github.com/naphatkrit/deis@v1.12.3/contrib/coreos/user-data.example (about) 1 #cloud-config 2 3 coreos: 4 etcd2: 5 # generate a new token for each unique cluster from https://discovery.etcd.io/new 6 discovery: #DISCOVERY_URL 7 # multi-region and multi-cloud deployments need to use $public_ipv4 8 advertise-client-urls: http://$private_ipv4:2379 9 initial-advertise-peer-urls: http://$private_ipv4:2380 10 # listen on both the official ports and the legacy ports 11 # legacy ports can be omitted if your application doesn't depend on them 12 listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 13 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 14 data-dir: /var/lib/etcd2 15 fleet: 16 public-ip: $private_ipv4 17 metadata: controlPlane=true,dataPlane=true,routerMesh=true 18 update: 19 reboot-strategy: "off" 20 units: 21 - name: etcd.service 22 mask: true 23 - name: etcd2.service 24 command: start 25 - name: fleet.service 26 command: start 27 - name: docker-tcp.socket 28 command: start 29 enable: true 30 content: | 31 [Unit] 32 Description=Docker Socket for the API 33 34 [Socket] 35 ListenStream=2375 36 Service=docker.service 37 BindIPv6Only=both 38 39 [Install] 40 WantedBy=sockets.target 41 - name: update-engine.service 42 command: stop 43 enable: false 44 - name: docker.service 45 drop-ins: 46 - name: 10-require-flannel.conf 47 content: | 48 [Unit] 49 Requires=flanneld.service 50 After=flanneld.service 51 - name: 50-insecure-registry.conf 52 content: | 53 [Service] 54 Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" 55 - name: flanneld.service 56 command: start 57 drop-ins: 58 - name: 50-network-config.conf 59 content: | 60 [Service] 61 ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' 62 - name: graceful-deis-shutdown.service 63 content: | 64 [Unit] 65 Description=Clean up 66 DefaultDependencies=no 67 After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service 68 Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service 69 70 [Install] 71 WantedBy=shutdown.target halt.target reboot.target 72 73 [Service] 74 ExecStop=/opt/bin/graceful-shutdown.sh --really 75 Type=oneshot 76 TimeoutSec=1200 77 RemainAfterExit=yes 78 - name: install-deisctl.service 79 command: start 80 content: | 81 [Unit] 82 Description=Install deisctl utility 83 ConditionPathExists=!/opt/bin/deisctl 84 85 [Service] 86 Type=oneshot 87 ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.12.3' 88 - name: increase-nf_conntrack-connections.service 89 command: start 90 content: | 91 [Unit] 92 Description=Increase the number of connections in nf_conntrack. default is 65536 93 94 [Service] 95 Type=oneshot 96 ExecStartPre=/usr/sbin/modprobe nf_conntrack 97 ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" 98 write_files: 99 - path: /etc/deis-release 100 content: | 101 DEIS_RELEASE=v1.12.3 102 - path: /etc/motd 103 content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" 104 - path: /etc/profile.d/nse-function.sh 105 permissions: '0755' 106 content: | 107 function nse() { 108 docker exec -it $1 bash 109 } 110 - path: /run/deis/bin/get_image 111 permissions: '0755' 112 content: | 113 #!/usr/bin/env bash 114 # usage: get_image <component_path> 115 IMAGE=`etcdctl get $1/image 2>/dev/null` 116 117 # if no image was set in etcd, we use the default plus the release string 118 if [ $? -ne 0 ]; then 119 RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` 120 121 # if no release was set in etcd, use the default provisioned with the server 122 if [ $? -ne 0 ]; then 123 source /etc/deis-release 124 RELEASE=$DEIS_RELEASE 125 fi 126 127 IMAGE=$1:$RELEASE 128 fi 129 130 # remove leading slash 131 echo ${IMAGE#/} 132 - path: /run/deis/bin/preseed 133 permissions: '0755' 134 content: | 135 #!/usr/bin/env bash 136 137 COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) 138 for c in "${COMPONENTS[@]}"; do 139 image=`/run/deis/bin/get_image /deis/$c` 140 docker history $image >/dev/null 2>&1 || docker pull $image 141 done 142 - path: /opt/bin/deis-debug-logs 143 permissions: '0755' 144 content: | 145 #!