Hello,
I am brand new to microos and ignition files.
My target is to setup microos using ignition files (as much as possible).
There are 2 points that I need your help here.
Point 1: TLS certificates and OS trust store.
Yes, I know that I can create a new file with ignition that it will have the CA certificate.
But what kind of permissions should it have, 0420, or 0640?
Also, do I need to run update-ca-certs I read somewhere that the /etc/pki/trust/anchors/ directory is monitored and thus we don’t need to run the update-ca-certs. Is this true for MicroOS? Or so I have to run it, somehow, after the 1st boot?
Next is the way we handle extra partitions and growfs.
What runs first? The growfs or the new partitions creation?
I will answer myself.
After a lot of trial and error installations:
You should NOT use the DVD iso, you need to use the self-install.
You must update the OS trust store manually. I did this using a combustion script.
Permissions are not important, however, you need to remember that the “geniuses” who created ignition decided that we should use decimal for the permissions instead of octal…
I didn’t have to handle the growfs, everything was handled automatically from the self-install ISO.
So, all in all, I am very impressed by combustion/ignition and MicroOS although documentation for all of them sucks big time.
@tpe I have a working Ignition file example here (…but sadly without the TLS certificates and OS trust store you asked for), but you can see how to create files in octal notation:
Version 1.4???
Fuel generates 3.20 (and this is what I used).
Well, yes, eventually everything worked. I still try to figure out my way around it, although I am still not sure about the maturity/stability of my hardware/OS combination.
You mixed the version numbers up, let my explain what’s going on here. Also I’m talkin about specification versions for Butane and Ignition that should not be confused with the Github versions and their containers of these projects:
Butane: Fedora CoreOS Specification v1.4.0 needs to be used for OpenSUSE, can be found here. Butane is the YAML based notation that can be easily used by humans like us
Ignition: Ignition uses JSON and also some base64 encoded strings as values. You can define that JSON by hand, but I would not recommend it I’m currently using theConfiguration Specification v3.3.0 which you can find here
Combustion: Script based installation method used by OpenSUSE. Still valid, but depending on what you do you might not need it anymore and you only need (and want) to use an Ignition file.
Fuel Ignition: That project provides the Fuel Ignition website you used to generate your Ignition and Combustion files. That website generates Ignition and Combustion files that both need to be used for your server installation.
That being said: You mostly don’t need to use Combustion anymore, but the Fuel Ignition project still provides both files as the project lacks some features that are already specified in the Ignition standard that I mentioned earlier. Also there may be corner cases that lets you rely on ignition in combination with Combustion. But often these restrictions can be overcome when using only Ignition and configure some parts after the server installation with automation tools like Ansible, Salt, etc.
If you don’t want to use Combustion you should not use the Fuel Ignition website, but write your own Butane YAML filesa nd convert them into Ignition. My example files that I linked do exactly that. Please be also aware that if you want to start cloud servers you need to rely on Ignition only without Combustion, so you need to use Butane → Ignition.
…okay, that was a lengthy explanation, don’t know if you even read this But I hope it helped you a little bit
I’m currently using the