From 01396e943a7d76fee0c1f553c7fdad2fe0acd4c8 Mon Sep 17 00:00:00 2001 From: Christoph Helma Date: Sat, 3 Jun 2017 16:38:31 +0200 Subject: coreos instructions updated --- ...5-16-coreos-installation-on-a-hetzner-server.md | 41 +++++++++++++--------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/_posts/2017-05-16-coreos-installation-on-a-hetzner-server.md b/_posts/2017-05-16-coreos-installation-on-a-hetzner-server.md index f84a943..2dcf580 100644 --- a/_posts/2017-05-16-coreos-installation-on-a-hetzner-server.md +++ b/_posts/2017-05-16-coreos-installation-on-a-hetzner-server.md @@ -14,35 +14,44 @@ tags: [] - run `installimage` - choose "Other" -> "CoreOS-XXX" - - keep the default install.conf (you may have to quit with ESC 0, if F10 does not work) + - set the hostname + - keep the remaining defaults in install.conf (you may have to quit with ESC 0, if F10 does not work) - confirm deletion of partitions -* reboot into CoreOS +Beware: Contrary to the output info `installimage` does not create a software raid. CoreOS is installed on /dev/sda, /dev/sdb remains unpartitioned. - `reboot` +* adjust CoreOS configuration -- log into CoreOS (using the same password as for the rescue system) + - mount ROOT partition - `ssh root@{sever-ip}` + `mount /dev/sda9 /mnt` -CoreOS overwrites user data in /etc during booting (e.g. after a automatic system update). In order to make persistent changes, we have to edit -`/var/lib/coreos-install/user_data`: + - add keys to `/mnt/home/core/.ssh/authorized_keys` + * disable root and password logins - - set the hostname - - add your public SSH key for the core user - - disable sftp `#Subsystem sftp internal-sftp` - - disable root login `PermitRootLogin no` - - disable password authentication `PasswordAuthentication no` + ``` + echo "PermitRootLogin no" > /mnt/etc/ssh/sshd_config + echo "PasswordAuthentication no" >> /mnt/etc/ssh/sshd_config + ``` -The docker systemd service is not enabled by default, but we need it to restart docker services after a reboot: + - remove user and sshd entries from coreos-install (to make above changes permanent between reboots) - `systemctl enable docker.service` + ``` + cp /mnt/var/lib/coreos-install/user_data /mnt/var/lib/coreos-install/user_data~ + sed -i '/users:/,$d' /mnt/var/lib/coreos-install/user_data + ``` -Reboot to test changes: +* reboot into CoreOS `reboot` -Make sure you can login as core user: +- log into CoreOS `ssh core@{sever-ip}` +The docker systemd service is not enabled by default, but we need it to restart docker services after a reboot: + + `sudo systemctl start docker.service` + `sudo systemctl enable docker.service` + + -- cgit v1.2.3