buth · July 10, 2014 20:53
diff --git a/docker-registry.yaml b/docker-registry.yaml
 #cloud-config

 users:
  - name: nytint
    coreos-ssh-import-url: https://s3.amazonaws.com/newsdev-ops/keys.json
    groups:
      - docker

 write_files:
  - path: /etc/nginx/nginx.conf
    permissions: 0644
    content: |
      user nginx nginx;
      worker_processes auto;
      events {
        use epoll;
        multi_accept on;
        worker_connections 1024;
      }
      http {
        include /usr/local/conf/mime.types;
        default_type application/octet-stream;
        access_log off;
        keepalive_requests 200;
        server {
          listen 443 ssl spdy;
          ssl_certificate /nginx/server.crt;
          ssl_certificate_key /nginx/server.key;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
          location / {
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_pass http://docker-registry:5000;
            client_max_body_size 0;
          }
        }
      }

 coreos:
  update:
    reboot-strategy: reboot
  units:
    - name: docker-registry.service
      command: start
      content: |
        [Unit]
        Description=Docker Registry
        After=docker.service

        [Service]
        Restart=always
        TimeoutStartSec=0
        ExecStartPre=/usr/bin/docker pull newsdev/registry:0.7
        ExecStart=/bin/bash -c '/usr/bin/docker start -a docker-registry || /opt/stocker/bin/stocker exec -a stocker.vpc.newsdev.net:3022 -i /etc/stocker/stocker-client.pem -g docker-registry docker run --name docker-registry --rm -e STANDALONE=true -e SETTINGS_FLAVOR=s3 -e AWS_SECRET -e AWS_KEY -e AWS_BUCKET=newsdev-ops-storage -e STORAGE_PATH=/registry -p 5000:5000 newsdev/registry:0.7'
        ExecStop=/usr/bin/docker stop docker-registry
        ExecStopPost=/usr/bin/docker rm docker-registry

    - name: nginx.service
      command: start
      content: |
        [Unit]
        Description=nginx
        After=docker.service
        After=docker-registry.service
        Requires=docker-registry.service
        BindsTo=docker-registry.service

        [Service]
        Restart=always
        TimeoutStartSec=0
        Environment="HOME=/root"
        ExecStartPre=/usr/bin/mkdir -p /etc/nginx
        ExecStartPre=/usr/bin/openssl req -new -newkey rsa:4096 -subj "/C=US/ST=New York/L=New York/O=newsdev/CN=*" -nodes -keyout /etc/nginx/server.key -out /etc/nginx/server.csr
        ExecStartPre=/usr/bin/openssl x509 -req -in /etc/nginx/server.csr -signkey /etc/nginx/server.key -out /etc/nginx/server.crt
        ExecStartPre=/usr/bin/chmod 600 /etc/nginx/server.csr /etc/nginx/server.key /etc/nginx/server.crt
        ExecStartPre=/usr/bin/docker pull newsdev/nginx:stable
        ExecStart=/bin/bash -c '/usr/bin/docker start -a nginx || /usr/bin/docker run --name nginx --rm -v /etc/nginx:/nginx:ro -p 443:443 --link docker-registry:docker-registry newsdev/nginx:stable -c /nginx/nginx.conf'
        ExecStop=/usr/bin/docker stop nginx
        ExecStopPost=/usr/bin/docker rm -v nginx
        ExecStopPost=/usr/bin/rm -f /etc/nginx/server.csr /etc/nginx/server.key /etc/nginx/server.crt
	#cloud-config

	users:
	- name: nytint
	coreos-ssh-import-url: https://s3.amazonaws.com/newsdev-ops/keys.json
	groups:
	- docker

	write_files:
	- path: /etc/nginx/nginx.conf
	permissions: 0644
	content: \|
	user nginx nginx;
	worker_processes auto;
	events {
	use epoll;
	multi_accept on;
	worker_connections 1024;
	}
	http {
	include /usr/local/conf/mime.types;
	default_type application/octet-stream;
	access_log off;
	keepalive_requests 200;
	server {
	listen 443 ssl spdy;
	ssl_certificate /nginx/server.crt;
	ssl_certificate_key /nginx/server.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	location / {
	proxy_http_version 1.1;
	proxy_set_header Host $http_host;
	proxy_pass http://docker-registry:5000;
	client_max_body_size 0;
	}
	}
	}

	coreos:
	update:
	reboot-strategy: reboot
	units:
	- name: docker-registry.service
	command: start
	content: \|
	[Unit]
	Description=Docker Registry
	After=docker.service

	[Service]
	Restart=always
	TimeoutStartSec=0
	ExecStartPre=/usr/bin/docker pull newsdev/registry:0.7
	ExecStart=/bin/bash -c '/usr/bin/docker start -a docker-registry \|\| /opt/stocker/bin/stocker exec -a stocker.vpc.newsdev.net:3022 -i /etc/stocker/stocker-client.pem -g docker-registry docker run --name docker-registry --rm -e STANDALONE=true -e SETTINGS_FLAVOR=s3 -e AWS_SECRET -e AWS_KEY -e AWS_BUCKET=newsdev-ops-storage -e STORAGE_PATH=/registry -p 5000:5000 newsdev/registry:0.7'
	ExecStop=/usr/bin/docker stop docker-registry
	ExecStopPost=/usr/bin/docker rm docker-registry

	- name: nginx.service
	command: start
	content: \|
	[Unit]
	Description=nginx
	After=docker.service
	After=docker-registry.service
	Requires=docker-registry.service
	BindsTo=docker-registry.service

	[Service]
	Restart=always
	TimeoutStartSec=0
	Environment="HOME=/root"
	ExecStartPre=/usr/bin/mkdir -p /etc/nginx
	ExecStartPre=/usr/bin/openssl req -new -newkey rsa:4096 -subj "/C=US/ST=New York/L=New York/O=newsdev/CN=*" -nodes -keyout /etc/nginx/server.key -out /etc/nginx/server.csr
	ExecStartPre=/usr/bin/openssl x509 -req -in /etc/nginx/server.csr -signkey /etc/nginx/server.key -out /etc/nginx/server.crt
	ExecStartPre=/usr/bin/chmod 600 /etc/nginx/server.csr /etc/nginx/server.key /etc/nginx/server.crt
	ExecStartPre=/usr/bin/docker pull newsdev/nginx:stable
	ExecStart=/bin/bash -c '/usr/bin/docker start -a nginx \|\| /usr/bin/docker run --name nginx --rm -v /etc/nginx:/nginx:ro -p 443:443 --link docker-registry:docker-registry newsdev/nginx:stable -c /nginx/nginx.conf'
	ExecStop=/usr/bin/docker stop nginx
	ExecStopPost=/usr/bin/docker rm -v nginx
	ExecStopPost=/usr/bin/rm -f /etc/nginx/server.csr /etc/nginx/server.key /etc/nginx/server.crt