Running Flatcar Linux on EC2¶

The current AMIs for all Flatcar Linux channels and EC2 regions are listed below and updated frequently. Using CloudFormation is the easiest way to launch a cluster, but it is also possible to follow the manual steps at the end of the article. Questions can be directed to the Flatcar Linux IRC channel or user mailing list.

Choosing a channel¶

Flatcar Linux is designed to be updated automatically with different schedules per channel. You can disable this feature, although we don't recommend it. Read the release notes for specific features and bug fixes.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Flatcar Linux 1981.0.0.

View as json feed

EC2 Region	AMI Type	AMI ID
ap-northeast-1	PV	ami-0a9ca21966f1fef9d
ap-northeast-1	HVM	ami-06f2188035143d497
ap-northeast-2	PV
ap-northeast-2	HVM	ami-08f05cba369a54ac8
ap-south-1	PV
ap-south-1	HVM	ami-070ac8191e41b04f7
ap-southeast-1	PV	ami-0bf2ee3b4e8dc04a3
ap-southeast-1	HVM	ami-0102295aa83723ffd
ap-southeast-2	PV	ami-02a195227352ff1af
ap-southeast-2	HVM	ami-0bb6619b161e87519
ca-central-1	PV
ca-central-1	HVM	ami-01b2729e87ebadf8f
eu-central-1	PV	ami-0330aa7a545e240ea
eu-central-1	HVM	ami-0d7c7ebe8998162d9
eu-west-1	PV	ami-0701ce6cca908a651
eu-west-1	HVM	ami-05c4fbcf0a243655f
eu-west-2	PV
eu-west-2	HVM	ami-04f9425388f70174b
eu-west-3	PV
eu-west-3	HVM	ami-01a7ffd05fe0bc0bf
sa-east-1	PV	ami-0f9ca2c4c17e5f912
sa-east-1	HVM	ami-06787fb044ae3b410
us-east-1	PV	ami-03e1a33e8f5f7f4c0
us-east-1	HVM	ami-0c5732a49e63756d1
us-east-2	PV
us-east-2	HVM	ami-032ef25b66edd87fe
us-west-1	PV	ami-0a06264aa09262800
us-west-1	HVM	ami-0194861d2954fb5fb
us-west-2	PV	ami-0f7aff5b53332ca60
us-west-2	HVM	ami-01959bad890492937

The Beta channel consists of promoted Alpha releases. The current version is Flatcar Linux 1967.1.0.

View as json feed

EC2 Region	AMI Type	AMI ID
ap-northeast-1	PV	ami-0d28810bbfbd7d231
ap-northeast-1	HVM	ami-0316a869f1ccb1517
ap-northeast-2	PV
ap-northeast-2	HVM	ami-0ba8888303a5f7c02
ap-south-1	PV
ap-south-1	HVM	ami-022bc621c2ffa9ffc
ap-southeast-1	PV	ami-05f30eb104f1689ef
ap-southeast-1	HVM	ami-056a380adc24a9c03
ap-southeast-2	PV	ami-0061271e8f3b8f37d
ap-southeast-2	HVM	ami-0efdf0417e791f7ad
ca-central-1	PV
ca-central-1	HVM	ami-05429220b6a40e98b
eu-central-1	PV	ami-0b221b968899ae407
eu-central-1	HVM	ami-0065acab1d1bf55ce
eu-west-1	PV	ami-00711775741c369bc
eu-west-1	HVM	ami-03d1ee8d100680ebd
eu-west-2	PV
eu-west-2	HVM	ami-083210aeef606e26a
eu-west-3	PV
eu-west-3	HVM	ami-012626abac070e516
sa-east-1	PV	ami-0a19822dda24588af
sa-east-1	HVM	ami-06097ec6cc6f862dc
us-east-1	PV	ami-059404f585466379a
us-east-1	HVM	ami-0d6200f0b41dad61b
us-east-2	PV
us-east-2	HVM	ami-0b823a0b44f6a86e1
us-west-1	PV	ami-0968d12eeeef9e6d7
us-west-1	HVM	ami-0a8e2a5b6f133f144
us-west-2	PV	ami-064b7e685e12ae50f
us-west-2	HVM	ami-05a765a67a1e4b7d4

The Stable channel should be used by production clusters. Versions of Flatcar Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Flatcar Linux 1911.4.0.

View as json feed

EC2 Region	AMI Type	AMI ID
ap-northeast-1	PV	ami-0e6d0ec59650a6c2c
ap-northeast-1	HVM	ami-00411d41bbd2fcbdb
ap-northeast-2	PV
ap-northeast-2	HVM	ami-0a58d62a25c39a33e
ap-south-1	PV
ap-south-1	HVM	ami-02d071bf9eb3321ff
ap-southeast-1	PV	ami-03d61a40bdbb6c926
ap-southeast-1	HVM	ami-0f35b79282a8cef1c
ap-southeast-2	PV	ami-088b8d0f968e5080f
ap-southeast-2	HVM	ami-0a4f0c8275319b6ca
ca-central-1	PV
ca-central-1	HVM	ami-0229964ffae97efe5
eu-central-1	PV	ami-08d566274a1da04a8
eu-central-1	HVM	ami-0a03b13a5464911c9
eu-west-1	PV	ami-0da399c948f128c92
eu-west-1	HVM	ami-0058351d5d1da5b2d
eu-west-2	PV
eu-west-2	HVM	ami-0a97ebac4b222345b
eu-west-3	PV
eu-west-3	HVM	ami-0bdf732b1bedf282c
sa-east-1	PV	ami-0bb40ac27ac6d136c
sa-east-1	HVM	ami-0db680dff3ae81480
us-east-1	PV	ami-0c0b8f178d56dc8ba
us-east-1	HVM	ami-08be14c3bcc259652
us-east-2	PV
us-east-2	HVM	ami-0b6b145076f07823e
us-west-1	PV	ami-00e1ed486e1cd80eb
us-west-1	HVM	ami-0f7613320d41ff4e7
us-west-2	PV	ami-08e95fa471b9a8c72
us-west-2	HVM	ami-07e5a0b79f57ad766

CloudFormation will launch a cluster of Flatcar Linux machines with a security and autoscaling group.

Container Linux Configs¶

Flatcar Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features.

You can provide a raw Ignition config to Flatcar Linux via the Amazon web console or via the EC2 API.

As an example, this Container Linux Config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Instance storage¶

Ephemeral disks and additional EBS volumes attached to instances can be mounted with a .mount unit. Amazon's block storage devices are attached differently depending on the instance type. Here's the Container Linux Config to format and mount the first ephemeral disk, xvdb, on most instance types:

storage:
  filesystems:
    - mount:
        device: /dev/xvdb
        format: ext4
        wipe_filesystem: true

systemd:
  units:
    - name: media-ephemeral.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/xvdb
        Where=/media/ephemeral
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Amazon's own documentation is the best source. You can also read about mounting storage on Flatcar Linux.

Adding more machines¶

To add more instances to the cluster, just launch more with the same Container Linux Config, the appropriate security group and the AMI for that region. New instances will join the cluster regardless of region if the security groups are configured correctly.

SSH to your instances¶

Flatcar Linux is set up to be a little more secure than other cloud images. By default, it uses the core user instead of root and doesn't use a password for authentication. You'll need to add an SSH key(s) via the AWS console or add keys/passwords via your Container Linux Config in order to log in.

To connect to an instance after it's created, run:

ssh core@<ip address>

Multiple clusters¶

If you would like to create multiple clusters you will need to change the "Stack Name". You can find the direct template file on S3.

Manual setup¶

TL;DR: launch three instances of ami-03e1a33e8f5f7f4c0 in us-east-1 with a security group that has open port 22, 2379, 2380, 4001, and 7001 and the same "User Data" of each host. SSH uses the core user and you have etcd and Docker to play with.

Creating the security group¶

You need open port 2379, 2380, 7001 and 4001 between servers in the etcd cluster. Step by step instructions below.

This step is only needed once

First we need to create a security group to allow Flatcar Linux instances to communicate with one another.

Go to the security group page in the EC2 console.
Click "Create Security Group"
- Name: flatcar-testing
- Description: Flatcar Linux instances
- VPC: No VPC
- Click: "Yes, Create"
In the details of the security group, click the Inbound tab
First, create a security group rule for SSH
- Create a new rule: SSH
- Source: 0.0.0.0/0
- Click: "Add Rule"
Add two security group rules for etcd communication
- Create a new rule: Custom TCP rule
- Port range: 2379
- Source: type "flatcar-testing" until your security group auto-completes. Should be something like "sg-8d4feabc"
- Click: "Add Rule"
- Repeat this process for port range 2380, 4001 and 7001 as well
Click "Apply Rule Changes"

Launching a test cluster¶

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

Open the quick launch wizard to boot ami-03e1a33e8f5f7f4c0.
On the second page of the wizard, launch 3 servers to test our clustering
- Number of instances: 3
- Click "Continue"
Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:3
- Paste configuration into "User Data"
- "Continue"
Storage Configuration
- "Continue"
Tags
- "Continue"
Create Key Pair
- Choose a key of your choice, it will be added in addition to the one in the gist.
- "Continue"
Choose one or more of your existing Security Groups
- "flatcar-testing" as above.
- "Continue"
Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

Open the quick launch wizard to boot ami-059404f585466379a.
On the second page of the wizard, launch 3 servers to test our clustering
- Number of instances: 3
- Click "Continue"
Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:4
- Paste configuration into "User Data"
- "Continue"
Storage Configuration
- "Continue"
Tags
- "Continue"
Create Key Pair
- Choose a key of your choice, it will be added in addition to the one in the gist.
- "Continue"
Choose one or more of your existing Security Groups
- "flatcar-testing" as above.
- "Continue"
Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

Open the quick launch wizard to boot ami-0c0b8f178d56dc8ba.
On the second page of the wizard, launch 3 servers to test our clustering
- Number of instances: 3
- Click "Continue"
Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:5
- Paste configuration into "User Data"
- "Continue"
Storage Configuration
- "Continue"
Tags
- "Continue"
Create Key Pair
- Choose a key of your choice, it will be added in addition to the one in the gist.
- "Continue"
Choose one or more of your existing Security Groups
- "flatcar-testing" as above.
- "Continue"
Launch!

Installation from a VMDK image¶

One of the possible ways of installation is to import the generated VMDK Flatcar image as a snapshot. The image file will be in https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2. Make sure you download the signature (it's available in https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2.sig) and check it before proceeding.

$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2
$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2.sig
$ gpg --verify flatcar_production_ami_vmdk_image.vmdk.bz2.sig
gpg: assuming signed data in 'flatcar_production_ami_vmdk_image.vmdk.bz2'
gpg: Signature made Thu 15 Mar 2018 10:27:57 AM CET
gpg:                using RSA key A621F1DA96C93C639506832D603443A1D0FC498C
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [ultimate]

Then, follow the instructions in Importing a Disk as a Snapshot Using VM Import/Export. You'll need to upload the uncompressed vmdk file to S3.

After the snapshot is imported, you can go to "Snapshots" in the EC2 dashboard, and generate an AMI image from it. To make it work, use /dev/sda2 as the "Root device name" and you probably want to select "Hardware-assisted virtualization" as "Virtualization type".

In the future we'll upload AMIs directly during the build process so this will be much easier.

Using Flatcar Linux¶

Now that you have a machine booted it is time to play around. Check out the Flatcar Linux Quickstart guide or dig into more specific topics.

Keys	Action
`?`	Open this help
`←`	Previous page
`→`	Next page
`s`	Search