Running Flatcar Linux on EC2¶

The current AMIs for all Flatcar Linux channels and EC2 regions are listed below and updated frequently. Using CloudFormation is the easiest way to launch a cluster, but it is also possible to follow the manual steps at the end of the article. Questions can be directed to the Flatcar Linux IRC channel or user mailing list.

Choosing a channel¶

Flatcar Linux is designed to be updated automatically with different schedules per channel. You can disable this feature, although we don't recommend it. Read the release notes for specific features and bug fixes.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Flatcar Linux 2051.0.0.

View as json feed

EC2 Region	AMI Type	AMI ID
ap-northeast-1	PV	ami-085c4b5f0082cc329
ap-northeast-1	HVM	ami-018d91eaba764d871
ap-northeast-2	PV
ap-northeast-2	HVM	ami-0058641071b16b9f0
ap-south-1	PV
ap-south-1	HVM	ami-0c446037d3974411f
ap-southeast-1	PV	ami-08a9e40940f89311a
ap-southeast-1	HVM	ami-01f2c49ba081d202a
ap-southeast-2	PV	ami-0ed20f0ea90fc5e7b
ap-southeast-2	HVM	ami-0246d5a10c363d7c1
ca-central-1	PV
ca-central-1	HVM	ami-02ba4a618740dd686
eu-central-1	PV	ami-04e8cb3d0339be45c
eu-central-1	HVM	ami-06f35bbed2827a1b6
eu-west-1	PV	ami-0d7e1546a559b02f1
eu-west-1	HVM	ami-0409e46d188fb047a
eu-west-2	PV
eu-west-2	HVM	ami-046308c3bc44dec62
eu-west-3	PV
eu-west-3	HVM	ami-0b27b2083aee39d27
sa-east-1	PV	ami-0e85ecb7cf21b2f0d
sa-east-1	HVM	ami-07f1a2affc5f4ac6c
us-east-1	PV	ami-0ded16c8d20a8afac
us-east-1	HVM	ami-0dac75eb5f07d7ef9
us-east-2	PV
us-east-2	HVM	ami-08a93bdd7cb5067c8
us-west-1	PV	ami-0d28e2fab0fe7a93c
us-west-1	HVM	ami-0dea053197031d708
us-west-2	PV	ami-01b16864bcee70e0f
us-west-2	HVM	ami-096a9bb74264d3c58

The Beta channel consists of promoted Alpha releases. The current version is Flatcar Linux 2023.3.0.

View as json feed

EC2 Region	AMI Type	AMI ID
ap-northeast-1	PV	ami-042d7913e7d50cb88
ap-northeast-1	HVM	ami-075cc133a5b5a32c1
ap-northeast-2	PV
ap-northeast-2	HVM	ami-0bcc2a78344e7e475
ap-south-1	PV
ap-south-1	HVM	ami-029309f1fa3bb2419
ap-southeast-1	PV	ami-09cb768529381f392
ap-southeast-1	HVM	ami-0bca251c835c11dbd
ap-southeast-2	PV	ami-0b560071998d2662e
ap-southeast-2	HVM	ami-06630946af856bcfc
ca-central-1	PV
ca-central-1	HVM	ami-0a2af2879ce0ea642
eu-central-1	PV	ami-025028576d8aea95f
eu-central-1	HVM	ami-09ff472b03bca826a
eu-west-1	PV	ami-05a73501629c44e65
eu-west-1	HVM	ami-0cdaeac75c2a91861
eu-west-2	PV
eu-west-2	HVM	ami-003cccfd8846d93f4
eu-west-3	PV
eu-west-3	HVM	ami-042c2f6fbc20a5199
sa-east-1	PV	ami-014ae06d9421aa1f0
sa-east-1	HVM	ami-0cf8ac87f61f08f27
us-east-1	PV	ami-0f8855c301a53eaaa
us-east-1	HVM	ami-0a8eea1b9a4e12b21
us-east-2	PV
us-east-2	HVM	ami-0f992a3cf6ffaebf2
us-west-1	PV	ami-01651ca406d9bee75
us-west-1	HVM	ami-07a651357098dff24
us-west-2	PV	ami-0383ebbf4b47f14d1
us-west-2	HVM	ami-0b94bc4c7e24e6435

The Stable channel should be used by production clusters. Versions of Flatcar Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Flatcar Linux 1967.6.0.

