github.com/deis/deis@v1.13.5-0.20170519182049-1d9e59fbdbfc/contrib/coreos/user-data.example (about) 1 #cloud-config 2 3 coreos: 4 etcd2: 5 # generate a new token for each unique cluster from https://discovery.etcd.io/new 6 discovery: #DISCOVERY_URL 7 # multi-region and multi-cloud deployments need to use $public_ipv4 8 advertise-client-urls: http://$private_ipv4:2379 9 initial-advertise-peer-urls: http://$private_ipv4:2380 10 # listen on both the official ports and the legacy ports 11 # legacy ports can be omitted if your application doesn't depend on them 12 listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 13 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 14 data-dir: /var/lib/etcd2 15 fleet: 16 public-ip: $private_ipv4 17 metadata: controlPlane=true,dataPlane=true,routerMesh=true 18 update: 19 reboot-strategy: "off" 20 units: 21 - name: etcd.service 22 mask: true 23 - name: etcd2.service 24 command: start 25 - name: fleet.service 26 command: start 27 - name: docker-tcp.socket 28 command: start 29 enable: true 30 content: | 31 [Unit] 32 Description=Docker Socket for the API 33 34 [Socket] 35 ListenStream=2375 36 Service=docker.service 37 BindIPv6Only=both 38 39 [Install] 40 WantedBy=sockets.target 41 - name: update-engine.service 42 command: stop 43 enable: false 44 - name: docker.service 45 drop-ins: 46 - name: 00-reset-environment.conf 47 content: | 48 [Service] 49 Environment= 50 - name: 10-require-flannel.conf 51 content: | 52 [Unit] 53 Requires=flanneld.service 54 After=flanneld.service 55 - name: 50-insecure-registry.conf 56 content: | 57 [Service] 58 Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" 59 - name: 60-cgroup-driver.conf 60 content: | 61 [Service] 62 Environment="DOCKER_CGROUPS=--exec-opt native.cgroupdriver=cgroupfs" 63 - name: flanneld.service 64 command: start 65 drop-ins: 66 - name: 50-network-config.conf 67 content: | 68 [Service] 69 ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' 70 - name: graceful-ceph-shutdown.service 71 content: | 72 [Unit] 73 Description=Ceph node clean up for Deis 74 DefaultDependencies=no 75 After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service graceful-etcd-shutdown.service 76 Requires=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service graceful-etcd-shutdown.service 77 RefuseManualStop=true 78 79 [Install] 80 WantedBy=shutdown.target halt.target reboot.target 81 82 [Service] 83 ExecStart=/usr/bin/docker exec deis-store-admin ceph -s 84 ExecStop=/opt/bin/graceful-shutdown.sh --ceph 85 Type=oneshot 86 TimeoutSec=1200 87 RemainAfterExit=yes 88 - name: graceful-etcd-shutdown.service 89 content: | 90 [Unit] 91 Description=etcd clean up for Deis 92 DefaultDependencies=no 93 After=fleet.service etcd2.service docker.service docker.socket 94 Requires=fleet.service etcd2.service docker.service docker.socket 95 RefuseManualStop=true 96 97 [Install] 98 WantedBy=shutdown.target halt.target reboot.target 99 100 [Service] 101 ExecStop=/opt/bin/graceful-shutdown.sh --etcd 102 Type=oneshot 103 TimeoutSec=120 104 RemainAfterExit=yes 105 - name: install-deisctl.service 106 command: start 107 content: | 108 [Unit] 109 Description=Install deisctl utility 110 ConditionPathExists=!/opt/bin/deisctl 111 112 [Service] 113 Type=oneshot 114 ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.13.4' 115 - name: increase-nf_conntrack-connections.service 116 command: start 117 content: | 118 [Unit] 119 Description=Increase the number of connections in nf_conntrack. default is 65536 120 121 [Service] 122 Type=oneshot 123 ExecStartPre=/usr/sbin/modprobe nf_conntrack 124 ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" 125 write_files: 126 - path: /etc/deis-release 127 content: | 128 DEIS_RELEASE=v1.13.4 129 - path: /etc/motd 130 content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" 131 - path: /etc/profile.d/nse-function.sh 132 permissions: '0755' 133 content: | 134 function nse() { 135 docker exec -it $1 bash 136 } 137 - path: /run/deis/bin/get_image 138 permissions: '0755' 139 content: | 140 #!