I’m curious about RancherOS, so I installed an instance on the Hetzner Cloud. Let’s see how it works…
Installing RancherOS on Hetzner Cloud
Preliminary Steps
- Create a new instance. Ubuntu or Debian are fine: we’re going to smash them anyway.
- Enable Rescue
- SSH in to your new instance
If you already have a spare instance, you can still go through 2 and 3, but beware, the HDD will be wiped!
ISO Install
This works for other OSes as well that are not in the official image list (e.g., Alpine Linux, Devuan, etc.).
1. Get the tools
apt install kexec-tools
This will be used to boot the mounted ISO once we have it.
2. Get the ISO
At the time of this writing, v1.5.1 is out. YMMV, replace the version number as needed in the whole document.
wget https://github.com/rancher/os/releases/download/v1.5.1/rancheros.iso
wget https://github.com/rancher/os/releases/download/v1.5.1/iso-checksums.txt
Running sha256sum rancheros.iso
should match the hash in the iso-checksums.txt
. If not: stop here and download again, as something is very wrong. Do not continue unless the SHA256 hashes match.
3. Wipe the Disk
This is why we’re running in Rescue mode and not on the primary OS. Now you know
sgdisk -Z /dev/sda
4. Boot RancherOS from the ISO
mount -t iso9660 rancheros.iso /mnt
kexec --initrd /mnt/boot/initrd-v1.5.1 \
--command-line="rancher.password=rancher" \
/mnt/boot/vmlinuz-4.14.85-rancher
Now we can SSH in from another terminal to finish the install:
ssh \
-o ProxyCommand=none \
-o PubkeyAuthentication=no \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
rancher@$HETZNER_HOST_IP
5. Install RancherOS on Disk
First, prepare the configuration file:
cat <<EOD > cloud-config.yml
hostname: rancher
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1l...QdmfAnff9n how@spine
rancher:
docker:
tls: true
network:
dns:
nameservers:
- 213.133.98.98
- 213.133.99.99
- 213.133.100.100
interfaces:
eth0:
address: $HETZNER_HOST_IP
netmask: 255.255.255.255
gateway: 172.31.1.1
pointopoint: 172.31.1.1
mtu: 1400
dhcp: false
EOD
Let’s break it down:
-
hostname
should be the hostname you choose for your instance - the
ssh_authorized_keys
should list one or more public keys.ed25519
keys are short and strong: use them. - Docker TLS is set to
true
, so you must additionally run the “Docker TLS” commands below - DNS servers are Hetzner’s. You can use whatever you like.
-
$HETZNER_HOST_IP
must be replaced by the public IPv4 address assigned to your instance. - The
eth0
setup uses172.31.1.1
gateway as is normal with Hetzner Cloud static IPs. Careful it’spointopoint
, notpointtopoint
(only onet
(sic)).
Now we’re ready to go:
ros install \
-i rancher/os:v1.5.1 -t gptsyslinux -c cloud-config.yml -d /dev/sda -f
Additionally setup Docker TLS:
ros config set rancher.docker.tls true
ros tls gen --server -H localhost -H rancher -H $HETZNER_HOST_IP
system-docker restart docker
ros tls gen
Here. Done. Reboot into your new RancherOS instance!
What’s in RancherOS?
So, RancherOS is a Docker-based Linux system optimized to run Docker containers.
It seems very appropriate for Cloud deployments. I was first attracted to it because of a screenshot that shows a nice web-based Kubernetes manager. I thought it might be useful for me to learn the ropes of K8s.
Kubernetes Dashboard
So, I only have sshd
running. Hmmm… After some browsing I found this–but don’t run this yet–:
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
After another browsing set, I came to destroy the user docker container rancher/rancher
and use the system service version instead. Here you go:
docker ps # returns an empty set
sudo ros s enable rancher-server-stable # chose from: sudo ros service list
sudo ros s up rancher-server
docker ps
rancher-server
will listen on 8080.
…
Soon enough I could access the IP through HTTPS and see the nice dashboard.
TODO
- Fix the certificate (using LetsEncrypt instead of the default self-signed CA) so I can run on the public domain name
- Configure for custom cloud providers (e.g., Hetzner)