titanz/Fedora-CoreOS-Ignition
1
0
Fork 0
mirror of https://github.com/TommyTran732/Fedora-CoreOS-Ignition.git synced 2025-06-26 11:04:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: titanz:776c3ef8d3edfb977b615f8ba4b6e353a9b49374
Branches Tags
titanz:main
...
compare: titanz:9471469ccaa93e932a16c74f72eae98b11694870
Branches Tags
titanz:main

2 Commits
776c3ef8d3 ... 9471469cca

Author SHA1 Message Date
Tommy
9471469cca
Remove FCOS 40 -> 41 notes 
Signed-off-by: Tommy <contact@tommytran.io>
 2025-05-28 18:19:28 -07:00
Tommy
34046ac8f9
Update kargs 
Signed-off-by: Tommy <contact@tommytran.io>
 2025-05-28 18:19:01 -07:00
3 changed files with 4 additions and 17 deletions
Show Stats Expand all files Collapse all files

16
README.md
View File

@ -6,18 +6,4 @@ Ignition configurations for Fedora CoreOS<br />
2. Only ED25519 SSH keys are accepted with the SSHD hardening configuration. If you do not use ED25519 keys, you will need to adjust the `/etc/ssh/sshd_config.d/10-custom.conf` file accordingly.
3. If you create a passwordless user that requires administrative privileges, ensure that it is part of the `sudo` group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
4. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from `virtual-guest` appropriately.
5. The docker-compose-updater.service in `/etc/systemd/system` can be enabled to have automatic updates for your containers created by Docker Compose.
# Upgrading from Fedora CoreOS 40 to 41
I am aware of a dependency issue which may cause the system to not automatically update itself to FCOS 41. To fix the problem, run:
```
systemctl stop zincati
rpm-ostree remove docker-ce
rpm-ostree override reset --all
rpm-ostree upgrade
rpm-ostree override remove cifs-utils containerd docker-cli dnsmasq google-compute-engine-guest-configs-udev iptables-legacy iptables-legacy-libs moby-engine runc samba-client-libs samba-common libwbclient libsmbclient samba-common-libs sssd-client sssd-ldap sssd-common sssd-krb5-common sssd-nfs-idmap sssd-ad sssd-krb5 sssd-ipa sssd-common-pac systemd-resolved
rpm-ostree install docker-ce
reboot
```
5. The docker-compose-updater.service in `/etc/systemd/system` can be enabled to have automatic updates for your containers created by Docker Compose.

2
x86.ign
View File

File diff suppressed because one or more lines are too long

3
x86.yml
View File

@ -276,6 +276,8 @@ kernel_arguments:
- kvm.nx_huge_pages=force
- nosmt=force
- l1d_flush=on
- l1tf=full,force
- kvm-intel.vmentry_l1d_flush=always
- spec_rstack_overflow=safe-ret
- gather_data_sampling=force
- reg_file_data_sampling=on
@ -298,6 +300,5 @@ kernel_arguments:
- debugfs=off
- lockdown=confidentiality
- module.sig_enforce=1
- oops=panic
- console=tty0
- console=ttyS0,115200