Last active
October 16, 2024 15:51
-
-
Save janeczku/02302dae3fbfa011f4f7a60df2b5f24e to your computer and use it in GitHub Desktop.
Annotated RancherOS Cloud-init configuration snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
# Set the hostname for this machine (takes precedence over hostname assigned by DHCP lease). | |
hostname: myhost | |
# Authorize SSH keys for the `rancher` sudoer user | |
ssh_authorized_keys: | |
- ssh-rsa AAA...ZZZ example1@rancher | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Some steps for air-gapped install of RancherOS: | |
# 1. Mirror the https://github.com/rancher/os-services repo to your local git server. | |
# 2. Mirror the https://releases.rancher.com/os/releases.yml file to local git or webserver. | |
# 3. Mirror all docker images referenced in the os-service repo branch pertaining to your | |
# RancherOS version to your local Docker registry under a `rancher` organization. Or alternatively: | |
# Setup an internal pull through cache (registry mirror) for the Docker Hub registry. | |
# | |
rancher: | |
# Set core repository to the HTTP endpoint of the branch of your os-services mirror | |
# pertaining to the RancherOS version. | |
repositories: | |
core: | |
url: https://raw.git.internal/mirror/os-services/v1.4.0 | |
# Set upgrade URL to mirrored os/releases.yml | |
upgrade: | |
url: https://raw.git.internal/os/releases.yml | |
# If you have mirrored images to your local registry: | |
environment: | |
REGISTRY_DOMAIN: private-registry.internal | |
# Or if you are using a registry pull trough cache/mirror: | |
bootstrap_docker: | |
registry_mirror: "https://private-mirror.internal" | |
docker: | |
registry_mirror: "https://private-mirror.internal" | |
system_docker: | |
registry_mirror: "https://private-mirror.internal" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
rancher: | |
# Create arbitrary system service started at boot. Useful for running monitoring agents, etc. | |
# https://rancher.com/docs/os/v1.x/en/installation/system-services/custom-system-services/ | |
services: | |
my-service: | |
command: "tail -f /dev/null" | |
image: eu.gcr.io/container-111/busybox:latest | |
labels: | |
io.rancher.os.scope: system # Runs service in system-docker, remove to run in User Docker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
rancher: | |
docker: | |
# Configure registry mirror (pull through cache) for User Docker | |
# Ref: https://docs.docker.com/registry/recipes/mirror/ | |
registry_mirror: "https://mirror.gcr.io" | |
# Configure docker0 bridge with custom subnet. Useful if the default subnet clashes with internal network. | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/docker | |
extra_args: ['--bip=172.20.0.1/16','--fixed-cidr=172.20.0.0/17'] | |
# Pin the User Docker version. Will prevent upgrade of Docker engine on OS upgrade. | |
engine: docker-18.03.1-ce | |
system_docker: | |
# Configure registry mirror (pull through cache) for System Docker | |
# Ref: https://docs.docker.com/registry/recipes/mirror/ | |
registry_mirror: "http://10.10.10.23:5555" | |
# Configure sys-docker bridge with custom subnet, takes effect after reboot. | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/docker | |
bip: 172.21.0.1/16 | |
# If private registry has self-signed/enterprise CA certificates, we need to configure | |
# system-docker to skip cert validation. Reason: Currently not possible to update RancherOS | |
# trusted certificate store. | |
insecure_registry: | |
- private-registry.internal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Configure User Docker with CA certificate (chain) of private registry. | |
# Note: Does not apply to System Docker. Need to use `insecure-registry`. | |
# See docker-config.yml. | |
write_files: | |
- path: /etc/docker/certs.d/private-registry.internal/ca.crt | |
permissions: "0644" | |
owner: root | |
content: | | |
-----BEGIN CERTIFICATE----- | |
KRGFpbWxlciBBRzEYMBYGA1UEA8GW6RCGy2VQ1JYBDANBgkqhkiG9w0BAQsFADA8 | |
UECgwKRGFpbWxlciBBRzEYMBYGA1UEAwwPQ29yMQswCQYDVQQGEwJERTETMBEGA1 | |
(...) | |
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Mount additional disk device and use as User Docker data directory. | |
runcmd: | |
- 'mkdir -p /storage' | |
- 'mount -t ext4 /dev/nvme1n1 /storage || (mkfs.ext4 /dev/nvme1n1 && mount -t ext4 /dev/nvme1n1 /storage)' | |
rancher: | |
docker: | |
extra_args: ["-g", "/storage"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
rancher: | |
environment: | |
# Hostname prefix to apply to RancherOS system and service images. Usefull in air-gapped | |
# environments where RancherOS images have been mirrored to a local registry. | |
# Applies only to images pulled as part of OS upgrade/installation or system services. | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/images-prefix/ | |
REGISTRY_DOMAIN: registry.example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# The proxy environment configuration will be applied to the following scopes: | |
