 We'll start off just talking a little bit about the photo or core OS and what it is that we have here. So Effectively, this is an introduction to mutable OS modifications to the so you start we start with In the four or chorus world a universal image and that universal image is applied in all All domains So so wherever wherever it is that you're deploying you're deploying the same thing and And then modifications are made through through Scripts that are introduced at the time of boot To make modifications So we're going to go through some of the the process for first off configuring a system to run a Virtual instance and then dig into what the What the initial experience looks like and how to just have a command line connection to a system for Review so I'm going to take you through a little bit of what's been what's going to get us started here So first off we need to make sure that any system we're using is configured for virtualization and just a quick and easy way to to to make sure that that's installed is To go to the getting started page for the pre-rex on our lab for live virtualization and I stood up I Have a throwaway system for doing this that I have set up from a launch template on AWS have a workshop instance. I have one that's fully baked and So I'm just going to very quickly go through the Food tutorial so we can add the virtualization immediately to the system once we have the the install completed We can start the work the Liberty go through that Once we have that enabled we'll look for the KVM Configuration and make sure that shows up the instance here that I've chosen has a KVM Intel support so we can will will Once we get to this spot we can start the standard tutorial for For the for the prerequisites for The Fedor core s deployment so while it's going in the background. Let's just look over here We're gonna I'm gonna go ahead and do this First process this first part of the class with With standard liberate virtualization because we want to log in directly to the system without having set up any Configured users Obviously this will this will get you into the The base image and then we'll do some inspection on that base image But we're gonna start with some some housekeeping We're gonna make the directory Where we're going to store our Artifacts and required files so now let's see if you can see this So now I'm I'm in the in that Directory proper I'm gonna go ahead and start my live votes Make sure that it comes back When I need it to and then just verify That I'm running the Intel CPU extensions. Yes, and now We'll move over here so All of the basic tools that we require are Well, there's these three tools that are associated. So the first thing we're working on is a Configuration file that will pass to the instance itself and that comes in the form of an ignition file the ignition file Provides all the parameters and it's a little bit like a predecessor there called cloud in it But this one was written by the core OS team and and is much faster a little more robust in terms of the configuration and operations and we're gonna write but it's written in JSON and and a lot of people like to write in YAML and we have a fedora core OS configuration file that's that is Used to generate Or for is something that's built in human readable and then we have the the transpiler The FCC T that will will actually Change that file into a Or convert the file into an ignition natural ignition file and the ignition file gets passed in the user day can user data configuration for an instance or You'll set a parameter For where that will be pulled. So these three utilities the FCC T the transpiler the Corus installer which is used to to Retrieve the image that you want and then the ignition validate the ignition validate will verify that the ignition file That was created from our transpiler that includes Information that is valid for the for the ignition file These tools are available in a couple of different ways one is we can download and install them From the To a fedora instance that we're using or we can Pull them and use them interactively and the easiest way to pull and use them interactively Is to create these aliases for the utilities? You can see the utilities have been assigned an alias that's associated with the the Container in this case but We can just use the packages. So let's just make sure that you should be installed by default So now we have those And the next thing we want to do is download the image that we want So in this case, we're going to download the latest fedora 33 or F cost 33 so door for us 33 coming right up and to make this easier on ourselves We're going to use the same process that's here in this In this step This step is just renaming the quem you file that you're you're pulling down for For use in the configuration So now we have a file Checking the signature We can move that to Something a little easier for us to digest The Fedora core sq cal to so now we are now we have Changed what we downloaded into this file. Let's look I want to take just a second to go over what's happening here This is pulling the latest stable build Based on the release signature and the release signatures comes from somewhere right it comes from your From your configuration the configuration we can get let's see This you are I If I wanted to pull that information for myself So that I could say see what what that release is actually that's just there. I can do a curl And pull the content from that Stream of the coro string. This is awesome by the way. It's one of my favorite ways to to pull In the image that I need for a dynamic build so from building from for a Just an automated process. This