Add initrd=main karg to examples and update QEMU/KVM setup

docs/deployment.md

@@ -226,7 +226,7 @@ matchbox
 If you enabled the gRPC API,
 
 ```sh
-$ openssl s_client -connect matchbox.example.com:8081 -CAfile /etc/matchbox/ca.crt -cert scripts/tls/client.crt -key scripts/tls/client.key
+$ openssl s_client -connect matchbox.example.com:8081 -CAfile scripts/tls/ca.crt -cert scripts/tls/client.crt -key scripts/tls/client.key
 CONNECTED(00000003)
 depth=1 CN = fake-ca
 verify return:1

docs/getting-started-docker.md

@@ -82,13 +82,18 @@ Create QEMU/KVM VMs which have known hardware attributes. The nodes will be atta
 $ sudo ./scripts/libvirt create
 ```
 
-You can connect to the serial console of any node (ctrl+] to exit). If you provisioned nodes with an SSH key, you can SSH after bring-up.
+If you provisioned nodes with an SSH key, you can SSH after bring-up.
 
 ```sh
-$ sudo virsh console node1
 $ ssh [email protected]
 ```
 
+If you set a `console=ttyS0` kernel arg, you can connect to the serial console of any node (ctrl+] to exit).
+
+```
+$ sudo virsh console node1
+```
+
 You can also use `virt-manager` to watch the console.
 
 ```sh

docs/getting-started.md

@@ -34,7 +34,7 @@ Install [Terraform](https://www.terraform.io/downloads.html) v0.13+ on your syst
 
 ```sh
 $ terraform version
-Terraform v0.13.3
+Terraform v1.1.8
 ```
 
 ### Examples
@@ -79,11 +79,11 @@ terraform {
   required_providers {
     ct = {
       source  = "poseidon/ct"
-      version = "0.7.1"
+      version = "0.10.0"
     }
     matchbox = {
       source = "poseidon/matchbox"
-      version = "0.4.1"
+      version = "0.5.0"
     }
   }
 }
@@ -98,31 +98,26 @@ Machine profiles specify the kernel, initrd, kernel args, Ignition Config, and o
 resource "matchbox_profile" "fedora-coreos-install" {
   name  = "worker"
   kernel = "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-kernel-x86_64"
+
   initrd = [
-    "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-initramfs.x86_64.img"
+    "--name main https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-initramfs.x86_64.img"
   ]
 
   args = [
+    "initrd=main",
     "coreos.live.rootfs_url=https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-rootfs.x86_64.img",
     "coreos.inst.install_dev=/dev/sda",
-    "coreos.inst.ignition_url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
-    "console=tty0",
-    "console=ttyS0",
+    "coreos.inst.ignition_url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}"
   ]
 
-  raw_ignition = data.ct_config.worker-ignition.rendered
-}
-
-data "ct_config" "worker-ignition" {
-  content  = data.template_file.worker-config.rendered
-  strict   = true
+  raw_ignition = data.ct_config.worker.rendered
 }
 
-data "template_file" "worker-config" {
-  template = file("fcc/fedora-coreos.yaml")
-  vars = {
-    ssh_authorized_key     = var.ssh_authorized_key
-  }
+data "ct_config" "worker" {
+  content = templatefile("fcc/fedora-coreos.yaml", {
+    ssh_authorized_key = var.ssh_authorized_key
+  })
+  strict = true
 }
 ```
 
@@ -148,8 +143,9 @@ cp terraform.tfvars.example terraform.tfvars
 
 ```tf
 matchbox_http_endpoint = "http://matchbox.example.com:8080"
-matchbox_rpc_endpoint = "matchbox.example.com:8081"
-ssh_authorized_key = "YOUR_SSH_KEY"
+matchbox_rpc_endpoint  = "matchbox.example.com:8081"
+os_version             = "36.20220618.3.1"
+ssh_authorized_key     = "YOUR_SSH_KEY"
 ```
 
 ### Apply

examples/ignition/fedora-coreos.ign

@@ -1,6 +1,6 @@
 {
   "ignition": {
-    "version": "3.1.0"
+    "version": "3.3.0"
   },
   "passwd": {
     "users": [

examples/ignition/fedora-coreos.yaml

@@ -1,8 +1,8 @@
 variant: fcos
-version: 1.1.0
+version: 1.4.0
 passwd:
   users:
     - name: core
       ssh_authorized_keys:
-        - ssh-rsa SET_PUBKEY_HERE
+        - ssh-ed25519 SET_PUBKEY_HERE
 

examples/profiles/fedora-coreos-install.json

@@ -4,14 +4,13 @@
   "boot": {
     "kernel": "/assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-kernel-x86_64",
     "initrd": [
-      "/assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-initramfs.x86_64.img"
+      "--name main /assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-initramfs.x86_64.img"
     ],
     "args": [
+      "initrd=main",
       "coreos.live.rootfs_url=http://matchbox.example.com:8080/assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-rootfs.x86_64.img",
-      "coreos.inst.install_dev=/dev/sda",
-      "coreos.inst.ignition_url=http://matchbox.example.com:8080/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
-      "console=tty0",
-      "console=ttyS0"
+      "coreos.inst.install_dev=/dev/vda",
+      "coreos.inst.ignition_url=http://matchbox.example.com:8080/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}"
     ]
   },
   "ignition_id": "fedora-coreos.ign"

