Add support for Oracle Cloud Infrastructure

[navaneeth-dev]

Add support for Oracle Cloud Infrastructure

I want official builds of flatcar for Oracle Cloud.

How to use

Right now I verified it works. I will try to work on CI builds tomorrow.
I will fix the conventions soon.

Testing done

Right now I verified it works.

Related to: flatcar/Flatcar#1855

CI: https://jenkins.flatcar.org/job/container/job/packages_all_arches/99/cldsv/

[navaneeth-dev]

@tormath1 you can review it now. Also do I need to provide an oracle test script?

[chewi]

@tormath1 is away at KubeCon, so he may take some time to respond. He knows this area best.

[tormath1]

Thanks a lot for this contribution. It looks good.

Only SSH keys and hostname are missing.Any chance to enable it and give it a try ?

• https://github.com/flatcar/init/blob/flatcar-master/systemd/system/sshkeys.service
• https://github.com/flatcar/bootengine/blob/flatcar-master/dracut/53ignition/flatcar-metadata-hostname.service

Also do I need to provide an oracle test script?

There is a full test suite defined here: https://github.com/flatcar/mantle - if OCI has a Go SDK, then we can check to implement OCI support in Mantle (e.g: flatcar/mantle#652) but this can be done in a second time (it will give me time to investigate OCI test sponsoring. :))

[navaneeth-dev]

I will check SSH & hostname support.
Yes OCI has a Go SDK: https://github.com/oracle/oci-go-sdk

[tormath1]

I will check SSH & hostname support. Yes OCI has a Go SDK: https://github.com/oracle/oci-go-sdk

Thanks. For what is worth, I asked CNCF about OCI sponsoring to enable Flatcar tests on this cloud provider.

On another aspect, I kicked-off a CI run to see if everything builds correctly. Thanks for your work so far!

[navaneeth-dev]

Anything I can do to help on the OCI sponsoring part? I can ask the oracle community here.

I can also create documentation later.

Will test the hostname and ssh in a few days.

[navaneeth-dev]

./run_sdk_container -t

###### Writing versionfile 'sdk_container/.repo/manifests/version.txt' to SDK '4643.0.0+nightly-20260318-2100', OS '4643.0.0+nightly-20260318-2100-14-ga616119ae7'. ######

###### Creating a new container 'flatcar-sdk-all-4643.0.0-nightly-20260318-2100_os-main-4643.0.0-nightly-20260318-2100-14-ga616119ae7' ######
-v /home/rize/.config/gcloud:/home/rize/.config/gcloud
Error response from daemon: manifest unknown
Falling back to tar ball download...

How do I fix this? I am not able to test the builds on my feature branch. Can I change version.txt to a stable version?

[tormath1]

Hey @navaneeth-dev thanks - we have some issues with the CI right now, that might explain the issue you see. You should be able to run the SDK using the latest released image:

./run_sdk_container -t -a amd64 -C ghcr.io/flatcar/flatcar-sdk-amd64:4628.0.0

Anything I can do to help on the OCI sponsoring part? I can ask the oracle community here.

Thanks a lot for asking, I've created a ticket to the CNCF a few days ago - let's see how it goes. ❤️

[navaneeth-dev]

INFO    build_packages: Checking /build/amd64-usr
/usr/bin/grog: /usr/bin/perl does not exist
/usr/bin/gpinyin: (env)/perl does not exist
/usr/bin/gperl: (env)/perl does not exist
/usr/bin/glilypond: (env)/perl does not exist
/usr/bin/chem: (env)/perl does not exist
/usr/bin/diff-highlight: /usr/bin/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/bootgraph.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkdeclares.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkincludes.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkstack.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkversion.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/cleanfile: (env)/perl does not exist

Still unable to build.

