https://rancher.com/ logo
Join Slack
Powered by
Considering firmware updates, is there a supported...
# elemental
m
Considering firmware updates, is there a supported way to install fwupdmgr on elemental provisioned rancher hosts?
s
Hi, regarding adding extra packages to al already provisioned host there multiple options. The Elemental way would be by providing an upgrade to a new image including such a package, hence building your own derivate image in which you simply install such a package. Then this new image could be consumed by Elemental as an OS upgrade and the upgraded system would include the expected utility.
Then another story is how to make use of 
fwupgrmgr
. For that there also several options. In an Elemental node you have the 
rancher-system-agent
and the 
elemental-system-agent
(which in fact another instance of 
rancher-system-agent
but listening to a node specific secret rather than cluster wide one). So rancher system agent could be one way of executing fwupgrmgr assuming the host already has the utility installed.
Finally 
system-upgrade-controller
could also be used to do such a job, in which case you might not need to explicitly install the fwupgrmgr utility in the host as the process runs in a privileged container. System upgrade controller could eventually be used to run plan that launches a privileged pod that could eventually execute fwugrmgr. So by creating a SUC plan in the downstream cluster that launches a pod that runs fw upgrade script. In SUC env the host root is mounted at 
/host
inside the pod.
Is any of this aligned with what you'd expect? If you have a clear preference or idea on what suits best to your process we try to dive a little further into the details.
m
This is all helpful info - many thanks!
Regarding the OCI image update, is there a way to access transactional-update, zypper, etc. as part of that in a Containerfile context?
It looks like zypper is there but no repos attached.
Alternatively is there maybe a way to do this with cloud data with 
packages
?
s
Indeed the image does not include predefined repositories, you should add the repositories of your choice. The 
packages
stanza of cloud-init is not supported in Elemental, however you could easily include the 
zypper install
call as a 
runcmd
item.
👍 1
In any case I'd suggest you building your own derivative image using a Docker file that derives from the Elemental image of your choice and add there the repositories you might need and install the packages using explicit call of 
zypper install
.
m
I assume pulling the repos from the BCI would be the ideal way to go there? Probably don't want to store SLES credentials in the container image, I'd imagine.
s
Assuming you have SLES credentials the way to go is by using the https://github.com/SUSE/container-suseconnect Also if you are missing some package into Elemental images I'd also suggest you to open a github issue in github.com/rancher/elemental with a rationale why is this relevant or missing. Feedback directly in github repositories is highly appreciated and it makes it way easier for us to track it and discuss the best approach. I am saying so as probably firmware management tools are a valuable addition to baremetal images and something we can consider in future releases.
a
I’ve found myself in a similar position to Scott where I’m trying to add the qemu-guest-agent package to my own derivative image (I am otherwise happy with the default Micro for Rancher ISO). I’ve been through a few attempts with no success (I even found an OBS build that does something along those lines https://github.com/rancher/elemental/blob/main/.obs/dockerfile/micro-kvm-os/Dockerfile). My rationale is that I’m using elemental VMs as nodes in a K3S cluster on a Harvester host, and would then like to use the Harvester cloud provider loadbalancer functionality to loadbalance services in the cluster. One of the requirements for this though is that the qemu-guest-agent is installed on the nodes so that Harvester can obtain IPs (https://docs.harvesterhci.io/v1.2/networking/loadbalancer/). Given elemental’s position within Rancher’s OS management and Rancher-Harvester integration, perhaps this would be a good package to include? Happy to raise an issue in GitHub if so.
Having said that, there may be other issues with this use-case? I’ve struggled to create an elemental cluster in any namespace other than 
fleet-default
and it seems one of the other Harvester loadbalancer requirements is that the VMs are in the same namespace as the guest cluster.