is very helpful And then I can choose based on the the region So I'm looking for images here in AWS just as an example, but I've got the release information Here that release information is associated in our Tutorial that's associated here, so I can just pull that release information from the command line as it's shown here and then leverage it to grab the latest image and Then I can verify that signature by pulling from the same location and verifying it And then I can uncompress that file which is all handled That's all been handled for us by the core less installer And then this is just just discussing the initial configuration for those utilities that we were talking about All right. So this is it. This is the fedora core less configuration file and in this case our first ignition file is just going to Give us access to A running system You can see we have some version information here. This is all Basic and then we skip Directly to so we don't modify anything that's associated with users and that's usually what happens here is there's the Hierarchy here looks like users system and then your storage association The system de configuration Here is just giving us the auto log in and then we're making some modifications of files so that we are not beholden to pager and We're making some changes. So let's just take this information if you're doing this at your leisure You can grab, you know, you can Bring that in The hard way But we're not going to do that We're going to Grinder grab this here. So just like we had it in in the web page We have it here, you know, we have an auto log in file And that matches the name that we wanted to give it up here. I guess this is yaml not I left out the a Now we'll convert this we're going to convert it from the Corp for door corp OS configuration to the ignition configuration Just move over here and Downloaded this so now I can say I want you to pretty print it in there Stricts like this and I want the output to go to auto log in dot IGN and now Go back Let's look at the auto log in IGN and see that that's very nicely configured and Ready to go So now We can take this detail and validate it. So now we're going to use our ignition validate the command line To determine if that file indeed is a valid ignition file and this is it is and Dusty provided us with this handy little And so we could have Some feedback that was recognizable take this Opportunity to modify the context on the ignition file so that it will Slurp up into the the vote install Now we're going to do just a standard virtualization avert install on this instance and Because it's auto log in should be Corp OS all good We all also know that it's Fedora Corp stable because that's what we downloaded And now we're just building an image or an instance So we have a simple virtual machine here Funny enough inside a virtual machine So surprise There is no configuration for our users So we just go straight to the prompt and this is a very easy way to to just have a quick experience with the instance itself So this is where we are and these are some of the things that we can do we can walk through What we're getting out of the ring and then we can Look at the host name information in this case, I don't think they actually Set the host name So you can see we set the host name here okay, so You can see that's pretty quick and easy. So if you were doing this you could you could Spawn a spawn as many as you want to I have room for one And See here that we're using that this or OS variants is An important definition for your vert install command to get the right To get the right configuration. So if you're looking for that That's an important thing. If you have an older version of liver the liver utilities, you may you may not find that So make sure you're using a Here's the commands I'm gonna let you go ahead and go through the core OS exploration yourself. So you can find these These interesting and important RPMs and consider that these are parts of the Of the base OS and this is an important Distinction here, this is the we'll just go here and look at the OS tree And see that this is our the base of our operating system This is a container in itself and if we update this we would in fact Get an entire replacement for Not just the kernel or a single package But a collection of packages that make up the base operating system base deployment in the interest of time I'm going to let you Walk through those commands yourself And I'm going to destroy this virtual machine so that we can move on to the next one And I'm going to get out of here. Sorry, that's a control right bracket surprise and now There is a verse command I Undefined I've only got about yeah, I've got 40 gig of space so Two of these would are 25k. Okay, so So we're working with a 25 gig root volume and In the definition for the instance it set are the the virtual machine you can see we've we're setting a disk size That is Pretty much pretty much the same, okay So now let's let's move on to the second tutorial Let's assume. We are having a machine that is actually running on cloud or something right on a public network And you would like to get to know the IP of that specific instance and What we can do is use something like the full login helper messages to actually Yeah, so let's assume we have a machine and we would like to get to know the public IP address of it so We can totally do that from this script that is like just using curl to actually get actually hit a IP for I can has IP calm and then Pushing it into console login helper messages, and I'll be like once Fedora chorus boots up. It will be demonstrated on the visible at the console So here's