examples/profiles/fedora-coreos.json

@@ -4,15 +4,14 @@
   "boot": {
     "kernel": "/assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-kernel-x86_64",
     "initrd": [
-      "/assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-initramfs.x86_64.img"
+      "--name main /assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-initramfs.x86_64.img"
     ],
     "args": [
+      "initrd=main",
       "coreos.live.rootfs_url=http://matchbox.example.com:8080/assets/fedora-coreos/fedora-coreos-36.20220618.3.1-live-rootfs.x86_64.img",
       "ignition.firstboot",
       "ignition.platform.id=metal",
-      "ignition.config.url=http://matchbox.example.com:8080/ignition?uuid=${uuid}&mac=${mac:hexhyp}",
-      "console=tty0",
-      "console=ttyS0"
+      "ignition.config.url=http://matchbox.example.com:8080/ignition?uuid=${uuid}&mac=${mac:hexhyp}"
     ]
   },
   "ignition_id": "fedora-coreos.ign"

examples/terraform/fedora-coreos-install/fcc/fedora-coreos.yaml

@@ -1,5 +1,5 @@
 variant: fcos
-version: 1.1.0
+version: 1.4.0
 passwd:
   users:
     - name: core

examples/terraform/fedora-coreos-install/profiles.tf

@@ -11,23 +11,14 @@ resource "matchbox_profile" "fedora-coreos-install" {
     "coreos.live.rootfs_url=https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-rootfs.x86_64.img",
     "coreos.inst.install_dev=/dev/sda",
     "coreos.inst.ignition_url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
-    "console=tty0",
-    "console=ttyS0",
   ]
 
-  raw_ignition = data.ct_config.worker-ignition.rendered
+  raw_ignition = data.ct_config.worker.rendered
 }
 
-data "ct_config" "worker-ignition" {
-  content = data.template_file.worker-config.rendered
-  strict  = true
-}
-
-data "template_file" "worker-config" {
-  template = file("fcc/fedora-coreos.yaml")
-  vars = {
+data "ct_config" "worker" {
+  content = templatefile("fcc/fedora-coreos.yaml", {
     ssh_authorized_key = var.ssh_authorized_key
-  }
+  })
+  strict = true
 }
-
-

examples/terraform/fedora-coreos-install/provider.tf

@@ -10,11 +10,11 @@ terraform {
   required_providers {
     ct = {
       source  = "poseidon/ct"
-      version = "0.6.1"
+      version = "0.10.0"
     }
     matchbox = {
       source  = "poseidon/matchbox"
-      version = "0.4.1"
+      version = "0.5.0"
     }
   }
 }

scripts/README.md

@@ -55,17 +55,3 @@ Create QEMU/KVM VMs which are configured to boot from the network. The `scripts/
         shutdown    shutdown the QEMU/KVM nodes
         poweroff    poweroff the QEMU/KVM nodes
         destroy     destroy the QEMU/KVM nodes
-
-## k8s-certgen
-
-Generate TLS certificates needed for a multi-node Kubernetes cluster. See the [examples](../examples/README.md#assets).
-
-    $ ./scripts/tls/k8s-certgen -h
-    Usage: k8s-certgen
-    Options:
-      -d DEST     Destination for generated files (default: .examples/assets/tls)
-      -s SERVER   Reachable Server IP for kubeconfig (e.g. node1.example.com)
-      -m MASTERS  Controller Node Names/Addresses in SAN format (e.g. IP.1=10.3.0.1,DNS.1=node1.example.com)
-      -w WORKERS  Worker Node Names/Addresses in SAN format (e.g. DNS.1=node2.example.com,DNS.2=node3.example.com)
-      -h          Show help
-

scripts/libvirt

@@ -35,7 +35,7 @@ function usage {
   echo -e "\tdestroy\t\tdestroy the QEMU/KVM nodes"
 }
 
-COMMON_VIRT_OPTS="--memory=${VM_MEMORY} --vcpus=1 --disk pool=default,size=${VM_DISK} --os-type=linux --os-variant=generic --noautoconsole --events on_poweroff=preserve"
+COMMON_VIRT_OPTS="--memory=${VM_MEMORY} --vcpus=1 --disk pool=default,size=${VM_DISK} --os-variant=fedora-coreos-stable --noautoconsole"
 
 NODE1_NAME=node1
 NODE1_MAC=52:54:00:a1:9c:ae

scripts/tls/cert-gen

@@ -6,7 +6,7 @@ rm -f ca.key ca.crt server.key server.csr server.crt client.key client.csr clien
 rm -rf certs crl newcerts
 
 if [ -z $SAN ]
-  then echo "Set SAN with a DNS or IP for matchbox (e.g. export SAN=DNS.1:matchbox.example.com,IP.1:192.168.1.42)."
+  then echo "Set SAN with a DNS or IP for matchbox (e.g. export SAN=DNS.1:matchbox.example.com,IP.1:172.17.0.2)."
   exit 1
 fi