github.com/technosophos/deis@v1.7.1-0.20150915173815-f9005256004b/contrib/coreos/user-data.example (about) 1 #cloud-config 2 3 coreos: 4 etcd2: 5 # generate a new token for each unique cluster from https://discovery.etcd.io/new 6 discovery: #DISCOVERY_URL 7 # multi-region and multi-cloud deployments need to use $public_ipv4 8 advertise-client-urls: http://$private_ipv4:2379 9 initial-advertise-peer-urls: http://$private_ipv4:2380 10 # listen on both the official ports and the legacy ports 11 # legacy ports can be omitted if your application doesn't depend on them 12 listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 13 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 14 data-dir: /var/lib/etcd2 15 fleet: 16 public-ip: $public_ipv4 17 metadata: controlPlane=true,dataPlane=true,routerMesh=true 18 update: 19 reboot-strategy: "off" 20 units: 21 - name: etcd2.service 22 command: start 23 - name: fleet.service 24 command: start 25 - name: docker-tcp.socket 26 command: start 27 enable: true 28 content: | 29 [Unit] 30 Description=Docker Socket for the API 31 32 [Socket] 33 ListenStream=2375 34 Service=docker.service 35 BindIPv6Only=both 36 37 [Install] 38 WantedBy=sockets.target 39 - name: update-engine.service 40 command: stop 41 enable: false 42 - name: docker.service 43 drop-ins: 44 - name: 50-insecure-registry.conf 45 content: | 46 [Service] 47 Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" 48 - name: flanneld.service 49 drop-ins: 50 - name: 50-network-config.conf 51 content: | 52 [Service] 53 ExecStartPre=/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' 54 - name: graceful-deis-shutdown.service 55 content: | 56 [Unit] 57 Description=Clean up 58 DefaultDependencies=no 59 After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service 60 Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service 61 62 [Install] 63 WantedBy=shutdown.target halt.target reboot.target 64 65 [Service] 66 ExecStop=/opt/bin/graceful-shutdown.sh --really 67 Type=oneshot 68 TimeoutSec=1200 69 RemainAfterExit=yes 70 - name: install-deisctl.service 71 command: start 72 content: | 73 [Unit] 74 Description=Install deisctl utility 75 ConditionPathExists=!/opt/bin/deisctl 76 77 [Service] 78 Type=oneshot 79 ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.10.0' 80 - name: debug-etcd.service 81 content: | 82 [Unit] 83 Description=etcd debugging service 84 85 [Service] 86 ExecStartPre=/usr/bin/curl -sSL -o /opt/bin/jq http://stedolan.github.io/jq/download/linux64/jq 87 ExecStartPre=/usr/bin/chmod +x /opt/bin/jq 88 ExecStart=/usr/bin/bash -c "while true; do curl -sL http://127.0.0.1:4001/v2/stats/self | /opt/bin/jq . ; sleep 1 ; done" 89 - name: increase-nf_conntrack-connections.service 90 command: start 91 content: | 92 [Unit] 93 Description=Increase the number of connections in nf_conntrack. default is 65536 94 95 [Service] 96 Type=oneshot 97 ExecStartPre=/usr/sbin/modprobe nf_conntrack 98 ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" 99 write_files: 100 - path: /etc/deis-release 101 content: | 102 DEIS_RELEASE=v1.10.0 103 - path: /etc/motd 104 content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" 105 - path: /etc/profile.d/nse-function.sh 106 permissions: '0755' 107 content: | 108 function nse() { 109 docker exec -it $1 bash 110 } 111 - path: /run/deis/bin/get_image 112 permissions: '0755' 113 content: | 114 #!/usr/bin/env bash 115 # usage: get_image <component_path> 116 IMAGE=`etcdctl get $1/image 2>/dev/null` 117 118 # if no image was set in etcd, we use the default plus the release string 119 if [ $? -ne 0 ]; then 120 RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` 121 122 # if no release was set in etcd, use the default provisioned with the server 123 if [ $? -ne 0 ]; then 124 source /etc/deis-release 125 RELEASE=$DEIS_RELEASE 126 fi 127 128 IMAGE=$1:$RELEASE 129 fi 130 131 # remove leading slash 132 echo ${IMAGE#/} 133 - path: /run/deis/bin/preseed 134 permissions: '0755' 135 content: | 136 #!