./run_sdk_container -t -a amd64 -C ghcr.io/flatcar/flatcar-sdk-amd64:4628.0.0 -n oci
./build_packages

FLATCAR_VERSION=4628.0.0+nightly-20260318-2100-1-g7b5d4182bc
FLATCAR_VERSION_ID=4628.0.0
FLATCAR_BUILD_ID="nightly-20260318-2100-1-g7b5d4182bc"
FLATCAR_SDK_VERSION=4628.0.0

Lot of HTTP 404 Portage errors.

[tormath1]

INFO build_packages: Checking /build/amd64-usr
/usr/bin/grog: /usr/bin/perl does not exist
/usr/bin/gpinyin: (env)/perl does not exist
/usr/bin/gperl: (env)/perl does not exist
/usr/bin/glilypond: (env)/perl does not exist
/usr/bin/chem: (env)/perl does not exist
/usr/bin/diff-highlight: /usr/bin/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/bootgraph.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkdeclares.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkincludes.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkstack.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/checkversion.pl: (env)/perl does not exist
/usr/lib/modules/6.12.77-flatcar/build/scripts/cleanfile: (env)/perl does not exist

@navaneeth-dev this should not be an issue - it's only warnings. Do you have an actual error message at the end of the command?

[navaneeth-dev]

!!! All ebuilds that could satisfy ">=dev-libs/elfutils-0.158:0/0=" for /mnt/host/source/src/build/images/amd64-usr/developer-4643.0.0+nightly-20260318-2100-13-gc6927109d7-a1/prod-image-rootfs/ have been masked.
!!! One of the following masked packages is required to complete your request:
- dev-libs/elfutils-0.194::portage-stable (masked by: ~amd64 keyword)

(dependency required by "sys-apps/systemd-258.3::portage-stable" [binary])
(dependency required by "sys-libs/pam-1.7.2::portage-stable" [binary])
(dependency required by "app-admin/sudo-1.9.17_p2::portage-stable" [binary])
(dependency required by "coreos-base/coreos-0.0.1-r319::coreos-overlay" [binary])
(dependency required by "coreos-base/coreos" [argument])
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

ERROR   build_image: script called: build_image
ERROR   build_image: Backtrace:  (most recent call is last)
ERROR   build_image:   file build_image, line 181, called: create_prod_image 'flatcar_production_image.bin' 'base' 'developer' 'coreos-base/coreos' 'containerd-flatcar|app-containers/containerd,docker-flatcar|app-containers/docker&a
pp-containers/docker-cli&app-containers/docker-buildx'
ERROR   build_image:   file prod_image_util.sh, line 97, called: emerge_to_image '/mnt/host/source/src/build/images/amd64-usr/developer-4643.0.0+nightly-20260318-2100-13-gc6927109d7-a1/prod-image-rootfs' 'coreos-base/coreos'
ERROR   build_image:   file build_image_util.sh, line 152, called: die_err_trap 'sudo -E ROOT="${root_fs_dir}" FEATURES="-ebuild-locks" PORTAGE_CONFIGROOT="${BUILD_DIR}"/configroot emerge --usepkgonly --jobs="${NUM_JOBS}" --verbose
"$@"' '1'
ERROR   build_image:
ERROR   build_image: Command failed:
ERROR   build_image:   Command 'sudo -E ROOT="${root_fs_dir}" FEATURES="-ebuild-locks" PORTAGE_CONFIGROOT="${BUILD_DIR}"/configroot emerge --usepkgonly --jobs="${NUM_JOBS}" --verbose "$@"' exited with nonzero code: 1
ERROR   build_image:   !!!!!!!!!!!!!!!!!!!!!!!!!
ERROR   build_image:   !! BEGIN DEBUG OUTPUT: !!
ERROR   build_image:   !!!!!!!!!!!!!!!!!!!!!!!!!

[chewi]

dev-libs/elfutils in both main-4643.0.0-nightly-20260318-2100 and current main have a stable arm64 keyword rather than ~arm64, so perhaps your working tree has got into a bad state.

[chewi]

Oh wait, it was amd64. Still, that should be fine.

[navaneeth-dev]

Oh wait, it was amd64. Still, that should be fine.

