Fedora 22's Atomic Host dropped most of cockpit from its ostree tree in favor of running cockpit in a container. Matt Micene blogged about running cockpit-in-a-container with systemd, but people have expressed interest in learning how to start this container automatically, with cloud-init and/or kickstart.
Referencing the sample cockpitws.service
file from Matt's post, and using cloud-init's cloud-config-write-files functionality, I started out with this service file:
[Unit]
Description=Cockpit Web Interface
Requires=docker.service
After=docker.service
[Service]
Restart=on-failure
RestartSec=10
ExecStart=/usr/bin/docker run --rm --privileged --pid host -v /:/host --name %p fedora/cockpitws /container/atomic-run --local-ssh
ExecStop=-/usr/bin/docker stop -t 2 %p
[Install]
WantedBy=multi-user.target
Next, I converted the service file to base 64, for inclusion in the cloud-init user-data file:
$ base64 cockpitws.service
W1VuaXRdCkRlc2NyaXB0aW9uPUNvY2twaXQgV2ViIEludGVyZmFjZQpSZXF1aXJlcz1kb2NrZXIu
c2VydmljZQpBZnRlcj1kb2NrZXIuc2VydmljZQoKW1NlcnZpY2VdClJlc3RhcnQ9b24tZmFpbHVy
ZQpSZXN0YXJ0U2VjPTEwCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1wcml2
aWxlZ2VkIC0tcGlkIGhvc3QgLXYgLzovaG9zdCAtLW5hbWUgJXAgZmVkb3JhL2NvY2twaXR3cyAv
Y29udGFpbmVyL2F0b21pYy1ydW4gLS1sb2NhbC1zc2gKRXhlY1N0b3A9LS91c3IvYmluL2RvY2tl
ciBzdG9wIC10IDIgJXAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
Referencing another of Matt's posts, on cloud-init, I made this simple user-data file, which combines the write-files cloud-config bit for writing the service file with the cloud-config-run-cmds feature for enabling and starting the service:
#cloud-config
password: atomic
chpasswd: { expire: False }
ssh_pwauth: True
write_files:
- encoding: b64
content: W1VuaXRdCkRlc2NyaXB0aW9uPUNvY2twaXQgV2ViIEludGVyZmFjZQpSZXF1aXJlcz1kb2NrZXIuc2VydmljZQpBZnRlcj1kb2NrZXIuc2VydmljZQoKW1NlcnZpY2VdClJlc3RhcnQ9b24tZmFpbHVyZQpSZXN0YXJ0U2VjPTEwCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1wcml2aWxlZ2VkIC0tcGlkIGhvc3QgLXYgLzovaG9zdCAtLW5hbWUgJXAgZmVkb3JhL2NvY2twaXR3cyAvY29udGFpbmVyL2F0b21pYy1ydW4gLS1sb2NhbC1zc2gKRXhlY1N0b3A9LS91c3IvYmluL2RvY2tlciBzdG9wIC10IDIgJXAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
owner: root:root
path: /etc/systemd/system/cockpitws.service
permissions: '0644'
runcmd:
- [ systemctl, daemon-reload ]
- [ systemctl, enable, cockpitws.service ]
- [ systemctl, start, --no-block, cockpitws.service ]
Upon booting up a new Fedora Atomic 22 VM using this cloud-init configuration, I see that the cockpitws service has started, and that docker is pulling down the cockpit image as expected. Once the container is running, you'll be able to access the cockpit ui at port 9090 of your atomic host. On subsequent reboots, the cockpit container image will already be in place, and should start automatically.
It looks like cloud-final hangs when I pass
in the user-data and without it, I can't seem to get systemd to enable cockpitws for this run b/c i think it starts too late. Looking around at other options, it looks like coreos wrote their own cloud-config module to handle some service starting things, this could be why.