Last active
September 1, 2017 19:39
-
-
Save cornelius-keller/5e1194e85aaee6e1f7d5abad95660f76 to your computer and use it in GitHub Desktop.
Scripts and systemd units to run tinc and flannel on coreos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # there is surely a much better way to do this using sytemd/networkd | |
| [Unit] | |
| Description=Configure Docker Bridge | |
| Requires=docker.service | |
| #After=docker.socket | |
| [Service] | |
| Type=oneshot | |
| #ExecStartPre=-/bin/sh -c "route del -net 10.1.0.0 netmask 255.255.0.0 dev tap0" | |
| ExecStartPre=/bin/sh -c "while ! ifconfig -s | grep -q tap0 ; do sleep 1; done" | |
| ExecStartPre=/bin/sh -c "while ! ifconfig -s | grep -q docker0 ; do sleep 1; done" | |
| ExecStartPre=/bin/sh -c "route add -net 10.1.0.0 netmask 255.255.0.0 dev docker0" | |
| #ExecStartPre=-/bin/sh -c "brctl delif docker0 tap0" | |
| ExecStart=/bin/sh -c "brctl addif docker0 tap0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Countinously update tinc configuration after ectd changes | |
| Requires=tinc.service | |
| Restart=always | |
| After=tinc.service | |
| [Service] | |
| Restart=always | |
| RestartSec=10 | |
| EnvironmentFile=/etc/environment | |
| ExecStartPre=/srv/tinc_initial_config.sh | |
| ExecStart=/usr/bin/etcdctl exec-watch --recursive /services/tinc -- /srv/tinc_conf_updater.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Tinc Service | |
| After=etcd.service etcd2.service early-docker.service flanneld.service | |
| Before=early-docker.target fleet.service | |
| [Service] | |
| Type=oneshot | |
| ExecStart=/bin/sh -c "echo \"TINC_HOSTNAME=`hostname | sed -e 's/-/_/g'`\" > /etc/tinc-env" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Tinc VPN Service | |
| Requires=flannel-wait.service | |
| After=early-docker.service flanneld.service tinc-env.service flannel-wait.service | |
| Before=early-docker.target | |
| [Service] | |
| Environment="DOCKER_HOST=unix:///var/run/early-docker.sock" | |
| EnvironmentFile=/etc/tinc-env | |
| EnvironmentFile=/etc/environment | |
| ExecStartPre=/usr/bin/docker pull jenserat/tinc | |
| ExecStartPre=/usr/bin/rm -rf /srv/tinc | |
| ExecStartPre=/usr/bin/mkdir -p /srv/tinc | |
| ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc init $TINC_HOSTNAME" | |
| ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add Address = $COREOS_PUBLIC_IPV4" | |
| TimeoutStartSec=5m | |
| EnvironmentFile=/run/flannel/subnet.env | |
| ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add Subnet = `echo $FLANNEL_SUBNET | sed -e 's/1\\/24/0\\/24/'`" | |
| ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add Mode = switch" | |
| ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add DeviceType = tap" | |
| ExecStartPre=-/usr/bin/docker rm -f tinc | |
| ExecStartPre=/usr/bin/docker run --name tinc -d --volume /srv/tinc:/etc/tinc --net=host --device=/dev/net/tun --cap-add NET_ADMIN jenserat/tinc start -D | |
| ExecStart=/bin/sh -c "while true; do etcdctl set /services/tinc/$TINC_HOSTNAME \"\\\"` cat /srv/tinc/hosts/$TINC_HOSTNAME `\"\\\" --ttl 60;sleep 45;done" | |
| ExecStop=/usr/bin/docker rm -f tinc | |
| ExecStopPost=/bin/sh -c "etcdctl rm /services/tinc/$TINC_HOSTNAME" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| export DOCKER_HOST=unix:///var/run/early-docker.sock | |
| . /etc/tinc-env | |
| host=${ETCD_WATCH_KEY/\/services\/tinc\//} | |
| #echo "host is $host" | |
| #echo "$ETCD_WATCH_KEY\" key was updated to \"$ETCD_WATCH_VALUE\" value by \"$ETCD_WATCH_ACTION\" action" | |
| if [ $TINC_/HOSTNAME != $host ]; then | |
| if [ "$ETCD_WATCH_ACTION" = "set" ]; then | |
| echo "configuring new tinc host $host" | |
| current_value=""; | |
| if [ -f /srv/tinc/hosts/$host ]; then | |
| current_value="$( cat /srv/tinc/hosts/$host )" | |
| fi | |
| if [ "$ETCD_WATCH_VALUE" != "\"$current_value\"" ]; then | |
| docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add ConnectTo = $host | |
| #etcdctl get /services/tinc/$host | sed -e 's/\"//g' > /srv/tinc/hosts/$host | |
| echo "$ETCD_WATCH_VALUE" | sed -e 's/\"//g' > /srv/tinc/hosts/$host | |
| docker exec tinc /usr/sbin/tinc reload | |
| echo "done" | |
| else | |
| echo "old value = new value; nothing to do" | |
| fi | |
| fi | |
| if [ "$ETCD_WATCH_ACTION" = "delete" ] || [ "$ETCD_WATCH_ACTION" = "expire" ]; then | |
| echo "removing tinc host $host" | |
| docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc del ConnectTo = $host | |
| rm -f /srv/tinc/hosts/$host | |
| docker exec tinc /usr/sbin/tinc reload | |
| echo "done" | |
| fi | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| export DOCKER_HOST=unix:///var/run/early-docker.sock | |
| . /etc/tinc-env | |
| for host in `etcdctl ls /services/tinc/ | sed -e 's/\/services\/tinc\///'`; do | |
| if [ "$TINC_HOSTNAME" != "$host" ]; then | |
| docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add ConnectTo = $host | |
| etcdctl get /services/tinc/$host | sed -e 's/\"//g' > /srv/tinc/hosts/$host | |
| fi | |
| done | |
| docker exec tinc /usr/sbin/tinc reload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment