Containers. Need I say more? Probably not, but I will anyway.
If you haven’t heard of CoreOS, you’re missing out. CoreOS is a lightweight, open-source operating system designed for providing the necessary platform for clustered container deployments, while focusing on automation, ease of application deployment, security, reliability and scalability. One factor that makes CoreOS so appealing to businesses is its security. CoreOS was designed in such a way that it can only be logged into via ssh key authentication. In fact, the bootable ISO image is created with a config drive that contains your ssh key. That’s important. It also should indicate that the process of deploying a virtual machine for CoreOS isn’t exactly as cut and dry as other platforms.
Let me walk you through the process of deploying CoreOS as a virtual machine within VirtualBox. In the end, you’ll only be able to log into that VM by way of a machine that contains your ssh public key. Are you ready to type? Open up a terminal on your Linux machine and let’s do this.
Building the virtual disk
The first thing we’re going to do is create a new directory that will house some files. Issue the command mkdir -p /data/VirtualBox/Templates. Now change into that newly created directory with the command cd /data/VirtualBox/Templates.
NOTE: You can create any directory you need or even use an already existing directory.
We must download a handy script that will greatly simplify the building of our VDI file. Grab said script with the command:
Give that command executable permissions with the command chmod +x create-coreos-vdi.
SEE: Special report: The cloud v. data center decision (free PDF) (TechRepublic)
SEE: Why containers are critical to successful DevOps projects (Tech Pro Research)
Creating the image
Now we’re going to create an image, based on the CoreOS stable channel. To do this, issue the command:
./create-coreos-vdi -V stable
Once that command completes (it takes some time and might seem like it has stalled out, but it hasn’t), you’ll have the file coreos_production_XXX.vdi (Where XXX is the release number).
Creating the config drive
This next step is where we create a config drive that will contain our ssh keys, for authentication. This does require you to already have an ssh key created. If you don’t, the process is a simple command ssh-keygen -t rsa. Make sure to save the key with the default name and location.
With that key in place, you need to download another script with the command:
Give that script executable permissions with the command chmod +x create-basic-configdrive and then execute the command with:
./create-basic-configdrive -H mycore -S ~/.ssh/id_rsa.pub
Instead of mycore, you can name this whatever you want. Just remember the name, as you’ll be using it in a moment. The above command will create an ISO that configures your virtual machine to accept your ssh key for authentication.
Resizing your virtual machine
What we have so far is the coreos_production_XXX.vdi (the file we’ll used to build the virtual machine) and the mycore.iso (the image we’ll apply that contains the ssh key config information).
The first we’re going to do is clone the vdi image (you’ll want to base all of your CoreOS deployments from this). Issue the following command:
VBoxManage clonehd coreos_production_XXX.vdi mycore.vdi
Where XXX is the release number.
NOTE: You can name resultant .vdi file to whatever you need.
Next we need to resize the virtual disk with the command:
VBoxManage modifyhd mycore.vdi --resize 20000
You can resize that vdi file to whatever fits your needs.
Deploying the virtual machine
Now go about the process of creating the VirtualBox virtual machine in your usual fashion. There is only one difference here. Once you’ve created the virtual machine, you must attach the mycore.iso. To do this, open up the Settings for your newly created CoreOS virtual machine and click on the Storage section. Select the Controller: IDE section, click the + button, and, from the popup, click the + button for Adds Optical Drive. You will then locate and select the mycore.iso file (Figure A).
You will also want to make sure to set the Networking for your VM to Bridged Adapter (otherwise you won’t be able to reach the VM from your network).
Booting and logging in
At this point, start up your CoreOS virtual machine. When it finally boots, you will be presented with the IP address of the VM. Go to your machine that contains the public ssh key used for the config drive and login with ssh core@SERVER_IP (Where SERVER_IP is the address of the server). You will not be prompted for a password, because CoreOS is using your ssh key for authentication (Figure B). Only machines with that key will be able to log into the virtual machine.
Worth the trouble
You might think this a too-complicated means to create a virtual machine, but CoreOS is worth the trouble. With the security of knowing it can only be logged in from specific machines, you can better control who gains access and who can manage your container deployments.