Fornitura di Fedora CoreOS su Azure

Questa guida mostra come fornire nuovi nodi Fedora CoreOS (FCOS) su Azure. Attualmente, Fedora non pubblica immagini Fedora CoreOS all’interno di Azure, quindi devi scaricare un’immagine Azure da Fedora e caricarla nel tuo abbonamento Azure.

FCOS non supporta le macchine virtuali legacy di [Azure Service Manager](https://learn.microsoft.com/en-us/azure/virtual-machines/classic-vm-deprecation).

Prerequisiti

Prima di configurare una macchina FCOS, è necessario avere un file di configurazione Ignition con le proprie personalizzazioni. Se non ne hai uno, consulta Produzione di un File Ignition.

Fedora CoreOS dispone di un utente predefinito core che può essere utilizzato per esplorare il sistema operativo. Se desideri utilizzarlo, completa la sua configurazione fornendo, ad esempio, una chiave SSH.

If you do not want to use Ignition to get started, you can make use of the Afterburn support.

You also need to have access to an Azure subscription. The examples below use the Azure CLI.

Downloading an Azure image

Fedora CoreOS is designed to be updated automatically, with different schedules per stream. Once you have picked the relevant stream, download, verify, and decompress the latest Azure image:

STREAM="stable"
coreos-installer download --decompress -s $STREAM -p azure -f vhd.xz

In alternativa, puoi scaricare manualmente un’immagine di Azure dalla [pagina di download](https://fedoraproject.org/coreos/download/?stream=stable#cloud_images). Verifica il download seguendo le istruzioni su quella pagina e decomprimilo.

Uploading the image to Azure

  1. Create any resources that don’t already exist in your Azure account:

    Example creating Azure resources
    az_region="westus2"
az_resource_group="my-group"
az_storage_account="mystorageacct"
az_container="my-container"
# Create resource group
az group create -l "${az_region}" -n "${az_resource_group}"
# Create storage account for uploading FCOS image
az storage account create -g "${az_resource_group}" -n "${az_storage_account}"
# Retrieve connection string for storage account
cs=$(az storage account show-connection-string -n "${az_storage_account}" -g "${az_resource_group}" | jq -r .connectionString)
# Create storage container for uploading FCOS image
az storage container create --connection-string "${cs}" -n "${az_container}"

  2. Create an FCOS image:

    Example creating Azure image
    downloaded_image_file="./image.vhd"
az_image_name="my-fcos-image"
az_image_blob="${az_image_name}.vhd"
# Upload image blob
az storage blob upload --connection-string "${cs}" -c "${az_container}" -f "${downloaded_image_file}" -n "${az_image_blob}"
# Create the image
az image create -n "${az_image_name}" -g "${az_resource_group}" --source "https://${az_storage_account}.blob.core.windows.net/${az_container}/${az_image_blob}" --location "${az_region}" --os-type Linux
# Delete the uploaded blob
az storage blob delete --connection-string "$cs" -c "${az_container}" -n "${az_image_blob}"

Launching a VM instance using custom-data

  1. Launch a VM. Your Ignition configuration can be passed to the VM as custom data, or you can skip passing custom data if you just want SSH access. Your SSH public key from ~/.ssh will automatically be added to the VM. This provides an easy way to test out FCOS without first creating an Ignition config.

    Example launching Azure image
    az_vm_name="my-fcos-vm"
ignition_path="./config.ign"
az vm create -n "${az_vm_name}" -g "${az_resource_group}" --image "${az_image_name}" --admin-username core --custom-data "$(cat ${ignition_path})"

  2. You now should be able to SSH into the instance using the associated IP address.

    Example connecting
    ssh core@<ip address>

Launching a VM instance using custom-data and a private Azure blob

  1. Define your variables.

az_vm_name=my-fcos-vm
ignition_path="./config.ign"
az_blob_ignition_path=./privateConfig.ign
az_blob_ignition_file_name=privateConfig.ign

  1. Upload your ign file to Azure blob storage.

az storage blob upload --connection-string "${cs}" -c "${az_blob_ignition_file_name}" -f  "${az_blob_ignition_path}" -n "${ignition_file_name}"

  1. Create your remote ignition config to reference this new blob. Read about that here Using a remote Ignition config

  2. Note: The source field should have a value similar to "https://${az_storage_account}.blob.core.windows.net/${az_image_blob}/${az_blob_ignition_file_name}

  3. Create an identity and give it proper access to your storage account.

az identity create --name "${az_vm_name}-identity" --resource-group "${az_resource_group}"
identity_principal_id=$(az identity show --name "${az_vm_name}-identity" --resource-group "${az_resource_group}" --query principalId -o tsv)
identity_id=$(az identity show --name "${az_vm_name}-identity" --resource-group "${az_resource_group}" --query id -o tsv)
az role assignment create --assignee "${identity_principal_id}" --role "Storage Blob Data Contributor" --scope /subscriptions/${subscription_id}/resourceGroups/${az_resource_group}/providers/Microsoft.Storage/storageAccounts/${az_storage_account}

  1. Create the VM passing the new identity.

az vm create -n "${az_vm_name}" -g "${az_resource_group}" --image "${az_image_name}" --admin-username core --custom-data "$(cat ${ignition_path})" --assign-identity "${identity_id}"

Want to help? Learn how to contribute to Fedora Docs