forked from coreos/coreos-vagrant
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user-data.sample
136 lines (127 loc) · 4.68 KB
/
user-data.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#cloud-config
coreos:
# Remove this as we want to reboot to update to latest version, maybe not for vagarnt as of yet as we should push this to CI.
update:
reboot-strategy: off
# Update to etcd2
etcd:
#generate a new token for each unique cluster from https://discovery.etcd.io/new
discovery: https://discovery.etcd.io/0fb290c2f54d9338f0abefe73745f8cd
addr: $public_ipv4:4001
peer-addr: $public_ipv4:7001
fleet:
public-ip: $public_ipv4
units:
- name: etcd2.service
command: start
# To use etcd2, comment out the above service and uncomment these
# Note: this requires a release that contains etcd2
#- name: etcd2.service
# command: start
- name: fleet.service
command: start
- name: docker.service
drop-ins:
- name: 50-docker-dns.conf
content: |
[Service]
Environment='DOCKER_OPTS=--restart=false -D --dns=$private_ipv4 --dns=8.8.8.8'
- name: cadvisor.service
runtime: true
command: start
content: |
[Unit]
Description=Analyzes resource usage and performance characteristics of running containers.
After=docker.service
Requires=docker.service
[Service]
Restart=always
ExecStartPre=/usr/bin/docker pull google/cadvisor:latest
ExecStartPre=-/bin/bash -c " \
docker inspect cadvisor >/dev/null 2>&1 \
&& docker rm -f cadvisor || true"
ExecStart=/usr/bin/docker run --volume=/var/run:/var/run:rw --volume=/sys/fs/cgroup/:/sys/fs/cgroup:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=8080:8080 --name=cadvisor google/cadvisor:latest
ExecStop=/usr/bin/docker rm -f cadvisor
- name: paz-dnsmasq.service
runtime: true
command: start
content: |
[Unit]
Description=*.paz traffic will go to the private_ipv4 addr
After=docker.service
Requires=docker.service
After=etcd2.service
Requires=etcd2.service
After=fleet.service
Requires=fleet.service
[Service]
Restart=always
ExecStartPre=/usr/bin/docker pull tomgco/dnsmasq-catch:latest
ExecStartPre=-/bin/bash -c " \
docker inspect paz-dnsmasq >/dev/null 2>&1 \
&& docker rm -f paz-dnsmasq || true"
ExecStart=/usr/bin/docker run -p $private_ipv4:53:53/udp --privileged --name=paz-dnsmasq tomgco/dnsmasq-catch paz $private_ipv4
ExecStop=/usr/bin/docker rm -f paz-dnsmasq
- name: paz-haproxy.service
runtime: true
command: start
content: |
[Unit]
Description=paz HAProxy instance that enables service discovery.
After=docker.service
Requires=docker.service
After=etcd2.service
Requires=etcd2.service
After=fleet.service
Requires=fleet.service
[Service]
User=core
Restart=always
RestartSec=5s
ExecStartPre=/usr/bin/docker pull quay.io/yldio/paz-haproxy:latest
ExecStartPre=-/bin/bash -c " \
docker inspect paz-haproxy >/dev/null 2>&1 \
&& docker rm -f paz-haproxy || true"
ExecStart=/usr/bin/docker run -p 80:80 -p 1936:1936 -e ETCD=$private_ipv4:4001 --name paz-haproxy quay.io/yldio/paz-haproxy
ExecStop=/usr/bin/docker rm -f paz-haproxy
TimeoutStartSec=20m
- name: paz-pubkey-watcher.service
runtime: true
command: start
content: |
[Unit]
Description=Watch etcd for scheduler public key changes and update authorized_hosts.
After=etcd2.service
Requires=etcd2.service
After=fleet.service
Requires=fleet.service
[Service]
User=core
Restart=always
ExecStartPre=/home/core/bin/paz-pubkey-watcher.sh once
ExecStart=/home/core/bin/paz-pubkey-watcher.sh
write_files:
- path: /etc/paz-environment
permissions: 0644
content: |
PAZ_PLATFORM=vagrant
PAZ_DOMAIN=paz
PAZ_ORCHESTRATOR_DNS_DISABLED=true
PAZ_ORCHESTRATOR_CORS=true
- path: /home/core/bin/paz-pubkey-watcher.sh
owner: core
permissions: 0754
content: |
#!/bin/bash
set -e
if [[ "$1" == "once" ]]; then
FN=`mktemp /tmp/paz-pubkey.XXXX`
until etcdctl get /paz/config/scheduler/_pubkey 2>/dev/null > $FN.tmp; do sleep 2; done && base64 -d < $FN.tmp > $FN && /usr/bin/update-ssh-keys -u core -a paz-scheduler $FN
rm $FN $FN.tmp
else
while :; do
FN=`mktemp /tmp/paz-pubkey.XXXX`
etcdctl watch /paz/config/scheduler/_pubkey | base64 -d > $FN && /usr/bin/update-ssh-keys -u core -a paz-scheduler $FN;
rm $FN
done;
fi