Installing RancherOS on Hetzner Cloud
- Create a new instance. Ubuntu or Debian are fine: we’re going to smash them anyway.
- Enable Rescue
- SSH in to your new instance
If you already have a spare instance, you can still go through 2 and 3, but beware, the HDD will be wiped!
This works for other OSes as well that are not in the official image list (e.g., Alpine Linux, Devuan, etc.).
1. Get the tools
apt install kexec-tools
This will be used to boot the mounted ISO once we have it.
2. Get the ISO
At the time of this writing, v1.5.1 is out. YMMV, replace the version number as needed in the whole document.
wget https://github.com/rancher/os/releases/download/v1.5.1/rancheros.iso wget https://github.com/rancher/os/releases/download/v1.5.1/iso-checksums.txt
sha256sum rancheros.iso should match the hash in the
iso-checksums.txt. If not: stop here and download again, as something is very wrong. Do not continue unless the SHA256 hashes match.
3. Wipe the Disk
This is why we’re running in Rescue mode and not on the primary OS. Now you know
sgdisk -Z /dev/sda
4. Boot RancherOS from the ISO
mount -t iso9660 rancheros.iso /mnt kexec --initrd /mnt/boot/initrd-v1.5.1 \ --command-line="rancher.password=rancher" \ /mnt/boot/vmlinuz-4.14.85-rancher
Now we can SSH in from another terminal to finish the install:
ssh \ -o ProxyCommand=none \ -o PubkeyAuthentication=no \ -o UserKnownHostsFile=/dev/null \ -o StrictHostKeyChecking=no \ rancher@$HETZNER_HOST_IP
5. Install RancherOS on Disk
First, prepare the configuration file:
cat <<EOD > cloud-config.yml hostname: rancher ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1l...QdmfAnff9n how@spine rancher: docker: tls: true network: dns: nameservers: - 126.96.36.199 - 188.8.131.52 - 184.108.40.206 interfaces: eth0: address: $HETZNER_HOST_IP netmask: 255.255.255.255 gateway: 172.31.1.1 pointopoint: 172.31.1.1 mtu: 1400 dhcp: false EOD
Let’s break it down:
hostnameshould be the hostname you choose for your instance
ssh_authorized_keysshould list one or more public keys.
ed25519keys are short and strong: use them.
- Docker TLS is set to
true, so you must additionally run the “Docker TLS” commands below
- DNS servers are Hetzner’s. You can use whatever you like.
$HETZNER_HOST_IPmust be replaced by the public IPv4 address assigned to your instance.
172.31.1.1gateway as is normal with Hetzner Cloud static IPs. Careful it’s
Now we’re ready to go:
ros install \ -i rancher/os:v1.5.1 -t gptsyslinux -c cloud-config.yml -d /dev/sda -f
Additionally setup Docker TLS:
ros config set rancher.docker.tls true ros tls gen --server -H localhost -H rancher -H $HETZNER_HOST_IP system-docker restart docker ros tls gen
Here. Done. Reboot into your new RancherOS instance!
What’s in RancherOS?
So, RancherOS is a Docker-based Linux system optimized to run Docker containers.
It seems very appropriate for Cloud deployments. I was first attracted to it because of a screenshot that shows a nice web-based Kubernetes manager. I thought it might be useful for me to learn the ropes of K8s.
So, I only have
sshd running. Hmmm… After some browsing I found this–but don’t run this yet–:
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
After another browsing set, I came to destroy the user docker container
rancher/rancher and use the system service version instead. Here you go:
docker ps # returns an empty set sudo ros s enable rancher-server-stable # chose from: sudo ros service list sudo ros s up rancher-server docker ps
rancher-server will listen on 8080.
Soon enough I could access the IP through HTTPS and see the nice dashboard.
- Fix the certificate (using LetsEncrypt instead of the default self-signed CA) so I can run on the public domain name
- Configure for custom cloud providers (e.g., Hetzner)