deis coreos user-data

user-data

#cloud-config
---
coreos:
  etcd:
    # generate a new token for each unique cluster from https://discovery.etcd.io/new
    # uncomment the following line and replace it with your discovery URL
    # discovery: https://discovery.etcd.io/12345693838asdfasfadf13939923
    addr: $private_ipv4:4001
    peer-addr: $private_ipv4:7001
    # give etcd more time if it's under heavy load - prevent leader election thrashing
    peer-election-timeout: 2000
    # heartbeat interval should ideally be 1/4 or 1/5 of peer election timeout
    peer-heartbeat-interval: 500
  fleet:
    # We have to set the public_ip here so this works on Vagrant -- otherwise, Vagrant VMs
    # will all publish the same private IP. This is harmless for cloud providers.
    public-ip: $private_ipv4
    # allow etcd to slow down at times
    etcd_request_timeout: 3.0
  units:
  - name: etcd.service
    command: start
    content: |
      [Unit]
      Description=etcd
      [Service]
      User=etcd
      PermissionsStartOnly=true
      Environment=ETCD_DATA_DIR=/var/lib/etcd
      Environment=ETCD_NAME=%m
      ExecStart=/usr/bin/etcd
      Restart=always
      RestartSec=10s
      LimitNOFILE=40000
  - name: upgrade-fleet-091.service
    command: start
    content: |
      [Unit]
      Description=Upgrade fleet if system fleet is v0.9.1, which has a known bug
      Before=fleet.service
      ConditionPathIsSymbolicLink=!/etc/systemd/system/fleet.service.d/99-upgrade-fleet-091.conf

      [Service]
      ExecStart=/usr/bin/bash -c 'if fleetd --version | grep -q 0.9.1; then curl -sSL --retry 5 --retry-delay 2 -o /run/deis/bin/fleetd-0.9.2 https://s3-us-west-2.amazonaws.com/opdemand/fleetd-v0.9.2 && chmod +x /run/deis/bin/fleetd-0.9.2 && mkdir -p /etc/systemd/system/fleet.service.d/ && ln -s /run/deis/conf/fleetd-092-custom-binary.conf /etc/systemd/system/fleet.service.d/99-upgrade-fleet-091.conf; else rm -f /etc/systemd/system/fleet.service.d/99-upgrade-fleet-091.conf; fi'
      RemainAfterExit=yes
      Type=oneshot
  - name: stop-update-engine.service
    command: start
    content: |
      [Unit]
      Description=stop update-engine

      [Service]
      Type=oneshot
      ExecStart=/usr/bin/systemctl stop update-engine.service
      ExecStartPost=/usr/bin/systemctl mask update-engine.service
  - name: install-deisctl.service
    command: start
    content: |
      [Unit]
      Description=Install deisctl utility
      ConditionPathExists=!/opt/bin/deisctl

      [Service]
      Type=oneshot
      ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.5.1'
  - name: ntpdate.service
    command: start
  - name: timedate-ntp-synchronization.service
    command: start
    content: |
      [Unit]
      Description=Synchronize system clock
      After=ntpdate.service

      [Service]
      ExecStart=/usr/bin/timedatectl set-timezone UTC
      ExecStart=/usr/bin/timedatectl set-ntp true
      ExecStart=/sbin/hwclock --systohc --utc
      RemainAfterExit=yes
      Type=oneshot
  - name: debug-etcd.service
    content: |
      [Unit]
      Description=etcd debugging service

      [Service]
      ExecStartPre=/usr/bin/curl -sSL -o /opt/bin/jq http://stedolan.github.io/jq/download/linux64/jq
      ExecStartPre=/usr/bin/chmod +x /opt/bin/jq
      ExecStart=/usr/bin/bash -c "while true; do curl -sL http://127.0.0.1:4001/v2/stats/leader | /opt/bin/jq . ; sleep 1 ; done"
  - name: increase-nf_conntrack-connections.service
    command: start
    content: |
      [Unit]
      Description=Increase the number of connections in nf_conntrack. default is 65536

      [Service]
      Type=oneshot
      ExecStartPre=/usr/sbin/modprobe nf_conntrack
      ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144"
  - name: load-overlay-module.service
    command: start
    content: |
      [Unit]
      Description=Load overlay module before docker start
      Before=docker.service