/usr/bin/env bash 141 # usage: get_image <component_path> 142 IMAGE=`etcdctl get $1/image 2>/dev/null` 143 144 # if no image was set in etcd, we use the default plus the release string 145 if [ $? -ne 0 ]; then 146 RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` 147 148 # if no release was set in etcd, use the default provisioned with the server 149 if [ $? -ne 0 ]; then 150 source /etc/deis-release 151 RELEASE=$DEIS_RELEASE 152 fi 153 154 IMAGE=$1:$RELEASE 155 fi 156 157 # remove leading slash 158 echo ${IMAGE#/} 159 - path: /run/deis/bin/preseed 160 permissions: '0755' 161 content: | 162 #!/usr/bin/env bash 163 164 COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) 165 for c in "${COMPONENTS[@]}"; do 166 image=`/run/deis/bin/get_image /deis/$c` 167 docker history $image >/dev/null 2>&1 || docker pull $image 168 done 169 - path: /opt/bin/deis-debug-logs 170 permissions: '0755' 171 content: | 172 #!/usr/bin/env bash 173 174 echo '--- VERSIONS ---' 175 source /etc/os-release 176 echo $PRETTY_NAME 177 source /etc/deis-release 178 echo "Deis $DEIS_RELEASE" 179 etcd2 -version | head -n1 180 fleet -version 181 printf "\n" 182 183 echo '--- SYSTEM STATUS ---' 184 journalctl -n 50 -u etcd --no-pager 185 journalctl -n 50 -u fleet --no-pager 186 printf "\n" 187 188 echo '--- DEIS STATUS ---' 189 deisctl list 190 etcdctl ls --recursive /deis 191 printf "\n" 192 - path: /home/core/.toolboxrc 193 owner: core 194 content: | 195 TOOLBOX_DOCKER_IMAGE=alpine 196 TOOLBOX_DOCKER_TAG=3.1 197 TOOLBOX_USER=root 198 - path: /etc/environment_proxy 199 owner: core 200 content: | 201 HTTP_PROXY= 202 HTTPS_PROXY= 203 ALL_PROXY= 204 NO_PROXY= 205 http_proxy= 206 https_proxy= 207 all_proxy= 208 no_proxy= 209 - path: /etc/systemd/coredump.conf 210 content: | 211 [Coredump] 212 Storage=none 213 - path: /opt/bin/graceful-shutdown.sh 214 permissions: '0755' 215 content: | 216 #!/usr/bin/bash 217 ceph_shutdown () { 218 # determine osd id 219 OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) 220 for HOST in "${OSD_HOSTS[@]}" 221 do 222 PUBLIC_IP=$(etcdctl member list|grep `cat /etc/machine-id`| awk '{print $3}'| grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') 223 if [ "$HOST" = "$PUBLIC_IP" ] ; then 224 OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) 225 break 226 fi 227 done 228 # if we own an osd and its healthy, try to gracefully remove it 229 if [ ! -z "$OSD_ID" ] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then 230 ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) 231 if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then 232 echo "deis-store-admin container is required for graceful shutdown" 233 exit 2 234 fi 235 set -e -x -o pipefail 236 CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') 237 if [[ "$CURRENT_STATUS" != *"HEALTH_OK"* ]]; then 238 echo "Ceph cluster must be healthy to perform graceful removal" 239 exit 3 240 fi 241 242 docker exec deis-store-admin ceph osd out $OSD_ID 243 sleep 30 244 TIMEWAITED=0 245 until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] 246 do 247 if [ $TIMEWAITED -gt "1200" ] 248 then 249 echo "ceph graceful removal timeout exceeded" 250 break 251 fi 252 echo "waiting" && sleep 5 253 TIMEWAITED=$((TIMEWAITED+5)) 254 done 255 docker stop deis-store-daemon 256 docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID 257 docker exec deis-store-admin ceph auth del osd.$OSD_ID 258 docker exec deis-store-admin ceph osd rm $OSD_ID 259 etcdctl rm /deis/store/osds/$PUBLIC_IP 260 etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 261 # remove ceph mon 262 docker stop deis-store-monitor || true 263 docker exec deis-store-admin ceph mon remove `hostname -f` # fixme 264 docker stop deis-store-metadata || true 265 fi 266 } 267 etcd_shutdown () { 268 set -e -x -o pipefail 269 # removing the node from etcd 270 NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) 271 etcdctl member remove $NODE 272 } 273 if [ "$1" == "--ceph" ]; then 274 ceph_shutdown 275 elif [ "$1" == "--etcd" ]; then 276 etcd_shutdown 277 fi 278 - path: /opt/bin/wupiao 279 permissions: '0755' 280 content: | 281 #!/usr/bin/env bash 282 # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 283 [ -n "$1" ] && \ 284 until curl -o /dev/null -sIf http://${1}; do \ 285 sleep 1 && echo .; 286 done; 287 exit $?