Booting RancherOS via iPXE

# Boot a persistent RancherOS to RAM

# Location of Kernel/Initrd images
set base-url

kernel ${base-url}/vmlinuz rancher.state.autoformat=[/dev/sda] rancher.cloud_init.datasources=[url:]
initrd ${base-url}/initrd

Hiding sensitive kernel commandline parameters

From RancherOS v0.9.0, secrets can be put on the kernel parameters line afer a -- double dash, and they will be not be shown in any /proc/cmdline. These parameters will be passed to the RancherOS init process and stored in the root accessible /var/lib/rancher/conf/cloud-init.d/init.yml file, and are available to the root user from the ros config commands.

For example, the kernel line above could be written as:

kernel ${base-url}/vmlinuz rancher.state.autoformat=[/dev/sda] -- rancher.cloud_init.datasources=[url:]

The hidden part of the command line can be accessed with either sudo ros config get rancher.environment.EXTRA_CMDLINE, or by using a service file’s environment array.

An example service.yml file:

  image: alpine
  command: echo "tell me a secret ${EXTRA_CMDLINE}"
    io.rancher.os.scope: system

When this service is run, the EXTRA_CMDLINE will be set.

cloud-init Datasources

Valid cloud-init datasources for RancherOS.

type default  
ec2 ec2’s DefaultAddress  
file path  
cmdline /media/config-2  
digitalocean DefaultAddress  
ec2 DefaultAddress  
file path  
packet DefaultAddress  
url url  
vmware   set guestinfo cloud-init or interface data as per VMware ESXi
* This will add [“configdrive”, “vmware”, “ec2”, “digitalocean”, “packet”, “gce”] into the list of datasources to try  


When booting via iPXE, RancherOS can be configured using a cloud-config file.