      [Service]
      ExecStart=/bin/bash -c "lsmod | grep overlay || modprobe overlay"
  - name: fleet.service
    command: start
write_files:
  - path: /etc/environment
    permissions: 0644
    content: |
      COREOS_PUBLIC_IPV4=<your public ip>
      COREOS_PRIVATE_IPV4=<your private ip>

  - path: /etc/deis-release
    content: |
      DEIS_RELEASE=v1.5.1
  - path: /etc/motd
    content: " \e[31m* *    \e[34m*   \e[32m*****    \e[39mddddd   eeeeeee iiiiiii   ssss\n\e[31m*   *  \e[34m* *  \e[32m*   *     \e[39md   d   e    e    i     s    s\n \e[31m* *  \e[34m***** \e[32m*****     \e[39md    d  e         i    s\n\e[32m*****  \e[31m* *    \e[34m*       \e[39md     d e         i     s\n\e[32m*   * \e[31m*   *  \e[34m* *      \e[39md     d eee       i      sss\n\e[32m*****  \e[31m* *  \e[34m*****     \e[39md     d e         i         s\n  \e[34m*   \e[32m*****  \e[31m* *      \e[39md    d  e         i          s\n \e[34m* *  \e[32m*   * \e[31m*   *     \e[39md   d   e    e    i    s    s\n\e[34m***** \e[32m*****  \e[31m* *     \e[39mddddd   eeeeeee iiiiiii  ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n"
  - path: /etc/profile.d/nse-function.sh
    permissions: '0755'
    content: |
      function nse() {
        docker exec -it $1 bash
      }
  - path: /etc/systemd/system/docker.service.d/50-insecure-registry.conf
    content: |
        [Service]
        EnvironmentFile=/etc/environment_proxy
        Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10"
  - path: /run/deis/bin/get_image
    permissions: '0755'
    content: |
      #!/bin/bash
      # usage: get_image <component_path>
      IMAGE=`etcdctl get $1/image 2>/dev/null`

      # if no image was set in etcd, we use the default plus the release string
      if [ $? -ne 0 ]; then
        RELEASE=`etcdctl get /deis/platform/version 2>/dev/null`

        # if no release was set in etcd, use the default provisioned with the server
        if [ $? -ne 0 ]; then
          source /etc/deis-release
          RELEASE=$DEIS_RELEASE
        fi

        IMAGE=$1:$RELEASE
      fi

      # remove leading slash
      echo ${IMAGE#/}
  - path: /run/deis/bin/preseed
    permissions: '0755'
    content: |
      #!/bin/bash

      COMPONENTS=(builder cache controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor)
      for c in "${COMPONENTS[@]}"; do
        image=`/run/deis/bin/get_image /deis/$c`
        docker history $image >/dev/null 2>&1 || docker pull $image
      done
  - path: /opt/bin/deis-debug-logs
    permissions: '0755'
    content: |
      #!/bin/bash

      echo '--- VERSIONS ---'
      source /etc/os-release
      echo $PRETTY_NAME
      source /etc/deis-release
      echo "Deis $DEIS_RELEASE"
      etcd -version
      fleet -version
      printf "\n"

      echo '--- SYSTEM STATUS ---'
      journalctl -n 50 -u etcd --no-pager
      journalctl -n 50 -u fleet --no-pager
      printf "\n"

      echo '--- DEIS STATUS ---'
      deisctl list
      etcdctl ls --recursive /deis
      printf "\n"
  - path: /home/core/.toolboxrc
    owner: core
    content: |
      TOOLBOX_DOCKER_IMAGE=ubuntu-debootstrap
      TOOLBOX_DOCKER_TAG=14.04
      TOOLBOX_USER=root
  - path: /etc/environment_proxy
    owner: core
    content: |
      HTTP_PROXY=
      HTTPS_PROXY=
      ALL_PROXY=
      NO_PROXY=
      http_proxy=
      https_proxy=
      all_proxy=
      no_proxy=
  - path: /etc/systemd/coredump.conf
    content: |
      [Coredump]
      Storage=none
  - path: /etc/systemd/system/ntpd.service.d/debug.conf
    content: |
      [Service]
      ExecStart=
      ExecStart=/usr/sbin/ntpd -g -n -f /var/lib/ntp/ntp.drift
  - path: /run/deis/conf/fleetd-092-custom-binary.conf
    content: |
      [Service]
      ExecStart=
      ExecStart=/run/deis/bin/fleetd-0.9.2