/var/lib/tftpboot
dhcp-boot=tag:!ipxe,undionly.kpxe
# if request comes from iPXE user class, set tag "ipxe"
dhcp-userclass=set:ipxe,iPXE
# point ipxe tagged requests to the bootcfg iPXE boot script (via HTTP)
dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe
# verbose
log-queries
log-dhcp
# static DNS assignements
address=/bootcfg.foo/192.168.1.100
address=/matchbox.foo/192.168.1.100
# (optional) disable DNS and specify alternate
# port=0
@@ -107,8 +107,8 @@ tftp-root=/var/lib/tftpboot
pxe-service=tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe
# if request comes from iPXE user class, set tag "ipxe"
dhcp-userclass=set:ipxe,iPXE
# point ipxe tagged requests to the bootcfg iPXE boot script (via HTTP)
pxe-service=tag:ipxe,x86PC,"iPXE",http://bootcfg.foo:8080/boot.ipxe
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
pxe-service=tag:ipxe,x86PC,"iPXE",http://matchbox.foo:8080/boot.ipxe
# verbose
log-queries
@@ -126,13 +126,13 @@ sudo firewall-cmd --list-services
With rkt:
```sh
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=host -- -d -q --dhcp-range=192.168.1.1,proxy,255.255.255.0 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --pxe-service=tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe --pxe-service=tag:ipxe,x86PC,"iPXE",http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=host -- -d -q --dhcp-range=192.168.1.1,proxy,255.255.255.0 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --pxe-service=tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe --pxe-service=tag:ipxe,x86PC,"iPXE",http://matchbox.foo:8080/boot.ipxe --log-queries --log-dhcp
```
With Docker:
```sh
sudo docker run --net=host --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=192.168.1.1,proxy,255.255.255.0 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --pxe-service=tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe --pxe-service=tag:ipxe,x86PC,"iPXE",http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp
sudo docker run --net=host --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=192.168.1.1,proxy,255.255.255.0 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --pxe-service=tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe --pxe-service=tag:ipxe,x86PC,"iPXE",http://matchbox.foo:8080/boot.ipxe --log-queries --log-dhcp
```
### Configurable TFTP
@@ -145,7 +145,7 @@ Example `/var/lib/tftpboot/pxelinux.cfg/default`:
default iPXE
LABEL iPXE
KERNEL ipxe.lkrn
APPEND dhcp && chain http://bootcfg.foo:8080/boot.ipxe
APPEND dhcp && chain http://matchbox.foo:8080/boot.ipxe
Add ipxe.lkrn to `/var/lib/tftpboot` (see [iPXE docs](http://ipxe.org/embed)).
@@ -161,16 +161,16 @@ sudo rkt trust --prefix coreos.com/dnsmasq
```
```sh
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=host -- -d -q --dhcp-range=192.168.1.3,192.168.1.254 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --address=/bootcfg.foo/192.168.1.2 --log-queries --log-dhcp
sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=host -- -d -q --dhcp-range=192.168.1.3,192.168.1.254 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --address=/matchbox.foo/192.168.1.2 --log-queries --log-dhcp
```
With Docker:
```sh
sudo docker run --rm --cap-add=NET_ADMIN --net=host quay.io/coreos/dnsmasq -d -q --dhcp-range=192.168.1.3,192.168.1.254 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --address=/bootcfg.foo/192.168.1.2 --log-queries --log-dhcp
sudo docker run --rm --cap-add=NET_ADMIN --net=host quay.io/coreos/dnsmasq -d -q --dhcp-range=192.168.1.3,192.168.1.254 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --address=/matchbox.foo/192.168.1.2 --log-queries --log-dhcp
```
Ensure that `bootcfg.foo` resolves to a `bootcfg` deployment and that you've allowed the services to run in your firewall configuration.
Ensure that `matchbox.foo` resolves to a `matchbox` deployment and that you've allowed the services to run in your firewall configuration.
```sh
sudo firewall-cmd --add-service=dhcp --add-service=tftp --add-service=dns

14
Documentation/openpgp.md
View File

@@ -1,19 +1,19 @@
# OpenPGP Signing
The `bootcfg` OpenPGP signature endpoints serve detached binary and ASCII armored signatures of rendered configs, if enabled. Each config endpoint has corresponding signature endpoints, typically suffixed with `.sig` or `.asc`.
The `matchbox` OpenPGP signature endpoints serve detached binary and ASCII armored signatures of rendered configs, if enabled. Each config endpoint has corresponding signature endpoints, typically suffixed with `.sig` or `.asc`.
To enable OpenPGP signing, provide the path to a secret keyring containing a single signing key with `-key-ring-path` or by setting `BOOTCFG_KEY_RING_PATH`. If a passphrase is required, set it via the `BOOTCFG_PASSPHRASE` environment variable.
To enable OpenPGP signing, provide the path to a secret keyring containing a single signing key with `-key-ring-path` or by setting `MATCHBOX_KEY_RING_PATH`. If a passphrase is required, set it via the `MATCHBOX_PASSPHRASE` environment variable.
Here are example signature endpoints without their query parameters.
| Endpoint | Signature Endpoint | ASCII Signature Endpoint |
|------------|--------------------|-------------------------|
| iPXE | `http://bootcfg.foo/ipxe.sig` | `http://bootcfg.foo/ipxe.asc` |
| GRUB2 | `http://bootcf.foo/grub.sig` | `http://bootcfg.foo/grub.asc` |
| Ignition | `http://bootcfg.foo/ignition.sig` | `http://bootcfg.foo/ignition.asc` |
| Cloud-Config | `http://bootcfg.foo/cloud.sig` | `http://bootcfg.foo/cloud.asc` |
| Metadata | `http://bootcfg.foo/metadata.sig` | `http://bootcfg.foo/metadata.asc` |
| iPXE | `http://matchbox.foo/ipxe.sig` | `http://matchbox.foo/ipxe.asc` |
| GRUB2 | `http://bootcf.foo/grub.sig` | `http://matchbox.foo/grub.asc` |
| Ignition | `http://matchbox.foo/ignition.sig` | `http://matchbox.foo/ignition.asc` |
| Cloud-Config | `http://matchbox.foo/cloud.sig` | `http://matchbox.foo/cloud.asc` |
| Metadata | `http://matchbox.foo/metadata.sig` | `http://matchbox.foo/metadata.asc` |
In production, mount your signing keyring and source the passphrase from a [Kubernetes secret](http://kubernetes.io/v1.1/docs/user-guide/secrets.html). Use a signing subkey exported to a keyring by itself, which can be revoked by a primary key, if needed.

6
Documentation/rktnetes.md
View File

@@ -4,9 +4,9 @@ The `rktnetes` example provisions a 3 node Kubernetes v1.4.7 cluster with [rkt](
## Requirements
Ensure that you've gone through the [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with docker](getting-started-docker.md) guide and understand the basics. In particular, you should be able to:
Ensure that you've gone through the [matchbox with rkt](getting-started-rkt.md) or [matchbox with docker](getting-started-docker.md) guide and understand the basics. In particular, you should be able to:
* Use rkt or Docker to start `bootcfg`
* Use rkt or Docker to start `matchbox`
* Create a network boot environment with `coreos/dnsmasq`
* Create the example libvirt client VMs
* `/etc/hosts` entries for `node[1-3].example.com` (or pass custom names to `k8s-certgen`)
@@ -36,7 +36,7 @@ Generate a root CA and Kubernetes TLS assets for components (`admin`, `apiserver
## Containers
Use rkt or docker to start `bootcfg` and mount the desired example resources. Create a network boot environment and power-on your machines. Revisit [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with Docker](getting-started-docker.md) for help.
Use rkt or docker to start `matchbox` and mount the desired example resources. Create a network boot environment and power-on your machines. Revisit [matchbox with rkt](getting-started-rkt.md) or [matchbox with Docker](getting-started-docker.md) for help.
Client machines should boot and provision themselves. Local client VMs should network boot CoreOS in about a 1 minute and the Kubernetes API should be available after 3-4 minutes (each node downloads a ~160MB Hyperkube). If you chose `rktnetes-install`, notice that machines install CoreOS and then reboot (in libvirt, you must hit "power" again). Time to network boot and provision Kubernetes clusters on physical hardware depends on a number of factors (POST duration, boot device iteration, network speed, etc.).

6
Documentation/torus.md
View File

@@ -5,9 +5,9 @@ The Torus example provisions a 3 node CoreOS cluster, with `etcd3` and Torus, to
## Requirements
Ensure that you've gone through the [bootcfg with rkt](getting-started-rkt.md) guide and understand the basics. In particular, you should be able to:
Ensure that you've gone through the [matchbox with rkt](getting-started-rkt.md) guide and understand the basics. In particular, you should be able to:
* Use rkt or Docker to start `bootcfg`
* Use rkt or Docker to start `matchbox`
* Create a network boot environment with `coreos/dnsmasq`
* Create the example libvirt client VMs
* `/etc/hosts` entries for `node[1-3].example.com` (or pass custom names to `k8s-certgen`)
@@ -27,7 +27,7 @@ Download the CoreOS image assets referenced in the target [profile](../examples/
## Containers
Use rkt or docker to start `bootcfg` and mount `torus` example. Create a network boot environment and power-on your machines. Revisit [bootcfg with rkt](getting-started-rkt.md) or [bootcfg with Docker](getting-started-docker.md) for help.
Use rkt or docker to start `matchbox` and mount `torus` example. Create a network boot environment and power-on your machines. Revisit [matchbox with rkt](getting-started-rkt.md) or [matchbox with Docker](getting-started-docker.md) for help.
Client machines should network boot and provision themselves.

12
Makefile
View File

@@ -1,6 +1,6 @@
export CGO_ENABLED:=0
LD_FLAGS="-w -X github.com/coreos/coreos-baremetal/bootcfg/version.Version=$(shell ./git-version)"
LD_FLAGS="-w -X github.com/coreos/coreos-baremetal/matchbox/version.Version=$(shell ./git-version)"
LOCAL_BIN=/usr/local/bin
all: build
@@ -13,7 +13,7 @@ codegen: tools
./scripts/codegen
bin/matchbox:
go build -o bin/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/bootcfg
go build -o bin/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/matchbox
bin/bootcmd:
go build -o bin/bootcmd -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/bootcmd
@@ -35,16 +35,16 @@ release: \
# matchbox
bin/linux-amd64/matchbox:
GOOS=linux GOARCH=amd64 go build -o bin/linux-amd64/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/bootcfg
GOOS=linux GOARCH=amd64 go build -o bin/linux-amd64/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/matchbox
bin/linux-arm/matchbox:
GOOS=linux GOARCH=arm go build -o bin/linux-arm/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/bootcfg
GOOS=linux GOARCH=arm go build -o bin/linux-arm/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/matchbox
bin/linux-arm64/matchbox:
GOOS=linux GOARCH=arm64 go build -o bin/linux-arm64/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/bootcfg
GOOS=linux GOARCH=arm64 go build -o bin/linux-arm64/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/matchbox
bin/darwin-amd64/matchbox:
GOOS=darwin GOARCH=amd64 go build -o bin/darwin-amd64/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/bootcfg
GOOS=darwin GOARCH=amd64 go build -o bin/darwin-amd64/matchbox -ldflags $(LD_FLAGS) -a github.com/coreos/coreos-baremetal/cmd/matchbox
# bootcmd

20
README.md
View File

@@ -1,7 +1,7 @@
# CoreOS on Baremetal
[![Build Status](https://travis-ci.org/coreos/coreos-baremetal.svg?branch=master)](https://travis-ci.org/coreos/coreos-baremetal) [![GoDoc](https://godoc.org/github.com/coreos/coreos-baremetal?status.png)](https://godoc.org/github.com/coreos/coreos-baremetal) [![Docker Repository on Quay](https://quay.io/repository/coreos/bootcfg/status "Docker Repository on Quay")](https://quay.io/repository/coreos/bootcfg) [![IRC](https://img.shields.io/badge/irc-%23coreos-449FD8.svg)](https://botbot.me/freenode/coreos)
[![Build Status](https://travis-ci.org/coreos/coreos-baremetal.svg?branch=master)](https://travis-ci.org/coreos/coreos-baremetal) [![GoDoc](https://godoc.org/github.com/coreos/coreos-baremetal?status.png)](https://godoc.org/github.com/coreos/coreos-baremetal) [![Docker Repository on Quay](https://quay.io/repository/coreos/matchbox/status "Docker Repository on Quay")](https://quay.io/repository/coreos/matchbox) [![IRC](https://img.shields.io/badge/irc-%23coreos-449FD8.svg)](https://botbot.me/freenode/coreos)
Guides and a service for network booting and provisioning CoreOS clusters on virtual or physical hardware.
@@ -11,22 +11,22 @@ Guides and a service for network booting and provisioning CoreOS clusters on vir
* [Machine Lifecycle](Documentation/machine-lifecycle.md)
* [Background: PXE Booting](Documentation/network-booting.md)
## bootcfg
## matchbox
`bootcfg` is an HTTP and gRPC service that renders signed [Ignition configs](https://coreos.com/ignition/docs/latest/what-is-ignition.html), [cloud-configs](https://coreos.com/os/docs/latest/cloud-config.html), network boot configs, and metadata to machines to create CoreOS clusters. Groups match machines based on labels (e.g. MAC, UUID, stage, region) and use named Profiles for provisioning. Network boot endpoints provide PXE, iPXE, and GRUB. `bootcfg` can be deployed as a binary, as an [appc](https://github.com/appc/spec) container with [rkt](https://coreos.com/rkt/docs/latest/), or as a Docker container.
`matchbox` is an HTTP and gRPC service that renders signed [Ignition configs](https://coreos.com/ignition/docs/latest/what-is-ignition.html), [cloud-configs](https://coreos.com/os/docs/latest/cloud-config.html), network boot configs, and metadata to machines to create CoreOS clusters. Groups match machines based on labels (e.g. MAC, UUID, stage, region) and use named Profiles for provisioning. Network boot endpoints provide PXE, iPXE, and GRUB. `matchbox` can be deployed as a binary, as an [appc](https://github.com/appc/spec) container with [rkt](https://coreos.com/rkt/docs/latest/), or as a Docker container.
* [bootcfg Service](Documentation/bootcfg.md)
* [Profiles](Documentation/bootcfg.md#profiles)
* [Groups](Documentation/bootcfg.md#groups)
* [matchbox Service](Documentation/matchbox.md)
* [Profiles](Documentation/matchbox.md#profiles)
* [Groups](Documentation/matchbox.md#groups)
* Config Templates
* [Ignition](Documentation/ignition.md)
* [Cloud-Config](Documentation/cloud-config.md)
* Tutorials (QEMU/KVM/libvirt)
* [bootcfg with rkt](Documentation/getting-started-rkt.md)
* [bootcfg with Docker](Documentation/getting-started-docker.md)
* [matchbox with rkt](Documentation/getting-started-rkt.md)
* [matchbox with Docker](Documentation/getting-started-docker.md)
* [Configuration](Documentation/config.md)
* [HTTP API](Documentation/api.md)
* [gRPC API](https://godoc.org/github.com/coreos/coreos-baremetal/bootcfg/client)
* [gRPC API](https://godoc.org/github.com/coreos/coreos-baremetal/matchbox/client)
* Installation
* [CoreOS / Linux distros](Documentation/deployment.md)
* [rkt](Documentation/deployment.md#rkt) / [docker](Documentation/deployment.md#docker)
@@ -35,7 +35,7 @@ Guides and a service for network booting and provisioning CoreOS clusters on vir
* bootcmd CLI (POC)
* Tectonic Installer ([guide](https://tectonic.com/enterprise/docs/latest/deployer/platform-baremetal.html), [blog](https://tectonic.com/blog/tectonic-1-3-release.html))
* Backends
* [FileStore](Documentation/bootcfg.md#data)
* [FileStore](Documentation/matchbox.md#data)
* [Troubleshooting](Documentation/troubleshooting.md)
* Going Further
* [gRPC API Usage](Documentation/config.md#grpc-api)

4
build
View File

@@ -1,7 +1,7 @@
#!/bin/bash -e
LD_FLAGS="-w -X github.com/coreos/coreos-baremetal/bootcfg/version.Version=$(./git-version)"
CGO_ENABLED=0 go build -o bin/matchbox -ldflags "$LD_FLAGS" -a github.com/coreos/coreos-baremetal/cmd/bootcfg
LD_FLAGS="-w -X github.com/coreos/coreos-baremetal/matchbox/version.Version=$(./git-version)"
CGO_ENABLED=0 go build -o bin/matchbox -ldflags "$LD_FLAGS" -a github.com/coreos/coreos-baremetal/cmd/matchbox
# bootcmd CLI binary
CGO_ENABLED=0 go build -o bin/bootcmd -ldflags "$LD_FLAGS" -a github.com/coreos/coreos-baremetal/cmd/bootcmd

0
cmd/bootcfg/main.go → cmd/matchbox/main.go
View File

8
contrib/dnsmasq/README.md
View File

@@ -29,9 +29,9 @@ Configuration arguments can be provided at the command line. Check the dnsmasq [
| flag | description | example |
|----------|-------------|---------|
| --dhcp-range | Enable DHCP, lease given range | `172.18,0.50,172.18.0.99`, `192.168.1.1,proxy,255.255.255.0` |
| --dhcp-boot | DHCP next server option | `http://bootcfg.foo:8080/boot.ipxe` |
| --dhcp-boot | DHCP next server option | `http://matchbox.foo:8080/boot.ipxe` |
| --enable-tftp | Enable serving from tftp-root over TFTP | NA |
| --address | IP address for a domain name | /bootcfg.foo/172.18.0.2 |
| --address | IP address for a domain name | /matchbox.foo/172.18.0.2 |
## ACI
@@ -45,7 +45,7 @@ Run `dnsmasq.aci` with rkt to run DHCP/proxyDHCP/TFTP/DNS services.
DHCP+TFTP+DNS on the `metal0` bridge:
sudo rkt --insecure-options=image run dnsmasq.aci --net=metal0 -- -d -q --dhcp-range=172.18.0.50,172.18.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.18.0.1 --address=/bootcfg.foo/172.18.0.2
sudo rkt --insecure-options=image run dnsmasq.aci --net=metal0 -- -d -q --dhcp-range=172.18.0.50,172.18.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.18.0.1 --address=/matchbox.foo/172.18.0.2
## Docker
@@ -59,4 +59,4 @@ Run the Docker image to run DHCP/proxyDHCP/TFTP/DNS services.
DHCP+TFTP+DNS on the `docker0` bridge:
sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --address=/bootcfg.foo/172.17.0.2
sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --address=/matchbox.foo/172.17.0.2

