The official Fedora CoreOS documentation provides a way to provision a Raspberry Pi 4b, but their instructions are only written for users that already have a RHEL derivative. The logic contained here containerizes the process, allowing any system with a functional (podman or docker) container engine and a working make installation to provision FCOS for Pis.
The process is encapsulated in Make targets so that it can easily be include-ed into other Makefiles or embedded into pipelines.
The default build-fcos-image target handles basic variable substitution, converting your butane file into an ignition file, running the coreos-installer application, and updating the EFI partition. In order to run this target, you must set the following environment variables:
FCOS_DISKdefines the device the image should be written to. For Raspberry Pis, this will almost always be an SD card.BUTANE_FILEdefines the butane config the FCOS image should ignite from. For Fedora CoreOS, the latest spec (at the time of writing) is defined here, and helpful examples are available here. Thebuild-fcos-imagetarget also performs basic variable substitution on theBUTANE_FILE. If theBUTANE_FILEcontains environment variables, its expected that those are defined as non-empty strings. Refer to the example for more information.
Caution
The device specified by FCOS_DISK will be overwritten upon invoking make. This process is irreversible, and the value of FCOS_DISK should be double-checked before running!
Warning
In order to mount the FCOS_DISK to the coreos-installer container, the container must be run in --privileged mode. On most systems, this will require running make as root (you can also invoke a subshell via sudo with sudo sh -c "FCOS_DISK=... make", if you prefer). On systems that utilize SELinux, see the troubleshooting section for more info.
As mentioned above, the BUTANE_FILE specified defines the other environment variables that need to be set. The example file, for instance, includes a ${FCOS_USER} and ${PUBLIC_SSH_KEY} reference, so when we invoke make with BUTANE_FILE=./example.bu, we also need to include values for FCOS_USER and PUBLIC_SSH_KEY.
Run the following, substituting them for real values:
BUTANE_FILE=./example.bu FCOS_USER=myuser PUBLIC_SSH_KEY=mysshkey FCOS_DISK=mysdcard makeOnce the the process is complete, eject the micro SD, insert it into the Pi 4, attach it to a display, and power it on. You should be able to watch the ignition process configure the OS on first boot. After it's complete, validate your user was created successfully by ssh-ing into the machine using the private half of the key provided earlier.
If needed, the ignition file created from your BUTANE_FILE used to configure the machine will saved as ./config.ign, and can be used to double-check any substitution or (mis)configuration issues that appear.
Each time its invoked, the build-fcos-image runs the coreos-installer container, which, re-downloads the FCOS image file. Doing this repeatedly wastes time and adds burden to network resources.
You can cache the image file by running
DOWNLOAD_DIR=/tmp make download-fcos-imageThe full path to the downloaded image is printed as the last line of output. export or include it when invoking make build-fcos-image like the following
... FCOS_IMAGE_FILE=<path to file> ... make build-fcos-imageThe Makefile defined here ships with a help target (shamelessly stolen from the one operator-sdk gives you). This is useful for discovering additional targets defined by this Makefile or other Makefiles that include this one.
make helpThe build-fcos-image target makes use of containers running in --privileged mode to flash the disk, which A) requires root permissions, and B) may conflict with selinux's default policies on certain machines.
If you get any selinux looking errors, you may need to run
setsebool -P container_use_devices=trueprior to running make.