/usr/bin/env bash 146 147 echo '--- VERSIONS ---' 148 source /etc/os-release 149 echo $PRETTY_NAME 150 source /etc/deis-release 151 echo "Deis $DEIS_RELEASE" 152 etcd2 -version | head -n1 153 fleet -version 154 printf "\n" 155 156 echo '--- SYSTEM STATUS ---' 157 journalctl -n 50 -u etcd --no-pager 158 journalctl -n 50 -u fleet --no-pager 159 printf "\n" 160 161 echo '--- DEIS STATUS ---' 162 deisctl list 163 etcdctl ls --recursive /deis 164 printf "\n" 165 - path: /home/core/.toolboxrc 166 owner: core 167 content: | 168 TOOLBOX_DOCKER_IMAGE=alpine 169 TOOLBOX_DOCKER_TAG=3.1 170 TOOLBOX_USER=root 171 - path: /etc/environment_proxy 172 owner: core 173 content: | 174 HTTP_PROXY= 175 HTTPS_PROXY= 176 ALL_PROXY= 177 NO_PROXY= 178 http_proxy= 179 https_proxy= 180 all_proxy= 181 no_proxy= 182 - path: /etc/systemd/coredump.conf 183 content: | 184 [Coredump] 185 Storage=none 186 - path: /opt/bin/graceful-shutdown.sh 187 permissions: '0755' 188 content: | 189 #!/usr/bin/bash 190 if [ "$1" != '--really' ]; then 191 echo "command must be run as: $0 --really" 192 exit 1 193 fi 194 # procedure requires the store-admin 195 ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) 196 if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then 197 echo "deis-store-admin container is required for graceful shutdown" 198 exit 2 199 fi 200 set -e -x -o pipefail 201 # determine osd id 202 CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') 203 OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) 204 for HOST in "${OSD_HOSTS[@]}" 205 do 206 PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}') 207 if [ "$HOST" = "$PUBLIC_IP" ] ; then 208 OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) 209 break 210 fi 211 done 212 # if we own an osd and its healthy, try to gracefully remove it 213 if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then 214 docker exec deis-store-admin ceph osd out $OSD_ID 215 sleep 30 216 TIMEWAITED=0 217 until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] 218 do 219 if [ $TIMEWAITED -gt "1200" ] 220 then 221 echo "ceph graceful removal timeout exceeded" 222 break 223 fi 224 echo "waiting" && sleep 5 225 TIMEWAITED=$((TIMEWAITED+5)) 226 done 227 docker stop deis-store-daemon 228 docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID 229 docker exec deis-store-admin ceph auth del osd.$OSD_ID 230 docker exec deis-store-admin ceph osd rm $OSD_ID 231 etcdctl rm /deis/store/osds/$PUBLIC_IP 232 etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 233 # remove ceph mon 234 docker stop deis-store-monitor || true 235 docker exec deis-store-admin ceph mon remove `hostname -f` # fixme 236 docker stop deis-store-metadata || true 237 fi 238 239 # removing the node from etcd 240 NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) 241 etcdctl member remove $NODE 242 - path: /opt/bin/wupiao 243 permissions: '0755' 244 content: | 245 #!/usr/bin/env bash 246 # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 247 [ -n "$1" ] && \ 248 until curl -o /dev/null -sIf http://${1}; do \ 249 sleep 1 && echo .; 250 done; 251 exit $? 252 - path: /opt/bin/download-k8s-binary 253 permissions: '0755' 254 content: | 255 #!/usr/bin/env bash 256 export K8S_VERSION="v1.0.1" 257 mkdir -p /opt/bin 258 FILE=$1 259 if [ ! -f /opt/bin/$FILE ]; then 260 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 261 chmod +x /opt/bin/$FILE 262 else 263 # we check the version of the binary 264 INSTALLED_VERSION=$(/opt/bin/$FILE --version) 265 MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}") 266 if [ $MATCH -eq 0 ]; then 267 # the version is different 268 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 269 chmod +x /opt/bin/$FILE 270 fi 271 fi 272 - path: /opt/bin/scheduler-policy.json 273 content: | 274 { 275 "kind": "Policy", 276 "apiVersion": "v1", 277 "predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}], 278 "priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}] 279 }