#cloud-config
write_files:
- path: /etc/systemd/system/docker.service.d/increase-ulimit.conf
owner: core:core
permissions: 0644
content: |
[Service]
LimitMEMLOCK=infinity
- path: /etc/ntp.conf
content: |
# Common pool
server 0.pool.ntp.org
server 1.pool.ntp.org
# - Allow only time queries, at a limited rate.
# - Allow all local queries (IPv4, IPv6)
restrict default nomodify nopeer noquery limited kod
restrict 127.0.0.1
restrict [::1]
coreos:
etcd:
# generate a new token for each unique cluster from https://discovery.etcd.io/new
discovery: https://discovery.etcd.io/xxxxxxxx
# multi-region and multi-cloud deployments need to use $public_ipv4
addr: $private_ipv4:4001
peer-addr: $private_ipv4:7001
units:
- name: format-ephemeral.service
command: start
content: |
[Unit]
Description=Formats the ephemeral drive
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/wipefs -f /dev/xvdf
ExecStart=/usr/sbin/mkfs.btrfs -f /dev/xvdf
- name: var-lib-docker.mount
command: start
content: |
[Unit]
Description=Mount ephemeral to /var/lib/docker
Requires=format-ephemeral.service
After=format-ephemeral.service
Before=docker.service
[Mount]
What=/dev/xvdf
Where=/var/lib/docker
Type=btrfs
- name: settimezone.service
command: start
content: |
[Unit]
Description=Set the timezone
[Service]
ExecStart=/usr/bin/timedatectl set-timezone Europe/Brussels
RemainAfterExit=yes
Type=oneshot
- name: etcd.service
command: start
- name: fleet.service
command: start
- name: docker-tcp.socket
command: start
enable: yes
content: |
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=127.0.0.1:2375
BindIPv6Only=both
Service=docker.service
[Install]
WantedBy=sockets.target
- name: enable-docker-tcp.service
command: start
content: |
[Unit]
Description=Enable the Docker Socket for the API
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl enable docker-tcp.socket
- name: consul.service
content: |
[Unit]
Description=Consul
After=fleet.service docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill consul
ExecStartPre=-/usr/bin/docker rm consul
ExecStartPre=/usr/bin/docker pull progrium/consul
ExecStartPre=-/usr/bin/etcdctl mk /consul $COREOS_PRIVATE_IPV4
ExecStart=/bin/bash -c " \
/usr/bin/docker run \
--rm --name consul \
-h %H \
-p ${COREOS_PRIVATE_IPV4}:8300:8300 \
-p ${COREOS_PRIVATE_IPV4}:8301:8301 \
-p ${COREOS_PRIVATE_IPV4}:8301:8301/udp \
-p ${COREOS_PRIVATE_IPV4}:8302:8302 \
-p ${COREOS_PRIVATE_IPV4}:8302:8302/udp \
-p ${COREOS_PRIVATE_IPV4}:8400:8400 \
-p ${COREOS_PRIVATE_IPV4}:8500:8500 \
-p $(/usr/bin/ip -f inet addr show docker0 | grep inet | /usr/bin/cut -d ' ' -f 6 | /usr/bin/cut -d '/' -f 1):53:53/udp \
progrium/consul \
-server \
-bootstrap-expect 2 \
-advertise ${COREOS_PRIVATE_IPV4}"
ExecStop=/usr/bin/docker kill consul
[Install]
WantedBy=multi-user.target
- name: consul-discovery.service
command: start
enable: true
content: |
[Unit]
Description=Consul Discovery
BindsTo=consul.service
After=consul.service
[Service]
EnvironmentFile=/etc/environment
ExecStart=/bin/bash -c " \
while true; \
do etcdctl mk /services/consul $COREOS_PRIVATE_IPV4 --ttl 60; \
/usr/bin/docker exec consul consul join $(etcdctl get /services/consul); \
sleep 45 \
;done"
ExecStop=/usr/bin/etcdctl rm /services/consul --with-value %H
- name: registrator.service
command: start
enable: true
content: |
[Unit]
Description=Registrator
After=consul.service
Requires=consul.service
[Service]
TimeoutStartSec=0
Restart=always
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill registrator
ExecStartPre=-/usr/bin/docker rm registrator
ExecStartPre=/usr/bin/docker gliderlabs/registrator
ExecStart=/usr/bin/docker run \
--name registrator \
-h %H \
-v /var/run/docker.sock:/tmp/docker.sock \
--link consul:consul \
gliderlabs/registrator \
consul://consul:8500
ExecStop=/usr/bin/docker kill registrator
[Install]
WantedBy=multi-user.target
- name: ambassadord.service
command: start
enable: true
content: |
[Unit]
Description=Ambassadord in Omni Mode
After=consul.service
Requires=consul.service
[Service]
TimeoutStartSec=0
Restart=always
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill backends
ExecStartPre=-/usr/bin/docker rm backends
ExecStartPre=/usr/bin/docker pull progrium/ambassadord
ExecStart=/usr/bin/docker run \
--name backends \
-h %H \
-v /var/run/docker.sock:/var/run/docker.sock \
progrium/ambassadord \
--omnimode
ExecStartPost=/usr/bin/docker run \
--rm \
--privileged \
--net container:backends \
progrium/ambassadord \
--setup-iptables
ExecStop=/usr/bin/docker kill backends
[Install]
WantedBy=multi-user.target