Page
Modify the ignition files
This lesson will walk you through the process of modifying ignition files for Red Hat Enterprise Linux CoreOS (RHCOS).
In order to get full benefit from taking this lesson, you need:
- The Red Hat Enterprise Linux installer
In this lesson, you will:
- Write a patch.
- Modify configuration files in Red Hat Enterprise Linux CoreOS (RHCOS).
Modify ignition
The RHCOS installer relies on ignition files for some aspects of the configuration, such as disk partitioning, filesystem creation, user setup, and systemd units. Because our existing cluster is using self-signed certificates, we need to modify the initial ignition files to include the CA and a systemd unit to trust the CA that runs post-first boot.
First, let's get the initial ignition from the existing cluster:
oc extract secret/worker-user-data-managed -n openshift-machine-api --keys=userData --to=- > worker.ignNext, let's write a patch for the ignition:
❯ cat add-ca.bu
variant: fcos
version: 1.4.0
storage:
files:
- path: /etc/pki/ca-trust/source/anchors/mcs-ca.pem
mode: 0644
contents:
inline: |
-----BEGIN CERTIFICATE-----
<REDACTED>
-----END CERTIFICATE-----
systemd:
units:
- name: update-ca-trust.service
enabled: true
contents: |
[Unit]
Description=Update CA certificates
Before=ignition-firstboot-complete.service
[Service]
Type=oneshot
ExecStart=/usr/bin/update-ca-trust extract
[Install]
WantedBy=multi-user.target
❯ butane add-ca.bu -o add-ca.ignWe’re writing the patch using Butane. This tool can translate user-readable Butane Configs into machine-readable Ignition Configs.
Optionally, we can also modify the ignition to include an SSH key to allow for troubleshooting the cluster join process post-install:
❯ cat add-ssh-key.bu
variant: fcos
version: 1.4.0
passwd:
users:
- name: core
ssh_authorized_keys:
- "ssh-ed25519 <REDACTED>"
❯ butane ssh-key.bu -o ssh-key.ignThe ignition is now served by the HTTP server.
In the next lesson, you will learn how to boot and install the LPAR, join the node, and deploy an s390x architecture to it.
