#!ipxe
# Boot a persistent RancherOS to RAM
# Location of Kernel/Initrd images
set base-url http://releases.rancher.com/os/latest
kernel ${base-url}/vmlinuz rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] rancher.cloud_init.datasources=[url:http://example.com/cloud-config]
initrd ${base-url}/initrd
boot
From RancherOS v0.9.0, secrets can be put on the kernel parameters line afer a -- double dash, and they will be not be shown in any /proc/cmdline. These parameters
will be passed to the RancherOS init process and stored in the root accessible /var/lib/rancher/conf/cloud-init.d/init.yml file, and are available to the root user from the ros config commands.
For example, the kernel line above could be written as:
kernel ${base-url}/vmlinuz rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] -- rancher.cloud_init.datasources=[url:http://example.com/cloud-config]
The hidden part of the command line can be accessed with either sudo ros config get rancher.environment.EXTRA_CMDLINE, or by using a service file’s environment array.
An example service.yml file:
test:
image: alpine
command: echo "tell me a secret ${EXTRA_CMDLINE}"
labels:
io.rancher.os.scope: system
environment:
- EXTRA_CMDLINE
When this service is run, the EXTRA_CMDLINE will be set.
Valid cloud-init datasources for RancherOS.
| type | default | |
|---|---|---|
| ec2 | ec2’s DefaultAddress | |
| file | path | |
| cmdline | /media/config-2 | |
| configdrive | ||
| digitalocean | DefaultAddress | |
| ec2 | DefaultAddress | |
| file | path | |
| gce | ||
| packet | DefaultAddress | |
| url | url | |
| vmware | set guestinfo cloud-init or interface data as per VMware ESXi |
|
| * | This will add [“configdrive”, “vmware”, “ec2”, “digitalocean”, “packet”, “gce”] into the list of datasources to try |
When booting via iPXE, RancherOS can be configured using a cloud-config file.