I have deleted my repo locally and cloned again. Trying to build again.

[tormath1]

Hey @navaneeth-dev, apologize we experimented some unexpected CI issues in the last days. I kicked-off a new build of your branch to get build results.

[tormath1]

@navaneeth-dev built images are available here: https://bincache.flatcar-linux.net/images/amd64/9999.9.111+tormath1-oci/

[navaneeth-dev]

@navaneeth-dev built images are available here: https://bincache.flatcar-linux.net/images/amd64/9999.9.111+tormath1-oci/

Tested this, its working. hostname is not working yet. About the SSH keys support, how would that work? ssh key would be added to which user?

Also is the CI fixed now as per docs for me to continue the testing of the above features?

Also should we enable flatcar.autologin so the OCI console can run commands?

[tormath1]

@navaneeth-dev built images are available here: https://bincache.flatcar-linux.net/images/amd64/9999.9.111+tormath1-oci/

Tested this, its working. hostname is not working yet. About the SSH keys support, how would that work? ssh key would be added to which user?

Also is the CI fixed now as per docs for me to continue the testing of the above features?

Also should we enable flatcar.autologin so the OCI console can run commands?

Thank you so much for testing this image. For SSH keys, things should be set as mentioned here: #3846 (review) - you just need to add ...oem.id = oraclecloud to those systemd units to automatically pull SSH keys for the core user and set hostname based on Oraclecloud metadata.

Also should we enable flatcar.autologin so the OCI console can run commands?

Here, it depends. Does OCI has a mechanism to prevent console access to the users? If yes, then we can consider setting flatcar.autologin if no, it's up to the user to manually provide flatcar.autologin into the Ignition configuration.

[navaneeth-dev]

I'll test it today.

Prevent console access to the users meaning like IAM permissions to deny console access per user basis?

[navaneeth-dev]

@tormath1 Can we merge the above 2 PRs? I guess only then I can test SSH support

[tormath1]

@tormath1 Can we merge the above 2 PRs? I guess only then I can test SSH support

Thanks for the PRs. I'll create a build using this PR and the two others, for you to test SSH support.

EDIT: This will be available here: https://bincache.flatcar-linux.net/images/amd64/9999.9.113+tormath1-oci/

[navaneeth-dev]

I tried the build above, it is not working. Neither ssh or hostname.

But metadata is being retrieved successfully

root@localhost ~ # /usr/bin/coreos-metadata --cmdline --hostname=/sysroot/etc/hostname
Apr 30 13:27:50.254 INFO Fetching http://169.254.169.254/opc/v2/instance: Attempt #1
Apr 30 13:27:50.259 INFO Fetch successful
Apr 30 13:27:50.264 INFO wrote hostname jitsi to /sysroot/etc/hostname
root@localhost ~ # cat /sysroot/etc/hostname
jitsi

[navaneeth-dev]

@tormath1 Any update on this?

[chewi]

This will need some rebasing since my changes got merged. I thought yours might go in first, so sorry about that. I can do it myself.

[chewi]

That's now rebased. As you can see, it's a bit simpler now. 🙂 I would merge it, but I don't know why SSH and hostname isn't working.

[tormath1]

Hey @navaneeth-dev, sorry for the back and forth on this contribution - I was on and off in May.

I finally been able to test your image on OCI, and things seems to work correctly. I spawned an instance without Ignition and I've been able to SSH into, which means that SSH keys injection works and hostname settings as well:

