CoreOS


On CoreOS, sftd is distributed as an App Container image (.aci) file.

It runs under the rkt container engine and is managed by a systemd service file.

Installation

Here is an example of manually deploying the agent.

This involves trusting two signing keys, and then installing sftd to run under rkt and systemd.

# Add ScaleFT signing key to rkt
sudo rkt trust --prefix=scaleft.com/sftd
robert_chiniquy@ip-172-31-23-43 ~ $ sudo rkt trust --prefix=scaleft.com/sftd pubkey: prefix: "scaleft.com/sftd" key: "https://dist.scaleft.com/pki/scaleft_aci_key.asc" gpg key fingerprint is: 9634 D6F5 7077 3D74 E127 4FA0 D8C3 DAA1 B6AC 706E Subkey fingerprint: 5EF1 0A27 5E1C 7DA9 7234 8358 D263 E4A5 6194 E2B2 ScaleFT (aci signing) Are you sure you want to trust this key (yes/no)? yes Trusting "https://dist.scaleft.com/pki/scaleft_aci_key.asc" for prefix "scaleft.com/sftd" after fingerprint review. Added key for prefix "scaleft.com/sftd" at "/etc/rkt/trustedkeys/prefix.d/scaleft.com/sftd/9634d6f570773d74e1274fa0d8c3daa1b6ac706e"
# Optionally, pre-fetch a specific version.
rkt fetch scaleft.com/sftd:1.33.2
robert_chiniquy@ip-172-31-23-43 ~ $ sudo rkt fetch scaleft.com/sftd:1.33.2 image: searching for app image scaleft.com/sftd image: remote fetching from URL "https://dist.scaleft.com/server-tools/linux/v1.33.2/sftd-1.33.2-linux-amd64.aci" image: keys already exist for prefix "scaleft.com/sftd", not fetching again image: downloading signature from https://dist.scaleft.com/server-tools/linux/v1.33.2/sftd-0.18.5-linux-amd64.aci.asc Downloading signature: [=======================================] 473 B/473 B Downloading ACI: [=============================================] 4.86 MB/4.86 MB image: signature verified: ScaleFT (aci signing) sha512-6ecfc7aca9cb9afa41b69e21c7caef1f robert_chiniquy@ip-172-31-23-43 ~ $
# Download example unit file
sudo curl --location --output /etc/systemd/system/sftd.service https://dist.scaleft.com/server-tools/linux/latest/sftd.service
robert_chiniquy@ip-172-31-23-43 ~ $ sudo curl --location --output /etc/systemd/system/sftd.service https://dist.scaleft.com/server-tools/linux/latest/sftd.service % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 1037 100 1037 0 0 8809 0 --:--:-- --:--:-- --:--:-- 8809
# Trust the rkt stage1-fly key from CoreOS
sudo rkt trust --prefix "coreos.com/rkt/stage1-fly"
robert_chiniquy@ip-172-31-23-43 ~ $ sudo rkt trust --prefix "coreos.com/rkt/stage1-fly" pubkey: prefix: "coreos.com/rkt/stage1-fly" key: "https://coreos.com/dist/pubkeys/app-signing-pubkey.gpg" gpg key fingerprint is: 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E Subkey fingerprint: 5B10 53CE 38EA 2E0F EB95 6C05 95BC 5E3F 3F1B 2C87 Subkey fingerprint: 55DB DA91 BBE1 849E A27F E733 A6F7 1EE5 BEDD BA18 Subkey fingerprint: B261 4119 157B E592 32DF D2AA F804 F413 7EF4 8FD3 Subkey fingerprint: 9CEB 8FE6 B4F1 E9E7 52F6 1C82 CDDE 268E BB72 9EC7 CoreOS Application Signing Key Are you sure you want to trust this key (yes/no)? yes Trusting "https://coreos.com/dist/pubkeys/app-signing-pubkey.gpg" for prefix "coreos.com/rkt/stage1-fly" after fingerprint review. Added key for prefix "coreos.com/rkt/stage1-fly" at "/etc/rkt/trustedkeys/prefix.d/coreos.com/rkt/stage1-fly/18ad5014c99ef7e3ba5f6ce950bdd3e0fc8a365e"
# Load unit file into systemd
sudo systemctl daemon-reload
sudo systemctl enable sftd.service
sudo systemctl start sftd.service
robert_chiniquy@ip-172-31-23-43 ~ $ sudo systemctl daemon-reload robert_chiniquy@ip-172-31-23-43 ~ $ sudo systemctl enable sftd.service Created symlink from /etc/systemd/system/multi-user.target.wants/sftd.service to /etc/systemd/system/sftd.service. robert_chiniquy@ip-172-31-23-43 ~ $ sudo systemctl start sftd.service robert_chiniquy@ip-172-31-23-43 ~ $

For usage information and advanced options, see the section on sftd.