the system the service around this bash file what it's going to do is it will execute that batch script file and Actually be you be used before the Be executed before this thing before the service executes the control login help them as one so as they would as they were demonstrated with the enabling Autologin and the customer's name. We will be doing the same But like the same provisioning method. I'll be ignition and we'll be writing a Youngl file for doing it So what it's doing is that first of all, we are making sure that we are able to auto log in without having to Do anything like SSH and stuff along with that We are also defining another system be your system be service Which will execute this public IP before which will actually hit I can has IP and get the IP address and show it on the phone so along with that we are modifying the host name and Telling the system be pager to actually use cat to use cat not a pager when printing information Along with that we are actually these things are actually done to make sure that we have the work The workflow for the workshop goes smoothly because like if the console or message login level is a debug That's actually seven. They'll show all the audit messages on interactive console so We are changing it to warning for and Along with that we are also adding a script as public IP for SSH in our path. So I have actually written this Ignition file here FCCP So here it is we are just modifying the host name and that'll be depth on minus C that minus 1221 and Most of the information is similar Then what's on the documentation? So I'm not using Fedora on this on this laptop. So I'm using some like Docker to actually make sure that my YAML file is converted directly into it. So let's see how that works Yeah, so if we could add the services that we need in file It's just on which actually the poor Fedora course conflict transpiler read to the YAML file and created this ignition conflict That we'll be using to put it into Fedora So So what was installed is doing this creating another virtual machine which will be using this specific ignition conflict on the QEMU command line and Creating a back in store between GB and using that. So Let's try and provision it So it actually created and the virtual machine and as you can see it's putting up Staging the question time. Can you increase your font size? Dude, I'm not sure who's responsible for the icon has IP by API He's a big app. I'm not sure in that one, but I guess I'll be the font size So It is actually booting up here. So, I'm not sure if I'll be able to do that, but Yeah So it's trying to boot up and I Will soon show us our public IP address on The console this is what console going out the messages is demonstrating It's booting up the virtual machine There's our service And so here you can see that along with the ignition and SSI choice keys we have a Script that was executed and that's actually detected public IP before IP address that detected and there's a public IP address for it So it's it locked in automatically because as we use Ignition to actually create the service and Execute the service So we can actually get the logs from here This is what the service is all about that we create from the ignition config file So it actually used curl to actually talk to icon has IP dot com and use that to execute the script and get the IP address so This is how the mission works and you can execute multiple scripts or use something like a system D service that will be actually that'll be responsible for executing your script and that Service can be Executed once like network is online or anything you and you can demonstrate useful information using control login helper messages Children but service to actually show something on after you know before logging in when you provision a machine so this is my first part and This was about using system D services a second one is about enabling SSH service SSH access and starting containers on bootless assume that we have a machine and We would like to enable we would like to create an HDD the distributed SCD Program and make it as a member. So That on a in a container so HDD will actually be running in a container in order to do that we'll be using portman, which is like racing is similar to Docker and And Lootless for those containers So we'll be creating two services here. The first one will be a failure service, which will be one shot and it'll be just Doing false. So it'll actually result non-zero code which will result in a failure and Fedora course after boot time It'll show us that this service was paid while trying to load it by admission and At the same time, we'll be creating another service that will actually be an HDD container and that will be a member so we Created the service for it and then we have this storage files and the modifications that we use for this Tutorial so I'm quickly going to exit it Destroy it as well. So we can use the same name the other for this tutorial So here's the FCCP containers ignition file for it Well, I'm adding my public SSHP that's emulated to the Swiss workshop Along with that we have another service that's going to enable autolog in along that we have a failure one This is fail and then we have an HDD member So I'm quickly going to convert it into the FCCP one So I'm quickly going to modify the containers So a quick note here, you won't have to type All of it because like in the way start While setting up it was said that you have to search on Pelsus, but I didn't do that So I have to type all the container running stuff on the command line. So the ignition config files here Here does that for the gun all the other files Converting