View as json feed

EC2 Region	AMI Type	AMI ID
ap-northeast-1	PV	ami-004afed1ed2907783
ap-northeast-1	HVM	ami-0b40862ce2d20b0d9
ap-northeast-2	PV
ap-northeast-2	HVM	ami-0d2779e79169cd86f
ap-south-1	PV
ap-south-1	HVM	ami-03bf7c3a2173b4d5e
ap-southeast-1	PV	ami-0e114846f4bfb2f3e
ap-southeast-1	HVM	ami-058590fcfd5a7e0fc
ap-southeast-2	PV	ami-04df2d6ff8e80dea0
ap-southeast-2	HVM	ami-0b9d190cbd782375c
ca-central-1	PV
ca-central-1	HVM	ami-02edf8ee099d6945b
eu-central-1	PV	ami-0fdaca3e79deaeb6b
eu-central-1	HVM	ami-0ef859f15322d6faa
eu-west-1	PV	ami-0f20b754f69073d1c
eu-west-1	HVM	ami-0c9365f2a0403847a
eu-west-2	PV
eu-west-2	HVM	ami-09db69e07427bcfb3
eu-west-3	PV
eu-west-3	HVM	ami-0afb61a44c33732fb
sa-east-1	PV	ami-07a0aacb01d999336
sa-east-1	HVM	ami-0a4c81e060e214622
us-east-1	PV	ami-09022c36533a2ee06
us-east-1	HVM	ami-07b85463626057451
us-east-2	PV
us-east-2	HVM	ami-08ca66a70bb00133a
us-west-1	PV	ami-0258860090288c3a4
us-west-1	HVM	ami-0745bc9a724a4bab9
us-west-2	PV	ami-04c28852bd0a9951f
us-west-2	HVM	ami-0f3aa0ddacbad1308

CloudFormation will launch a cluster of Flatcar Linux machines with a security and autoscaling group.

Container Linux Configs¶

Flatcar Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features.

You can provide a raw Ignition config to Flatcar Linux via the Amazon web console or via the EC2 API.

As an example, this Container Linux Config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Instance storage¶

Ephemeral disks and additional EBS volumes attached to instances can be mounted with a .mount unit. Amazon's block storage devices are attached differently depending on the instance type. Here's the Container Linux Config to format and mount the first ephemeral disk, xvdb, on most instance types:

storage:
  filesystems:
    - mount:
        device: /dev/xvdb
        format: ext4
        wipe_filesystem: true

systemd:
  units:
    - name: media-ephemeral.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/xvdb
        Where=/media/ephemeral
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Amazon's own documentation is the best source. You can also read about mounting storage on Flatcar Linux.

Adding more machines¶

To add more instances to the cluster, just launch more with the same Container Linux Config, the appropriate security group and the AMI for that region. New instances will join the cluster regardless of region if the security groups are configured correctly.

SSH to your instances¶

Flatcar Linux is set up to be a little more secure than other cloud images. By default, it uses the core user instead of root and doesn't use a password for authentication. You'll need to add an SSH key(s) via the AWS console or add keys/passwords via your Container Linux Config in order to log in.

To connect to an instance after it's created, run:

ssh core@<ip address>

Multiple clusters¶

If you would like to create multiple clusters you will need to change the "Stack Name". You can find the direct template file on S3.

Manual setup¶

TL;DR: launch three instances of ami-0ded16c8d20a8afac in us-east-1 with a security group that has open port 22, 2379, 2380, 4001, and 7001 and the same "User Data" of each host. SSH uses the core user and you have etcd and Docker to play with.

