github.com/dustinrc/deis@v1.10.1-0.20150917223407-0894a5fb979e/contrib/coreos/user-data.example (about) 1 #cloud-config 2 3 coreos: 4 etcd2: 5 # generate a new token for each unique cluster from https://discovery.etcd.io/new 6 discovery: #DISCOVERY_URL 7 # multi-region and multi-cloud deployments need to use $public_ipv4 8 advertise-client-urls: http://$private_ipv4:2379 9 initial-advertise-peer-urls: http://$private_ipv4:2380 10 # listen on both the official ports and the legacy ports 11 # legacy ports can be omitted if your application doesn't depend on them 12 listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 13 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 14 data-dir: /var/lib/etcd2 15 fleet: 16 public-ip: $public_ipv4 17 metadata: controlPlane=true,dataPlane=true,routerMesh=true 18 update: 19 reboot-strategy: "off" 20 units: 21 - name: etcd.service 22 mask: true 23 - name: etcd2.service 24 command: start 25 - name: fleet.service 26 command: start 27 - name: docker-tcp.socket 28 command: start 29 enable: true 30 content: | 31 [Unit] 32 Description=Docker Socket for the API 33 34 [Socket] 35 ListenStream=2375 36 Service=docker.service 37 BindIPv6Only=both 38 39 [Install] 40 WantedBy=sockets.target 41 - name: update-engine.service 42 command: stop 43 enable: false 44 - name: docker.service 45 drop-ins: 46 - name: 50-insecure-registry.conf 47 content: | 48 [Service] 49 Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" 50 - name: flanneld.service 51 drop-ins: 52 - name: 50-network-config.conf 53 content: | 54 [Service] 55 ExecStartPre=/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' 56 - name: graceful-deis-shutdown.service 57 content: | 58 [Unit] 59 Description=Clean up 60 DefaultDependencies=no 61 After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service 62 Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service 63 64 [Install] 65 WantedBy=shutdown.target halt.target reboot.target 66 67 [Service] 68 ExecStop=/opt/bin/graceful-shutdown.sh --really 69 Type=oneshot 70 TimeoutSec=1200 71 RemainAfterExit=yes 72 - name: install-deisctl.service 73 command: start 74 content: | 75 [Unit] 76 Description=Install deisctl utility 77 ConditionPathExists=!/opt/bin/deisctl 78 79 [Service] 80 Type=oneshot 81 ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.10.0' 82 - name: debug-etcd.service 83 content: | 84 [Unit] 85 Description=etcd debugging service 86 87 [Service] 88 ExecStartPre=/usr/bin/curl -sSL -o /opt/bin/jq http://stedolan.github.io/jq/download/linux64/jq 89 ExecStartPre=/usr/bin/chmod +x /opt/bin/jq 90 ExecStart=/usr/bin/bash -c "while true; do curl -sL http://127.0.0.1:4001/v2/stats/self | /opt/bin/jq . ; sleep 1 ; done" 91 - name: increase-nf_conntrack-connections.service 92 command: start 93 content: | 94 [Unit] 95 Description=Increase the number of connections in nf_conntrack. default is 65536 96 97 [Service] 98 Type=oneshot 99 ExecStartPre=/usr/sbin/modprobe nf_conntrack 100 ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" 101 write_files: 102 - path: /etc/deis-release 103 content: | 104 DEIS_RELEASE=v1.10.0 105 - path: /etc/motd 106 content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" 107 - path: /etc/profile.d/nse-function.sh 108 permissions: '0755' 109 content: | 110 function nse() { 111 docker exec -it $1 bash 112 } 113 - path: /run/deis/bin/get_image 114 permissions: '0755' 115 content: | 116 #!/usr/bin/env bash 117 # usage: get_image <component_path> 118 IMAGE=`etcdctl get $1/image 2>/dev/null` 119 120 # if no image was set in etcd, we use the default plus the release string 121 if [ $? -ne 0 ]; then 122 RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` 123 124 # if no release was set in etcd, use the default provisioned with the server 125 if [ $? -ne 0 ]; then 126 source /etc/deis-release 127 RELEASE=$DEIS_RELEASE 128 fi 129 130 IMAGE=$1:$RELEASE 131 fi 132 133 # remove leading slash 134 echo ${IMAGE#/} 135 - path: /run/deis/bin/preseed 136 permissions: '0755' 137 content: | 138 #!