Utilizzo di una configurazione Ignition remota

Con Ignition, non sei limitato alla configurazione fornita localmente a un sistema e puoi recuperare altre configurazioni Ignition da una fonte remota. Queste configurazioni verranno quindi sostituite o integrate nella configurazione esistente.

Questo è il metodo migliore: definire un singolo file con le variabili di ambiente necessarie nella configurazione Butane e fare riferimento a questo tramite file di unità drop-in di systemd per tutti questi servizi.

I seguenti esempi mostrano come recuperare un file Ignition da una fonte remota. Entrambi sono impostati per sostituire la configurazione attuale con un file Ignition remoto.

Recupero di un file Ignition remoto tramite HTTPS

variant: fcos
version: 1.6.0
ignition:
  config:
    replace:
      source: https://example.com/sample.ign

Retrieving a remote Ignition file via HTTPS with a custom certificate authority

variant: fcos
version: 1.6.0
ignition:
  config:
    replace:
      source: https://example.com/sample.ign
  security:
    tls:
      certificate_authorities:
        - source: https://example.com/source1

The certificate authorities listed here are not automatically added to the host filesystem. They are solely used by Ignition itself when fetching over https. If you’d like to also install them on the host filesystem, include them as usual under the storage.files array.

In some cases, if you need to merge a local configuration and one or several remote ones, you can use the merge rather than replace in a Butane config.

Retrieving a remote Ignition file via HTTPS and merging it with the current config

variant: fcos
versione: 1.6.0
ignition:
  config:
    unisci:
      - fonte: https://example.com/sample.ign
passwd:
  utenti:
    - nome: core
      chiavi_ssh_autorizzate:
        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh...

Retrieving remote Ignition files via plain HTTP is also possible as shown below.

Retrieving a remote Ignition config via HTTP exposes the contents of the config to anyone monitoring network traffic. When using HTTP, it is advisable to use the verification option to ensure the contents haven’t been tampered with.

Retrieving a remote Ignition file via HTTP

variant: fcos
version: 1.6.0
ignition:
  config:
    replace:
      source: http://example.com/sample.ign
      verification:
        hash: sha512-e2bb19fdbc3604f511b13d66f4c675f011a63dd967b97e2fe4f5d50bf6cb224e902182221ba0f9dd87c0bb4abcbd2ab428eb7965aa7f177eb5630e7a1793e2e6

If you need to retrieve a remote Ignition file but have no direct access to the remote host, you can specify a proxy for plain HTTP and/or HTTPS. You can also specify hosts that should be excluded from proxying.

Retrieving a remote Ignition file via a proxy

variant: fcos
version: 1.6.0
ignition:
  config:
    merge:
      - source: https://example.com/sample.ign
      - source: https://example.org/example.ign
  proxy:
    https_proxy: https://example.net
    no_proxy:
      - example.org

Want to help? Learn how to contribute to Fedora Docs ›