github.com/greenboxal/deis@v1.12.1/contrib/coreos/user-data.example (about) 1 #cloud-config 2 3 coreos: 4 etcd2: 5 # generate a new token for each unique cluster from https://discovery.etcd.io/new 6 discovery: #DISCOVERY_URL 7 # multi-region and multi-cloud deployments need to use $public_ipv4 8 advertise-client-urls: http://$private_ipv4:2379 9 initial-advertise-peer-urls: http://$private_ipv4:2380 10 # listen on both the official ports and the legacy ports 11 # legacy ports can be omitted if your application doesn't depend on them 12 listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 13 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 14 data-dir: /var/lib/etcd2 15 fleet: 16 public-ip: $private_ipv4 17 metadata: controlPlane=true,dataPlane=true,routerMesh=true 18 update: 19 reboot-strategy: "off" 20 units: 21 - name: etcd.service 22 mask: true 23 - name: etcd2.service 24 command: start 25 - name: fleet.service 26 command: start 27 - name: docker-tcp.socket 28 command: start 29 enable: true 30 content: | 31 [Unit] 32 Description=Docker Socket for the API 33 34 [Socket] 35 ListenStream=2375 36 Service=docker.service 37 BindIPv6Only=both 38 39 [Install] 40 WantedBy=sockets.target 41 - name: update-engine.service 42 command: stop 43 enable: false 44 - name: docker.service 45 drop-ins: 46 - name: 50-insecure-registry.conf 47 content: | 48 [Service] 49 Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" 50 - name: flanneld.service 51 command: start 52 drop-ins: 53 - name: 50-network-config.conf 54 content: | 55 [Service] 56 ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' 57 - name: graceful-deis-shutdown.service 58 content: | 59 [Unit] 60 Description=Clean up 61 DefaultDependencies=no 62 After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service 63 Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service 64 65 [Install] 66 WantedBy=shutdown.target halt.target reboot.target 67 68 [Service] 69 ExecStop=/opt/bin/graceful-shutdown.sh --really 70 Type=oneshot 71 TimeoutSec=1200 72 RemainAfterExit=yes 73 - name: install-deisctl.service 74 command: start 75 content: | 76 [Unit] 77 Description=Install deisctl utility 78 ConditionPathExists=!/opt/bin/deisctl 79 80 [Service] 81 Type=oneshot 82 ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.12.1' 83 - name: debug-etcd.service 84 content: | 85 [Unit] 86 Description=etcd debugging service 87 88 [Service] 89 ExecStart=/usr/bin/bash -c "while true; do curl -sL http://127.0.0.1:4001/v2/stats/self | jq . ; sleep 1 ; done" 90 - name: increase-nf_conntrack-connections.service 91 command: start 92 content: | 93 [Unit] 94 Description=Increase the number of connections in nf_conntrack. default is 65536 95 96 [Service] 97 Type=oneshot 98 ExecStartPre=/usr/sbin/modprobe nf_conntrack 99 ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" 100 write_files: 101 - path: /etc/deis-release 102 content: | 103 DEIS_RELEASE=v1.12.1 104 - path: /etc/motd 105 content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" 106 - path: /etc/profile.d/nse-function.sh 107 permissions: '0755' 108 content: | 109 function nse() { 110 docker exec -it $1 bash 111 } 112 - path: /run/deis/bin/get_image 113 permissions: '0755' 114 content: | 115 #!/usr/bin/env bash 116 # usage: get_image <component_path> 117 IMAGE=`etcdctl get $1/image 2>/dev/null` 118 119 # if no image was set in etcd, we use the default plus the release string 120 if [ $? -ne 0 ]; then 121 RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` 122 123 # if no release was set in etcd, use the default provisioned with the server 124 if [ $? -ne 0 ]; then 125 source /etc/deis-release 126 RELEASE=$DEIS_RELEASE 127 fi 128 129 IMAGE=$1:$RELEASE 130 fi 131 132 # remove leading slash 133 echo ${IMAGE#/} 134 - path: /run/deis/bin/preseed 135 permissions: '0755' 136 content: | 137 #!/usr/bin/env bash 138 139 COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) 140 for c in "${COMPONENTS[@]}"; do 141 image=`/run/deis/bin/get_image /deis/$c` 142 docker history $image >/dev/null 2>&1 || docker pull $image 143 done 144 - path: /opt/bin/deis-debug-logs 145 permissions: '0755' 146 content: | 147 #!