/usr/bin/env bash 137 138 COMPONENTS=(builder cache controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) 139 for c in "${COMPONENTS[@]}"; do 140 image=`/run/deis/bin/get_image /deis/$c` 141 docker history $image >/dev/null 2>&1 || docker pull $image 142 done 143 - path: /opt/bin/deis-debug-logs 144 permissions: '0755' 145 content: | 146 #!/usr/bin/env bash 147 148 echo '--- VERSIONS ---' 149 source /etc/os-release 150 echo $PRETTY_NAME 151 source /etc/deis-release 152 echo "Deis $DEIS_RELEASE" 153 etcd2 -version | head -n1 154 fleet -version 155 printf "\n" 156 157 echo '--- SYSTEM STATUS ---' 158 journalctl -n 50 -u etcd --no-pager 159 journalctl -n 50 -u fleet --no-pager 160 printf "\n" 161 162 echo '--- DEIS STATUS ---' 163 deisctl list 164 etcdctl ls --recursive /deis 165 printf "\n" 166 - path: /home/core/.toolboxrc 167 owner: core 168 content: | 169 TOOLBOX_DOCKER_IMAGE=alpine 170 TOOLBOX_DOCKER_TAG=3.1 171 TOOLBOX_USER=root 172 - path: /etc/environment_proxy 173 owner: core 174 content: | 175 HTTP_PROXY= 176 HTTPS_PROXY= 177 ALL_PROXY= 178 NO_PROXY= 179 http_proxy= 180 https_proxy= 181 all_proxy= 182 no_proxy= 183 - path: /etc/systemd/coredump.conf 184 content: | 185 [Coredump] 186 Storage=none 187 - path: /opt/bin/graceful-shutdown.sh 188 permissions: '0755' 189 content: | 190 #!/usr/bin/bash 191 if [ "$1" != '--really' ]; then 192 echo "command must be run as: $0 --really" 193 exit 1 194 fi 195 # procedure requires the store-admin 196 ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) 197 if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then 198 echo "deis-store-admin container is required for graceful shutdown" 199 exit 2 200 fi 201 set -e -x -o pipefail 202 # determine osd id 203 CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') 204 OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) 205 for HOST in "${OSD_HOSTS[@]}" 206 do 207 PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}') 208 if [ "$HOST" = "$PUBLIC_IP" ] ; then 209 OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) 210 break 211 fi 212 done 213 # if we own an osd and its healthy, try to gracefully remove it 214 if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then 215 docker exec deis-store-admin ceph osd out $OSD_ID 216 sleep 30 217 TIMEWAITED=0 218 until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] 219 do 220 if [ $TIMEWAITED -gt "1200" ] 221 then 222 echo "ceph graceful removal timeout exceeded" 223 break 224 fi 225 echo "waiting" && sleep 5 226 TIMEWAITED=$((TIMEWAITED+5)) 227 done 228 docker stop deis-store-daemon 229 docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID 230 docker exec deis-store-admin ceph auth del osd.$OSD_ID 231 docker exec deis-store-admin ceph osd rm $OSD_ID 232 etcdctl rm /deis/store/osds/$PUBLIC_IP 233 etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 234 # remove ceph mon 235 docker stop deis-store-monitor || true 236 docker exec deis-store-admin ceph mon remove `hostname -f` # fixme 237 docker stop deis-store-metadata || true 238 fi 239 240 # removing the node from etcd 241 NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) 242 etcdctl member remove $NODE 243 - path: /opt/bin/wupiao 244 permissions: '0755' 245 content: | 246 #!/usr/bin/env bash 247 # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 248 [ -n "$1" ] && \ 249 until curl -o /dev/null -sIf http://${1}; do \ 250 sleep 1 && echo .; 251 done; 252 exit $? 253 - path: /opt/bin/download-k8s-binary 254 permissions: '0755' 255 content: | 256 #!/usr/bin/env bash 257 export K8S_VERSION="v1.0.1" 258 mkdir -p /opt/bin 259 FILE=$1 260 if [ ! -f /opt/bin/$FILE ]; then 261 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 262 chmod +x /opt/bin/$FILE 263 else 264 # we check the version of the binary 265 INSTALLED_VERSION=$(/opt/bin/$FILE --version) 266 MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}") 267 if [ $MATCH -eq 0 ]; then 268 # the version is different 269 curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE 270 chmod +x /opt/bin/$FILE 271 fi 272 fi 273 - path: /opt/bin/scheduler-policy.json 274 content: | 275 { 276 "kind": "Policy", 277 "apiVersion": "v1", 278 "predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}], 279 "priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}] 280 }