Creating the security group¶

You need open port 2379, 2380, 7001 and 4001 between servers in the etcd cluster. Step by step instructions below.

This step is only needed once

First we need to create a security group to allow Flatcar Linux instances to communicate with one another.

Go to the security group page in the EC2 console.
Click "Create Security Group"
- Name: flatcar-testing
- Description: Flatcar Linux instances
- VPC: No VPC
- Click: "Yes, Create"
In the details of the security group, click the Inbound tab
First, create a security group rule for SSH
- Create a new rule: SSH
- Source: 0.0.0.0/0
- Click: "Add Rule"
Add two security group rules for etcd communication
- Create a new rule: Custom TCP rule
- Port range: 2379
- Source: type "flatcar-testing" until your security group auto-completes. Should be something like "sg-8d4feabc"
- Click: "Add Rule"
- Repeat this process for port range 2380, 4001 and 7001 as well
Click "Apply Rule Changes"

Launching a test cluster¶

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

Open the quick launch wizard to boot ami-0ded16c8d20a8afac.
On the second page of the wizard, launch 3 servers to test our clustering
- Number of instances: 3
- Click "Continue"
Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:3
- Paste configuration into "User Data"
- "Continue"
Storage Configuration
- "Continue"
Tags
- "Continue"
Create Key Pair
- Choose a key of your choice, it will be added in addition to the one in the gist.
- "Continue"
Choose one or more of your existing Security Groups
- "flatcar-testing" as above.
- "Continue"
Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

Open the quick launch wizard to boot ami-0f8855c301a53eaaa.
On the second page of the wizard, launch 3 servers to test our clustering
- Number of instances: 3
- Click "Continue"
Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:4
- Paste configuration into "User Data"
- "Continue"
Storage Configuration
- "Continue"
Tags
- "Continue"
Create Key Pair
- Choose a key of your choice, it will be added in addition to the one in the gist.
- "Continue"
Choose one or more of your existing Security Groups
- "flatcar-testing" as above.
- "Continue"
Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

Open the quick launch wizard to boot ami-09022c36533a2ee06.
On the second page of the wizard, launch 3 servers to test our clustering
- Number of instances: 3
- Click "Continue"
Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:5
- Paste configuration into "User Data"
- "Continue"
Storage Configuration
- "Continue"
Tags
- "Continue"
Create Key Pair
- Choose a key of your choice, it will be added in addition to the one in the gist.
- "Continue"
Choose one or more of your existing Security Groups
- "flatcar-testing" as above.
- "Continue"
Launch!

Installation from a VMDK image¶

One of the possible ways of installation is to import the generated VMDK Flatcar image as a snapshot. The image file will be in https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2. Make sure you download the signature (it's available in https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2.sig) and check it before proceeding.

$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2
$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2.sig
$ gpg --verify flatcar_production_ami_vmdk_image.vmdk.bz2.sig
gpg: assuming signed data in 'flatcar_production_ami_vmdk_image.vmdk.bz2'
gpg: Signature made Thu 15 Mar 2018 10:27:57 AM CET
gpg:                using RSA key A621F1DA96C93C639506832D603443A1D0FC498C
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [ultimate]

Then, follow the instructions in Importing a Disk as a Snapshot Using VM Import/Export. You'll need to upload the uncompressed vmdk file to S3.

After the snapshot is imported, you can go to "Snapshots" in the EC2 dashboard, and generate an AMI image from it. To make it work, use /dev/sda2 as the "Root device name" and you probably want to select "Hardware-assisted virtualization" as "Virtualization type".

In the future we'll upload AMIs directly during the build process so this will be much easier.

Using Flatcar Linux¶

Now that you have a machine booted it is time to play around. Check out the Flatcar Linux Quickstart guide or dig into more specific topics.

Keys	Action
`?`	Open this help
`←`	Previous page
`→`	Next page
`s`	Search