Installing CoreOS on Bare Metal

This guide provides instructions to install Fedora CoreOS to bare metal. Three options are available:

  • Installing from live ISO

  • Installing from PXE

  • Installing from the container

Prerequisite

Before installing FCOS, you must have an Ignition configuration file and host it somewhere (e.g. using python3 -m http.server). If you do not have one, see Producing an Ignition File.

If you have servers with different types and/or number of hard drives, you must create a separate customized Ignition config for each machine (or machine class). A good model is to have the common parts of the configuration factored out into a separate Ignition configuration which can be merged into (via HTTP or inline) the per-machine custom config.

Installing from live ISO

To install FCOS onto bare metal using the live ISO interactively, follow these steps:

podman run --security-opt label=disable --pull=always --rm -v .:/data -w /data \
    quay.io/coreos/coreos-installer:release download -s stable -p metal -f iso

Note this is just using coreos-installer as a tool to download the ISO.

You can boot the live ISO in either legacy BIOS or UEFI mode, regardless of what mode the OS will use once installed.
  • Burn the ISO to disk. On Linux and macOS, you can use dd. On Windows, you can use Rufus in "DD Image" mode.

  • Boot it on the target system. The ISO is capable of bringing up a fully functioning FCOS system purely from memory (i.e. without using any disk storage). Once booted, you will have access to a bash command prompt.

  • You can now run coreos-installer:

sudo coreos-installer install /dev/sda \
    --ignition-url https://example.com/example.ign

Once the installation is complete, you can simply sudo reboot. After rebooting, the first boot process begins. It is at this time that Ignition ingests the configuration file and provisions the system as specified.

For more advanced ISO installs, including automation, see below. For more about the live ISO image, see the live image reference.

Check out coreos-installer install --help for more options on how to install Fedora CoreOS.

Installing from the network

Booting the live PXE image requires at least 2 GiB of RAM with the coreos.live.rootfs_url kernel argument, and 4 GiB otherwise. You can install in either legacy boot (BIOS) mode or in UEFI mode, regardless of what mode the OS will use once installed.

Installing from PXE

To install from PXE, follow these steps:

  • Download an FCOS PXE kernel, initramfs, and rootfs image:

podman run --security-opt label=disable --pull=always --rm -v .:/data -w /data \
    quay.io/coreos/coreos-installer:release download -f pxe
  • Follow this example pxelinux.cfg for booting the installer images with PXELINUX:

DEFAULT pxeboot
TIMEOUT 20
PROMPT 0
LABEL pxeboot
    KERNEL fedora-coreos-36.20220605.3.0-live-kernel-x86_64
    APPEND initrd=fedora-coreos-36.20220605.3.0-live-initramfs.x86_64.img,fedora-coreos-36.20220605.3.0-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.1.101:8000/config.ign
IPAPPEND 2

For more details on how to use this information, see this blog post for testing a PXE installation via a local VM and libvirt. For other supported kernel command-line options, see the coreos-installer docs, but note that coreos-installer pxe customize (see below) is more flexible. For more about the live PXE image, see the live image reference.

Installing from iPXE

An iPXE-capable machine needs to be provided with a relevant Boot Script to fetch and load FCOS artifacts.

The example below shows how to load those directly from Fedora infrastructure. For performance and reliability reasons it is recommended to mirror them on the local infrastructure, and then tweak the BASEURL as needed.

#!ipxe

set STREAM stable
set VERSION 36.20220605.3.0
set INSTALLDEV /dev/sda
set CONFIGURL https://example.com/config.ign

set BASEURL https://builds.coreos.fedoraproject.org/prod/streams/${STREAM}/builds/${VERSION}/x86_64

kernel ${BASEURL}/fedora-coreos-${VERSION}-live-kernel-x86_64 initrd=main coreos.live.rootfs_url=${BASEURL}/fedora-coreos-${VERSION}-live-rootfs.x86_64.img coreos.inst.install_dev=${INSTALLDEV} coreos.inst.ignition_url=${CONFIGURL}
initrd --name main ${BASEURL}/fedora-coreos-${VERSION}-live-initramfs.x86_64.img

boot

For other supported kernel command-line options, see the coreos-installer docs, but note that coreos-installer pxe customize (see below) is more flexible. For more about the live PXE image, see the live image reference.

Installing from the container

You can use the coreos-installer container from an existing system to install to an attached block device. For example (substitute docker for podman if needed):

sudo podman run --pull=always --privileged --rm \
    -v /dev:/dev -v /run/udev:/run/udev -v .:/data -w /data \
    quay.io/coreos/coreos-installer:release \
    install /dev/vdb -i config.ign

In this example, coreos-installer will download the latest stable FCOS metal image and install it onto /dev/vdb. It will then inject the Ignition file config.ign in the current directory into the image. Use --help to see all the available options.

Downloading and mirroring the metal image

Sometimes, it’s necessary to download the metal image ahead of time and then have it passed locally to coreos-installer for installation. You can download the metal image directly from the FCOS download page, or you can use coreos-installer download.

When installing via the live ISO or PXE, there is no need to download the metal image. It is already part of those environments.

There are two metal images: one for 512b-sector disks (labeled "Raw" on the download page), and one for 4k-sector native disks (labeled "Raw (4K Native)"). Unless you know to be targeting a 4k native disk, use the 512b one, which is the most common. See this page for more information.

To download the 4kn native metal image with coreos-installer download, use the --format 4k.raw.xz switch.

The metal image uses a hybrid partition layout which supports both BIOS and UEFI booting.

When you’re finally ready to install FCOS, you can point it at your downloaded image using coreos-installer install --image-url <LOCAL_MIRROR> or coreos-install --image-file <PATH>.

Customizing installation

The coreos-installer iso customize and coreos-installer pxe customize commands can be used to create customized ISO and PXE images with site-specific configuration, including the ability to perform unattended installations of Fedora CoreOS.

For example:

# Create customized.iso which:
# - Automatically installs to /dev/sda
# - Provisions the installed system with config.ign
# - Uses network configuration from static-ip.nmconnection
# - Trusts HTTPS certificates signed by ca.pem
# - Runs post.sh after installing
coreos-installer iso customize \
    --dest-device /dev/sda \
    --dest-ignition config.ign \
    --network-keyfile static-ip.nmconnection \
    --ignition-ca ca.pem \
    --post-install post.sh \
    -o custom.iso fedora-coreos-36.20220605.3.0-live.x86_64.iso
# Same, but create a customized PXE initramfs image
coreos-installer pxe customize \
    --dest-device /dev/sda \
    --dest-ignition config.ign \
    --network-keyfile static-ip.nmconnection \
    --ignition-ca ca.pem \
    --post-install post.sh \
    -o custom-initramfs.img fedora-coreos-36.20220605.3.0-live-initramfs.x86_64.img

For details on available customizations, see the coreos-installer documentation.

ISO installation on diverse hardware

Commonly bare metal systems will have a diversity of hardware - some systems may have NVMe drives /dev/nvme*, whereas others have /dev/sd* for example. You will almost certainly have to template the value of /dev/sda above.

A useful approach is to script generating a per-machine .iso. If you have a hardware database (whether a text file in git or relational database) then it will work to generate a per-machine target-dell.ign and target-hp.ign for example, and specify that to --dest-ignition alongside the appropriate --dest-device to generate fedora-coreos-install-dell.iso and fedora-coreos-install-hp.iso.

Alternatively, instead of generating per-machine ISOs, you can have a --pre-install script run a privileged container which inspects the target system and writes an appropriate installer config to /etc/coreos/installer.d.