Recently however, the Mac OS X has been the target of ransomware. Enterprise-level security solutions provider Palo Alto Networks was the first to spot the malware. According to the company’s blog, the attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. This technical architecture ebook goes through the features and functionality of Rancher, the enterprise Kubernetes platform. Learn about RKE, Unified Cluster Management, Application, Workload Management, High Availability, Scalability, and the Rancher API. Read it here.
Rancher OS is a container operating system. It is used to build a very lightweight Docker host that can run on very low spec hardware. It’s does not need much memory to run. Docker is preinstalled and preconfigured on Rancher OS. So, you don’t have to do anything other than installing Rancher OS on your machine. You can get started with Docker fast with Rancher OS.
In this article, I will show you how to install Rancher OS on your computer. I will be using a VMware virtual machine to show you how to install Rancher OS on your hard drive. But you can easily install it Bare-Metal (on real computers) with just a few changes that I think you will be able to figure out on your own. So, let’s get started.
To install Rancher OS, you should have,
Downloading Rancher OS:
You can download an ISO installer image of Rancher OS from the official GitHub repository of Rancher OS. To download the Racher OS ISO image, go to the official GitHub repository of Rancher OS at https://github.com/rancher/os/releases and navigate to the Latest release section.
Now, click on the rancheros.iso link as marked in the screenshot below.
Your browser may prompt you to save the Rancher OS ISO image. Click on Save File.
Your browser should start downloading Rancher OS ISO image.
Making Bootable USB of Rancher OS:
If you’re running Windows, then you can use Rufus to create a bootable USB thumb drive of Rancher OS. Rufus can be downloaded from the official website of Rufus at https://rufus.ie/en_IE.html
It’s out of the scope of this article to show you how to make a bootable USB of Rancher OS using Rufus. But, you should be able to do it on your own. If you need any help, then you can read the following article at LinuxHint.com where I demonstrated the process of making a bootable USB thumb drive using Rufus.
If you’re using Linux, then you can use the dd command to make a bootable USB of Rancher OS as follows:
$ sudoddif=~/Downloads/rancheros.iso of=/dev/sdX bs=1M
NOTE: Here, sdX is the USB thumb drive. You can find out what it is with the lsblk command.
Generating SSH Public and Private Keys:
Before you install Rancher OS on your computer or virtual machine, you have to generate SSH public and private key pairs on your computer from where you are planning to access Rancher OS. Because, by default, Rancher OS won’t let you login using password.
On Linux, you can generate SSH public and private key pairs with the following command:
Now, press <Enter> to continue.
Then, Press <Enter>.
Press <Enter> again.
SSH public and private key pairs should be generated.
If you’re using Windows, then you can also use GitBash (can be downloaded for free from https://git-scm.com/downloads) to generate public and private SSH keys the same way.
You can use PuTTY to generate public and private key pairs on Windows. But it is out of the scope of this article to show you how.
Creating cloud-config.yml Configuration File:
Now, you have to create a cloud-config.yml configuration file. In this file, you have to add your public SSH key and the necessary details for configuring network on Rancher OS.
The format of the cloud-config.yml file is as follows. Make sure to change the configuration file depending on your specific setup.
#cloud-config
rancher: network: interfaces: eth0: address: 192.168.2.6/24 gateway: 192.168.2.1 dhcp: false dns: nameservers: - 192.168.2.1 - 8.8.8.8 ssh_authorized_keys: - <Replace this with the contents of the `cat ~/.ssh/id_rsa.pub`command>
The output of the `cat ~/.ssh/id_rsa.pub` command in my case is as follows:
So, the final cloud-config.yml file in my case looks like this.
Booting Rancher OS from the ISO image:
Now, attach the ISO image on your virtual machine or insert the USB thumb drive on your computer and select it from the BIOS of your computer. Once you see the following window, press <Enter>.
As you can see, Rancher OS is booting.
After a while, you should be logged into Rancher OS as you can see in the screenshot below.
Installing Rancher OS on Hard Drive:
First, setup a password on Racher OS installer with the following command:
Now, type in a password and press <Enter>. The password doesn’t have to be secure as it’s an installer.
Now, retype the password and press <Enter>.
The password should be set.
Now, find out the IP address of the Rancher OS installer with the following command:
As you can see, the IP address in my case is 192.168.2.188. It should be different in your case. Make sure you replace it with yours from now on.
