Skip to content

Instantly share code, notes, and snippets.

@lgfausak

lgfausak/cloudconfig

Created June 11, 2015 18:50
Show Gist options
  • Save lgfausak/eff8931655f9e21b2c53 to your computer and use it in GitHub Desktop.
Save lgfausak/eff8931655f9e21b2c53 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cloudconfig
#cloud-config
hostname: ad1.tacodata.net
ssh_authorized_keys:
- ssh-rsa yourkey
write_files:
- path: /etc/systemd/system/mk-docker-dns-opts.service
permissions: 0644
owner: core:core
encoding: gzip+base64
content: |
H4sIAMZrbFUAA2VQzW7CMAy+5ymsCgmY1OY6acoktnaXsTJROAGK0tSlEcXpkoBA2sOvlO00+WBb
tr8fb9Zkwo6l6LUzXTCWxIc6IKR5AcrtobYOUqsP6KBSeLQEbFYHdKJuFRG2VeLRnY1GtsSvk3Ho
/0/YprhXO7a6digsoW9s6C+OytAAl11MEFf0LLugLoJyQfDSEC+VbyDWMEbdWBhN9g47eJvP8jyb
y2L9kmcr4O5E/JeU+1NJGBKkM3yDxwoiz5MHwdPF63u2lIvPleytie12G8VxRR74k5f9hoR7+5gM
ce9ij8rpBgz1Ekm1f458Eo0mWgXgZ+V4a7VqubZUm32fHFrPK3uzNo1uPDKawvMgshoeKXtkabtB
5Jj9ADQfQ/2BAQAA
# [Unit]
# Description=Make DNS arg for Docker daemon
# After=flanneld.service
# Requires=flanneld.service
#
# [Service]
# Type=oneshot
# RemainAfterExit=yes
# ExecStart=/bin/bash -c 'echo $(grep FLANNEL_SUBNET /run/flannel/subnet.env | sed "s/.*=/DOCKER_OPT_DNS=\\\"--dns /;s_/.*_ --dns 8.8.8.8 --dns-search internal.services."$(cat /var/local/config/coreos/domain)"\\\"_") >/run/docker_dns_opt.env'
write_files:
- path: /home/core/prs/k.tar.gz
permissions: 0644
owner: core:core
encoding: gzip+base64
content: |
H4sIABAWd1UAAwFgDJ/zH4sIABAWd1UAA+0c2W7bSDLP+orG+EEvokSROhIBxiITe3aNTRwhdnZn
MVgYLaolc02RHDapRBj437eaZ7N5ijqSOKw8BO6j2EfdXSV7LdnWsm9aS9I38IIYr44PMsBkMmL/
D6djmf8/AOgbKmNVlSfjqTx5JQ9HsjJ5heQTrCUDHnWxg9Cr9Qp7FD8Vjqvq/0HhyVsQzTWQf/eI
kQFFQ3nUV9RJXx32p1O0xC5eYEpY36XreKTzrdfcwvEALzeSo/V3eHMKzg+ggv+H6ljx+X+sDpXR
hPG/Mh2pLf+fA7Ct/4s4VLfMGdoOF8TFaudJN5cz9InYhq5hF7reWabrWIZBnM4GRjCJMOsgpDnE
777XNwROcWPPkOkZBvT40oTO0F8m3pAZYkS2wdQlzjN0im2SlqCnNtEYaif4OKAYwl+UGCCkLKcA
oUs2toFdwiYixK+QQfEqGZSuFL4crsdHBMvEugmnFbVI0LbZYHZaf1CDEPu/YQdC2FkD1j+6bxh0
k3YN23ihG7qrE/bV57hD3+A1LMDFmsVWP8ALx/JcIi0t7QnOCBY2Y3ukbnrGHLYyt+CsdjP01viC
dzTu53ekm3GzQ6jlOZrweUo0z9HdHbtq8tWdxR0lS0bIdvStbpA1gRNYYYOSuA9OcKOb/sF/IJSy
lWL3cYYGS7IdcJ2SYa3DSUuTRjt5Z3jsDn7TnXi/Drs8x83d69YyvA1bnH+xMM712EoTIpKfO63W
ygXH1r65/FemQ8H+U6aT1v47C5xF/jMiE+V/0tZA/qcRHlH+pxHXkP8NxTl8p5k4DxbYivNWnB8H
fKp0TqsCquT/aCzKf/AIlFb+nwPOI/8DIsuoAL65iRYQ0R5TEYi4T6cLsOdaC/xoNlQI0UI5nWBb
jksTmS+hv+L1zqFrhl7Lr+UeerSoy//NI+yBMrBcS7OMGbp/N39u9c3LhJB8KPl28l9WM/FfkP/T
Vv6fA4rl/x1xtrpGEokPUiRfgqYlx3MsvpkYwsbNfIa63Q4nlaRIyHa7Pb81EkApkdMDgemsCSeh
nmspAQryAtb4drXSTZBIM3RrmSTh6pfLyo3AXp/c/a/i/9F0JPK/MlHklv/PAWex/ygTJeY6sfyA
6hpbffHcI1t8KbwHWHvE3KZMrwD7v9/e3D/c/2d+3UNbbHjQsgLL57lg4G8375OBA8czBzbYamsw
