106 lines
7.4 KiB
YAML
106 lines
7.4 KiB
YAML
#cloud-config
|
|
|
|
hostname: {{ build_uuid | default('quay-builder', True) }}
|
|
|
|
users:
|
|
groups:
|
|
- sudo
|
|
- docker
|
|
|
|
ssh_authorized_keys:
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCC0m+hVmyR3vn/xoxJe9+atRWBxSK+YXgyufNVDMcb7H00Jfnc341QH3kDVYZamUbhVh/nyc2RP7YbnZR5zORFtgOaNSdkMYrPozzBvxjnvSUokkCCWbLqXDHvIKiR12r+UTSijPJE/Yk702Mb2ejAFuae1C3Ec+qKAoOCagDjpQ3THyb5oaKE7VPHdwCWjWIQLRhC+plu77ObhoXIFJLD13gCi01L/rp4mYVCxIc2lX5A8rkK+bZHnIZwWUQ4t8SIjWxIaUo0FE7oZ83nKuNkYj5ngmLHQLY23Nx2WhE9H6NBthUpik9SmqQPtVYbhIG+bISPoH9Xs8CLrFb0VRjz JS Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo6FhAP7mFFOAzM91gtaKW7saahtaN4lur42FMMztz6aqUycIltCmvxo+3FmrXgCG30maMNU36Vm1+9QRtVQEd+eRuoIWP28t+8MT01Fh4zPuE2Wca3pOHSNo3X81FfWJLzmwEHiQKs9HPQqUhezR9PcVWVkbMyAzw85c0UycGmHGFNb0UiRd9HFY6XbgbxhZv/mvKLZ99xE3xkOzS1PNsdSNvjUKwZR7pSUPqNS5S/1NXyR4GhFTU24VPH/bTATOv2ATH+PSzsZ7Qyz9UHj38tKC+ALJHEDJ4HXGzobyOUP78cHGZOfCB5FYubq0zmOudAjKIAhwI8XTFvJ2DX1P3 JZ Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNvw8qo9m8np7yQ/Smv/oklM8bo8VyNRZriGYBDuolWDL/mZpYCQnZJXphQo7RFdNABYistikjJlBuuwUohLf2uSq0iKoFa2TgwI43wViWzvuzU4nA02/ITD5BZdmWAFNyIoqeB50Ol4qUgDwLAZ+7Kv7uCi6chcgr9gTi99jY3GHyZjrMiXMHGVGi+FExFuzhVC2drKjbz5q6oRfQeLtNfG4psl5GU3MQU6FkX4fgoCx0r9R48/b7l4+TT7pWblJQiRfeldixu6308vyoTUEHasdkU3/X0OTaGz/h5XqTKnGQc6stvvoED3w+L3QFp0H5Z8sZ9stSsitmCBrmbcKZ JM Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAo/JkbGO6R7g1ZxARi0xWVM7FOfN02snRAcIO6vT9M7xMUkWVLgD+hM/o91lk+UFiYdql0CATobpFWncRL36KaUqsbw9/1BlI40wg296XHXSSnxhxZ4L7ytf6G1tyN319HXlI2kh9vAf/fy++yDvkH8dI3k1oLoW+mZPET6Pff04/6AXXrRlS5mhmGv9irGwiDHtVKpj6lU8DN/UtOrv1tiQ0pgwEJq05fLGoQfgPNaBCnW2z4Ubpn2gyMcMBMpSwo4hCqJePd349e4bLmFcT+gXYg7Mnup1DoTDlowFFN56wpxQbdp96IxWzU+jYPaIAuRo+BJzCyOS8qBv0Z4RZrgop0qp2JYiVwmViO6TZhIDz6loQJXUOIleQmNgTbiZx8Bwv5GY2jMYoVwlBp7yy5bRjxfbFsJ0vU7TVzNAG7oEJy/74HmHmWzRQlSlQjesr8gRbm9zgR8wqc/L107UOWFg7Cgh8ZNjKuADbXqYuda1Y9m2upcfS26UPz5l5PW5uFRMHZSi8pb1XV6/0Z8H8vwsh37Ur6aLi/5jruRmKhdlsNrB1IiDicBsPW3yg7HHSIdPU4oBNPC77yDCT3l4CKr4el81RrZt7FbJPfY+Ig9Q5O+05f6I8+ZOlJGyZ/Qfyl2aVm1HnlJKuBqPxeic8tMng/9B5N7uZL6Y3k5jFU8c= QM Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC964SY8ojXZVfWknF+Pz+pTHpyb66VBH7OLYnGP+Tm452YKJVFb/rXCpZYHFlzSQtzz9hko8qBoEFXuD2humojx0P7nEtTy8wUClnKcifIqD5b/V1r7ZDa/5hL9Xog11gOXZ17TW1qjN+00qgXwoSh+jM8mAxD7V2ZLnanIDqmpYamT3ZlICz1k4bwYj35gnpSFpijAXeF9LXOEUfDtzNBjeaCvyniYlQyKzpKr8x+oIHumPlxwkFOzGhBMRGrCQ1Kzija8vVZQ6/Tjvxl19jwfgcNT0Zd9vLbHNowJPWQZhLYXdGIb3NxEfAqkGPvGCsaLfsfETYhcFwxr2g+zvf4xvyKgK35PHA/5t7TQryDSKDrQ1qTDUp3dAjzwsBFwEoQ0x68shGC661n/+APMNtj8qR5M9ueIH5WEqdRW10kKzlEm/ESvjyjEVRhXiwWyKkPch/OIUPKexKaEeOBdKocSnNx1+5ntk8OXWRQgjfwtQvm1NE/qD7fViBVUlTRk0c1SVpZaybIZkiMWmA1hzsdUbDP2mzPek1ydsVffw0I8z/dRo5gXQSPq06WfNIKpsiQF8LqP+KU+462A2tbHxFzq9VozI9PeFV+xO59wlJogv6q2yA0Jfv9BFgVgNzItIsUMvStrfkUBTYgaG9djp/vAm+SwMdnLSXILJtMO/3eRQ== EC Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Q9+JcjEck8CylGEekvskypE8lT3hYnCCfGUoMTAURokD8STtEaVxr197efitQkvwSYxOnDXo2Qr59FqlQ6QtFeCynX87VerN49LJ0pUA1NoYBUCvWRzwpaa8CXGhYPRpfku12mJ0qjqmGFaR5jqhXTNfXmRcWePsXqS+b3FFEqw8BhKg6By1z7NLvKeaEno4Kd0wPpxzs+hFRnk38k2p+1YO1vZzZ2mgEVp9/2577t4TmP8ucnsb9X4vURRpOJwjG8HIgmmQFUVxHRST8Zu3zOXfg9Yv/n3JYhXhvvPxkV4JB6ZbVq0cLHasexFAxz7nTmF1gDWaPbGxmdZtaDe/ CH Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfuDFmwNaY2WlwVlGeG1pvGiU5KfqMbTwo38hO5bm3KutJtNe9Q2GgKXKbD4WCrpsa3QZPENzGWvkctORzaZNxQ8S4FxUV5M5NEVMs0vKa4a8TksqhoARP7eetvRF6leYtVYhtUyDmj1YzxJEMRbbs3SFhcSkA7HyWDAIi8rc4WCg+BDpmCyEshuuBE26+1g2R5lJTwVwmgMHs7p59Gop1Hbn33DNQyj9S8u24DxCJpnzkjegWiU4GA+pesgeWymxYhAKDfb2yWR6aBAvnZEn10evIfe9ORpnexmko4/DBgeweISCm16ffVhya4qNBrUxThKJU4286zwq/d0mDDU8x BI Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4uDl4WGNgsIjGeJbUYFKSn3nhdiZJHUE47JK3W6VTfWpd1JNWNZ1CW0mJ+y7dQl0vmQq5DHQguYQLdTP4m8Waswh/9ckoX7tErA2FEZUQTmUrpeXrc8n2E8OeHh1ooqyWXP5Oup3MKA7qwMrkktM+m/MEhVhg0GUgsMd5BriePDgpdlOblEVZx+5IY3/PJc3ng+PmJbHfCds6+HgPR2tY2n6y4Ir7+15mZWjpLo6BOZlHmWAsqb8lfyp+8hrkfr4bKhY3AE2SQCqkF5LGgI84gJ5ooFN0bL9rl3bW4UNCqSiYH/QjLH+yzs55/BRBpV89mqDyDFHvsJUXta/Vz/UJ CA Key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs9jVbzOkDg60i+TGkETit/K9h8iBkwapRa2XURJzdYKcE27fYueX37mOdTBVCi3phOV4cWzkjRwtQBz7KCMBqrr1gLaIsuUIqeFpskTuTr9k7XgZqZ6QpECrqDy9HgCLdZO40sYCOvpw+GzehlsZPZEHRROotXCKc3k98Vlb8+1QPa4s5iZrIIdFyq3ZyhoupcN2nIwMh0GnkvgwS2DymGeLd8tziI8+ti8dxWSvgILaPplv2JTf/iqRsE3xtbtjE0tSf8VyfTLIBv+hyW79Hvaf/pvrsADwJf43IWmdOwHpYNhqR/kvx6j0LkPfxWq+rtXG3Q4JqWi4nZz5w3VTH1KImMBGil2sK1AiCwEUSQzQs2apTivfTy25HFLtje6qB8ZkvelK2lOGI62gdWiOOknYn3VpfMdrPDLGNoTnntrcG/UbJoa911IxilP4idbUxXQdyIzYr6BJJccCFiLVECPHoOaDsZ0abkBvrewp+1hqsvL7zRs4EvbI7Cfvcnf9hZd+n20Bp250GbcH0HD4/9d2DMIU6c6rAjmglPfVmyphcRruWdyCZz+ps9cfpVCQSSGSnbGS7T3M4VIXrCtjNZ7Fv7YIJ8EXWlhkNEfOYuy/lhfvyMLrp5abg5HkXSgOA3kfyitLnBN/lJODSUguDPmpo7tyjplEFQ70LYxJczw== EvB Key
|
|
|
|
write_files:
|
|
- path: /root/disable-aws-metadata.sh
|
|
permission: '0755'
|
|
content: |
|
|
