Flatcar Container Linux is an open-source operating system designed and optimized for containerized applications. This operating system is based on the Linux kernel and is developed by Kinvolk, a software engineering company that specializes in cloud-native infrastructure. It is based on the Chromium OS project and is designed to be simple, secure, and reliable.
Some of the key features of Flatcar Container Linux include:
- Simplicity: Flatcar Container Linux is designed to be simple to use and maintain, with minimal dependencies and a focus on ease of use.
- Container-optimized: Flatcar Container Linux is optimized for running containerized applications, with support for popular container orchestration platforms such as Kubernetes and Docker.
- Scalability: Flatcar Container Linux can be easily scaled up or down to meet the needs of your containerized workloads.
- Immutable infrastructure: Flatcar Container Linux uses an immutable infrastructure model, which means that the operating system is built and deployed as a single, static image that cannot be modified. This helps to improve security and reduce the risk of configuration drift.
- Security: Flatcar Container Linux includes a number of security features such as AppArmor and SELinux to help protect against vulnerabilities and attacks.
- Automatic updates: Flatcar Container Linux includes automatic updates to ensure that systems are always running the latest security patches and updates.
If you are interested in using Flatcar Container Linux on a VMware infrastructure then this article is for you. We will demonstrate how to download the latest version from the Flatcar Container Linux website and perform an installation using vSphere Web Client / vCenter Web console.
What we’ll cover in this article.
- Install and Configure DHCP / TFTP / PXE Server
- Download Flatcar Container Linux files for PXE
- Configure HTTP server
- Create Ignition JSON files and upload to HTTP server
- Install Flatcar Container Linux on VMware using PXE booting
Step 1: Install and Configure DHCP / TFTP / PXE Server
Dynamic Host Configuration Protocol (DHCP) is a networking protocol that is used to automatically assign IP addresses and other network configuration parameters to devices on a network. On the other hand Preboot Execution Environment (PXE) is a specification that allows a device to boot from a network rather than from a local disk.
PXE allows a device to boot an operating system over the network by downloading boot files and system images from a PXE server. This can be useful in situations where it is not practical or desirable to install an operating system on a local disk, such as in a large-scale deployment of devices or in a virtualized environment.
Both DHCP and PXE are commonly used in enterprise networks to manage the configuration and deployment of devices. They can help simplify the process of setting up and maintaining networked devices by automating many of the tasks involved.
In our environment we’re using the following operating system to run DHCP / TFTP / PXE Server.
[root@pxe ~]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"Install DHCP and TFTP server packages.
sudo dnf -y install tmux tftp-server dhcp-serverInstall syslinux package.
sudo dnf -y install syslinux
sudo cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
sudo cp /usr/share/syslinux/{menu.c32,vesamenu.c32,ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/
sudo mkdir /var/lib/tftpboot/pxelinux.cfgEnable the services to start at system boot.
sudo systemctl enable dhcpd tftp.socketCreate a directory that will host your flatcar PXE files.
sudo mkdir /var/lib/tftpboot/flatcar/Enable tftp in firewall
sudo firewall-cmd --add-service=tftp --permanent
sudo firewall-cmd --reloadStep 2: Download Flatcar Container Linux files for PXE
Navigate to the directory we created.
sudo su -
cd /var/lib/tftpboot/flatcar/Download the two required files.
wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_pxe.vmlinuz
wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_pxe_image.cpio.gzFile details can be checked using file command
# file flatcar_production_pxe.vmlinuz
flatcar_production_pxe.vmlinuz: Linux kernel x86 boot executable bzImage, version 5.15.77-flatcar ([email protected]) #1 SMP Tue Dec 6 22:49:50 -00 2022, RO-rootFS, swap_dev 0x36, Normal VGA
# file flatcar_production_pxe_image.cpio.gz
flatcar_production_pxe_image.cpio.gz: gzip compressed data, from Unix, original size 309101056Step 3: Configure web server and create Ignition files
Install httpd server package using your package manager.
yum -y install httpdRemove welcome page.
mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.orgStart and enable httpd to start at system boot.
systemctl enable --now httpdIf you have firewalld active allow port 80
firewall-cmd --add-service=http --permanent
firewall-cmd --reloadLet’s also have SELinux in permissive mode.
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
cat /etc/selinux/config | grep SELINUX=Create a directory named files inside apache root dir.
mkdir /var/www/html/files/Our Apache web server IP address is 192.168.1.7
Generate installation ignition files
Ignition provisioning utility is designed specifically for container OSs like Flatcar Container Linux, which allows you to manipulate disks during early boot. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, networkd units, and more), and configuring users. On the first boot, Ignition reads its configuration from a source-of-truth (remote URL, network metadata service, or hypervisor bridge, for example) and applies the configuration.
Create installation yaml file for the node to be installed. Our example illustrates installation of a node with below details.
- Static IP address: 192.168.1.19
- Default Gateway: 192.168.1.1
- DNS Server 1: 172.20.30.251
- DNS Server 2: 172.20.30.252
- NTPP Server: 192.168.1.1
- VM name: node07, FQDN: node07.k8s.cloudlabske.io
- Timezone: Africa/Nairobi
You can modify the contents to suit your use.
- Flatcar installer file 1:
$ vim node07-flatcar.yaml
passwd:
users:
- name: core
ssh_authorized_keys:
- <your-public-ssh-key-1>
- <your-public-ssh-key-2>
storage:
links:
- path: /etc/localtime
target: ../usr/share/zoneinfo/Africa/Nairobi
files:
- path: /etc/systemd/timesyncd.conf
filesystem: root
mode: 0644
contents:
inline: |
[Time]
NTP=192.168.1.1
- path: /etc/hostname
mode: 0644
filesystem: "root"
contents:
inline: node07.k8s.cloudlabske.io
networkd:
units:
- name: 00-ens32.network
contents: |
[Match]
Name=ens32
[Network]
Address=192.168.1.19
Gateway=192.168.1.1
DNS=172.20.30.251
DNS=172.20.30.252- Flatcar installer file 2:
$ vim node07-flatcar-install.yaml
systemd:
units:
- name: installer.service
enabled: true
contents: |
[Unit]
Requires=network-online.target
After=network-online.target
[Service]
Type=forking
TimeoutStartSec=600
RemainAfterExit=yes
ExecStart=/usr/bin/sh -c "flatcar-install -d /dev/sda -i /opt/ignition.json && udevadm settle && systemctl reboot"
[Install]
WantedBy=multi-user.target
passwd:
users:
- name: core
ssh_authorized_keys:
- <your-public-ssh-key-1>
- <your-public-ssh-key-2>
storage:
files:
- path: /opt/ignition.json
filesystem: root
mode: 777
contents:
remote:
url: http://192.168.1.7/files/node07-flatcar.json
- path: /etc/systemd/timesyncd.conf
filesystem: root
mode: 0644
contents:
inline: |
[Time]
NTP=192.168.1.1
- path: /etc/hostname
mode: 0644
filesystem: "root"
contents:
inline: node07.k8s.cloudlabske.io
links:
- path: /etc/localtime
target: ../usr/share/zoneinfo/Africa/Nairobi
networkd:
units:
- name: 00-ens32.network
contents: |
[Match]
Name=ens32
[Network]
Address=192.168.1.19
Gateway=192.168.1.1
DNS=172.20.30.251
DNS=172.20.30.252Install podman in your system.
sudo dnf -y install podmanKinvolk provides a tool that enables you to transpile CLC YAML into JSON for use with Ignition. After JSON files have been created, they can be inserted into Flatcar using available installation methods.
Generate json files from CLC yaml we created.
cat node07-flatcar.yaml | podman run --rm -i ghcr.io/flatcar/ct:latest -platform custom > node07-flatcar.json
cat node07-flatcar-install.yaml | podman run --rm -i ghcr.io/flatcar/ct:latest -platform custom > node07-flatcar-install.jsonCopy generated files to /var/www/html/files directory.
cp node07-flatcar.json /var/www/html/files
cp node07-flatcar-install.json /var/www/html/filesStep 4: Configure PXE for Flatcar Linux installation
Create new if not existing file.
# vim /var/lib/tftpboot/pxelinux.cfg/default
#default menu.c32
default vesamenu.c32
prompt 0
timeout 600
ONTIMEOUT 1
display boot.msg
menu title ######## PXE Boot Menu ########
label 1
menu label ^1) Boot from local drive
localboot
label 2
menu label ^2) Install Flatcar k8snode07
kernel flatcar/flatcar_production_pxe.vmlinuz
initrd flatcar/flatcar_production_pxe_image.cpio.gz
append flatcar.first_boot=1 ignition.config.url=http://192.168.1.7/files/node07-flatcar-install.json
label 3
menu label ^3) Install Flatcar k8snode08
kernel flatcar/flatcar_production_pxe.vmlinuz
initrd flatcar/flatcar_production_pxe_image.cpio.gz
append flatcar.first_boot=1 ignition.config.url=http://192.168.1.7/files/node08-flatcar-install.jsonWith ignition files generated and PXE server configured, we can now configure DHCP server.
Step 5: Configure DHCP server
There are two ways this can be achieved.
- Install and configure dedicated DHCP server on Linux / Windows Server
- Use network based solutions that provide DHCP, e.g firewall, Access point devices, or switch with the capability
Create VM Template on VMware ESXI / vCenter
In our DHCP server, it is recommended to set MAC address manually for the IP address to be assigned.
Create a new Virtual Machine without attaching the ISO.
Under guest OS options choose “Other Linux (64-bit)” for OS version.
Set CPU, RAM and Storage for the virtual machine.
Once created, on the network attached to the instance, the MAC address should be displayed.
If you’re using your firewall such as pfSense to provide DHCP to the instances, set Next server, BIOS file name, and UEFI 64 bit file name as set in PXE server.
Next we configure DHCP server. This scenario is based on Rocky Linux 8 OS.
# vim /etc/dhcp/dhcpd.conf
default-lease-time 900;
max-lease-time 7200;
deny unknown-clients;
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
option architecture-type code 93 = unsigned integer 16;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
#range 192.168.1.2 192.168.1.250;
option domain-name-servers 172.20.30.252;
option ntp-servers 192.168.1.1;
option domain-name "k8s.cloudlabske.io";
option domain-search "k8s.cloudlabske.io";
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
next-server 192.168.1.7;
if option architecture-type = 00:07 {
filename "uefi/shim.efi";
} else {
filename "pxelinux.0";
}
}
}
host k8snode07 {
option host-name "node07.k8s.cloudlabske.io";
hardware ethernet 00:50:56:8d:ad:85;
fixed-address 192.168.1.19;
}
host k8snode08 {
option host-name "node08.k8s.cloudlabske.io";
hardware ethernet 00:50:56:8d:4b:37;
fixed-address 192.168.1.20;
}Allow dhcpd service on the firewall.
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --reloadEnable and start the database server.
systemctl enable --now dhcpdStep 6: Install Flatcar Container Linux from PXE booting
On your ESXI host / vCenter server, boot the Virtual Machine and choose the label from PXE menu.
The boot and provisioning process should begin after selecting the bootstrap option.
After a few seconds, your Flatcar Container Linux installation should be ready.
Test ssh into the instance using the SSH Public key.
$ ssh [email protected]
Warning: Permanently added '192.168.1.19' (ED25519) to the list of known hosts.