Yv40BrCp5a5o5v3Nh2RmdyJ3a5uhy0UzAxTOjaH7/g3EyND7YHmmYB5vWFOIYIudgaEvuBPvpXf6
XDSTuFr+LKCfVeGs9O1ys6Dj+eWSW/SFxkQHa6vv8IxHqsI7PMHfIa5wJT+ey/MDU3S5t8ZyDe4S
wc+nIACZsSSEmNDqOHYxF+Ev9NoAIa9rvxpAhneAnqR0AvDTxnZ3Vzr77IYsdW/DzNRkq2uNzJm+
hBWb7pVOn4Tpa90FxWmJrcEWV1Ro9wnSP7RUs041qgtt+cLWzKAEsnSIm2p8GftmJPcz7huYpu62
G4QumCA9pe/PoNL/H2ft/+Gotf/PAcf0/+11I98/0MUlvj8bkOv7p0z21u9vAnCEzPwCc+x0QqCK
/6dq9v1n2sb/zgLF/D+3ls28/ZCkUt6+b+JHsiHtTktRrpSfQdVDqZSpXEta9CwiWxMM5aSfdyFu
VreWO4cRoMM7KeUaux5ZG7/Avi+w7fPt+j1t+mKjuMjKLXi6qC/sPl2/vfpw3d8sT0hjVfw/UmRR
/w/b/J/zwAVQLgUetK0lOMBOEvNDSWSuFwTwgDk6neuvwPkGQSxv3DEJ8A/yGF13OhcX6M7bbLCz
63TuH3UKVi3CiOr+cGwniOmj9UU312AMf+HRaNhECwLYyLLf6dhBXcL/KExwyJ+eDhwA6DLJ6Mi1
2CxKXAQjQeMja4XcRxKksneohXQXPWKKqLUhXx6J48+wDWy60AMWxQrZwIfYBNFg7H4+G4E+7UDq
fNP8D1WZBvw/ngxVsAZ8/T8ctvx/Djhx/P/pNZWA92c+o0tAaT2O5fu6NdACPSeFEoaP7gRKOpoY
NlAbs1FLAtdhuNVvBpkFHO3V4JCtVT8vBJsnrrYUA6przWHY15a1NshDMpcF65YzpS/338RTovR0
LlI38KgzMCwNG4OFbg5SX5CQZPiRDkkzdBCIkucYlOt9dF17NhjIff/fTFGnb3pC2wh4m8eHl1vi
uDol5SiHytRHMMwgYM6cjg0pOk3XeiImNyAUYNw+JI5yFOgujEhHA8QQ9EXlUcczh/1pPM03Yzkk
4eGjS/RLPOEXfmtLi2XtXEbr6QPl8N1szkPg3z7AqV1GRwWnJPtnNQDmHfAztpcK9/0QhbZaP7Dg
/6UfzYWzevCP0F8Si6np685FNCkdTr5IUItB4RhNMihiWHYbmS72iPDRNMB09SvI0hcVXGFtOg+G
zxR5OJZkVRoOJZ5kym4hmJm6gw3WHgEtjU7X5wwWpsuh5KVzGZH5WK24yH7x24T4NJGg4o4w9WQQ
RUY+X833xSO5mp2L6/7dnGsPueyKGHh3x8hiCSJOlbkRLkhDy3PjznE2kH8VCuXw3uPo+0X6unMI
JIxi8hQTNN36M/zREt0BK2x8XXDx09lpp4JQfNLtCQ3AKv9vMhmL8Z/psM3/PQvsEf89rcUnDguj
xP+Exqvbu70NwiT+nOhLOT8QDbiSWLTaS8tbIRKtPotTmYAtmJ4NZKtCGDvXOj1rIDtIn+vDIo6I
VIAK/h8ro2ni/w2nQf1v6/+dBfL4Xwc1CzwiobxOhMrcQ9GbKvOlqjPuK8oEeC8q7QDWyRMV3cCs
I1jlCtbZQtrTy/P1SrN7GhcPVCfSlBUQZKzWIxcRFOXUlGbVlObVlGXWNMytKU9RKc88ESPzsLHc
t/lyHotUMEeatZOwecITHmNTt3tIMnY9NsvXZ9yJVB3D8UWNUOVZVpG6n5AREB9fwggfOLV4yalT
3UOyiLWqLdvXYvuj07v4qxZlv8CxF72LiI9O7+IH6tF70Y9vlJJS4U95NPltjvpMkvl9jpZJQiYJ
mOG9DmjbcM+pwF6f1vdjUOH/TSbh739w/p+stv7fWeD78f+4IqHSMqG9FJRQ1HN0/STgP9gcS1Vz
7FHPcUhFxx41HQ2KiOprQjG3/YdQhEUlGIcUYTQtw2hUiPHCCbKozGgvsuRLjWqFRg4qN2rp/jx0
X2XD7lGEVNfg5X2U6tKUyuKU6vKUogKV4hKVwiKV/DKVYuGdrVXJLdJ5mWeRKlb6yc+CL2CqdRTn
CpXa64PCpLXrVqrt0oNDpCxZ/wDbm0vZzybHJwckmrOlqfuFGqkqfb9OAn9eCn++3izUmYX6skhX
7q0nyxRMsb4oDI6cJCJCn3YnDwBU5f+q07Ho/yvt7/+cB74H//+wTNpMVkhuXkjNqEFuQsZR4waH
bbZmgCEOZedk+/byknxBdtdM7u32Uo5FfoJvgi6d2Au6Mz+hN42Uy+nNCcPvkwAdkYeQ5hyqrbzE
TVh6zcxb8SS2l0rZo0FRtjFPwal05eQdoyJLtcvWLKSnspPOS0vd5zzLE22jdQvZu/X8Y7WXJIMK
GVfPlTMLklU5lCwpSzTNUpeVyWbNdQujhNa9Tc/Ty778dLkwW66pYCxKmsu3hIOrq582l54aXlH9
tLk6crqGHd2+KqXgkWCbnjgDsOr33yajSWL/KTLL/1XU9vffzgKN7b8iqZdItuZibGMB91qObq6l
tYNX2MS8RMv2ZoRYIqqijKbaCUy6uTK8r3+PPnsMI1hwtiOWK9hT1N34zSuNv9p0LV3efgkXkhQ4
4JfJrc5CkyVpkRzrb9hzHy99u0Wiuvl0GZz6chGN5s4j7notd3OslwTvIFr5bAt6S+lnTZVoANdR
M4rNItGUGgMNbF0aGRrQIIUN6fqmxJjICfwKc/kwmH926ag+M/KCQJ+ds5IGUbFGTFpIpBU03IQx
i0JmySdPwJMC1+duKhgTyZzG7Jnzqb15NAdHPUYtZpqHmM+Ae7KlZFHvfnY+XKcqpAir5fY9jJgI
Myb8U2XRe+TN7W/vP/9+9evD9e/3159u375/+PzpffLgyPy1kFAGYGl+3Q2inzQYZNXJYLkY5L5G
xh/5x8e7+xh5jqwqnz3/+CmZ3X2d+56Zd0Ph8tgFTTMXFKnCAwVCAdVHWyrsbsLpk2Oo4NzAf7Qd
Ptqfs2jJ07MvAKKbwzQSlxmtZrYhOjewWm78pOm2W0elhRZaOC38H07J0qcAeAAAoK8Lb2AMAAA=
write_files:
- path: /var/local/config/k8s/master
owner: core:core
content: |
1
write_files:
- path: /var/local/config/k8s/minion
owner: core:core
content: |
1
write_files:
- path: /var/local/config/coreos/domain
owner: core:core
content: |
tacodata.net
write_files:
- path: /var/local/config/coreos/external_ip
owner: core:core
content: |
$public_ipv4
write_files:
- path: /var/local/config/coreos/internal_ip
owner: core:core
content: |
$private_ipv4
write_files:
- path: /home/core/.inputrc
permissions: 0644
owner: core:core
content: |
set editing-mode vi
write_files:
- path: /opt/bin/waiter.sh
permissions: 0755
owner: root
content: |
#! /usr/bin/bash
until curl http://127.0.0.1:4001/v2/machines; do sleep 2; done
write_files:
- path: /opt/bin/waitformaster.sh
permissions: 0755
owner: root
content: |
#! /usr/bin/bash
#not running a local etcd, so, can't get the ip address
# wait for the etcd daemon to present itself.
until mydata=$(wget -T 2 -qO - https://discovery.etcd.io/9b724d3890f46399eafd3fe6c300fb26 | grep http); do sleep 2; done
#mymaster=$(echo $mydata | sed -e 's_.*http://__' -e 's_:7001.*__')
mymaster=$(echo $mydata | sed -e 's_.*http://__' -e 's_[^[0-9\.].*__')
#can do it this way if we have a daemon running
#until mymaster=$(etcdctl get /private/master); do sleep 2; done
echo $mymaster master_private_ip >> /etc/hosts
write_files:
- path: /opt/bin/master_up.sh
permissions: 0755
owner: root
content: |
#! /usr/bin/bash
# having issues with etcd timeouts.
until etcdctl mkdir /private; do sleep 2; done
until etcdctl set /private/master $(cat /var/local/config/coreos/internal_ip); do sleep 2; done
echo $(cat /var/local/config/coreos/internal_ip) master_private_ip >> /etc/hosts
(cd /home/core/prs; tar xzvf k.tar.gz)
chown -R core:core /home/core/prs
coreos:
fleet:
etcd-servers: http://localhost:4001
metadata: "role=master"
flannel:
interface: eth1
units:
- name: setup-network-environment.service
command: start
content: |
[Unit]
Description=Setup Network Environment
Documentation=https://github.com/kelseyhightower/setup-network-environment
Requires=network-online.target
After=network-online.target
[Service]
ExecStartPre=-/usr/bin/mkdir -p /opt/bin
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment
ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
ExecStart=/opt/bin/setup-network-environment
RemainAfterExit=yes
Type=oneshot
- name: etcd2.service
command: start
content: |
[Unit]
Description=etcd2
Requires=setup-network-environment.service
After=setup-network-environment.service
[Service]
EnvironmentFile=/etc/network-environment
User=etcd
PermissionsStartOnly=true
ExecStart=/usr/bin/etcd2 --name $private_ipv4 --advertise-client-urls http://$private_ipv4:2379 --discovery https://discovery.etcd.io/9b724d3890f46399eafd3fe6c300fb26 --data-dir /var/lib/etcd --initial-advertise-peer-urls http://$private_ipv4:2380 --listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 --listen-peer-urls http://$private_ipv4:2380,http://$private_ipv4:7001
Restart=always
RestartSec=10s
- name: fleet.service
command: start
- name: etcd-waiter.service
command: start
content: |
[Unit]
Description=etcd waiter
Wants=network-online.target
Wants=etcd2.service
After=etcd2.service
After=network-online.target
Before=flanneld.service
[Service]
ExecStart=/usr/bin/bash /opt/bin/waiter.sh
RemainAfterExit=true
Type=oneshot
- name: flanneld.service
command: start
drop-ins:
- name: 50-network-config.conf
content: |
[Unit]
Requires=etcd2.service
[Service]
ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{"Network":"10.1.0.0/16", "Backend": {"Type": "vxlan"}}'
- name: docker-cache.service
command: start
content: |
[Unit]
Description=Docker cache proxy
Requires=early-docker.service
After=early-docker.service
Before=early-docker.target
[Service]
Restart=always
TimeoutStartSec=0
RestartSec=5
Environment="TMPDIR=/var/tmp/"
Environment="DOCKER_HOST=unix:///var/run/early-docker.sock"
ExecStartPre=-/usr/bin/docker kill docker-registry
ExecStartPre=-/usr/bin/docker rm docker-registry
ExecStartPre=/usr/bin/docker pull quay.io/devops/docker-registry:latest
# GUNICORN_OPTS is an workaround for
# https://github.com/docker/docker-registry/issues/892
ExecStart=/usr/bin/docker run --rm --net host --name docker-registry -e STANDALONE=false -e GUNICORN_OPTS=[--preload] -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io -e MIRROR_TAGS_CACHE_TTL=1800 quay.io/devops/docker-registry:latest
- name: docker.service
drop-ins:
- name: 51-docker-mirror.conf
content: |
[Unit]
# making sure that docker-cache is up and that flanneld finished
# startup, otherwise containers won't land in flannel's network...
Requires=docker-cache.service flanneld.service
After=docker-cache.service flanneld.service
[Service]
Environment=DOCKER_OPTS='--registry-mirror=http://$private_ipv4:5000'
- name: kube-apiserver.service
command: start