core@instance-20260602-1458 ~ $ systemctl status coreos-metadata-sshkeys@core.service
● coreos-metadata-sshkeys@core.service - Flatcar Metadata Agent (SSH Keys)
     Loaded: loaded (/usr/lib/systemd/system/coreos-metadata-sshkeys@.service; disabled; preset: disabled)
     Active: active (exited) since Tue 2026-06-02 13:01:33 UTC; 13min ago
 Invocation: 2732d5cbc9a8475095a1b6e54b93b970
    Process: 1666 ExecStart=/usr/bin/coreos-metadata ${COREOS_METADATA_OPT_PROVIDER} --ssh-keys=core (code=exited, status=0/SUCCESS)
    Process: 1789 ExecStartPost=/usr/bin/update-ssh-keys -u core (code=exited, status=0/SUCCESS)
   Main PID: 1666 (code=exited, status=0/SUCCESS)
   Mem peak: 3.3M
        CPU: 35ms
Jun 02 13:01:32 instance-20260602-1458 systemd[1]: Starting coreos-metadata-sshkeys@core.service - Flatcar Metadata Agent (SSH Keys)...
Jun 02 13:01:32 instance-20260602-1458 coreos-metadata[1666]: Jun 02 13:01:32.668 INFO Fetching http://169.254.169.254/opc/v2/instance: Attempt #1
Jun 02 13:01:32 instance-20260602-1458 coreos-metadata[1666]: Jun 02 13:01:32.675 INFO Fetch successful
Jun 02 13:01:32 instance-20260602-1458 coreos-metadata[1666]: wrote ssh authorized keys file for user: core
Jun 02 13:01:33 instance-20260602-1458 update-ssh-keys[1789]: Updated "/home/core/.ssh/authorized_keys"
Jun 02 13:01:33 instance-20260602-1458 systemd[1]: Finished coreos-metadata-sshkeys@core.service - Flatcar Metadata Agent (SSH Keys).
core@instance-20260602-1458 ~ $ hostname
instance-20260602-1458
core@instance-20260602-1458 ~ $ cat /run/metadata/flatcar
COREOS_ORACLECLOUD_INSTANCE_ID=ocid1.instance.oc1.iad.anuwcljswgbfqiqcdtg4xtol5hcsfudmxkvsupmdg3wxu6osc42bvsinu7za
COREOS_ORACLECLOUD_FAULT_DOMAIN=FAULT-DOMAIN-1
COREOS_ORACLECLOUD_AVAILABILITY_DOMAIN=YQPA:US-ASHBURN-AD-1
COREOS_ORACLECLOUD_COMPARTMENT_ID=ocid1.tenancy.oc1..aaaaaaaailtvxun7g5yn5skya637c5ombbj6soono3ob7eiik7uiqwd3gn2a
COREOS_ORACLECLOUD_INSTANCE_SHAPE=VM.Standard.E5.Flex
COREOS_ORACLECLOUD_REGION_ID=us-ashburn-1
COREOS_ORACLECLOUD_HOSTNAME=instance-20260602-1458

I've tested the Ignition provisioning and it works as well:

core@instance-20260602-1520 ~ $ sudo cat /var/run/ignition.json | jq .storage
{
  "files": [
    {
      "group": {},
      "path": "/etc/foo",
      "user": {},
      "contents": {
        "compression": "",
        "source": "data:,bar%0A",
        "verification": {}
      }
    }
  ]
}
core@instance-20260602-1520 ~ $ cat /etc/foo
bar

EDIT: Thanks again @navaneeth-dev for this contribution, before merging this PR, we miss 3 things:

• A changelog entry (e.g: https://github.com/flatcar/scripts/blob/f47aaefba2b739cd1ae90bb6724dc00dc8d9d21f/changelog/changes/2024-02-21-scaleway.md)
• Update the commit ID in ./sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r205.ebuild to use the new commit: flatcar/init@0bf7e11 (and bump the revision from r205 to r206) - this will pull your flatcar/init changes.
• Update the commit ID in ./sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r45.ebuild to use the new commit: flatcar/bootengine@944410b (and bump the revision from r45 to r46) - this will pull your flatcar/bootengine changes.

With this done, OracleCloud support will be available in the Alpha of the next release.

[tormath1]

Thanks a lot for your contribution and your patience. Feel free to join the next Flatcar office hours if you want to demo your work with a simple Flatcar deployment on OCI :) flatcar/Flatcar#2134