# - Console (e.g. `ros` and other user space utilites) | |
# - Docker | |
# - System Docker (requires reboot) | |
# See: https://rancher.com/docs/os/v1.x/en/installation/networking/proxy-settings/ | |
rancher: | |
network: | |
http_proxy: https://myproxy.example.com | |
https_proxy: https://myproxy.example.com | |
no_proxy: localhost,127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
mounts: | |
# Mount NFS4 share | |
# Note: Mount paths for nfs/nfs4 mounts are created automatically. | |
- ["nfs_4_server_ip:/", "/mnt/nfs", "nfs4", "<optional mount options>"] | |
# Mount NFS3 share | |
# Note: NFS3 requires `nolock` option -> rpcbind daemon not running in default console. | |
- ["nfs_3_server_ip:/", "/mnt/nfs", "nfs", "nolock"] | |
# Mount additional disks | |
# Note: If disk is not pre-formatted, use `runcmd` cloud-config directive to create filesystem | |
# Note: Mount path needs to exist. Use `runcmd` to create if necessary. | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/storage/additional-mounts/ | |
- ["/dev/nvme0n1p1","/home/rancher/nvme","ext4","<optional mount options>"] | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
rancher: | |
network: | |
# Configure nameserver (Default: 8.8.8.8, 8.8.4.4 if not DHCP assigned) | |
# Caveat: On first boot, System-Docker may use the default or DHCP assigned nameservers | |
# before the cloud-init configuration has been applied (race). | |
dns: | |
nameservers: | |
- 1.1.1.1 | |
- 1.0.0.1 | |
override: true # Override DHCP assigned nameservers | |
# Assign static IP configuration to interfaces (Default: use DHCP) | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/networking/interfaces/ | |
interfaces: | |
eth1: | |
address: 172.68.1.100/24 | |
gateway: 172.68.1.1 | |
mtu: 1500 | |
dhcp: false | |
network: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Customize RancherOS NTP daemon configuration | |
write_files: | |
- container: ntp | |
path: /etc/ntp.conf | |
permissions: "0644" | |
owner: root | |
content: | | |
server ntp.corp.internal prefer | |
restrict default nomodify nopeer noquery limited kod | |
restrict 127.0.0.1 | |
restrict [::1] | |
restrict localhost | |
interface listen 127.0.0.1 | |
interface listen 172.17.0.1 | |
interface listen 10.42.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
rancher: | |
# Configure credentials for pulling images from private repos or registries. | |
# Note: Only applies to OS and system services images. For all other image pulls | |
# (e.g. from the console) credentials need to be configured in the standard Docker | |
# config location under /home/rancher, see `user-docker-auth.yml`. | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/private-registries/ | |
registry_auths: | |
https://index.docker.io/v1/: | |
username: me | |
password: secret | |
https://eu.gcr.io: | |
username: oauth2accesstoken | |
password: sadly-shortlived-token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Execute an arbitrary script at boot after all system services have been started. | |
# Ref: https://rancher.com/docs/os/v1.x/en/installation/configuration/write-files/ | |
write_files: | |
- path: /etc/rc.local | |
permissions: "0755" | |
owner: root | |
content: | | |
#!/bin/bash | |
echo "I'm doing things on start" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
rancher: | |
# Configure Sysctl parameters. | |
# Example: Satisfy host requirement for running elasticsearch containers. | |
sysctl: | |
vm.max_map_count: 262144 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Configure registry credentials for User Docker | |
# Note: Does not apply to pulling images for system services. Use `rancher.registry_auths` option instead. | |
# -> registry-auth.yml | |
write_files: | |
- container: console | |
path: /home/rancher/.docker/config.json | |
permissions: "0755" | |
owner: rancher:rancher | |
content: | | |
{ "auths": { "https://my.registry.com": { "auth": "<base_64_encoded_credentials>" } } } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
(...) | |
# Install RancherOS to /dev/sda on first boot (Needs testing) | |
# Usefull when the VM is booted from ISO, e.g. in Rancher or using docker-machine. | |
# Note: Must not use the rancheros-vmware.iso since the disk is mounted as state partition automatically | |
# and install will fail. | |
runcmd: | |
- 'echo "ensuring install" > /var/log/ros-install.log' | |
- 'mount | grep /dev/sda || sudo ros install -d /dev/sda -f -k --append "rancher.autologin=tty1 console=tty1 printk.devkmsg=on panic=10"' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This was exactly what I needed! Thank you!