szaydel
8/24/2014 - 4:34 PM

user_data.yaml

#cloud-config

hostname: coreos-01

coreos:
  etcd:
    #discovery: https://discovery.etcd.io/xxxxxxxxxxxxxxxx
    addr: $private_ipv4:4001
    peer-addr: $private_ipv4:7001
  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start
    - name: var-lib-docker.mount
      command: start
      content: |
        [Unit]
        Description=Mount vdb to /var/lib/docker
        Before=docker.service

        [Mount]
        What=/dev/vdb1
        Where=/var/lib/docker
        Type=btrfs
    - name: iptables.service
      command: start
      content: |
        [Unit]
        Description=Packet Filtering Framework
        DefaultDependencies=no
        Before=network-pre.target

        [Service]
        Type=oneshot
        ExecStart=/usr/sbin/iptables-restore /etc/iptables.rules ; /usr/sbin/ip6tables-restore /etc/ip6tables.rules
        ExecReload=/usr/sbin/iptables-restore /etc/iptables.rules ; /usr/sbin/ip6tables-restore /etc/ip6tables.rules
        ExecStop=/usr/sbin/iptables --flush ; /usr/sbin/ip6tables --flush
        RemainAfterExit=yes

        [Install]
        RequiredBy=network-pre.target

    - name: sshd.socket
      command: restart
      content: |
        [Socket]
        ListenStream=2222
        Accept=yes
users:
  - name: core
    passwd: xxxxxxxxxxxxxxxxxxxxx
    ssh-authorized-keys: 
      - ssh-rsa AAAA....................
  - groups:
      - sudo
      - docker
write_files:
  - path: /etc/systemd/network/10-static.network
    permissions: 0644
    content: |
      [Match]
      Name=ens3

      [Network]
      DNS=x.x.128.10
      DNS=x.x.128.11 
      DNS=8.8.8.8

      [Route]
      Gateway=x.x.129.1

      [Address]
      Address=x.x.129.109/24
  - path: /etc/ssh/sshd_config
    permissions: 0600
    owner: root:root
    content: |
        # Use most defaults for sshd configuration.
        UsePrivilegeSeparation sandbox
        Subsystem sftp internal-sftp

        PermitRootLogin no
        AllowUsers core
        PasswordAuthentication no
        ChallengeResponseAuthentication no
        #Port 2222