Skip to content

Instantly share code, notes, and snippets.

@jasonbrooks

jasonbrooks/cockpit-container-cloud-config.md

Last active August 21, 2017 03:03
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jasonbrooks/20cd3ebba36f851b957b to your computer and use it in GitHub Desktop.
Save jasonbrooks/20cd3ebba36f851b957b to your computer and use it in GitHub Desktop.
Download ZIP
run cockpit in a container, automatically, with cloud-init
Raw
cockpit-container-cloud-config.md

Fedora 22's Atomic Host dropped most of cockpit from its ostree tree in favor of running cockpit in a container. Matt Micene blogged about running cockpit-in-a-container with systemd, but people have expressed interest in learning how to start this container automatically, with cloud-init and/or kickstart.

cloud-init and cockpit

Referencing the sample cockpitws.service file from Matt's post, and using cloud-init's cloud-config-write-files functionality, I started out with this service file:

[Unit]
Description=Cockpit Web Interface
Requires=docker.service
After=docker.service

[Service]
Restart=on-failure
RestartSec=10
ExecStart=/usr/bin/docker run --rm --privileged --pid host -v /:/host --name %p fedora/cockpitws /container/atomic-run --local-ssh
ExecStop=-/usr/bin/docker stop -t 2 %p

[Install]
WantedBy=multi-user.target

Next, I converted the service file to base 64, for inclusion in the cloud-init user-data file:

$ base64 cockpitws.service

W1VuaXRdCkRlc2NyaXB0aW9uPUNvY2twaXQgV2ViIEludGVyZmFjZQpSZXF1aXJlcz1kb2NrZXIu
c2VydmljZQpBZnRlcj1kb2NrZXIuc2VydmljZQoKW1NlcnZpY2VdClJlc3RhcnQ9b24tZmFpbHVy
ZQpSZXN0YXJ0U2VjPTEwCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1wcml2
aWxlZ2VkIC0tcGlkIGhvc3QgLXYgLzovaG9zdCAtLW5hbWUgJXAgZmVkb3JhL2NvY2twaXR3cyAv
Y29udGFpbmVyL2F0b21pYy1ydW4gLS1sb2NhbC1zc2gKRXhlY1N0b3A9LS91c3IvYmluL2RvY2tl
ciBzdG9wIC10IDIgJXAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=

Referencing another of Matt's posts, on cloud-init, I made this simple user-data file, which combines the write-files cloud-config bit for writing the service file with the cloud-config-run-cmds feature for enabling and starting the service:

#cloud-config
password: atomic
chpasswd: { expire: False }
ssh_pwauth: True
write_files:
-   encoding: b64
    content: W1VuaXRdCkRlc2NyaXB0aW9uPUNvY2twaXQgV2ViIEludGVyZmFjZQpSZXF1aXJlcz1kb2NrZXIuc2VydmljZQpBZnRlcj1kb2NrZXIuc2VydmljZQoKW1NlcnZpY2VdClJlc3RhcnQ9b24tZmFpbHVyZQpSZXN0YXJ0U2VjPTEwCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1wcml2aWxlZ2VkIC0tcGlkIGhvc3QgLXYgLzovaG9zdCAtLW5hbWUgJXAgZmVkb3JhL2NvY2twaXR3cyAvY29udGFpbmVyL2F0b21pYy1ydW4gLS1sb2NhbC1zc2gKRXhlY1N0b3A9LS91c3IvYmluL2RvY2tlciBzdG9wIC10IDIgJXAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
    owner: root:root
    path: /etc/systemd/system/cockpitws.service
    permissions: '0644'
runcmd:
- [ systemctl, daemon-reload ]
- [ systemctl, enable, cockpitws.service ]
- [ systemctl, start, --no-block, cockpitws.service ]

Working!

Upon booting up a new Fedora Atomic 22 VM using this cloud-init configuration, I see that the cockpitws service has started, and that docker is pulling down the cockpit image as expected. Once the container is running, you'll be able to access the cockpit ui at port 9090 of your atomic host. On subsequent reboots, the cockpit container image will already be in place, and should start automatically.

@dustymabe
Copy link

This seems to work for me:

- [ systemctl, start, --no-block, cockpitws.service ]

From the systemctl man page this is what it does:

       --no-block
           Do not synchronously wait for the requested operation
           to finish. If this is not specified, the job will be
           verified, enqueued and systemctl will wait until it is
           completed. By passing this argument, it is only
           verified and enqueued.

@dustymabe
Copy link

Also I would suggest adding the following just so it is more clear what is going on:

$ cat cockpitws.service
[Unit]
Description=Cockpit Web Interface
Requires=docker.service
After=docker.service

[Service]
Restart=on-failure
RestartSec=10
ExecStart=/usr/bin/docker run --rm --privileged --pid host -v /:/host --name %p fedora/cockpitws /container/atomic-run --local-ssh
ExecStop=-/usr/bin/docker stop -t 2 %p

[Install]
WantedBy=multi-user.target
$
$ base64 cockpitws.service

W1VuaXRdCkRlc2NyaXB0aW9uPUNvY2twaXQgV2ViIEludGVyZmFjZQpSZXF1aXJlcz1kb2NrZXIu
c2VydmljZQpBZnRlcj1kb2NrZXIuc2VydmljZQoKW1NlcnZpY2VdClJlc3RhcnQ9b24tZmFpbHVy
ZQpSZXN0YXJ0U2VjPTEwCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1wcml2
aWxlZ2VkIC0tcGlkIGhvc3QgLXYgLzovaG9zdCAtLW5hbWUgJXAgZmVkb3JhL2NvY2twaXR3cyAv
Y29udGFpbmVyL2F0b21pYy1ydW4gLS1sb2NhbC1zc2gKRXhlY1N0b3A9LS91c3IvYmluL2RvY2tl
ciBzdG9wIC10IDIgJXAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=

@jasonbrooks
Copy link
Author

Thanks for the help, guys!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment