If you would rather bootstrap your hosts manually, or wish to develop your own automation, follow this step-by-step guide.
SSH onto your host:
ssh -i <path to private key> root@<ip> # or use the hostname if you have it set upNote: You will have to run most, if not all, the following bootstrap commands as a privileged user.
Liquid Metal relies on a feature of firecracker which is not yet released in the upstream repo. Therefore we maintain our own fork, and create releases based on latest of the upstream project along with the feature we require.
Install the latest feature release from here.
Flintlock uses containerd's devmapper snapshotter to manage microvm volume layers. To store the layers and snapshots we need to provide a thinpool backed by a blank block-device.
Note: If you do not have a spare block device you can provision a thinpool using sparse files and loop devices (see this script here), but please be aware that this is not a production-ready setup.
To provision the Direct LVM thinpool, you can run this script on your device:
curl https://raw.githubusercontent.com/weaveworks-liquidmetal/flintlock/main/hack/scripts/direct_lvm.sh > direct_lvm.sh
chmod +x direct_lvm.sh
lsblk # discover name of spare block device
./direct_lvm.sh -d <device name>This will create a thinpool named flintlock-thinpool.
You can read more about this setup, and see individual instructions, in the docker docs.
Install containerd on the host
at /usr/local/bin/containerd.
Create containerd's state, config and run directories:
mkdir -p /var/lib/containerd/snapshotter/devmapper
mkdir -p /run/containerd/
mkdir -p /etc/containerd/Create a file /etc/containerd/config.toml containing the following:
cat << 'EOF' >> /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
[grpc]
address = "/run/containerd/containerd.sock"
[metrics]
address = "127.0.0.1:1338"
[plugins]
[plugins."io.containerd.snapshotter.v1.devmapper"]
pool_name = "flintlock-thinpool"
root_path = "/var/lib/containerd/snapshotter/devmapper"
base_image_size = "10GB"
discard_blocks = true
[debug]
level = "trace"
EOFNote: remember to change the value of
pool_nameif you chose a different one.
We will be using systemd to run containerd. Create a containerd service file:
curl https://raw.githubusercontent.com/containerd/containerd/main/containerd.service > /etc/systemd/system/containerd.service
chmod 0664 /etc/systemd/system/containerd.serviceEnable and start the service:
systemctl enable containerd
systemctl start containerdVerify that it is running with systemctl status containerd. Logs can be seen
with journalctl -u containerd.
Install the latest flintlock release
on the host at /usr/local/bin/flintlockd.
We will also be using systemd to run flintlock. Create a flintlock service and environment file:
curl https://raw.githubusercontent.com/weaveworks-liquidmetal/flintlock/main/flintlockd.service > /etc/systemd/system/flintlockd.service
chmod 0664 /etc/systemd/system/flintlockd.serviceSet the correct network argument:
PARENT=$(ip route show | awk '/default/ {print $5}')
sed -i "s/PARENT_IFACE/$PARENT_IFACE/" /etc/systemd/system/flintlockd.serviceEnable and start the service:
systemctl enable flintlockd
systemctl start flintlockdVerify that it is running with systemctl status flintlockd. Logs can be seen
with journalctl -u flintlockd.
When you see that the flintlock service has successfully started, your host is fully bootstrapped! If you like you can test it out by creating a microvm with this tool.
If you created multiple hosts earlier, repeat all the steps above.