Apologies, in hindsight I should probably have started a new thread rather than hijacking this!
s
No problem @acoustic-country-10006, thanks for reaching out. Regarding the missing 
qemu-guest-agent
I'd appreciate if you could open an issue and with the motivation you just pointed out. Indeed it looks like a clear candidate for the micro-kvm-os image flavor we are about to release with Micro 6. Regarding the use case you propose and namespace constraints we need to have a closer look.
a
Excellent, many thanks @sticky-tailor-45974
Have submitted https://github.com/rancher/elemental/issues/1423. Meanwhile, I’ll continue exploring this use case with other nodes that do have the qemu-guest-agent to see if there’s any other blockers.
👍 1
The other thing I can think of is getting Harvester VM names to align with the hostnames elemental generates which is another requirement for the Harvester LB. IIRC there’s a section in the docco about using SMBIOS values or labels for setting hostname so hopefully I can figure that out! 🤞
w
@acoustic-country-10006 that sounds interesting with harvester <-> elemental hostnames, let us know if you run into any trouble!
a
Having successfully configured the Harvester cloud provisioned loadbalancer, I can confirm my concern about the VM namespace / cluster namespace matching requirement is not an issue. 👌
🎉 1
I’m yet to get an elemental host running that sets it’s hostname to the Harvester VM name it was created under but haven’t given it much of a go yet. Super nice to see all the loadbalancer stuff working (with K3S & Traefik) though, that’s one less variable to worry about!
Probably something for the Harvester / Rancher channels but I did have to workaround the docco provided for the LB stuff, when I get a chance I’ll raise an issue to https://github.com/harvester/docs/blob/main/versioned_docs/version-v1.1/rancher/cloud-provider.md. (I’m not sure if a PR would be appropriate incase I’m actually doing something else different/wrong?)
m
Yeah - hostname in Elemental is something I've raised before in my regular custom support channel with SUSE. Having DHCP/static hostname in Elemental saves time when you're debugging which specific bare-metal node is misbehaving.
That's a different issue than my OP, but I'll still chime in to say it's something I would definitely like to have
As we move from traditional servers to immutable, we're trying to figure out how to do fwupdmgr, dsu, etc, type operations in this world. We're using both Harvester and Elemental k8s hosts directly, FWIW. It's also not immediately clear how to deploy an Elemental cluster running on Harvester, so for now I've been using OBS to generate images for hosting k8s Rancher hosts on Harvester. https://build.opensuse.org/projects/home:vwbusguy:branches:openSUSE:Templates:Images:1[…]tes-NetworkManager-NoFirewallD/repositories/images/binaries
w
Hi @miniature-salesclerk-33951! Not sure if this is what you are running into, but if you have already configured hostnames in DHCP for your elemental hosts you can reuse those hostnames for the machines in rancher by setting the machineName in the MachineRegistration like so:
Copy code
apiVersion: <http://elemental.cattle.io/v1beta1|elemental.cattle.io/v1beta1>
kind: MachineRegistration
metadata:
  name: my-nodes
  namespace: fleet-default
spec:
  machineName: "${System Data/Runtime/Hostname}"
👀 1
As for deploying an elemental cluster in harvester what we have done when testing is to build the seedimage in the rancher cluster, download the iso/raw image from rancher and upload into harvester as a volume and boot it.. hope this helps 👍
a
This is also the method I had been using which seems to work fine. I had tried giving Harvester the URL that's at the end of the seed image YAML instead of a file upload, but it seems to validate there's either an .iso/raw/qcow2 on the end as if it were a file extension which there is not so I haven't been able to get this to work
I'd also like to experiment with creating disk images rather than isos at some point so I don't need to give my Harvester VMs a separate volume to later unmount but haven't got that far yet!
w
Yep, we recently merged https://github.com/rancher/elemental-operator/pull/682 which hopefully makes it to the next stable release which adds the .iso extension to the seedimage url!
👍 1
a
Oh amazing! Thanks for the heads up 🙌
👍 2
3 Views
Open in Slack
PreviousNext
Powered by