5
contrib/dnsmasq/docker0.conf
View File

@@ -11,12 +11,13 @@ tftp-root=/var/lib/tftpboot
dhcp-userclass=set:ipxe,iPXE
dhcp-boot=tag:#ipxe,undionly.kpxe
dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe
dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe
log-queries
log-dhcp
address=/bootcfg.foo/172.17.0.2
address=/bootcfg.foo/172.18.0.2
address=/matchbox.foo/172.17.0.2
address=/node1.example.com/172.17.0.21
address=/node2.example.com/172.17.0.22
address=/node3.example.com/172.17.0.23

3
contrib/dnsmasq/metal0.conf
View File

@@ -12,12 +12,13 @@ tftp-root=/var/lib/tftpboot
dhcp-userclass=set:ipxe,iPXE
dhcp-boot=tag:#ipxe,undionly.kpxe
dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe
dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe
log-queries
log-dhcp
address=/bootcfg.foo/172.18.0.2
address=/matchbox.foo/172.18.0.2
address=/node1.example.com/172.18.0.21
address=/node2.example.com/172.18.0.22
address=/node3.example.com/172.18.0.23

10
examples/README.md
View File

@@ -1,7 +1,7 @@
# Examples
These examples network boot and provision machines into CoreOS clusters using `bootcfg`. You can re-use their profiles to provision your own physical machines.
These examples network boot and provision machines into CoreOS clusters using `matchbox`. You can re-use their profiles to provision your own physical machines.
| Name | Description | CoreOS Version | FS | Docs |
|------------|-------------|----------------|----|-----------|
@@ -22,11 +22,11 @@ These examples network boot and provision machines into CoreOS clusters using `b
## Tutorials
Get started running `bootcfg` on your Linux machine to network boot and provision clusters of VMs or physical hardware.
Get started running `matchbox` on your Linux machine to network boot and provision clusters of VMs or physical hardware.
* Getting Started
* [bootcfg with rkt](../Documentation/getting-started-rkt.md)
* [bootcfg with Docker](../Documentation/getting-started-docker.md)
* [matchbox with rkt](../Documentation/getting-started-rkt.md)
* [matchbox with Docker](../Documentation/getting-started-docker.md)
* [Kubernetes (static manifests)](../Documentation/kubernetes.md)
* [Kubernetes (rktnetes)](../Documentation/rktnetes.md)
* [Kubernetes (self-hosted)](../Documentation/bootkube.md)
@@ -41,7 +41,7 @@ Example profiles pass the `coreos.autologin` kernel argument. This skips the pas
Example groups allow `ssh_authorized_keys` to be added for the `core` user as metadata. You might also include this directly in your Ignition.
# /var/lib/bootcfg/groups/default.json
# /var/lib/matchbox/groups/default.json
{
"name": "Example Machine Group",
"profile": "pxe",

0
examples/etc/bootcfg/.gitignore → examples/etc/matchbox/.gitignore vendored
View File

12
examples/etc/bootcfg/README.md → examples/etc/matchbox/README.md
View File

@@ -1,21 +1,21 @@
## gRPC API Credentials
Create FAKE TLS credentials for running the `bootcfg` gRPC API examples.
Create FAKE TLS credentials for running the `matchbox` gRPC API examples.
**DO NOT** use these certificates for anything other than running `bootcfg` examples. Use your organization's production PKI for production deployments.
**DO NOT** use these certificates for anything other than running `matchbox` examples. Use your organization's production PKI for production deployments.
Navigate to the example directory which will be mounted as `/etc/bootcfg` in examples:
Navigate to the example directory which will be mounted as `/etc/matchbox` in examples:
cd coreos-baremetal/examples/etc/bootcfg
cd coreos-baremetal/examples/etc/matchbox
Set certificate subject alt names which should be used by exporting `SAN`. Use the DNS name or IP at which `bootcfg` is hosted.
Set certificate subject alt names which should be used by exporting `SAN`. Use the DNS name or IP at which `matchbox` is hosted.
# for examples on metal0 or docker0 bridges
export SAN=IP.1:127.0.0.1,IP.2:172.18.0.2
# production example
export SAN=DNS.1:bootcfg.example.com
export SAN=DNS.1:matchbox.example.com
Create a fake `ca.crt`, `server.crt`, `server.key`, `client.crt`, and `client.key`. Type 'Y' when prompted.

