github.com/naphatkrit/deis@v1.12.3/contrib/coreos/user-data.example (about)

     1  #cloud-config
     2  
     3  coreos:
     4    etcd2:
     5      # generate a new token for each unique cluster from https://discovery.etcd.io/new
     6      discovery: #DISCOVERY_URL
     7      # multi-region and multi-cloud deployments need to use $public_ipv4
     8      advertise-client-urls: http://$private_ipv4:2379
     9      initial-advertise-peer-urls: http://$private_ipv4:2380
    10      # listen on both the official ports and the legacy ports
    11      # legacy ports can be omitted if your application doesn't depend on them
    12      listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
    13      listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001
    14      data-dir: /var/lib/etcd2
    15    fleet:
    16      public-ip: $private_ipv4
    17      metadata: controlPlane=true,dataPlane=true,routerMesh=true
    18    update:
    19      reboot-strategy: "off"
    20    units:
    21      - name: etcd.service
    22        mask: true
    23      - name: etcd2.service
    24        command: start
    25      - name: fleet.service
    26        command: start
    27      - name: docker-tcp.socket
    28        command: start
    29        enable: true
    30        content: |
    31          [Unit]
    32          Description=Docker Socket for the API
    33  
    34          [Socket]
    35          ListenStream=2375
    36          Service=docker.service
    37          BindIPv6Only=both
    38  
    39          [Install]
    40          WantedBy=sockets.target
    41      - name: update-engine.service
    42        command: stop
    43        enable: false
    44      - name: docker.service
    45        drop-ins:
    46        - name: 10-require-flannel.conf
    47          content: |
    48            [Unit]
    49            Requires=flanneld.service
    50            After=flanneld.service
    51        - name: 50-insecure-registry.conf
    52          content: |
    53            [Service]
    54            Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10"
    55      - name: flanneld.service
    56        command: start
    57        drop-ins:
    58        - name: 50-network-config.conf
    59          content: |
    60            [Service]
    61            ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}'
    62      - name: graceful-deis-shutdown.service
    63        content: |
    64          [Unit]
    65          Description=Clean up
    66          DefaultDependencies=no
    67          After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service
    68          Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service
    69  
    70          [Install]
    71          WantedBy=shutdown.target halt.target reboot.target
    72  
    73          [Service]
    74          ExecStop=/opt/bin/graceful-shutdown.sh --really
    75          Type=oneshot
    76          TimeoutSec=1200
    77          RemainAfterExit=yes
    78      - name: install-deisctl.service
    79        command: start
    80        content: |
    81          [Unit]
    82          Description=Install deisctl utility
    83          ConditionPathExists=!/opt/bin/deisctl
    84  
    85          [Service]
    86          Type=oneshot
    87          ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.12.3'
    88      - name: increase-nf_conntrack-connections.service
    89        command: start
    90        content: |
    91          [Unit]
    92          Description=Increase the number of connections in nf_conntrack. default is 65536
    93  
    94          [Service]
    95          Type=oneshot
    96          ExecStartPre=/usr/sbin/modprobe nf_conntrack
    97          ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144"
    98  write_files:
    99    - path: /etc/deis-release
   100      content: |
   101        DEIS_RELEASE=v1.12.3
   102    - path: /etc/motd
   103      content: " \e[31m* *    \e[34m*   \e[32m*****    \e[39mddddd   eeeeeee iiiiiii   ssss\n\e[31m*   *  \e[34m* *  \e[32m*   *     \e[39md   d   e    e    i     s    s\n \e[31m* *  \e[34m***** \e[32m*****     \e[39md    d  e         i    s\n\e[32m*****  \e[31m* *    \e[34m*       \e[39md     d e         i     s\n\e[32m*   * \e[31m*   *  \e[34m* *      \e[39md     d eee       i      sss\n\e[32m*****  \e[31m* *  \e[34m*****     \e[39md     d e         i         s\n  \e[34m*   \e[32m*****  \e[31m* *      \e[39md    d  e         i          s\n \e[34m* *  \e[32m*   * \e[31m*   *     \e[39md   d   e    e    i    s    s\n\e[34m***** \e[32m*****  \e[31m* *     \e[39mddddd   eeeeeee iiiiiii  ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n"
   104    - path: /etc/profile.d/nse-function.sh
   105      permissions: '0755'
   106      content: |
   107        function nse() {
   108          docker exec -it $1 bash
   109        }
   110    - path: /run/deis/bin/get_image
   111      permissions: '0755'
   112      content: |
   113        #!/usr/bin/env bash
   114        # usage: get_image <component_path>
   115        IMAGE=`etcdctl get $1/image 2>/dev/null`
   116  
   117        # if no image was set in etcd, we use the default plus the release string
   118        if [ $? -ne 0 ]; then
   119          RELEASE=`etcdctl get /deis/platform/version 2>/dev/null`
   120  
   121          # if no release was set in etcd, use the default provisioned with the server
   122          if [ $? -ne 0 ]; then
   123            source /etc/deis-release
   124            RELEASE=$DEIS_RELEASE
   125          fi
   126  
   127          IMAGE=$1:$RELEASE
   128        fi
   129  
   130        # remove leading slash
   131        echo ${IMAGE#/}
   132    - path: /run/deis/bin/preseed
   133      permissions: '0755'
   134      content: |
   135        #!/usr/bin/env bash
   136  
   137        COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor)
   138        for c in "${COMPONENTS[@]}"; do
   139          image=`/run/deis/bin/get_image /deis/$c`
   140          docker history $image >/dev/null 2>&1 || docker pull $image
   141        done
   142    - path: /opt/bin/deis-debug-logs
   143      permissions: '0755'
   144      content: |
   145        #!/usr/bin/env bash
   146  
   147        echo '--- VERSIONS ---'
   148        source /etc/os-release
   149        echo $PRETTY_NAME
   150        source /etc/deis-release
   151        echo "Deis $DEIS_RELEASE"
   152        etcd2 -version | head -n1
   153        fleet -version
   154        printf "\n"
   155  
   156        echo '--- SYSTEM STATUS ---'
   157        journalctl -n 50 -u etcd --no-pager
   158        journalctl -n 50 -u fleet --no-pager
   159        printf "\n"
   160  
   161        echo '--- DEIS STATUS ---'
   162        deisctl list
   163        etcdctl ls --recursive /deis
   164        printf "\n"
   165    - path: /home/core/.toolboxrc
   166      owner: core
   167      content: |
   168        TOOLBOX_DOCKER_IMAGE=alpine
   169        TOOLBOX_DOCKER_TAG=3.1
   170        TOOLBOX_USER=root
   171    - path: /etc/environment_proxy
   172      owner: core
   173      content: |
   174        HTTP_PROXY=
   175        HTTPS_PROXY=
   176        ALL_PROXY=
   177        NO_PROXY=
   178        http_proxy=
   179        https_proxy=
   180        all_proxy=
   181        no_proxy=
   182    - path: /etc/systemd/coredump.conf
   183      content: |
   184        [Coredump]
   185        Storage=none
   186    - path: /opt/bin/graceful-shutdown.sh
   187      permissions: '0755'
   188      content: |
   189        #!/usr/bin/bash
   190        if [ "$1" != '--really' ]; then
   191          echo "command must be run as: $0 --really"
   192          exit 1
   193        fi
   194        # procedure requires the store-admin
   195        ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin)
   196        if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then
   197          echo "deis-store-admin container is required for graceful shutdown"
   198          exit 2
   199        fi
   200        set -e -x -o pipefail
   201        # determine osd id
   202        CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}')
   203        OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}'))
   204        for HOST in "${OSD_HOSTS[@]}"
   205        do
   206          PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}')
   207          if [ "$HOST" = "$PUBLIC_IP" ] ; then
   208            OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP)
   209            break
   210          fi
   211        done
   212        # if we own an osd and its healthy, try to gracefully remove it
   213        if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then
   214          docker exec deis-store-admin ceph osd out $OSD_ID
   215          sleep 30
   216          TIMEWAITED=0
   217          until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]]
   218          do
   219            if [ $TIMEWAITED -gt "1200" ]
   220            then
   221              echo "ceph graceful removal timeout exceeded"
   222              break
   223            fi
   224            echo "waiting" && sleep 5
   225            TIMEWAITED=$((TIMEWAITED+5))
   226          done
   227          docker stop deis-store-daemon
   228          docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID
   229          docker exec deis-store-admin ceph auth del osd.$OSD_ID
   230          docker exec deis-store-admin ceph osd rm $OSD_ID
   231          etcdctl rm /deis/store/osds/$PUBLIC_IP
   232          etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10
   233          # remove ceph mon
   234          docker stop deis-store-monitor || true
   235          docker exec deis-store-admin ceph mon remove `hostname -f` # fixme
   236          docker stop deis-store-metadata || true
   237        fi
   238  
   239        # removing the node from etcd
   240        NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1)
   241        etcdctl member remove $NODE
   242    - path: /opt/bin/wupiao
   243      permissions: '0755'
   244      content: |
   245        #!/usr/bin/env bash
   246        # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen
   247        [ -n "$1" ] && \
   248          until curl -o /dev/null -sIf http://${1}; do \
   249            sleep 1 && echo .;
   250          done;
   251        exit $?
   252    - path: /opt/bin/download-k8s-binary
   253      permissions: '0755'
   254      content: |
   255        #!/usr/bin/env bash
   256        export K8S_VERSION="v1.0.1"
   257        mkdir -p /opt/bin
   258        FILE=$1
   259        if [ ! -f /opt/bin/$FILE ]; then
   260          curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE
   261          chmod +x /opt/bin/$FILE
   262        else
   263          # we check the version of the binary
   264          INSTALLED_VERSION=$(/opt/bin/$FILE --version)
   265          MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}")
   266          if [ $MATCH -eq 0 ]; then
   267            # the version is different
   268            curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE
   269            chmod +x /opt/bin/$FILE
   270          fi
   271        fi
   272    - path: /opt/bin/scheduler-policy.json
   273      content: |
   274        {
   275            "kind": "Policy",
   276            "apiVersion": "v1",
   277            "predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}],
   278            "priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}]
   279        }