About Dusty Mabe

Atomic OpenShift Engineer for Red Hat. Fedora Atomic WG member. Passionate about open source.

Setting up SkyDNS

Kubernetes exposes DNS for service discovery, but the DNS server itself must be configured after you install Kubernetes. In the future it will be integrated into kubernetes as part of the platform (see PR11599) but for now you have to setup and run the SkyDNS container yourself.

I have seen some tutorials on how to get skydns working, but almost all of them are rather involved. However, if you just want a simple setup on a single node for testing then it is actually rather easy to get skydns set up.

Read More »

Installing an OpenShift Origin Cluster on Fedora 25 Atomic Host: Part 1

Introduction

Openshift Origin is the upstream project that builds on top of the Kubernetes platform and feeds into the OpenShift Container Platform product that is available from Red Hat today. Origin is a great way to get started with Kubernetes, and what better place to run a container orchestration layer than on top of Fedora Atomic Host?

We recently released Fedora 25, along with the first biweekly release of Fedora 25 Atomic Host. This blog post will show you the basics for getting a production installation of Origin running on Fedora 25 Atomic Host using the OpenShift Ansible Installer. The OpenShift Ansible installer will allow you to install a production-worthy OpenShift cluster. If you’d like to just try out OpenShift on a single node instead, you can set up OpenShift with the oc cluster up command, which we will detail in a later blog post.

Read More »

Installing an OpenShift Origin Cluster on Fedora 25 Atomic Host: Part 2

Introduction

In part 1 of this series, we used the OpenShift Ansible Installer to install Openshift Origin on three servers that were running Fedora 25 Atomic Host. The three machines we’ll be using have the following roles and IP address configurations:

|    Role     |  Public IPv4   | Private IPv4 |
|-------------|----------------|--------------|
| master,etcd | 54.175.0.44    | 10.0.173.101 |
| worker      | 52.91.115.81   | 10.0.156.20  |
| worker      | 54.204.208.138 | 10.0.251.101 |

In this blog, we’ll explore the installed Origin cluster and then launch an application to see if everything works.

Read More »

Fedora Atomic 26 July 25 Release

A new Fedora Atomic Host update is available via an OSTree commit:

Commit: 0715ce81064c30d34ed52ef811a3ad5e5d6a34da980bf35b19312489b32d9b83
Version: 26.91

This is the second release for Fedora 26 Atomic Host. This contains a newer version of Kubernetes with fixes for the bug that was in the original release of the Fedora Atomic 26 tree.

Users of built-in Kubernetes on Fedora Atomic Host can now rebase onto the version 26 ref. We will be releasing a few blogs shortly about upgrading your existing hosts.

Read More »

Fedora 26 Atomic Host August 08 Release

A new Fedora Atomic Host update is available via an OSTree commit:

Commit: f6331bcd14577e0ee43db3ba5a44e0f63f74a86e3955604c20542df0b7ad8ad6
Version: 26.101

In this release we have fixed an issue with our qcow and vagrant images from the 20170723 release. If you used the qcow or vagrant images from that release then please make sure you are following the fedora/26/x86_64/atomic-host ref. See this Atomic Working Group issue for more details.

Read More »

Fedora 26 Atomic Host August 22 Release

A new Fedora Atomic Host update is available via an OSTree commit:

Commit: 13ed0f241c9945fd5253689ccd081b5478e5841a71909020e719437bbeb74424
Version: 26.110

Warnings

Hardware Issue: During our testing phase we found an issue where on a specific hardware platform we could not boot after installing from the ISO images, or after updating to this release. If you experience similar behavior please use the previous ISO image. For existing machines, users with affected hardware should either wait for the next two-week release to upgrade, or switch to the updates ref where the issue is already fixed.

Kubernetes: We have also been notified by users that there are firewall issues with Docker 1.13 and Kubernetes.

Read More »

Fedora 26->27 Atomic Host Upgrade Guide

Introduction

This week we put out the first release of Fedora 27 Atomic Host. Some quick notes:

  • In Fedora 27 Atomic Host we removed kubernetes from the base OSTree. We will have a post tomorrow about the upgrade steps for Kubernetes users.

  • For Fedora 27 we are currently sticking with the non-unified repo approach as opposed to a unified repo. TL;DR nothing is changing for now but we expect to implement a unified repo as described here during the F27 release cycle.

