#cloud-config
hostname: coreos-01
coreos:
etcd:
#discovery: https://discovery.etcd.io/xxxxxxxxxxxxxxxx
addr: $private_ipv4:4001
peer-addr: $private_ipv4:7001
units:
- name: etcd.service
command: start
- name: fleet.service
command: start
- name: var-lib-docker.mount
command: start
content: |
[Unit]
Description=Mount vdb to /var/lib/docker
Before=docker.service
[Mount]
What=/dev/vdb1
Where=/var/lib/docker
Type=btrfs
- name: iptables.service
command: start
content: |
[Unit]
Description=Packet Filtering Framework
DefaultDependencies=no
Before=network-pre.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables-restore /etc/iptables.rules ; /usr/sbin/ip6tables-restore /etc/ip6tables.rules
ExecReload=/usr/sbin/iptables-restore /etc/iptables.rules ; /usr/sbin/ip6tables-restore /etc/ip6tables.rules
ExecStop=/usr/sbin/iptables --flush ; /usr/sbin/ip6tables --flush
RemainAfterExit=yes
[Install]
RequiredBy=network-pre.target
- name: sshd.socket
command: restart
content: |
[Socket]
ListenStream=2222
Accept=yes
users:
- name: core
passwd: xxxxxxxxxxxxxxxxxxxxx
ssh-authorized-keys:
- ssh-rsa AAAA....................
- groups:
- sudo
- docker
write_files:
- path: /etc/systemd/network/10-static.network
permissions: 0644
content: |
[Match]
Name=ens3
[Network]
DNS=x.x.128.10
DNS=x.x.128.11
DNS=8.8.8.8
[Route]
Gateway=x.x.129.1
[Address]
Address=x.x.129.109/24
- path: /etc/ssh/sshd_config
permissions: 0600
owner: root:root
content: |
# Use most defaults for sshd configuration.
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
PermitRootLogin no
AllowUsers core
PasswordAuthentication no
ChallengeResponseAuthentication no
#Port 2222