Skip to content

Getting started with Docker

In this tutorial, we'll run matchbox on a Linux machine with Docker to network boot and provision local QEMU/KVM machines as Fedora CoreOS or Flatcar Linux machines. You'll be able to test network setups and Ignition provisioning.

Note

To provision physical machines, see network setup and deployment.

Requirements

Install the package dependencies and start the Docker daemon.

$ # Fedora
$ sudo dnf install docker virt-install virt-manager
$ sudo systemctl start docker

$ # Debian/Ubuntu
$ # check Docker's docs to install Docker 1.8+ on Debian/Ubuntu
$ sudo apt-get install virt-manager virtinst qemu-kvm

Clone the matchbox source which contains the examples and scripts.

$ git clone https://github.com/poseidon/matchbox.git
$ cd matchbox

Download Fedora CoreOS or Flatcar Linux image assets to examples/assets.

$ ./scripts/get-fedora-coreos stable 36.20220906.3.2 ./examples/assets
$ ./scripts/get-flatcar stable 3227.2.0 ./examples/assets

For development convenience, add /etc/hosts entries for nodes so they may be referenced by name.

# /etc/hosts
...
172.17.0.21 node1.example.com
172.17.0.22 node2.example.com
172.17.0.23 node3.example.com

Containers

Run the matchbox and dnsmasq services on the docker0 bridge. dnsmasq will run DHCP, DNS and TFTP services to create a suitable network boot environment. matchbox will serve configs to machines as they PXE boot.

The devnet convenience script can start these services and accepts the name of any example in examples.

$ sudo ./scripts/devnet create fedora-coreos

Inspect the logs.

$ sudo ./scripts/devnet status

Inspect the examples and Matchbox endpoints to see how machines (e.g. node1 with MAC 52:54:00:a1:9c:ae) are mapped to Profiles, and therefore iPXE and Ignition configs.

Manual

If you prefer to start the containers yourself, instead of using devnet,

$ sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/matchbox:Z -v $PWD/examples/groups/fedora-coreos:/var/lib/matchbox/groups:Z quay.io/poseidon/matchbox:latest -address=0.0.0.0:8080 -log-level=debug
$ sudo docker run --name dnsmasq --cap-add=NET_ADMIN -v $PWD/contrib/dnsmasq/docker0.conf:/etc/dnsmasq.conf:Z quay.io/poseidon/dnsmasq -d

Client VMs

Create QEMU/KVM VMs which have known hardware attributes. The nodes will be attached to the docker0 bridge, where Docker containers run.

$ sudo ./scripts/libvirt create

If you provisioned nodes with an SSH key, you can SSH after bring-up.

$ ssh core@node1.example.com

If you set a console=ttyS0 kernel arg, you can connect to the serial console of any node (ctrl+] to exit).

$ sudo virsh console node1

You can also use virt-manager to watch the console.

$ sudo virt-manager

Use the wrapper script to act on all nodes.

$ sudo ./scripts/libvirt [start|reboot|shutdown|poweroff|destroy]

Verify

The VMs should network boot and provision themselves as declared.

cat /etc/os-release

Clean up

Clean up the containers and VM machines.

$ sudo ./scripts/devnet destroy
$ sudo ./scripts/libvirt destroy

Going Further

Learn more about matchbox or explore the other examples.

Try different examples and Ignition declarations:

  • Declare an SSH authorized public key (see examples README)
  • Declare a systemd unit
  • Declare file or directory content