to a JSON ignition form and then we can use this one to Create a virtual machine so I am quickly going to modify the QEMU command line from services.ignition to containers.igm So what we do is use this newk in the ignition file to create this instance We're going to time in the meantime. Do we have any questions? Oh, it's major hidden Can't say it I just got to know that So Timothy in the meantime, would you like to go ahead and Tell some information about the OS or anything really while this thing moves up and is pulling the HDD image? As we don't have So Here the again examples that we are giving are relatively simple and and like direct examples But you can do a lot of things with ignition and fluorescence So as a more I would say complex example, I can share one we made with matrix setting up the matrix server on the English lab in Fedora magazine Where you can set up automatically set up a matrix on server We are only ignition configs On Fedora corrects, and that's really powerful because if you do it once then that's Time lot of time to set up everything to write the configs, but if you want to automatically set up More good servers or do that for several domains for example several instances then Once you've done that the first time Every single new instance is free basically because you've got all the configs and you can go ahead and start again, and so we published this this full example so that Yeah, it gives you an idea of how much power ignition has and how much capabilities it has so that you can Use it in more Go ahead I think the machine has booted up here You can see that the failure service that we actually created just to fail is demonstrate is here that The console login helper messages is telling us that this was a failure unit that we were trying to purge and via ignition and the other service that we created Service so we just quickly when see the logs of it So it actually pulled the image and it started a single node xcd cluster By using this image so we are quickly going to See and add something else. So what we're going to do is like to create a key value here for Fedora and then adding value as fun so I'm going to do that and Here you can see that it replied is with actions at node Key fedora value this and modified index list So now let's get this key from From it. So what we're going to do is we are going to take the state view Okay So here you can see that we are when the signal node clusters are as the signal node clusters up we can add Uh, the key value pairs or at the same time fed data from it. We can use it to purge in your case And use it as a part of case cluster if you are setting up multi note Multi note xcd So you can like set up set that up easily by adding it in the admission So Timothy would you like to go ahead and And we can destroy it by this way. So you have to press control and there's 12 ending bracket So when you do that, it will like get you out of the domain tree virtual machine and then you can destroy and then define it Of course So then you can use the same name to create other definitions as well Stop saying as well now All right to them forward Okay, so now we will uh try and just updates. So um The what was nice with fedora caress is that it automatically updates. So, um Yeah, we okay. All right. Yes. We are we're at the end of the so yeah, if you have any questions feel free and we'll stop and and answer them otherwise, we'll uh, we'll just like Try and We can do Some of the other tutorials or we can ask we we can also answer questions to if that's The irony We don't see anything in q&a section Timothy. Okay. Um, I think you already answered All the answer on the chat So All right Thank you Yeah, um, do we have do we have time to do to for timothy to show the update because I think that's an important part of the Yeah, would you do that timothy? Yeah 130 Right, I'll do I'll do the I'm I'll show the show That should be recorded, right? So yeah um, so yes the idea is that Fedora caress is an automatically updating system. So Once you I'll share the the page at the same time that should help Here we go so Once you've installed the system it will automatically stay up to date and reboot Reboot to to apply them to make the date essentially we release updates Something like every two weeks. So every two weeks you get a new date unless there's major Security issue and then we we release updates when it when it's needed So to do that to actually test the date Usually you when you start a federal coincidence you directly started at the latest version Uh, so because you don't need to start off with something like that is already updated But to do that we will like download an exact Just previous version so that we can actually have updates working So let's just do that. So I'll pick up Release here's another release from from fedora. So That's what I'll do here. So if you go ahead and look at the stable stream For example, you can just pick up the previous one here And copies this value and and use that to download the release. So I'll do just that Should I maybe I should share All right, let's download the signature and we verify the release because It's been a while since I've downloaded The images Manually so I have to fetch out the sign in case Which is Which is where Here that should be good. Yes, that's good All right So know that we have an older release we can Simply boot up that one. We'll just extract the image move it under more predictable name And then we go so We don't need like a really complex configuration here. So the FCC isn't really interesting. So I'll just Copy it and paste it you can you can find it in the in the doc. I'll just copy