jedi4ever/gist:c910b487f515a07a488c

## gistfile1.txt
#cloud-config

write_files:
  - path: /etc/systemd/system/docker.service.d/increase-ulimit.conf
    owner: core:core
    permissions: 0644
    content: |
      [Service]
      LimitMEMLOCK=infinity
  - path: /etc/ntp.conf
    content: |
      # Common pool
      server 0.pool.ntp.org
      server 1.pool.ntp.org

      # - Allow only time queries, at a limited rate.
      # - Allow all local queries (IPv4, IPv6)
      restrict default nomodify nopeer noquery limited kod
      restrict 127.0.0.1
      restrict [::1]
coreos:
  etcd:
    # generate a new token for each unique cluster from https://discovery.etcd.io/new
    discovery: https://discovery.etcd.io/xxxxxxxx
    # multi-region and multi-cloud deployments need to use $public_ipv4
    addr: $private_ipv4:4001
    peer-addr: $private_ipv4:7001
  units:
    - name: format-ephemeral.service
      command: start
      content: |
        [Unit]
        Description=Formats the ephemeral drive
        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/sbin/wipefs -f /dev/xvdf
        ExecStart=/usr/sbin/mkfs.btrfs -f /dev/xvdf
    - name: var-lib-docker.mount
      command: start
      content: |
        [Unit]
        Description=Mount ephemeral to /var/lib/docker
        Requires=format-ephemeral.service
        After=format-ephemeral.service
        Before=docker.service
        [Mount]
        What=/dev/xvdf
        Where=/var/lib/docker
        Type=btrfs
    - name: settimezone.service
      command: start
      content: |
        [Unit]
        Description=Set the timezone

        [Service]
        ExecStart=/usr/bin/timedatectl set-timezone Europe/Brussels
        RemainAfterExit=yes
        Type=oneshot
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start
    - name: docker-tcp.socket
      command: start
      enable: yes
      content: |
        [Unit]
        Description=Docker Socket for the API

        [Socket]
        ListenStream=127.0.0.1:2375
        BindIPv6Only=both
        Service=docker.service

        [Install]
        WantedBy=sockets.target
    - name: enable-docker-tcp.service
      command: start
      content: |
        [Unit]
        Description=Enable the Docker Socket for the API

        [Service]
        Type=oneshot
        ExecStart=/usr/bin/systemctl enable docker-tcp.socket
    - name: consul.service
      content: |
        [Unit]
        Description=Consul
        After=fleet.service docker.service
        Requires=docker.service

        [Service]
        TimeoutStartSec=0
        EnvironmentFile=/etc/environment
        ExecStartPre=-/usr/bin/docker kill consul
        ExecStartPre=-/usr/bin/docker rm consul
        ExecStartPre=/usr/bin/docker pull progrium/consul
        ExecStartPre=-/usr/bin/etcdctl mk /consul $COREOS_PRIVATE_IPV4
        ExecStart=/bin/bash -c " \
         /usr/bin/docker run \
         --rm --name consul \
         -h %H \
         -p ${COREOS_PRIVATE_IPV4}:8300:8300 \
         -p ${COREOS_PRIVATE_IPV4}:8301:8301 \
         -p ${COREOS_PRIVATE_IPV4}:8301:8301/udp \
         -p ${COREOS_PRIVATE_IPV4}:8302:8302 \
         -p ${COREOS_PRIVATE_IPV4}:8302:8302/udp \
         -p ${COREOS_PRIVATE_IPV4}:8400:8400 \
         -p ${COREOS_PRIVATE_IPV4}:8500:8500 \
         -p $(/usr/bin/ip -f inet addr show docker0 | grep inet | /usr/bin/cut -d ' ' -f 6 | /usr/bin/cut -d '/' -f 1):53:53/udp \
         progrium/consul \
         -server \
         -bootstrap-expect 2 \
         -advertise ${COREOS_PRIVATE_IPV4}"
        ExecStop=/usr/bin/docker kill consul

        [Install]
        WantedBy=multi-user.target
    - name: consul-discovery.service
      command: start
      enable: true
      content: |
        [Unit]
        Description=Consul Discovery
        BindsTo=consul.service
        After=consul.service

