Getting Started with Fedora CoreOS
Introduction
Streams
There are three Fedora CoreOS (FCOS) update streams available: stable, testing, and next. In general, you will want to use stable, but it is recommended to run some machines on testing and next as well and provide feedback.
Each stream has a canonical URL representing its current state in JSON format, known as "stream metadata". For example, the stream metadata URL for stable is: https://builds.coreos.fedoraproject.org/streams/stable.json
For automating Fedora CoreOS installations, it is expected that you will interact with stream metadata. While Fedora CoreOS does automatic in-place updates, it is generally recommended to start provisioning new machines from the latest images.
For more information on using stream metadata, see Stream Metadata. For more about the available streams, see Update Streams.
Provisioning Philosophy
Fedora CoreOS does not have a separate install disk. Instead, every instance starts from a generic disk image which is customized on first boot via Ignition.
Each platform has specific logic to retrieve and apply the first boot configuration. For cloud deployments, Ignition gathers the configuration via user-data mechanisms. In the case of bare metal, Ignition can fetch its configuration from the disk or from a remote source.
For more information on configuration, refer to the documentation for Producing an Ignition File.
Quickstart
Booting on a cloud VM (AWS example)
New AWS instances can be directly created from the public FCOS images. You can find the latest AMI for each region from the download page.
If you are only interested in exploring FCOS without further customization, you can use a registered SSH key-pair for the default core user.
To test out FCOS this way you’ll need to run the aws ec2 run-instances command and provide some information to get the instance up and running. The following is an example command you can use:
NAME='instance1'
SSHKEY='my-key' # the name of your SSH key: `aws ec2 describe-key-pairs`
IMAGE='ami-xxx' # the AMI ID found on the download page
DISK='20' # the size of the hard disk
REGION='us-east-1' # the target region
TYPE='m5.large' # the instance type
SUBNET='subnet-xxx' # the subnet: `aws ec2 describe-subnets`
SECURITY_GROUPS='sg-xx' # the security group `aws ec2 describe-security-groups`
aws ec2 run-instances \
--region $REGION \
--image-id $IMAGE \
--instance-type $TYPE \
--key-name $SSHKEY \
--subnet-id $SUBNET \
--security-group-ids $SECURITY_GROUPS \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]" \
--block-device-mappings "VirtualName=/dev/xvda,DeviceName=/dev/xvda,Ebs={VolumeSize=${DISK}}"
You can find out the instance’s assigned IP by running aws ec2 describe-instances
|
You now should be able to SSH into the instance using the associated IP address.
ssh core@<ip address>A more complete example that allows customization is described in Provisioning Fedora CoreOS on Amazon Web Services.
Booting on a local hypervisor (libvirt example)
-
Fetch the latest image suitable for the
qemuplatform usingcoreos-installer(or download and verify it from the web). You can usecoreos-installeras a container, or on Fedora install it from the repos.STREAM="stable" # as an installed binary: coreos-installer download -s $STREAM -p qemu -f qcow2.xz --decompress -C ~/.local/share/libvirt/images/ # or as a container: podman run --pull=always --rm -v "${HOME}/.local/share/libvirt/images/:/data" -w /data \ quay.io/coreos/coreos-installer:release download -s $STREAM -p qemu -f qcow2.xz --decompress -
Launch a new machine via
virt-install, using the Ignition file with your customizations.IGNITION_CONFIG="/path/to/example.ign" IMAGE="/path/to/image.qcow2" VM_NAME="fcos-test-01" VCPUS="2" RAM_MB="2048" STREAM="stable" DISK_GB="10" # For x86 / aarch64, IGNITION_DEVICE_ARG=(--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=${IGNITION_CONFIG}") # For s390x / ppc64le, IGNITION_DEVICE_ARG=(--disk path="${IGNITION_CONFIG}",format=raw,readonly=on,serial=ignition,startup_policy=optional) # Setup the correct SELinux label to allow access to the config chcon --verbose --type svirt_home_t ${IGNITION_CONFIG} virt-install --connect="qemu:///system" --name="${VM_NAME}" --vcpus="${VCPUS}" --memory="${RAM_MB}" \ --os-variant="fedora-coreos-$STREAM" --import --graphics=none \ --disk="size=${DISK_GB},backing_store=${IMAGE}" \ --network bridge=virbr0 "${IGNITION_DEVICE_ARG[@]}"
virt-install requires both the OS image and Ignition file to be specified as absolute paths.
|
Depending on your version of virt-install, you may not be able to use --os-variant=fedora-coreos-* and will get an error. In this case, you should pick an older Fedora variant (--os-variant=fedora31 for example). You can find the variants that are supported by you current version of virt-install with osinfo-query os | grep '^\s*fedora'.
|
DISK_GB should be at least as big as the default size of the image. For Fedora CoreOS, this is currently 10 GB.
|
Make sure that your user has access to /dev/kvm. The default is to allow access for everyone, but on some distributions you may need to add yourself to the kvm group.
|
You can escape out of the serial console by pressing CTRL + ].
|
If you set up an SSH key for the default core user, you can SSH into the VM and explore the OS:
ssh core@<ip address>Exploring the OS
Once the VM has finished booting, its IP addresses will appear on the console. By design, there are no hard-coded default credentials.
If you set up an SSH key for the default core user, you can SSH into the VM and explore the OS:
ssh core@<ip address>Getting in touch
We recommend that all users subscribe to the low-volume coreos-status mailing list for operational notices related to Fedora CoreOS.
Bugs can be reported to the Fedora CoreOS Tracker.
For live questions, feel free to reach out in the #coreos:fedoraproject.org room on Matrix.
For doubts and longer discussions related to Fedora CoreOS, a forum and a mailing list are available.
Want to help? Learn how to contribute to Fedora Docs ›