Now, SFTP into your Rancher OS installer with the following command:
Now, type in yes and press <Enter>.
Now, type in the password that you just set and press <Enter>.
Now, you’re ready to transfer cloud-config.yml file to your Rancher OS installer from your computer.
As you can see, the cloud-config.yml Remote desktop download for os x 10.9.5. file is available in the HOME directory of my computer.
To send it on the Rancher OS installer, just type in the following command:
Now, exit out of the SFTP session with the following command:
Now, from the Rancher OS installer console, run the following command to install Rancher OS on your hard drive:
Now, press y and then press <Enter>.
Rancher OS should be installed on your hard drive. Once it’s done, press y and then press <Enter> to reboot. Mac os x 10.6.8 upgrade.
As you can see, Rancher OS booted from the hard drive and the network interface is configured correctly.
Now, you can SSH into Rancher OS as follows:
As you can see, I am connected and it didn’t prompt me for a password.
All the Docker commands are available on Rancher OS by default.
If you want to SSH into Rancher OS from any computer on your network, just setup a password with the following command as before:
Now, you should be able to SSH into your Rancher OS machine using user rancher and your password.
So, that’s how you install Rancher OS on your computer. Thanks for reading this article.
For many years, my operating system of choice for servers has always been Ubuntu. I tried several other distros over the years but for a reason or another I always went back to using Ubuntu. It’s a solid operating system that works very well on both desktops and servers. Recently, however, I have started to use Kubernetes heavily, with the goal of migrating everything from “old school” kind of deployments.
![]()
While I have never had any particular issues with Ubuntu, I was looking for a more “stable” alternative for use with Kubernetes; Kubernetes means that everything runs as containers and therefore I can update these containers whenever I want or need, individually; so I didn’t like the idea of also depending on OS updates as frequently as with Ubuntu. Nothing wrong with updating! But if I use containers for just about everything, then I prefer updating the OS only when critical security updates or some major release are available. This ways I need to reboot servers less frequently, which can be a good thing with regards to keeping apps running. Of course, one should always try to architect apps to be highly available without being affected if servers need to be rebooted every now and then, but anyway… every little helps.
So while looking for alternatives I’ve also tried CentOS - which is known to be more stable - but to be honest I never liked it too much. Then I came across the concept of “container optimised” operating systems, and learnt about RancherOS - surprisingly late considering that I had already been using Rancher for a little while (in case it’s the first time you hear about Rancher, it’s an awesome management interface for Kubernetes clusters). RancherOS is a special kind of operating system, in that everything - really - runs as containers, including system services. It mainly consists of two separate Docker instances, a System Docker for OS/system related stuff, and a User Docker for user managed containers. RancherOS is an OS made of containers for use with containers, so it sounds like the perfect choice for Kubernetes but also for Rancher, which I use (and absolutely love) to manage it.
RancherOS is a super lightweight operating system with just the minimum components required to run Docker. Not only is it lightweight, a minimal OS also translates in smaller attack surface out of the box. I’ve been running RancherOS only for a few days but I love it already once I sorted out a few things and generally understood better how it works.
![]()
Here I am going to show how to install it first, then will give a couple of tips for things to do once the OS is installed. For my servers I use Hetzner Cloud because of the amazing price/performance, but the instructions below can be easily adapted for other providers.
Installation
Hetzner Cloud has a RancherOS image available, but at the moment it’s the 1.4.0 version so it’s oldish. The current stable release is 1.5.2, so that’s what we are going to install. The very first thing you need to do, is of course create one or more servers depending on what you are going to use RancherOS for. It doesn’t matter which operating system you choose while creating the servers, because the OS will anyway be replaced by RancherOS. Optionally, if for example you are going to use RancherOS with Kubernetes nodes that will manage storage (with something like OpenEBS or similar), add one or more disks (Hetzner calls them “volumes”) to the server.
Once the server has been created, go to Rescue in the server’s control panel and enable the rescue system by clicking on Enable Rescue & Power Cycle. Within a minute you should be able to SSH into the server’s rescue system with
Once in the rescue system, you need to install the kexec-tools package, which is required to boot into another kernel different from the one currently running. Here I am assuming the original OS is Ubuntu.
Next, download the RancherOS ISO - you can check the latest release available here. At the moment it is 1.5.2.
