Adding OS extensions to the host system
Fedora CoreOS keeps the base image as simple and small as possible for security and maintainability reasons. That is why you should in general prefer the usage of podman
containers over layering software.
However, in some cases it is necessary to add software to the base OS itself. For example, drivers or VPN software are potential candidates because they are harder to containerize.
To do this, you can use rpm-ostree install
. Consider these packages as "extensions": they extend the functionality of the base OS rather than e.g. providing runtimes for user applications. That said, there are no restrictions on which packages one can actually install. By default, packages are downloaded from the Fedora repositories.
To start the layering of a package, you need to write a systemd unit that executes the rpm-ostree
command to install the wanted package(s). Changes are applied to a new deployment and a reboot is necessary for those to take effect.
Example: Layering vim and setting it as the default editor
Fedora CoreOS includes both nano
and vi
as text editors, with the former set as default (see the corresponding Fedora change).
This example shows how to install the fully fledged vim
text editor and how to set it up as default for all users by setting up the required configuration in /etc/profile.d/
.
In the future, we will have a more Ignition-friendly method of doing this with stronger guarantees. See upstream issues butane#81 and fedora-coreos-tracker#681 for more information. |
variant: fcos
version: 1.5.0
systemd:
units:
# Installing vim as a layered package with rpm-ostree
- name: rpm-ostree-install-vim.service
enabled: true
contents: |
[Unit]
Description=Layer vim with rpm-ostree
Wants=network-online.target
After=network-online.target
# We run before `zincati.service` to avoid conflicting rpm-ostree
# transactions.
Before=zincati.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
# `--allow-inactive` ensures that rpm-ostree does not return an error
# if the package is already installed. This is useful if the package is
# added to the root image in a future Fedora CoreOS release as it will
# prevent the service from failing.
ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive vim
ExecStart=/bin/touch /var/lib/%N.stamp
ExecStart=/bin/systemctl --no-block reboot
[Install]
WantedBy=multi-user.target
storage:
files:
# Set vim as default editor
# We use `zz-` as prefix to make sure this is processed last in order to
# override any previously set defaults.
- path: /etc/profile.d/zz-default-editor.sh
overwrite: true
contents:
inline: |
export EDITOR=vim
Want to help? Learn how to contribute to Fedora Docs ›