/usr/bin/env bash 148 149 echo '--- VERSIONS ---' 150 source /etc/os-release 151 echo $PRETTY_NAME 152 source /etc/deis-release 153 echo "Deis $DEIS_RELEASE" 154 etcd2 -version | head -n1 155 fleet -version 156 printf "\n" 157 158 echo '--- SYSTEM STATUS ---' 159 journalctl -n 50 -u etcd --no-pager 160 journalctl -n 50 -u fleet --no-pager 161 printf "\n" 162 163 echo '--- DEIS STATUS ---' 164 deisctl list 165 etcdctl ls --recursive /deis 166 printf "\n" 167 - path: /home/core/.toolboxrc 168 owner: core 169 content: | 170 TOOLBOX_DOCKER_IMAGE=alpine 171 TOOLBOX_DOCKER_TAG=3.1 172 TOOLBOX_USER=root 173 - path: /etc/environment_proxy 174 owner: core 175 content: | 176 HTTP_PROXY= 177 HTTPS_PROXY= 178 ALL_PROXY= 179 NO_PROXY= 180 http_proxy= 181 https_proxy= 182 all_proxy= 183 no_proxy= 184 - path: /etc/systemd/coredump.conf 185 content: | 186 [Coredump] 187 Storage=none 188 - path: /opt/bin/graceful-shutdown.sh 189 permissions: '0755' 190 content: | 191 #!/usr/bin/bash 192 if [ "$1" != '--really' ]; then 193 echo "command must be run as: $0 --really" 194 exit 1 195 fi 196 # procedure requires the store-admin 197 ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) 198 if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then 199 echo "deis-store-admin container is required for graceful shutdown" 200 exit 2 201 fi 202 set -e -x -o pipefail 203 # determine osd id 204 CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') 205 OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) 206 for HOST in "${OSD_HOSTS[@]}" 207 do 208 PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}') 209 if [ "$HOST" = "$PUBLIC_IP" ] ; then 210 OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) 211 break 212 fi 213 done 214 # if we own an osd and its healthy, try to gracefully remove it 215 if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then 216 docker exec deis-store-admin ceph osd out $OSD_ID 217 sleep 30 218 TIMEWAITED=0 219 until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] 220 do 221 if [ $TIMEWAITED -gt "1200" ] 222 then 223 echo "ceph graceful removal timeout exceeded" 224 break 225 fi 226 echo "waiting" && sleep 5 227 TIMEWAITED=$((TIMEWAITED+5)) 228 done 229 docker stop deis-store-daemon 230 docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID 231 docker exec deis-store-admin ceph auth del osd.$OSD_ID 232 docker exec deis-store-admin ceph osd rm $OSD_ID 233 etcdctl rm /deis/store/osds/$PUBLIC_IP 234 etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 235 # remove ceph mon 236 docker stop deis-store-monitor || true 237 docker exec deis-store-admin ceph mon remove `hostname -f` # fixme 238 docker stop deis-store-metadata || true 239 fi 240 241 # removing the node from etcd 242 NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) 243 etcdctl member remove $NODE 244 - path: /opt/bin/wupiao 245 permissions: '0755' 246 content: | 247 #!/usr/bin/env bash 248 # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 249 [ -n "$1" ] && \ 250 until curl -o /dev/null -sIf http://${1}; do \ 251 sleep 1 && echo .; 252 done; 253 exit $? 254 - path: /opt/bin/download-k8s-binary 255 permissions: '0755' 256 content: | 257 #!/usr/bin/env bash 258 export K8S_VERSION="v1.0.1" 259 mkdir -p /opt/bin 260 FILE=$1 261 if [ ! -f /opt/bin/$FILE ]; then 262 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 263 chmod +x /opt/bin/$FILE 264 else 265 # we check the version of the binary 266 INSTALLED_VERSION=$(/opt/bin/$FILE --version) 267 MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}") 268 if [ $MATCH -eq 0 ]; then 269 # the version is different 270 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 271 chmod +x /opt/bin/$FILE 272 fi 273 fi 274 - path: /opt/bin/scheduler-policy.json 275 content: | 276 { 277 "kind": "Policy", 278 "apiVersion": "v1", 279 "predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}], 280 "priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}] 281 }