Wipe the disk
mount the ISO
and boot into it
Of course set a proper password. The SSH connection should be interrupted so you need to SSH again forcing the password authentication (I am not sure/can’t remember if this is actually required):
You will be logged in to RancherOS now. Next you need to prepare the configuration file that will be used by the installer. First set the hostname
and the IP address of eth0
If you have added a volume to the server, set the DISK variable too so it can be used for mounting
The above will fine the correct disk/volume device. Finally, create the config file:
Of course set your SSH key(s). You can remove the mounts section if you haven’t added a volume to your server. You can see that I am specifying a console here, this is because RancherOS by default uses an Alpine-based console, but you can choose to use something else like Ubuntu/Fedora/CentOS. Please note that if you want persistence, you need to switch to from the default console to another one. Also, the configuration makes the chosen console available, but we’ll need to switch to it manually as we’ll see in a moment. resize_device is required to ensure that the filesystem created by RancherOS takes the whole capacity of the main disk when installing the OS. The network settings for eth0 here are specific to Hetzner Cloud, so you will have to change them if you are using another provider.
Build Rancher Rke For Mac Os X 10 12
Once you have created the config file, it’s a good idea to validate it just in case there are mistakes:
Now we are ready to install RancherOS on disk:
Again, set a proper password. The installer will reboot the system once you confirm; once you are logged in again, set up Docker TLS support by running:
Next, unless you have removed the console setting, switch to the chosen console
This will kick you out so you’ll have to login again, then you will be able to install packages with apt if you chose the Ubuntu console, or equivalent for another console. Congrats, RancherOS is now installed on disk.
Post-installation
https://keenmoving728.weebly.com/blog/is-clam-x-antivirus-software-needed-for-os-macbook-pro. Like I mentioned earlier, being a minimal OS RancherOS has a smaller attack surface. However on all my servers I always do at least three things right away after installing the OS: configure/harden SSH, configure a firewall, and install fail2ban.
SSH configuration
If you edit /etc/ssh/sshd_config directly to make your changes like for example disabling password authentication, you will soon notice that your changes will be lost if you reboot the server. Instead, you need to customise the config template at /etc/ssh/sshd_config.tpl.
Firewall
I am not sure if editing iptables rules directly on the host would work because not everything is persisted as one would expect in RancherOS. I haven’t tried, and because everything in RancherOS runs as a container, I thought well, let’s use a container for the firewall as well. So I created a super simple image that dyamically adds some iptables rules when the container is started, and removes those rules when the container is stopped/removed. At the moment the very simple script in the image does two things: allow you to open only some ports to the public (locking down everything else) and/or allow any connection to the server, to any port, from specific IP addresses. Using this image is as simple as running
Of course customise the ports you want to open and the IP addresses, if any, that should be allowed full communication with the server - I use this for example to allow communication between the nodes of a Kubernetes cluster. You can see the Dockerfile and the script here.
Rancher Rke Toolsfail2ban
For this I was lucky because I found a ready image created by somebody else which also implements email notifications for events like when an IP is banned etc. At the moment I am using this for SSH only, but I will try and customise it further later for my apps/specific uses. For SSH, you need to create a jail first:
Customise the settings if needed. I am annoyed by the many attempts to login to my servers, so here I chose to ban for one whole day any IP that fails a login 3 times within 4 hours.
To run fail2ban:
Build Rancher Rke For Mac Os X El Capitan
I have chosen action_mwl as action so whenever an IP is banned, I receive a notification that includes whois details on the IP.
With a custom SSH config, a firewall and fail2ban, I have at least some basic “protection” from bots etc.
Backups and restores of Rancher data
Since one of the things I use RancherOS is Rancher itself, I needed to figure out a way to manage backups and restores of Rancher’s data. After spending a little time I created an image that does just that. It can be used to perform manual or scheduled backups (optionally with email notifications), and restores from either a local backup or a copy stored in S3-compatible storage (I use Restic for this). It’s simple and works pretty well from my testing. I wrote instructions on how to use it in the README of the repo on Github, so I won’t repeat those here.
ConclusionBuild Rancher Rke For Mac Os X Update
Like I said earlier I have used RancherOS only for a few days, but I am really pleased so far with the setup for both Rancher and Kubernetes clusters. Especially after sorting out security basics and the backups with Rancher. Hopefully these tips can be useful to someone :)
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |