Annotated RancherOS Cloud-init configuration snippets

00-cloud-config.yml

#cloud-config

# Set the hostname for this machine (takes precedence over hostname assigned by DHCP lease).
hostname: myhost
# Authorize SSH keys for the `rancher` sudoer user
ssh_authorized_keys:
  - ssh-rsa AAA...ZZZ example1@rancher
  

air-gapped.yml

#cloud-config
(...)

# Some steps for air-gapped install of RancherOS:
# 1. Mirror the https://github.com/rancher/os-services repo to your local git server.
# 2. Mirror the https://releases.rancher.com/os/releases.yml file to local git or webserver.
# 3. Mirror all docker images referenced in the os-service repo branch pertaining to your
# RancherOS version to your local Docker registry under a `rancher` organization. Or alternatively:
# Setup an internal pull through cache (registry mirror) for the Docker Hub registry.
#
rancher:
   # Set core repository to the HTTP endpoint of the branch of your os-services mirror
   # pertaining to the RancherOS version.
  repositories:
    core:
      url: https://raw.git.internal/mirror/os-services/v1.4.0
  # Set upgrade URL to mirrored os/releases.yml
  upgrade:
    url: https://raw.git.internal/os/releases.yml
  # If you have mirrored images to your local registry:
  environment:
    REGISTRY_DOMAIN: private-registry.internal
  # Or if you are using a registry pull trough cache/mirror:
  bootstrap_docker:
    registry_mirror: "https://private-mirror.internal"
  docker:
    registry_mirror: "https://private-mirror.internal"
  system_docker:
    registry_mirror: "https://private-mirror.internal"
  

custom-service.yml

#cloud-config
(...)

rancher:
  # Create arbitrary system service started at boot. Useful for running monitoring agents, etc.
  # https://rancher.com/docs/os/v1.x/en/installation/system-services/custom-system-services/
  services:
    my-service:
      command: "tail -f /dev/null"
      image: eu.gcr.io/container-111/busybox:latest
      labels:
        io.rancher.os.scope: system # Runs service in system-docker, remove to run in User Docker

docker-config.yml

#cloud-config
(...)

rancher:
  docker:
    # Configure registry mirror (pull through cache) for User Docker
    # Ref: https://docs.docker.com/registry/recipes/mirror/
    registry_mirror: "https://mirror.gcr.io"
    # Configure docker0 bridge with custom subnet. Useful if the default subnet clashes with internal network.
    # Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/docker
    extra_args: ['--bip=172.20.0.1/16','--fixed-cidr=172.20.0.0/17']
    # Pin the User Docker version. Will prevent upgrade of Docker engine on OS upgrade.
    engine: docker-18.03.1-ce
  system_docker:
    # Configure registry mirror (pull through cache) for System Docker
    # Ref: https://docs.docker.com/registry/recipes/mirror/
    registry_mirror: "http://10.10.10.23:5555"
    # Configure sys-docker bridge with custom subnet, takes effect after reboot.
    # Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/docker
    bip: 172.21.0.1/16
    # If private registry has self-signed/enterprise CA certificates, we need to configure
    # system-docker to skip cert validation. Reason: Currently not possible to update RancherOS
    # trusted certificate store.
    insecure_registry:
    - private-registry.internal

docker-registry-ca.yml

#cloud-config
(...)

# Configure User Docker with CA certificate (chain) of private registry.
# Note: Does not apply to System Docker. Need to use `insecure-registry`.
# See docker-config.yml.
write_files:
  - path: /etc/docker/certs.d/private-registry.internal/ca.crt
    permissions: "0644"
    owner: root
    content: | 
      -----BEGIN CERTIFICATE-----
      KRGFpbWxlciBBRzEYMBYGA1UEA8GW6RCGy2VQ1JYBDANBgkqhkiG9w0BAQsFADA8
      UECgwKRGFpbWxlciBBRzEYMBYGA1UEAwwPQ29yMQswCQYDVQQGEwJERTETMBEGA1
      (...)
      -----END CERTIFICATE-----

docker-storage-disk.yml

#cloud-config
(...)

# Mount additional disk device and use as User Docker data directory.
runcmd:
  - 'mkdir -p /storage'
  - 'mount -t ext4 /dev/nvme1n1 /storage || (mkfs.ext4 /dev/nvme1n1 && mount -t ext4 /dev/nvme1n1 /storage)'
rancher:
  docker:
    extra_args: ["-g", "/storage"]

image-prefix.yml

#cloud-config
(...)

rancher:
  environment:
  # Hostname prefix to apply to RancherOS system and service images. Usefull in air-gapped
  # environments where RancherOS images have been mirrored to a local registry.
  # Applies only to images pulled as part of OS upgrade/installation or system services.
  # Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/images-prefix/
    REGISTRY_DOMAIN: registry.example.com

internet-proxy.yml

#cloud-config
(...)

# The proxy environment configuration will be applied to the following scopes:
# - Console (e.g. `ros` and other user space utilites)
# - Docker
# - System Docker (requires reboot)
# See: https://rancher.com/docs/os/v1.x/en/installation/networking/proxy-settings/
rancher:
  network:
    http_proxy: https://myproxy.example.com
    https_proxy: https://myproxy.example.com
    no_proxy: localhost,127.0.0.1

mounts.yml

#cloud-config
(...)

mounts:
  # Mount NFS4 share
  # Note: Mount paths for nfs/nfs4 mounts are created automatically.
  - ["nfs_4_server_ip:/", "/mnt/nfs", "nfs4", "<optional mount options>"]
  # Mount NFS3 share
  # Note: NFS3 requires `nolock` option -> rpcbind daemon not running in default console.
  - ["nfs_3_server_ip:/", "/mnt/nfs", "nfs", "nolock"]
  # Mount additional disks
  # Note: If disk is not pre-formatted, use `runcmd` cloud-config directive to create filesystem
  # Note: Mount path needs to exist. Use `runcmd` to create if necessary.
  # Ref: https://rancher.com/docs/os/v1.x/en/installation/storage/additional-mounts/
  - ["/dev/nvme0n1p1","/home/rancher/nvme","ext4","<optional mount options>"]
  

network.yml

#cloud-config
(...)

rancher:
  network:
    # Configure nameserver (Default: 8.8.8.8, 8.8.4.4 if not DHCP assigned)
    # Caveat: On first boot, System-Docker may use the default or DHCP assigned nameservers
    # before the cloud-init configuration has been applied (race).
    dns:
      nameservers:
        - 1.1.1.1
        - 1.0.0.1
      override: true # Override DHCP assigned nameservers
    # Assign static IP configuration to interfaces (Default: use DHCP)
    # Ref: https://rancher.com/docs/os/v1.x/en/installation/networking/interfaces/
    interfaces:
      eth1:
        address: 172.68.1.100/24
        gateway: 172.68.1.1
        mtu: 1500
        dhcp: false
          network:

ntp-config.yml

#cloud-config
(...)

# Customize RancherOS NTP daemon configuration
write_files:
  - container: ntp
    path: /etc/ntp.conf
    permissions: "0644"
    owner: root
    content: |
      server ntp.corp.internal prefer
      restrict default nomodify nopeer noquery limited kod
      restrict 127.0.0.1
      restrict [::1]
      restrict localhost
      interface listen 127.0.0.1
      interface listen 172.17.0.1
      interface listen 10.42.0.1

registry-auth.yml

#cloud-config
(...)

rancher:
  # Configure credentials for pulling images from private repos or registries.
  # Note: Only applies to OS and system services images. For all other image pulls
  # (e.g. from the console) credentials need to be configured in the standard Docker
  # config location under /home/rancher, see `user-docker-auth.yml`.
  # Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/private-registries/
  registry_auths:
    https://index.docker.io/v1/:
      username: me
      password: secret
    https://eu.gcr.io:
      username: oauth2accesstoken
      password: sadly-shortlived-token

startup-script.yml

#cloud-config
(...)

# Execute an arbitrary script at boot after all system services have been started.
# Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/write-files/
write_files:
  - path: /etc/rc.local
    permissions: "0755"
    owner: root
    content: |
      #!/bin/bash
      echo "I'm doing things on start"

sysctl-config.yml

#cloud-config
(...)

rancher:
  # Configure Sysctl parameters.
  # Example: Satisfy host requirement for running elasticsearch containers.
  sysctl:
    vm.max_map_count: 262144

user-docker-auth.yml

#cloud-config
(...)

# Configure registry credentials for User Docker
# Note: Does not apply to pulling images for system services. Use `rancher.registry_auths` option instead.
# -> registry-auth.yml
write_files:
  - container: console
    path: /home/rancher/.docker/config.json
    permissions: "0755"
    owner: rancher:rancher
    content: | 
      { "auths": { "https://my.registry.com": { "auth": "<base_64_encoded_credentials>" } } }

zz-auto-install.yml

#cloud-config
(...)

# Install RancherOS to /dev/sda on first boot (Needs testing)
# Usefull when the VM is booted from ISO, e.g. in Rancher or using docker-machine.
# Note: Must not use the rancheros-vmware.iso since the disk is mounted as state partition automatically
# and install will fail.
runcmd:
  - 'echo "ensuring install" > /var/log/ros-install.log'
  - 'mount | grep /dev/sda || sudo ros install -d /dev/sda -f -k --append "rancher.autologin=tty1 console=tty1 printk.devkmsg=on panic=10"'

This was really useful, thanks a lot!

This was exactly what I needed! Thank you!