Enter passphrase for key '/Users/jkmutai/.ssh/id_rsa':
Flatcar Container Linux by Kinvolk stable 3374.2.1The installer service will begin setup of the operating system
core@localhost ~ $ systemctl status installer
● installer.service
Loaded: loaded (/etc/systemd/system/installer.service; enabled; vendor preset: enabled)
Active: activating (start) since Sun 2023-08-06 01:43:05 UTC; 3min 10s ago
Cntrl PID: 824 (sh)
Tasks: 14 (limit: 60866)
Memory: 420.3M
CPU: 17.318s
CGroup: /system.slice/installer.service
├─824 /usr/bin/sh -c "flatcar-install -d /dev/sda -i /opt/ignition.json && udevadm settle && systemctl reboot"
├─825 /bin/bash /usr/bin/flatcar-install -d /dev/sda -i /opt/ignition.json
├─837 gpg-agent --homedir /tmp/flatcar-install.bNry4d3unV/gnupg --use-standard-socket --daemon
├─840 /bin/bash /usr/bin/flatcar-install -d /dev/sda -i /opt/ignition.json
├─841 wget --tries 10 --timeout=20 --retry-connrefused --no-verbose -O - https://stable.release.flatcar-linux.net/amd64-usr/3374.2.1/flatcar_production_image.bin.bz2
├─843 tee /dev/fd/62
├─844 gpg --batch --trusted-key E25D9AED0593B34A --verify /tmp/flatcar-install.bNry4d3unV/flatcar_production_image.bin.bz2.sig -
├─845 /bin/bash /usr/bin/flatcar-install -d /dev/sda -i /opt/ignition.json
├─847 lbzip2 -cd
└─849 dd bs=1M conv=nocreat of=/dev/sda status=none
Aug 6 01:43:05 localhost systemd[1]: Starting installer.service...
Aug 6 01:43:08 localhost sh[825]: Downloading the signature for https://stable.release.flatcar-linux.net/amd64-usr/3374.2.1/flatcar_production_image.bin.bz2...
Aug 6 01:43:09 localhost sh[839]: 2023-08-06 01:43:09 URL:https://stable.release.flatcar-linux.net/amd64-usr/3374.2.1/flatcar_production_image.bin.bz2.sig [594/594] -> "/tmp/flatcar-install.bNry4d>
Aug 6 01:43:09 localhost sh[825]: Downloading, writing and verifying flatcar_production_image.bin.bz2...Multiple reboots may happen during this installation.
core@localhost ~ $ Connection to 192.168.1.128 closed by remote host.
Connection to 192.168.1.128 closed.After the last reboot, you’ll notice installer service no longer exist in the system.
core@master03 ~ $ systemctl status installer
Unit installer.service could not be found.The /etc/os-release file contains more details on Flatcar Container Linux. This information can be checked using the following commands.
core@node07 ~ $ cat /etc/os-release
NAME="Flatcar Container Linux by Kinvolk"
ID=flatcar
ID_LIKE=coreos
VERSION=3510.2.5
VERSION_ID=3510.2.5
BUILD_ID=2023-07-14-1822
SYSEXT_LEVEL=1.0
PRETTY_NAME="Flatcar Container Linux by Kinvolk 3510.2.5 (Oklo)"
ANSI_COLOR="38;5;75"
HOME_URL="https://flatcar.org/"
BUG_REPORT_URL="https://issues.flatcar.org"
FLATCAR_BOARD="amd64-usr"
CPE_NAME="cpe:2.3:o:flatcar-linux:flatcar_linux:3510.2.5:*:*:*:*:*:*:*"Conclusion
Flatcar Container Linux was created from from the ground up for running container workloads in multi-cloud infrastructures. It is an operating system that fully embraces the container paradigm, and it only includes required packages to run containers. In this article we’ve been able to set required pre-requisites, and install Flatcar Container Linux in VMware ESXI infrastructure. If you’re looking to deploy Kubernetes on Flatcar Container Linux, check out our article Deploy Kubernetes on KVM using Flatcar Container Linux. Only reference the Kubespray section for Kubernetes installation.