/usr/bin/env bash 139 140 COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) 141 for c in "${COMPONENTS[@]}"; do 142 image=`/run/deis/bin/get_image /deis/$c` 143 docker history $image >/dev/null 2>&1 || docker pull $image 144 done 145 - path: /opt/bin/deis-debug-logs 146 permissions: '0755' 147 content: | 148 #!/usr/bin/env bash 149 150 echo '--- VERSIONS ---' 151 source /etc/os-release 152 echo $PRETTY_NAME 153 source /etc/deis-release 154 echo "Deis $DEIS_RELEASE" 155 etcd2 -version | head -n1 156 fleet -version 157 printf "\n" 158 159 echo '--- SYSTEM STATUS ---' 160 journalctl -n 50 -u etcd --no-pager 161 journalctl -n 50 -u fleet --no-pager 162 printf "\n" 163 164 echo '--- DEIS STATUS ---' 165 deisctl list 166 etcdctl ls --recursive /deis 167 printf "\n" 168 - path: /home/core/.toolboxrc 169 owner: core 170 content: | 171 TOOLBOX_DOCKER_IMAGE=alpine 172 TOOLBOX_DOCKER_TAG=3.1 173 TOOLBOX_USER=root 174 - path: /etc/environment_proxy 175 owner: core 176 content: | 177 HTTP_PROXY= 178 HTTPS_PROXY= 179 ALL_PROXY= 180 NO_PROXY= 181 http_proxy= 182 https_proxy= 183 all_proxy= 184 no_proxy= 185 - path: /etc/systemd/coredump.conf 186 content: | 187 [Coredump] 188 Storage=none 189 - path: /opt/bin/graceful-shutdown.sh 190 permissions: '0755' 191 content: | 192 #!/usr/bin/bash 193 if [ "$1" != '--really' ]; then 194 echo "command must be run as: $0 --really" 195 exit 1 196 fi 197 # procedure requires the store-admin 198 ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) 199 if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then 200 echo "deis-store-admin container is required for graceful shutdown" 201 exit 2 202 fi 203 set -e -x -o pipefail 204 # determine osd id 205 CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') 206 OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) 207 for HOST in "${OSD_HOSTS[@]}" 208 do 209 PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}') 210 if [ "$HOST" = "$PUBLIC_IP" ] ; then 211 OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) 212 break 213 fi 214 done 215 # if we own an osd and its healthy, try to gracefully remove it 216 if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then 217 docker exec deis-store-admin ceph osd out $OSD_ID 218 sleep 30 219 TIMEWAITED=0 220 until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] 221 do 222 if [ $TIMEWAITED -gt "1200" ] 223 then 224 echo "ceph graceful removal timeout exceeded" 225 break 226 fi 227 echo "waiting" && sleep 5 228 TIMEWAITED=$((TIMEWAITED+5)) 229 done 230 docker stop deis-store-daemon 231 docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID 232 docker exec deis-store-admin ceph auth del osd.$OSD_ID 233 docker exec deis-store-admin ceph osd rm $OSD_ID 234 etcdctl rm /deis/store/osds/$PUBLIC_IP 235 etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 236 # remove ceph mon 237 docker stop deis-store-monitor || true 238 docker exec deis-store-admin ceph mon remove `hostname -f` # fixme 239 docker stop deis-store-metadata || true 240 fi 241 242 # removing the node from etcd 243 NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) 244 etcdctl member remove $NODE 245 - path: /opt/bin/wupiao 246 permissions: '0755' 247 content: | 248 #!/usr/bin/env bash 249 # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 250 [ -n "$1" ] && \ 251 until curl -o /dev/null -sIf http://${1}; do \ 252 sleep 1 && echo .; 253 done; 254 exit $? 255 - path: /opt/bin/download-k8s-binary 256 permissions: '0755' 257 content: | 258 #!/usr/bin/env bash 259 export K8S_VERSION="v1.0.1" 260 mkdir -p /opt/bin 261 FILE=$1 262 if [ ! -f /opt/bin/$FILE ]; then 263 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 264 chmod +x /opt/bin/$FILE 265 else 266 # we check the version of the binary 267 INSTALLED_VERSION=$(/opt/bin/$FILE --version) 268 MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}") 269 if [ $MATCH -eq 0 ]; then 270 # the version is different 271 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 272 chmod +x /opt/bin/$FILE 273 fi 274 fi 275 - path: /opt/bin/scheduler-policy.json 276 content: | 277 { 278 "kind": "Policy", 279 "apiVersion": "v1", 280 "predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}], 281 "priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}] 282 }