iptables -t nat -I PREROUTING -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 1.1.1.1
|
|
|
|
- path: /etc/docker/daemon.json
|
|
permission: '0644'
|
|
content: |
|
|
{
|
|
"storage-driver": "overlay2"
|
|
}
|
|
|
|
- path: /root/overrides.list
|
|
permission: '0644'
|
|
content: |
|
|
REALM={{ realm }}
|
|
TOKEN={{ token }}
|
|
SERVER={{ websocket_scheme }}://{{ manager_hostname }}
|
|
{% if logentries_token -%}
|
|
LOGENTRIES_TOKEN={{ logentries_token }}
|
|
{%- endif %}
|
|
|
|
coreos:
|
|
update:
|
|
reboot-strategy: off
|
|
group: {{ coreos_channel }}
|
|
|
|
units:
|
|
- name: update-engine.service
|
|
command: stop
|
|
- name: locksmithd.service
|
|
command: stop
|
|
- name: systemd-journal-gatewayd.socket
|
|
command: start
|
|
enable: yes
|
|
content: |
|
|
[Unit]
|
|
Description=Journal Gateway Service Socket
|
|
[Socket]
|
|
ListenStream=/var/run/journald.sock
|
|
Service=systemd-journal-gatewayd.service
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
{{ dockersystemd('quay-builder',
|
|
'quay.io/coreos/registry-build-worker',
|
|
quay_username,
|
|
quay_password,
|
|
worker_tag,
|
|
extra_args='--net=host --privileged --env-file /root/overrides.list -v /var/run/docker.sock:/var/run/docker.sock -v /usr/share/ca-certificates:/etc/ssl/certs',
|
|
exec_stop_post=['/bin/sh -xc "/bin/sleep 120; /usr/bin/systemctl --no-block poweroff"'],
|
|
flattened=True,
|
|
restart_policy='no'
|
|
) | indent(4) }}
|
|
{% if logentries_token -%}
|
|
# https://github.com/kelseyhightower/journal-2-logentries/pull/11 so moved journal-2-logentries to coreos
|
|
{{ dockersystemd('builder-logs',
|
|
'quay.io/coreos/journal-2-logentries',
|
|
extra_args='--env-file /root/overrides.list -v /run/journald.sock:/run/journald.sock',
|
|
flattened=True,
|
|
after_units=['quay-builder.service']
|
|
) | indent(4) }}
|
|
{%- endif %}
|
|
- name: disable-aws-metadata.service
|
|
command: start
|
|
enable: yes
|
|
content: |
|
|
[Unit]
|
|
Description=Disable AWS metadata service
|
|
Before=network-pre.target
|
|
Wants=network-pre.target
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/root/disable-aws-metadata.sh
|
|
RemainAfterExit=yes
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
- name: machine-lifetime.service
|
|
command: start
|
|
enable: yes
|
|
content: |
|
|
[Unit]
|
|
Description=Machine Lifetime Service
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/bin/sh -xc "/bin/sleep 10800; /usr/bin/systemctl --no-block poweroff"
|