For today we’ll talk about updating an existing Fedora 26 Atomic Host system to Fedora 27. We’ll cover preparing the system for upgrade and performing the upgrade.

Read More »

Fedora 27 Atomic Host January 4th Security Release

A new Fedora Atomic Host update is available via an OSTree commit. This update contains an important security patch.

Version: 27.47
Commit(x86_64): 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76
Commit(aarch64): 25965b64256417d7dfed37511ffe0cf842ebe64bd6adc8c57a3c603dcfd79885
Commit(ppc64le): c0d0a28a01fd363dfc317e3418935efae6d728a718320dfb3709c4282160f20f

This is a security related release of Fedora Atomic Host to address CVE-2017-5754 (Meltdown). This release does not yet handle the Spectre vulnerabilities, CVE-2017-5753 and CVE-2017-5715. Those will come in a future update. For more information see the Red Hat knowledgebase article.

kernel-4.14.11-300.fc27.x86_64 fixes BZ1530826 related to CVE-2017-5754. It also fixes some other CVEs as well. See the attached bugs to the bodhi update for more information.

Read More »

Fedora 27 Atomic Host January 18th Release

In this week’s release of Fedora Atomic Host we have an updated kernel (the spectre patches are slowly working their way out), and an updated docker with a security fix. We also are including firewalld in the ostree now, but we are not enabling it by default. I’ll post a follow up blog post on this topic in the next day or two.

The new Fedora Atomic Host update is available via an OSTree update:

Version: 27.61

  • Commit(x86_64): 772ab185b0752b0d6bc8b2096d08955660d80ed95579e13e136e6a54e3559ca9
  • Commit(aarch64): 598626fd61dc6ed4b702159e50b6029ee70a527e855fce7d8e61a870b141f893
  • Commit(ppc64le): 16ce78ee689066f582dbfc0672dab1706051fefab496fcebd8109d58738eb8fe

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy. Systems on Fedora Atomic 26 can be upgraded using rpm-ostree rebase. Refer to the upgrade guide for more details.

Read More »

Firewalld in Atomic Host

TL;DR

Fedora Atomic Host (and derivatives) will now include the firewalld package in the base OSTree that is tested, delivered, and released every two weeks. Existing users should observe no change as it won’t be enabled by default.

Firewalld in Atomic Host

In the past we have had requests to have firewalld in Atomic Host to enable a better interface into firewall management for administrators and management software. It turns out that if you have lots of rules to manage, or even multiple pieces of software trying to manage different sets of rules on a single system, then iptables becomes a limitation pretty quickly.

Atomic Host users do have the ability to package layer firewalld, but live changes to the host are currently experimental. Since rebooting during system provisioning in certain environments is not desirable, and firewalld is relatively small, the Fedora Atomic Working Group decided to include firewalld in the base OSTree.

In order to not affect existing users the firewalld service will be disabled by default. Existing users should observe no change in behavior. Users who want to use firewalld can enable/start the service and start using it immediately.

Read More »

Fedora 27 Atomic Host February 2nd Release

In this week’s release of Fedora Atomic Host we have a new kernel, ostree/rpm-ostree, glibc, and cloud-utils-growpart (fixes for aarch64 partition resize issues).

The new Fedora Atomic Host update is available via an OSTree update:

Version: 27.72

  • Commit(x86_64): 39848372585a65dc63fb3052f997139b8b30d6b55ce378337db3664177489d28
  • Commit(aarch64): 8048d384f231f90a7479cf94bfe94053970fb9a0f196ba4485d779696db81fa1
  • Commit(ppc64le): 3fce2908406e41e2ffe533908e840f44311576befe7e49396d1894407341aef9

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy.

Read More »

Fedora 27 Atomic Host February 16th Release

In this week’s release of Fedora Atomic Host we have a new kernel, Atomic CLI, and runc.

A new Fedora Atomic Host update is available via an OSTree update:

Version: 27.81

  • Commit(x86_64): b25bde0109441817f912ece57ca1fc39efc60e6cef4a7a23ad9de51b1f36b742
  • Commit(aarch64): bb5bc5afbf27333a70c1f3bf8d0117baa45e862e0440be5c779cd5f0bb35aab4
  • Commit(ppc64le): e484af3c5a5c88c0de486eee195dff4c6c7ef41d07c41b5d356305db237066d7

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy.

Read More »