103 lines
3 KiB
YAML
103 lines
3 KiB
YAML
|
#cloud-config
|
||
|
|
||
|
hostname: {{ build_uuid | default('quay-builder', True) }}
|
||
|
|
||
|
users:
|
||
|
groups:
|
||
|
- sudo
|
||
|
- docker
|
||
|
|
||
|
{% if ssh_authorized_keys -%}
|
||
|
ssh_authorized_keys:
|
||
|
{% for ssh_key in ssh_authorized_keys -%}
|
||
|
- {{ ssh_key }}
|
||
|
{%- endfor %}
|
||
|
{%- endif %}
|
||
|
|
||
|
write_files:
|
||
|
- path: /root/disable-aws-metadata.sh
|
||
|
permission: '0755'
|
||
|
content: |
|
||
|
iptables -t nat -I PREROUTING -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 1.1.1.1
|
||
|
|
||
|
- path: /etc/docker/daemon.json
|
||
|
permission: '0644'
|
||
|
content: |
|
||
|
{
|
||
|
"storage-driver": "overlay2"
|
||
|
}
|
||
|
|
||
|
- path: /root/overrides.list
|
||
|
permission: '0644'
|
||
|
content: |
|
||
|
REALM={{ realm }}
|
||
|
TOKEN={{ token }}
|
||
|
SERVER={{ websocket_scheme }}://{{ manager_hostname }}
|
||
|
{% if logentries_token -%}
|
||
|
LOGENTRIES_TOKEN={{ logentries_token }}
|
||
|
{%- endif %}
|
||
|
|
||
|
coreos:
|
||
|
update:
|
||
|
reboot-strategy: off
|
||
|
group: {{ coreos_channel }}
|
||
|
|
||
|
units:
|
||
|
- name: update-engine.service
|
||
|
command: stop
|
||
|
- name: locksmithd.service
|
||
|
command: stop
|
||
|
- name: systemd-journal-gatewayd.socket
|
||
|
command: start
|
||
|
enable: yes
|
||
|
content: |
|
||
|
[Unit]
|
||
|
Description=Journal Gateway Service Socket
|
||
|
[Socket]
|
||
|
ListenStream=/var/run/journald.sock
|
||
|
Service=systemd-journal-gatewayd.service
|
||
|
[Install]
|
||
|
WantedBy=sockets.target
|
||
|
{{ dockersystemd('quay-builder',
|
||
|
worker_image,
|
||
|
quay_username,
|
||
|
quay_password,
|
||
|
worker_tag,
|
||
|
extra_args='--net=host --privileged --env-file /root/overrides.list -v /var/run/docker.sock:/var/run/docker.sock -v /usr/share/ca-certificates:/etc/ssl/certs',
|
||
|
exec_stop_post=['/bin/sh -xc "/bin/sleep 120; /usr/bin/systemctl --no-block poweroff"'],
|
||
|
flattened=True,
|
||
|
restart_policy='no'
|
||
|
) | indent(4) }}
|
||
|
{% if logentries_token -%}
|
||
|
# https://github.com/kelseyhightower/journal-2-logentries/pull/11 so moved journal-2-logentries to coreos
|
||
|
{{ dockersystemd('builder-logs',
|
||
|
'quay.io/coreos/journal-2-logentries',
|
||
|
extra_args='--env-file /root/overrides.list -v /run/journald.sock:/run/journald.sock',
|
||
|
flattened=True,
|
||
|
after_units=['quay-builder.service']
|
||
|
) | indent(4) }}
|
||
|
{%- endif %}
|
||
|
- name: disable-aws-metadata.service
|
||
|
command: start
|
||
|
enable: yes
|
||
|
content: |
|
||
|
[Unit]
|
||
|
Description=Disable AWS metadata service
|
||
|
Before=network-pre.target
|
||
|
Wants=network-pre.target
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
ExecStart=/root/disable-aws-metadata.sh
|
||
|
RemainAfterExit=yes
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
- name: machine-lifetime.service
|
||
|
command: start
|
||
|
enable: yes
|
||
|
content: |
|
||
|
[Unit]
|
||
|
Description=Machine Lifetime Service
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
ExecStart=/bin/sh -xc "/bin/sleep {{ max_lifetime_s }}; /usr/bin/systemctl --no-block poweroff"
|