Skip to content

Latest commit

 

History

History
142 lines (104 loc) · 5.75 KB

platform-equinixmetal.md

File metadata and controls

142 lines (104 loc) · 5.75 KB
Raw

LinuxKit with bare metal on Equinix Metal

Equinix Metal is a bare metal hosting provider.

You will need to create an Equinix Metal account and a project to put this new machine into. You will also need to create an API key with appropriate read/write permissions to allow the image to boot.

The linuxkit run equinixmetal command can mostly either be configured via command line options or with environment variables. see linuxkit run equinixmetal --help for the options and environment variables.

By default, linuxkit run will provision a new machine and remove it once you are done. With the -keep option the provisioned machine will not be removed. You can then use the -device option with the device ID on subsequent linuxkit run invocations to re-use an existing machine. These subsequent runs will update the iPXE data so you can boot alternative kernels on an existing machine.

There is an example YAML file for x86_64 and an additional YAML for arm64 servers which provide both access to the serial console and via ssh and configures bonding for network devices via metadata (if supported).

For x86_64 builds for Intel servers we strongly recommend adding ucode: intel-ucode.cpio to the kernel section in the YAML. This updates the Intel CPU microcode to the latest by prepending it to the generated initrd file. The ucode entry is only recommended when booting on baremetal. It should be omitted (but is harmless) when building images to boot in VMs.

Note: The update of the iPXE configuration sometimes may take some time and the first boot may fail. Hitting return on the console to retry the boot typically fixes this.

Boot

LinuxKit on Equinix Metal boots the kernel+initrd output from moby via iPXE which also requires a iPXE script. iPXE booting requires a HTTP server on which you can store your images. The -base-url option specifies the URL to a HTTP server from which <name>-kernel, <name>-initrd.img, and <name>-equinixmetal.ipxe can be downloaded during boot.

If you have your own HTTP server, you can use linuxkit push equinixmetal to create the files (including the iPXE script) you need to make available.

If you don't have a public HTTP server at hand, you can use the -serve option. This will create a local HTTP server which can either be run on another Equinix Metal machine or be made accessible with tools like ngrok.

For example, to boot the example with a local HTTP server:

linuxkit build platform-equinixmetal.yml
# run the web server
# run 'ngrok http 8080' in another window
METAL_AUTH_TOKEN=<API key> METAL_PROJECT_ID=<Project ID> \
linuxkit run equinixmetal -serve :8080 -base-url <ngrok url> equinixmetal

To boot a arm64 image for Type 2a machine (-machine baremetal_2a) you currently need to build using linuxkit build equinixmetal.yml equinixmetal.arm64.yml and then un-compress both the kernel and the initrd before booting, e.g:

mv equinixmetal-initrd.img equinixmetal-initrd.img.gz && gzip -d equinixmetal-initrd.img.gz
mv equinixmetal-kernel equinixmetal-kernel.gz && gzip -d equinixmetal-kernel.gz

The LinuxKit image can then be booted with:

METAL_API_TOKEN=<API key> METAL_PROJECT_ID=<Project ID> \
linuxkit run equinixmetal -machine baremetal_2a  -serve :8080 -base-url -base-url <ngrok url> equinixmetal

Alternatively, linuxkit push equinixmetal will uncompress the kernel and initrd images on arm machines (or explicitly via the -decompress flag. There is also a linuxkit serve command which will start a local HTTP server serving the specified directory.

Note: It may take several minutes to deploy a new server. If you are attached to the console, you should see the BIOS and the boot messages.

Console

By default, linuxkit run equinixmetal ... will connect to the Equinix Metal SOS ("Serial over SSH") console. This requires ssh access, i.e., you must have uploaded your SSH keys to Equinix Metal beforehand.

You can exit the console vi ~. on a new line once you are disconnected from the serial, e.g. after poweroff.

Note: We also require that the Equinix Metal SOS host is in your known_hosts file, otherwise the connection to the console will fail. There is a Equinix Metal SOS host per zone.

You can disable the serial console access with the -console=false command line option.

Disks

At this moment the Linuxkit server boots from RAM, with no persistent storage. We are working on adding persistent storage support on Equinix Metal.

Networking

On the baremetal type 2a system (arm64 Cavium Thunder X) the network device driver does not get autoloaded by mdev. Please add:

  - name: modprobe
    image: linuxkit/modprobe:<hash>
    command: ["modprobe", "nicvf"]

to your YAML files before any containers requiring the network to be up, e.g., the dhcpcd container.

Some Equinix Metal server types have bonded networks; the metadata package has support for setting these up, and also for adding additional IP addresses.

Integration services and Metadata

Equinix Metal supports user state during system bringup, which enables the boot process to be more informative about the current state of the boot process once the kernel has loaded but before the system is ready for login.