content: |
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
Requires=etcd2.service
After=etcd2.service
[Service]
ExecStartPre=-/usr/bin/mkdir -p /opt/bin
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.18.2/bin/linux/amd64/kube-apiserver
ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver
ExecStart=/opt/bin/kube-apiserver --address=0.0.0.0 --port=8080 --portal_net=10.100.0.0/16 --etcd_servers=http://127.0.0.1:4001 --public_address_override=$public_ipv4 --logtostderr=true
Restart=always
RestartSec=10
- name: kube-controller-manager.service
command: start
content: |
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
Requires=kube-apiserver.service
After=kube-apiserver.service
[Service]
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.18.2/bin/linux/amd64/kube-controller-manager
ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager
ExecStart=/opt/bin/kube-controller-manager --master=127.0.0.1:8080 --logtostderr=true
Restart=always
RestartSec=10
- name: kube-scheduler.service
command: start
content: |
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
Requires=kube-apiserver.service
After=kube-apiserver.service
[Service]
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.18.2/bin/linux/amd64/kube-scheduler
ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler
ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080
Restart=always
RestartSec=10
- name: kube-register.service
command: start
content: |
[Unit]
Description=Kubernetes Registration Service
Documentation=https://github.com/kelseyhightower/kube-register
Requires=kube-apiserver.service
After=kube-apiserver.service
Requires=fleet.service
After=fleet.service
[Service]
ExecStartPre=/usr/bin/wget -N -O /opt/bin/kube-register https://github.com/kelseyhightower/kube-register/releases/download/v0.0.3/kube-register-0.0.3-linux-amd64
ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-register
ExecStart=/opt/bin/kube-register --metadata=role=node --fleet-endpoint=unix:///var/run/fleet.sock --api-endpoint=http://127.0.0.1:8080
Restart=always
RestartSec=10
- name: master-done.service
command: start
content: |
[Unit]
Description=master done with setup
Wants=network-online.target
Wants=kube-register.service
After=kube-register.service
After=network-online.target
[Service]
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.18.2/bin/linux/amd64/kubectl
ExecStartPre=/usr/bin/chmod +x /opt/bin/kubectl
ExecStartPre=/usr/bin/bash /opt/bin/master_up.sh
ExecStart=/opt/bin/kubectl create -f /home/core/prs/sky.app
RemainAfterExit=true
Type=oneshot
update:
group: alpha
reboot-strategy: off
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment