#cloud-config coreos: etcd2: # generate a new token for each unique cluster from https://discovery.etcd.io/new discovery: #DISCOVERY_URL # multi-region and multi-cloud deployments need to use $public_ipv4 advertise-client-urls: http://$private_ipv4:2379 initial-advertise-peer-urls: http://$private_ipv4:2380 # listen on both the official ports and the legacy ports # legacy ports can be omitted if your application doesn't depend on them listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 data-dir: /var/lib/etcd2 fleet: public-ip: $private_ipv4 metadata: controlPlane=true,dataPlane=true,routerMesh=true update: reboot-strategy: "off" units: - name: etcd.service mask: true - name: etcd2.service command: start - name: fleet.service command: start - name: docker-tcp.socket command: start enable: true content: | [Unit] Description=Docker Socket for the API [Socket] ListenStream=2375 Service=docker.service BindIPv6Only=both [Install] WantedBy=sockets.target - name: update-engine.service command: stop enable: false - name: docker.service drop-ins: - name: 00-reset-environment.conf content: | [Service] Environment= - name: 10-require-flannel.conf content: | [Unit] Requires=flanneld.service After=flanneld.service - name: 50-insecure-registry.conf content: | [Service] Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" - name: 60-cgroup-driver.conf content: | [Service] Environment="DOCKER_CGROUPS=--exec-opt native.cgroupdriver=cgroupfs" - name: flanneld.service command: start drop-ins: - name: 50-network-config.conf content: | [Service] ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' - name: graceful-ceph-shutdown.service content: | [Unit] Description=Ceph node clean up for Deis DefaultDependencies=no After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service graceful-etcd-shutdown.service Requires=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service graceful-etcd-shutdown.service RefuseManualStop=true [Install] WantedBy=shutdown.target halt.target reboot.target [Service] ExecStart=/usr/bin/docker exec deis-store-admin ceph -s ExecStop=/opt/bin/graceful-shutdown.sh --ceph Type=oneshot TimeoutSec=1200 RemainAfterExit=yes - name: graceful-etcd-shutdown.service content: | [Unit] Description=etcd clean up for Deis DefaultDependencies=no After=fleet.service etcd2.service docker.service docker.socket Requires=fleet.service etcd2.service docker.service docker.socket RefuseManualStop=true [Install] WantedBy=shutdown.target halt.target reboot.target [Service] ExecStop=/opt/bin/graceful-shutdown.sh --etcd Type=oneshot TimeoutSec=120 RemainAfterExit=yes - name: install-deisctl.service command: start content: | [Unit] Description=Install deisctl utility ConditionPathExists=!/opt/bin/deisctl [Service] Type=oneshot ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.13.4' - name: increase-nf_conntrack-connections.service command: start content: | [Unit] Description=Increase the number of connections in nf_conntrack. default is 65536 [Service] Type=oneshot ExecStartPre=/usr/sbin/modprobe nf_conntrack ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" write_files: - path: /etc/deis-release content: | DEIS_RELEASE=v1.13.4 - path: /etc/motd content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" - path: /etc/profile.d/nse-function.sh permissions: '0755' content: | function nse() { docker exec -it $1 bash } - path: /run/deis/bin/get_image permissions: '0755' content: | #!/usr/bin/env bash # usage: get_image IMAGE=`etcdctl get $1/image 2>/dev/null` # if no image was set in etcd, we use the default plus the release string if [ $? -ne 0 ]; then RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` # if no release was set in etcd, use the default provisioned with the server if [ $? -ne 0 ]; then source /etc/deis-release RELEASE=$DEIS_RELEASE fi IMAGE=$1:$RELEASE fi # remove leading slash echo ${IMAGE#/} - path: /run/deis/bin/preseed permissions: '0755' content: | #!/usr/bin/env bash COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) for c in "${COMPONENTS[@]}"; do image=`/run/deis/bin/get_image /deis/$c` docker history $image >/dev/null 2>&1 || docker pull $image done - path: /opt/bin/deis-debug-logs permissions: '0755' content: | #!/usr/bin/env bash echo '--- VERSIONS ---' source /etc/os-release echo $PRETTY_NAME source /etc/deis-release echo "Deis $DEIS_RELEASE" etcd2 -version | head -n1 fleet -version printf "\n" echo '--- SYSTEM STATUS ---' journalctl -n 50 -u etcd --no-pager journalctl -n 50 -u fleet --no-pager printf "\n" echo '--- DEIS STATUS ---' deisctl list etcdctl ls --recursive /deis printf "\n" - path: /home/core/.toolboxrc owner: core content: | TOOLBOX_DOCKER_IMAGE=alpine TOOLBOX_DOCKER_TAG=3.1 TOOLBOX_USER=root - path: /etc/environment_proxy owner: core content: | HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= NO_PROXY= http_proxy= https_proxy= all_proxy= no_proxy= - path: /etc/systemd/coredump.conf content: | [Coredump] Storage=none - path: /opt/bin/graceful-shutdown.sh permissions: '0755' content: | #!/usr/bin/bash ceph_shutdown () { # determine osd id OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) for HOST in "${OSD_HOSTS[@]}" do PUBLIC_IP=$(etcdctl member list|grep `cat /etc/machine-id`| awk '{print $3}'| grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') if [ "$HOST" = "$PUBLIC_IP" ] ; then OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) break fi done # if we own an osd and its healthy, try to gracefully remove it if [ ! -z "$OSD_ID" ] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then echo "deis-store-admin container is required for graceful shutdown" exit 2 fi set -e -x -o pipefail CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') if [[ "$CURRENT_STATUS" != *"HEALTH_OK"* ]]; then echo "Ceph cluster must be healthy to perform graceful removal" exit 3 fi docker exec deis-store-admin ceph osd out $OSD_ID sleep 30 TIMEWAITED=0 until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] do if [ $TIMEWAITED -gt "1200" ] then echo "ceph graceful removal timeout exceeded" break fi echo "waiting" && sleep 5 TIMEWAITED=$((TIMEWAITED+5)) done docker stop deis-store-daemon docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID docker exec deis-store-admin ceph auth del osd.$OSD_ID docker exec deis-store-admin ceph osd rm $OSD_ID etcdctl rm /deis/store/osds/$PUBLIC_IP etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 # remove ceph mon docker stop deis-store-monitor || true docker exec deis-store-admin ceph mon remove `hostname -f` # fixme docker stop deis-store-metadata || true fi } etcd_shutdown () { set -e -x -o pipefail # removing the node from etcd NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) etcdctl member remove $NODE } if [ "$1" == "--ceph" ]; then ceph_shutdown elif [ "$1" == "--etcd" ]; then etcd_shutdown fi - path: /opt/bin/wupiao permissions: '0755' content: | #!/usr/bin/env bash # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen [ -n "$1" ] && \ until curl -o /dev/null -sIf http://${1}; do \ sleep 1 && echo .; done; exit $?