initial import for Open Source 🎉

2019-11-12 11:09:47 -05:00 · 2019-11-12 11:09:47 -05:00 · 9c0dd3b722
commit 9c0dd3b722
parent 1898c361f3
2048 changed files with 218743 additions and 0 deletions
--- a/buildman/templates/cloudconfig.yaml
+++ b/buildman/templates/cloudconfig.yaml
@ -0,0 +1,102 @@
+#cloud-config
+
+hostname: {{ build_uuid | default('quay-builder', True) }}
+
+users:
+  groups:
+  - sudo
+  - docker
+
+{% if ssh_authorized_keys -%}
+ssh_authorized_keys:
+{% for ssh_key in ssh_authorized_keys -%}
+- {{ ssh_key }}
+{%- endfor %}
+{%- endif %}
+
+write_files:
+- path: /root/disable-aws-metadata.sh
+  permission: '0755'
+  content: |
+    iptables -t nat -I PREROUTING -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 1.1.1.1
+
+- path: /etc/docker/daemon.json
+  permission: '0644'
+  content: |
+    {
+        "storage-driver": "overlay2"
+    }
+
+- path: /root/overrides.list
+  permission: '0644'
+  content: |
+    REALM={{ realm }}
+    TOKEN={{ token }}
+    SERVER={{ websocket_scheme }}://{{ manager_hostname }}
+    {% if logentries_token -%}
+    LOGENTRIES_TOKEN={{ logentries_token }}
+    {%- endif %}
+
+coreos:
+  update:
+    reboot-strategy: off
+    group: {{ coreos_channel }}
+
+  units:
+    - name: update-engine.service
+      command: stop
+    - name: locksmithd.service
+      command: stop
+    - name: systemd-journal-gatewayd.socket
+      command: start
+      enable: yes
+      content: |
+        [Unit]
+        Description=Journal Gateway Service Socket
+        [Socket]
+        ListenStream=/var/run/journald.sock
+        Service=systemd-journal-gatewayd.service
+        [Install]
+        WantedBy=sockets.target
+    {{ dockersystemd('quay-builder',
+                     worker_image,
+                     quay_username,
+                     quay_password,
+                     worker_tag,
+                     extra_args='--net=host --privileged --env-file /root/overrides.list -v /var/run/docker.sock:/var/run/docker.sock -v /usr/share/ca-certificates:/etc/ssl/certs',
+                     exec_stop_post=['/bin/sh -xc "/bin/sleep 120; /usr/bin/systemctl --no-block poweroff"'],
+                     flattened=True,
+                     restart_policy='no'
+                    ) | indent(4) }}
+    {% if logentries_token -%}
+    # https://github.com/kelseyhightower/journal-2-logentries/pull/11 so moved journal-2-logentries to coreos
+    {{ dockersystemd('builder-logs',
+                     'quay.io/coreos/journal-2-logentries',
+                     extra_args='--env-file /root/overrides.list -v /run/journald.sock:/run/journald.sock',
+                     flattened=True,
+                     after_units=['quay-builder.service']
+                     ) | indent(4) }}
+    {%- endif %}
+    - name: disable-aws-metadata.service
+      command: start
+      enable: yes
+      content: |
+        [Unit]
+        Description=Disable AWS metadata service
+        Before=network-pre.target
+        Wants=network-pre.target
+        [Service]
+        Type=oneshot
+        ExecStart=/root/disable-aws-metadata.sh
+        RemainAfterExit=yes
+        [Install]
+        WantedBy=multi-user.target
+    - name: machine-lifetime.service
+      command: start
+      enable: yes
+      content: |
+        [Unit]
+        Description=Machine Lifetime Service
+        [Service]
+        Type=oneshot
+        ExecStart=/bin/sh -xc "/bin/sleep {{ max_lifetime_s }}; /usr/bin/systemctl --no-block poweroff"