CoreOS - Figure out install bootstrap story for bare-metal

[msheiny]

Feature request

Description

TL;DR - Figure out how to efficiently install CoreOS on baremetal that would be easy to direct an admin through without a lot of manual steps that introduce human error.

CoreOS doesn't have a great boot from ISO story (https://coreos.com/os/docs/latest/booting-with-iso.html) due to the lack of a elegant way to provide an ignition configuration. Obviously since we are only booting a single server, we want to make the install process as painless as possible without over-engineering the install. One possible execution is booting into another live USB environment, having a helper script for generation of an ignition config, and then installing directly to the server's hard-disk. You can also provide config to the boot process via a kernel parameter pointing to a URL.

Looks like another recommended way is to use a configured PXE server config and/or something like matchbox. If we were to go this route, we could script out a live boot environment (similar to how we currently have a admin workstation) that allows admin configuration and can kick off a PXE server. A big security concern here is obviously having an server with PXE boot left enabled as a potential attack vector past the install time-frame. Usually our firewall guide would guard against that but it's definitely possible all orgs aren't strictly following the network isolation guides. I'm worried having moving network/server pieces will be overly complex in our single use install scenario but let's keep it open.

Need more research here and community recommendations.

Additional Links:

• CoreOS provisioning high-level
• CoreOS ignition configs

User Stories

As a securedrop administrator, I want an automated install process that allows me to get SecureDrop on baremetal as fast as possible.

As a securedrop maintainer, I want an admin to be able to install SecureDrop without introducing vulnerabilities by mis-typing commands or mis-configuring the underlying server.

As securedrop support staff, I want a smooth install experience that introduces minimal chance for an admin to introduce errors and require assistance for troubleshooting.

[heartsucker]

Tagging @squeed since this may be relevant to your interests.

[squeed]

So, for booting a single machine, it's possible to skip the pxebooting process. All you need is the iso image and a way to get the ignition config to the machine. This is typically done via HTTP, but can also use two USB sticks. Or you can unpack and repack the iso image.

Your ignition config should set the SSH key, so you can then run ansible on the machine.

The steps basically look like:

0. Spin up a private webserver with the Ignition config
1. Boot the machine off the iso
2. At the console, execute wget http://WEBSERVER/ignition.json
3. execute coreos-install -i ignition.json && reboot

At this point, the machine will install to disk, reboot, install the SSH key, and be ready for further provisioning.

[squeed]

As for running applications on CoreOS, one typically uses systemd units that execute Docker or rkt commands. Then, you manage the execution flags (bind mounts, image URL, etc) via Ansible.

[eloquence]

We've not made a final commitment to a containerized OS in general or CoreOS in particular. We'll re-evaluate our options after the transition to Ubuntu 20.04 is complete (#4768). See #5517. Closing this old issue and retiring the associated label for now.