2
examples/etc/bootcfg/cert-gen → examples/etc/matchbox/cert-gen
View File

@@ -5,7 +5,7 @@ rm -f ca.key ca.crt server.key server.csr server.crt client.key client.csr clien
rm -rf certs crl newcerts
if [ -z $SAN ]
then echo "Set SAN with a DNS or IP for bootcfg (e.g. export SAN=DNS.1:bootcfg.example.com,IP.1:192.168.1.42)."
then echo "Set SAN with a DNS or IP for matchbox (e.g. export SAN=DNS.1:matchbox.example.com,IP.1:192.168.1.42)."
exit 1
fi

0
examples/etc/bootcfg/openssl.conf → examples/etc/matchbox/openssl.conf
View File

4
examples/groups/bootkube-install/install.json
View File

@@ -5,7 +5,7 @@
"metadata": {
"coreos_channel": "stable",
"coreos_version": "1185.3.0",
"ignition_endpoint": "http://bootcfg.foo:8080/ignition",
"baseurl": "http://bootcfg.foo:8080/assets/coreos"
"ignition_endpoint": "http://matchbox.foo:8080/ignition",
"baseurl": "http://matchbox.foo:8080/assets/coreos"
}
}

4
examples/groups/etcd-install/install.json
View File

@@ -5,7 +5,7 @@
"metadata": {
"coreos_channel": "stable",
"coreos_version": "1185.3.0",
"ignition_endpoint": "http://bootcfg.foo:8080/ignition",
"baseurl": "http://bootcfg.foo:8080/assets/coreos"
"ignition_endpoint": "http://matchbox.foo:8080/ignition",
"baseurl": "http://matchbox.foo:8080/assets/coreos"
}
}

4
examples/groups/etcd3-install/install.json
View File

@@ -5,7 +5,7 @@
"metadata": {
"coreos_channel": "stable",
"coreos_version": "1185.3.0",
"ignition_endpoint": "http://bootcfg.foo:8080/ignition",
"baseurl": "http://bootcfg.foo:8080/assets/coreos"
"ignition_endpoint": "http://matchbox.foo:8080/ignition",
"baseurl": "http://matchbox.foo:8080/assets/coreos"
}
}

4
examples/groups/k8s-install/install.json
View File

@@ -5,7 +5,7 @@
"metadata": {
"coreos_channel": "stable",
"coreos_version": "1185.3.0",
"ignition_endpoint": "http://bootcfg.foo:8080/ignition",
"baseurl": "http://bootcfg.foo:8080/assets/coreos"
"ignition_endpoint": "http://matchbox.foo:8080/ignition",
"baseurl": "http://matchbox.foo:8080/assets/coreos"
}
}

2
examples/groups/k8s-install/node1.json
View File

@@ -11,7 +11,7 @@
"domain_name": "node1.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"etcd_name": "node1",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",
"k8s_pod_network": "10.2.0.0/16",

2
examples/groups/k8s-install/node2.json
View File

@@ -10,7 +10,7 @@
"container_runtime": "docker",
"domain_name": "node2.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379"

2
examples/groups/k8s-install/node3.json
View File

@@ -10,7 +10,7 @@
"container_runtime": "docker",
"domain_name": "node3.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379"

2
examples/groups/k8s/node1.json
View File

@@ -10,7 +10,7 @@
"domain_name": "node1.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"etcd_name": "node1",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",
"k8s_pod_network": "10.2.0.0/16",

2
examples/groups/k8s/node2.json
View File

@@ -9,7 +9,7 @@
"container_runtime": "docker",
"domain_name": "node2.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",

2
examples/groups/k8s/node3.json
View File

@@ -9,7 +9,7 @@
"container_runtime": "docker",
"domain_name": "node3.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",

4
examples/groups/rktnetes-install/install.json
View File

@@ -5,7 +5,7 @@
"metadata": {
"coreos_channel": "stable",
"coreos_version": "1185.3.0",
"ignition_endpoint": "http://bootcfg.foo:8080/ignition",
"baseurl": "http://bootcfg.foo:8080/assets/coreos"
"ignition_endpoint": "http://matchbox.foo:8080/ignition",
"baseurl": "http://matchbox.foo:8080/assets/coreos"
}
}