paste and We'll use that directly Whoops Too fast Yeah, okay, FCC. Let's go Let's have it here. So it's essentially the same one as we used before with auto login and eventually an SSH key So we can have that here. I'll just paste my My own SSH key so As always we convert this Here To a new mission config If I wrote Yes, because I wrote his FCC All right, so we have our update extension config and we can go and start the transmission with that So What's nice here? So we have a two updates. So What's going to happen is that? Directly after we boot up the system will immediately Figure out that it's not up to date and we'll start doing the updates. So if we Ask if we look at the status of Venkari, which is the update the program which manages the update on federal harass You look that what he he finds out. He's okay. He's running here Oh, he felt to check for updates Hmm Oh, no, he felt to check but he actually managed to do that. So And we're already rebooting up So we were on the old versions, but we immediately look at that and we immediately rebooted the system so Here we go. We know back And let's take a look at the status of our system, which is rpm history Which is the command that manages the system and how to and which version we are running And what we can see here. So we started on this version here, which is the version that I got from um From the from the download page Uh, the the version that I actually used to set up the the virtual machine and we immediately moved Moved out to the latest version. You see here the the latest the stable version um Yeah, so We basically Venkari Notice that we were running something hold and said, okay That's good. Uh, we you're ready. You you you're running an old division. Let's go in a bit right up So if we look at the Status of Venkari here Uh, so right now Yeah, we are the current release. So that's good because before he was saying that we were If I just look at the the journal from the full journal Uh from um Venkari, which I think I can get Yeah, oh, yeah, I just have to go ahead and get it Uh, so yes, initially he he was like, okay Current release is not at the end. It's not the latest version And we want to move to the latest version. So that's what he did first and now we're on the We rebooted and we know we're on the latest one so If If we're there, okay, all right, we got automatic updates But what's great is that we can check out what happened between the versions So directly in in our system here, we can take a look and see, okay, all right What happened during this update and we call rpm db diff and it will tell you which packages have been updated as part of the images Uh during this update. So you can see that we removed actually two packages and we did a bunch of them So great But what happens if for example, there's a bug in kexec tools and you cannot use that anymore because it breaks your workflow in your system or your applications And you want to go back to the older version Uh, so well the easiest version is you can tell rpm history to roll back the system states to the previous version of the system and you directly tell that rpm history with With the rollback man and what it will do is essentially it will move up It will go back to the previous version of the system. So when you call rpm history Staticy, you see we have two versions because we still have the previous version available for us on the system And we can go back at any time. So that's what we will do right now If we call rpm history rollback and dash dash reboot, it will roll back and reboot the system It will see that we were back on the previous one So that's almost instant Just time for us to reboot and we are now we're back and If we look at a status here, so we're back to the system through the image that we used First we used to to create the system and the updates is right here It's right underneath and that's the one we are running here. And that's the one that are available on system So we just roll back and everything's fine Um, we can take a quick look at what vincari is telling us and vincari is like, okay Somebody's uh, all right we Uh, we are not going to update because we are Uh, in a rollback situation. I there's like some strange here right here All right, that's something I'll have to take that one out Um And yeah, so essentially vincari is not going to update again because we've just rolled back So vincari is aware that we are well, we're running an older version but on purpose So we are not going to update that one on the issue again because that would be bad And we'll just wait until the next one comes in and hopefully by the time this one comes in You have time to report and fix Maybe a back because it's posted a new package has been released And so this one will get included in the next version And uh, and then we can move on. So yeah This is this is essentially like skipping a version so that you can see on the one that works and uh, and move on to the next one Which is uh, which hopefully will work too Uh, yeah, we do extensive testing, but we We cannot test everything on the systems Of course, there will be bugs from time to time and that's like the last result option that you have So essentially that's the idea about automatic updates and optional rollbacks if you need them Um, so yeah, that's that's that's my part. Uh, all right, we have um a latest, um Section, but I won't be doing that one because that would take us far too Late, so I'll just like quickly show it and it's the last issue here about noticing user level system units on boot and you can do that at your own pace Uh, it's essentially self describing example. I'll update it in the coming