        [Service]
        EnvironmentFile=/etc/environment
        ExecStart=/bin/bash -c " \
          while true; \
          do etcdctl mk /services/consul $COREOS_PRIVATE_IPV4 --ttl 60; \
          /usr/bin/docker exec consul consul join $(etcdctl get /services/consul); \
          sleep 45 \
          ;done"
        ExecStop=/usr/bin/etcdctl rm /services/consul --with-value %H

    - name: registrator.service
      command: start
      enable: true
      content: |
        [Unit]
        Description=Registrator
        After=consul.service
        Requires=consul.service

        [Service]
        TimeoutStartSec=0
        Restart=always
        EnvironmentFile=/etc/environment
        ExecStartPre=-/usr/bin/docker kill registrator
        ExecStartPre=-/usr/bin/docker rm registrator
        ExecStartPre=/usr/bin/docker gliderlabs/registrator
        ExecStart=/usr/bin/docker run \
          --name registrator \
          -h %H \
          -v /var/run/docker.sock:/tmp/docker.sock \
          --link consul:consul \
          gliderlabs/registrator \
          consul://consul:8500
        ExecStop=/usr/bin/docker kill registrator

        [Install]
        WantedBy=multi-user.target
    - name: ambassadord.service
      command: start
      enable: true
      content: |
        [Unit]
        Description=Ambassadord in Omni Mode
        After=consul.service
        Requires=consul.service

        [Service]
        TimeoutStartSec=0
        Restart=always
        EnvironmentFile=/etc/environment
        ExecStartPre=-/usr/bin/docker kill backends
        ExecStartPre=-/usr/bin/docker rm backends
        ExecStartPre=/usr/bin/docker pull progrium/ambassadord
        ExecStart=/usr/bin/docker run \
          --name backends \
          -h %H \
          -v /var/run/docker.sock:/var/run/docker.sock \
          progrium/ambassadord \
          --omnimode
        ExecStartPost=/usr/bin/docker run \
          --rm \
          --privileged \
          --net container:backends \
          progrium/ambassadord \
          --setup-iptables
        ExecStop=/usr/bin/docker kill backends

        [Install]
        WantedBy=multi-user.target
	#cloud-config

	write_files:
	- path: /etc/systemd/system/docker.service.d/increase-ulimit.conf
	owner: core:core
	permissions: 0644
	content: \|
	[Service]
	LimitMEMLOCK=infinity
	- path: /etc/ntp.conf
	content: \|
	# Common pool
	server 0.pool.ntp.org
	server 1.pool.ntp.org

	# - Allow only time queries, at a limited rate.
	# - Allow all local queries (IPv4, IPv6)
	restrict default nomodify nopeer noquery limited kod
	restrict 127.0.0.1
	restrict [::1]
	coreos:
	etcd:
	# generate a new token for each unique cluster from https://discovery.etcd.io/new
	discovery: https://discovery.etcd.io/xxxxxxxx
	# multi-region and multi-cloud deployments need to use $public_ipv4
	addr: $private_ipv4:4001
	peer-addr: $private_ipv4:7001
	units:
	- name: format-ephemeral.service
	command: start
	content: \|
	[Unit]
	Description=Formats the ephemeral drive
	[Service]
	Type=oneshot
	RemainAfterExit=yes
	ExecStart=/usr/sbin/wipefs -f /dev/xvdf
	ExecStart=/usr/sbin/mkfs.btrfs -f /dev/xvdf
	- name: var-lib-docker.mount
	command: start
	content: \|
	[Unit]
	Description=Mount ephemeral to /var/lib/docker
	Requires=format-ephemeral.service
	After=format-ephemeral.service
	Before=docker.service
	[Mount]
	What=/dev/xvdf
	Where=/var/lib/docker
	Type=btrfs
	- name: settimezone.service
	command: start
	content: \|
	[Unit]
	Description=Set the timezone

	[Service]
	ExecStart=/usr/bin/timedatectl set-timezone Europe/Brussels
	RemainAfterExit=yes
	Type=oneshot
	- name: etcd.service
	command: start
	- name: fleet.service
	command: start
	- name: docker-tcp.socket
	command: start
	enable: yes
	content: \|
	[Unit]
	Description=Docker Socket for the API

	[Socket]
	ListenStream=127.0.0.1:2375
	BindIPv6Only=both
	Service=docker.service

	[Install]
	WantedBy=sockets.target
	- name: enable-docker-tcp.service
	command: start
	content: \|
	[Unit]
	Description=Enable the Docker Socket for the API

	[Service]
	Type=oneshot
	ExecStart=/usr/bin/systemctl enable docker-tcp.socket
	- name: consul.service
	content: \|
	[Unit]
	Description=Consul
	After=fleet.service docker.service
	Requires=docker.service

	[Service]
	TimeoutStartSec=0
	EnvironmentFile=/etc/environment
	ExecStartPre=-/usr/bin/docker kill consul
	ExecStartPre=-/usr/bin/docker rm consul
	ExecStartPre=/usr/bin/docker pull progrium/consul
	ExecStartPre=-/usr/bin/etcdctl mk /consul $COREOS_PRIVATE_IPV4
	ExecStart=/bin/bash -c " \
	/usr/bin/docker run \
	--rm --name consul \
	-h %H \
	-p ${COREOS_PRIVATE_IPV4}:8300:8300 \
	-p ${COREOS_PRIVATE_IPV4}:8301:8301 \
	-p ${COREOS_PRIVATE_IPV4}:8301:8301/udp \
	-p ${COREOS_PRIVATE_IPV4}:8302:8302 \
	-p ${COREOS_PRIVATE_IPV4}:8302:8302/udp \
	-p ${COREOS_PRIVATE_IPV4}:8400:8400 \
	-p ${COREOS_PRIVATE_IPV4}:8500:8500 \
	-p $(/usr/bin/ip -f inet addr show docker0 \| grep inet \| /usr/bin/cut -d ' ' -f 6 \| /usr/bin/cut -d '/' -f 1):53:53/udp \
	progrium/consul \
	-server \
	-bootstrap-expect 2 \
	-advertise ${COREOS_PRIVATE_IPV4}"
	ExecStop=/usr/bin/docker kill consul

	[Install]
	WantedBy=multi-user.target
	- name: consul-discovery.service
	command: start
	enable: true
	content: \|
	[Unit]
	Description=Consul Discovery
	BindsTo=consul.service
	After=consul.service

	[Service]
	EnvironmentFile=/etc/environment
	ExecStart=/bin/bash -c " \
	while true; \
	do etcdctl mk /services/consul $COREOS_PRIVATE_IPV4 --ttl 60; \
	/usr/bin/docker exec consul consul join $(etcdctl get /services/consul); \
	sleep 45 \
	;done"
	ExecStop=/usr/bin/etcdctl rm /services/consul --with-value %H

	- name: registrator.service
	command: start
	enable: true
	content: \|
	[Unit]
	Description=Registrator
	After=consul.service
	Requires=consul.service

	[Service]
	TimeoutStartSec=0
	Restart=always
	EnvironmentFile=/etc/environment
	ExecStartPre=-/usr/bin/docker kill registrator
	ExecStartPre=-/usr/bin/docker rm registrator
	ExecStartPre=/usr/bin/docker gliderlabs/registrator
	ExecStart=/usr/bin/docker run \
	--name registrator \
	-h %H \
	-v /var/run/docker.sock:/tmp/docker.sock \
	--link consul:consul \
	gliderlabs/registrator \
	consul://consul:8500
	ExecStop=/usr/bin/docker kill registrator

	[Install]
	WantedBy=multi-user.target
	- name: ambassadord.service
	command: start
	enable: true
	content: \|
	[Unit]
	Description=Ambassadord in Omni Mode
	After=consul.service
	Requires=consul.service

	[Service]
	TimeoutStartSec=0
	Restart=always
	EnvironmentFile=/etc/environment
	ExecStartPre=-/usr/bin/docker kill backends
	ExecStartPre=-/usr/bin/docker rm backends
	ExecStartPre=/usr/bin/docker pull progrium/ambassadord
	ExecStart=/usr/bin/docker run \
	--name backends \
	-h %H \
	-v /var/run/docker.sock:/var/run/docker.sock \
	progrium/ambassadord \
	--omnimode
	ExecStartPost=/usr/bin/docker run \
	--rm \
	--privileged \
	--net container:backends \
	progrium/ambassadord \
	--setup-iptables
	ExecStop=/usr/bin/docker kill backends

	[Install]
	WantedBy=multi-user.target