2
examples/groups/rktnetes-install/node1.json
View File

@@ -11,7 +11,7 @@
"domain_name": "node1.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"etcd_name": "node1",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",
"k8s_pod_network": "10.2.0.0/16",

2
examples/groups/rktnetes-install/node2.json
View File

@@ -10,7 +10,7 @@
"container_runtime": "rkt",
"domain_name": "node2.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379"

2
examples/groups/rktnetes-install/node3.json
View File

@@ -10,7 +10,7 @@
"container_runtime": "rkt",
"domain_name": "node3.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379"

2
examples/groups/rktnetes/node1.json
View File

@@ -10,7 +10,7 @@
"domain_name": "node1.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"etcd_name": "node1",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",
"k8s_pod_network": "10.2.0.0/16",

2
examples/groups/rktnetes/node2.json
View File

@@ -9,7 +9,7 @@
"container_runtime": "rkt",
"domain_name": "node2.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",

2
examples/groups/rktnetes/node3.json
View File

@@ -9,7 +9,7 @@
"container_runtime": "rkt",
"domain_name": "node3.example.com",
"etcd_initial_cluster": "node1=http://node1.example.com:2380",
"k8s_cert_endpoint": "http://bootcfg.foo:8080/assets",
"k8s_cert_endpoint": "http://matchbox.foo:8080/assets",
"k8s_controller_endpoint": "https://node1.example.com",
"k8s_dns_service_ip": "10.3.0.10",
"k8s_etcd_endpoints": "http://node1.example.com:2379",

4
examples/groups/simple-install/install.json
View File

@@ -5,7 +5,7 @@
"metadata": {
"coreos_channel": "stable",
"coreos_version": "1185.3.0",
"ignition_endpoint": "http://bootcfg.foo:8080/ignition",
"baseurl": "http://bootcfg.foo:8080/assets/coreos"
"ignition_endpoint": "http://matchbox.foo:8080/ignition",
"baseurl": "http://matchbox.foo:8080/assets/coreos"
}
}

2
examples/profiles/bootkube-controller.json
View File

@@ -6,7 +6,7 @@
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"root=/dev/sda1",
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/bootkube-worker.json
View File

@@ -6,7 +6,7 @@
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"root=/dev/sda1",
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/etcd-proxy.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/etcd.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/etcd3-proxy.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/etcd3.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

6
examples/profiles/grub.json
View File

@@ -2,10 +2,10 @@
"id": "grub",
"name": "CoreOS via GRUB2",
"boot": {
"kernel": "(http;bootcfg.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["(http;bootcfg.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"kernel": "(http;matchbox.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["(http;matchbox.foo:8080)/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition",
"coreos.config.url=http://matchbox.foo:8080/ignition",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/install-reboot.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/install-shutdown.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/k8s-controller.json
View File

@@ -6,7 +6,7 @@
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"root=/dev/sda1",
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/k8s-worker.json
View File

@@ -6,7 +6,7 @@
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"root=/dev/sda1",
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/simple-install.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/simple.json
View File

@@ -5,7 +5,7 @@
"kernel": "/assets/coreos/1185.3.0/coreos_production_pxe.vmlinuz",
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

2
examples/profiles/torus.json
View File

@@ -6,7 +6,7 @@
"initrd": ["/assets/coreos/1185.3.0/coreos_production_pxe_image.cpio.gz"],
"args": [
"root=/dev/sda1",
"coreos.config.url=http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",

6
mkdocs.yml
View File

@@ -15,14 +15,14 @@ extra:
pages:
- Home: 'index.md'
- Tutorials:
- 'bootcfg with rkt': 'getting-started-rkt.md'
- 'bootcfg with docker': 'getting-started-docker.md'
- 'matchbox with rkt': 'getting-started-rkt.md'
- 'matchbox with docker': 'getting-started-docker.md'
- Guides:
- 'Network Setup': 'network-setup.md'
- 'Machine Lifecycle': 'machine-lifecycle.md'
- 'Background: PXE Booting': 'network-booting.md'
- Installation: 'deployment.md'
- bootcfg Service: 'bootcfg.md'
- matchbox Service: 'matchbox.md'
- Machine Configs:
- 'Ignition': 'ignition.md'
- 'Cloud-Config': 'cloud-config.md'

30
scripts/devnet
View File

@@ -1,5 +1,5 @@
#!/bin/bash
# Create a virtual bridge with PXE services and bootcfg
# Create a virtual bridge with PXE services and matchbox
# USAGE: ./scripts/devnet create [example]
# USAGE: ./scripts/devnet destroy
set -u
@@ -35,7 +35,7 @@ function main {
function usage {
echo "USAGE: ${0##*/} <command>"
echo "Commands:"
echo -e "\tcreate\tcreate bootcfg and PXE services on the bridge"
echo -e "\tcreate\tcreate matchbox and PXE services on the bridge"
echo -e "\tdestroy\tdestroy the services on the bridge"
}
@@ -55,33 +55,33 @@ function create {
check
if [ -z "$EXAMPLE" ]; then
echo "Starting bootcfg"
echo "Starting matchbox"
else
echo "Starting bootcfg configured to boot $EXAMPLE"
echo "Starting matchbox configured to boot $EXAMPLE"
fi
if [ -z "$EXAMPLE" ]; then
# Mount a data volume with assets and enable gRPC
BOOTCFG_ARGS="-rpc-address=0.0.0.0:8081"
DATA_MOUNT="--volume data,kind=host,source=$(mktemp -d) \
--mount volume=assets,target=/var/lib/bootcfg/assets \
--mount volume=assets,target=/var/lib/matchbox/assets \
--volume assets,kind=host,source=$PWD/examples/assets,readOnly=true"
else
# Mount the given EXAMPLE
DATA_MOUNT="--volume data,kind=host,source=$PWD/examples \
--mount volume=groups,target=/var/lib/bootcfg/groups \
--mount volume=groups,target=/var/lib/matchbox/groups \
--volume groups,kind=host,source=$DIR/../examples/groups/$EXAMPLE"
fi
systemd-run --unit=dev-bootcfg \
systemd-run --unit=dev-matchbox \
rkt run \
--uuid-file-save=/tmp/bootcfg \
--uuid-file-save=/tmp/matchbox \
--net=metal0:IP=172.18.0.2 \
--mount volume=config,target=/etc/bootcfg \
--volume config,kind=host,source=$PWD/examples/etc/bootcfg,readOnly=true \
--mount volume=data,target=/var/lib/bootcfg \
--mount volume=config,target=/etc/matchbox \
--volume config,kind=host,source=$PWD/examples/etc/matchbox,readOnly=true \
--mount volume=data,target=/var/lib/matchbox \
$DATA_MOUNT \
quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug $BOOTCFG_ARGS
quay.io/coreos/matchbox:latest -- -address=0.0.0.0:8080 -log-level=debug $BOOTCFG_ARGS
echo "Starting dnsmasq to provide DHCP/TFTP/DNS services"
systemd-run --unit=dev-dnsmasq \
@@ -94,11 +94,11 @@ function create {
}
function destroy {
rkt stop --uuid-file=/tmp/bootcfg --force
rkt rm --uuid-file=/tmp/bootcfg
rkt stop --uuid-file=/tmp/matchbox --force
rkt rm --uuid-file=/tmp/matchbox
rkt stop --uuid-file=/tmp/dnsmasq --force
rkt rm --uuid-file=/tmp/dnsmasq
systemctl reset-failed dev-bootcfg
systemctl reset-failed dev-matchbox
systemctl reset-failed dev-dnsmasq
}

6
scripts/release-files
View File

@@ -18,9 +18,9 @@ cp README.md $DEST
# scripts
mkdir -p $SCRIPTS/tls
cp scripts/get-coreos $SCRIPTS
cp examples/etc/bootcfg/README.md $SCRIPTS/tls
cp examples/etc/bootcfg/cert-gen $SCRIPTS/tls
cp examples/etc/bootcfg/openssl.conf $SCRIPTS/tls
cp examples/etc/matchbox/README.md $SCRIPTS/tls
cp examples/etc/matchbox/cert-gen $SCRIPTS/tls
cp examples/etc/matchbox/openssl.conf $SCRIPTS/tls
# systemd
mkdir -p $CONTRIB/systemd

12
scripts/tls/kube-conf
View File

@@ -33,20 +33,20 @@ cat << EOF > $DEST/kubeconfig
apiVersion: v1
kind: Config
users:
- name: bootcfg-user
- name: matchbox-user
user:
client-certificate-data: ${ADMIN_CERT_BASE64}
client-key-data: ${ADMIN_KEY_BASE64}
clusters:
- name: bootcfg-cluster
- name: matchbox-cluster
cluster:
certificate-authority-data: ${CA_CERT_BASE64}
server: https://${MASTER_IP}:443
contexts:
- context:
cluster: bootcfg-cluster
user: bootcfg-user
name: bootcfg-context
current-context: bootcfg-context
cluster: matchbox-cluster
user: matchbox-user
name: matchbox-context
current-context: matchbox-context
EOF
echo "Wrote kubeconfig to $DEST/kubeconfig"