-
Notifications
You must be signed in to change notification settings - Fork 1
/
user-data
224 lines (196 loc) · 8.43 KB
/
user-data
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
#cloud-config
# TODO wait for files as described in http://www.freedesktop.org/software/systemd/man/systemd.path.html
# TODO wait for devices as described in https://lists.fedoraproject.org/pipermail/devel/2012-January/160917.html
# udevadm info -a -p /sys/class/net/eth0/
write_files:
- path: /srv/tinc_initial_config.sh
permissions: 0774
owner: root
content: |
#!/bin/sh
export DOCKER_HOST=unix:///var/run/early-docker.sock
. /etc/tinc-env
for host in `etcdctl ls /services/tinc/ | sed -e 's/\/services\/tinc\///'`; do
if [ "$TINC_HOSTNAME" != "$host" ]; then
docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add ConnectTo = $host
etcdctl get /services/tinc/$host | sed -e 's/\"//g' > /srv/tinc/hosts/$host
fi
done
docker exec tinc /usr/sbin/tinc reload
- path: /srv/tinc_conf_updater.sh
permissions: 0774
owner: root
content: |
#!/bin/sh
export DOCKER_HOST=unix:///var/run/early-docker.sock
. /etc/tinc-env
host=${ETCD_WATCH_KEY/\/services\/tinc\//}
echo "host is $host"
echo "$ETCD_WATCH_KEY\" key was updated to \"$ETCD_WATCH_VALUE\" value by \"$ETCD_WATCH_ACTION\" action"
if [ $TINC_HOSTNAME != $host ]; then
if [ "$ETCD_WATCH_ACTION" = "set" ]; then
echo "configuring new tinc host $host"
current_value="";
if [ -f /srv/tinc/hosts/$host ]; then
current_value="$( cat /srv/tinc/hosts/$host )"
fi
if [ "$ETCD_WATCH_VALUE" != "\"$current_value\"" ]; then
docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add ConnectTo = $host
etcdctl get /services/tinc/$host | sed -e 's/\"//g' > /srv/tinc/hosts/$host
docker exec tinc /usr/sbin/tinc reload
echo "done"
else
echo "old value = new value; nothing to do"
fi
fi
if [ "$ETCD_WATCH_ACTION" = "delete" ] || [ "$ETCD_WATCH_ACTION" = "expire" ]; then
echo "removing tinc host $host"
docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc del ConnectTo = $host
rm -f /srv/tinc/hosts/$host
docker exec tinc /usr/sbin/tinc reload
echo "done"
fi
fi
coreos:
#etcd:
# generate a new token for each unique cluster from https://discovery.etcd.io/new
# WARNING: replace each time you 'vagrant destroy'
#discovery: https://discovery.etcd.io/4dbce9b90646e13c17bd298cffc0ed99
#addr: $public_ipv4:4001
#peer-addr: $public_ipv4:7001
etcd2:
# generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
discovery: "https://discovery.etcd.io/58ae5350f598e02901e5ded2c657c6bf"
# multi-region and multi-cloud deployments need to use $public_ipv4
advertise-client-urls: "http://$public_ipv4:2379"
initial-advertise-peer-urls: "http://$public_ipv4:2380"
# listen on both the official ports and the legacy ports
# legacy ports can be omitted if your application doesn't depend on them
listen-client-urls: "http://0.0.0.0:2379,http://0.0.0.0:4001"
listen-peer-urls: "http://$public_ipv4:2380,http://$public_ipv4:7001"
fleet:
public-ip: $public_ipv4
flannel:
interface: $public_ipv4
units:
- name: etcd2.service
command: start
#To use etcd2, comment out the above service and uncomment these
# Note: this requires a release that contains etcd2
#- name: etcd2.service
# command: start
- name: early-docker.service
command: start
enable: true
- name: tinc-env.service
enable: true
command: start
content: |
[Unit]
Description=Tinc Service
After=etcd.service etcd2.service early-docker.service flanneld.service
Before=early-docker.target fleet.service
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo \"TINC_HOSTNAME=`hostname | sed -e 's/-/_/g'`\" > /etc/tinc-env"
- name: flannel-wait.service
command: start
enable: true
content: |
[Unit]
Description=Wait For Flannel
Requires=flanneld.service
After=etcd.service etcd2.service early-docker.service flanneld.service
Before=early-docker.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo \"TINC_HOSTNAME=`hostname | sed -e 's/-/_/g'`\" > /etc/tinc-env"
ExecStartPre=/bin/sh -c "while [ ! -f /run/flannel/subnet.env ] ; do sleep 1; done"
- name: tinc-conf.service
enable: true
command: start
content: |
[Unit]
Description=Tinc Configuration Service
After=etcd.service etcd2.service early-docker.service flanneld.service
Before=early-docker.target fleet.service
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo \"TINC_HOSTNAME=`hostname | sed -e 's/-/_/g'`\" > /etc/tinc-env"
- name: tinc.service
command: start
enable: true
content: |
[Unit]
Description=Tinc VPN Service
Requires=flannel-wait.service
After=early-docker.service flanneld.service tinc-env.service flannel-wait.service
Before=early-docker.target
[Service]
Environment="DOCKER_HOST=unix:///var/run/early-docker.sock"
EnvironmentFile=/etc/tinc-env
EnvironmentFile=/etc/environment
ExecStartPre=/usr/bin/docker pull jenserat/tinc
ExecStartPre=/usr/bin/rm -rf /srv/tinc
ExecStartPre=/usr/bin/mkdir -p /srv/tinc
ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc init $TINC_HOSTNAME"
ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add Address = $COREOS_PUBLIC_IPV4"
EnvironmentFile=/run/flannel/subnet.env
ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add Subnet = `echo $FLANNEL_SUBNET | sed -e 's/1\\/24/0\\/24/'`"
ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add Mode = switch"
ExecStartPre=/bin/sh -c "/usr/bin/docker run --rm --volume /srv/tinc:/etc/tinc jenserat/tinc add DeviceType = tap"
ExecStartPre=-/usr/bin/docker rm -f tinc
ExecStartPre=/usr/bin/docker run --name tinc -d --volume /srv/tinc:/etc/tinc --net=host --device=/dev/net/tun --cap-add NET_ADMIN jenserat/tinc start -D
ExecStart=/bin/sh -c "while true; do etcdctl set /services/tinc/$TINC_HOSTNAME \"\\\"` cat /srv/tinc/hosts/$TINC_HOSTNAME `\"\\\" --ttl 60;sleep 45;done"
ExecStop=/usr/bin/docker rm -f tinc
ExecStopPost=/bin/sh -c "etcdctl rm /services/tinc/$TINC_HOSTNAME"
- name: flanneld.service
command: start
enable: true
drop-ins:
- name: 50-network-config.conf
content: |
[Service]
ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "10.1.0.0/16", "Backend": { "Type": "alloc"} }'
- name: docker-bridge.service
command: start
enable: true
content: |
[Unit]
Description=Configure Docker Bridge
Requires=docker.service
#After=docker.socket
[Service]
Type=oneshot
#ExecStartPre=-/bin/sh -c "route del -net 10.1.0.0 netmask 255.255.0.0 dev tap0"
ExecStartPre=/bin/sh -c "while ! ifconfig -s | grep -q tap0 ; do sleep 1; done"
ExecStartPre=/bin/sh -c "while ! ifconfig -s | grep -q docker0 ; do sleep 1; done"
ExecStartPre=/bin/sh -c "route add -net 10.1.0.0 netmask 255.255.0.0 dev docker0"
#ExecStartPre=-/bin/sh -c "brctl delif docker0 tap0"
ExecStart=/bin/sh -c "brctl addif docker0 tap0"
- name: tinc-config-updater.service
command: start
enable: true
content: |
[Unit]
Description=Countinously update tinc configuration after ectd changes
Requires=tinc.service
Restart=always
After=tinc.service
[Service]
ExecStartPre=/srv/tinc_initial_config.sh
ExecStart=/usr/bin/etcdctl exec-watch --recursive /services/tinc -- /srv/tinc_conf_updater.sh
- name: fleet.service
command: start
- name: docker-tcp.socket
command: start
enable: true
content: |
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=2375
Service=docker.service
BindIPv6Only=both
[Install]
WantedBy=sockets.target