Last active
May 3, 2017 03:46
-
-
Save laxika/7170b33a2c456e6d3927 to your computer and use it in GitHub Desktop.
Vultr CoreOS cloud-config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| V4_PRIVATE_IP=`curl http://169.254.169.254/current/meta-data/local-ipv4` | |
| V4_PUBLIC_IP=`curl http://169.254.169.254/current/meta-data/public-ipv4` | |
| cat > "cloud-config.yaml" <<EOF | |
| #cloud-config | |
| ssh_authorized_keys: | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApv0BQSB1G1TsjKsvzREQfOjv0d+a8hHojk0oJ5B/Aue7Swp0rUN8JViAd91OSGUdAkwy3A/hJ4PoumnwrQlQTGK+JZto7kWONsPSzaBe0SJldOFXdJdiY71ZsT/CIsZgosA2dzDYuUZlo3i9FWTlmg71bJu2JnHq5Z5cWXLV7syPXLvIDcrOzCwUOHWxolYWFUdQPY6w44eg6VhYq+Q3V9Q1NCls0OuLe+k/AjsE6udoFmJai3RHnEVZPNiZz+jKtZXgbsPbH8BSlc1LauRXJBviKU9WF1OXot0FTfRP2H958R9fKvCS5kIOACtFGZUISnYHGH85nnpTNkILICsSlw== | |
| write_files: | |
| - path: /etc/environment | |
| permissions: 0644 | |
| owner: "root:root" | |
| content: | | |
| COREOS_PRIVATE_IPV4=$V4_PRIVATE_IP | |
| COREOS_PUBLIC_IPV4=$V4_PUBLIC_IP | |
| ETCD_ADDR=$V4_PRIVATE_IP:4001 | |
| ETCD_PEER_ADDR=$V4_PRIVATE_IP:7001 | |
| - path: /etc/systemd/network/10-static-eth1.network | |
| permissions: 0644 | |
| owner: "root:root" | |
| content: | | |
| [Match] | |
| Name=eth1 | |
| [Link] | |
| MTUBytes=1450 | |
| [Network] | |
| Address=10.99.0.10/16 | |
| [Match] | |
| Name=eth1 | |
| [Link] | |
| MTUBytes=1450 | |
| [Network] | |
| Address=V4_PRIVATE_IP/16 | |
| - path: /root/vultr-metadata.sh | |
| permissions: 0755 | |
| owner: "root:root" | |
| content: | | |
| #!/bin/bash | |
| ip -4 addr add dev eth1 $V4_PRIVATE_IP/16 | |
| - path: /var/lib/iptables/rules-save | |
| permissions: 0644 | |
| owner: "root:root" | |
| content: | | |
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -i eth1 -j ACCEPT | |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -m conntrack --ctstate NEW -m multiport -p tcp --dports 22,80,443 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT | |
| COMMIT | |
| - path: /etc/ssh/sshd_config | |
| permissions: 0600 | |
| owner: "root:root" | |
| content: | | |
| # Use most defaults for sshd configuration. | |
| UsePrivilegeSeparation sandbox | |
| Subsystem sftp internal-sftp | |
| PermitRootLogin no | |
| AllowUsers core | |
| PasswordAuthentication no | |
| ChallengeResponseAuthentication no | |
| coreos: | |
| etcd: | |
| discovery: https://discovery.etcd.io/210758394ce750c985feff1bd78d15f7 | |
| addr: $V4_PRIVATE_IP:4001 | |
| peer-addr: $V4_PRIVATE_IP:7001 | |
| update: | |
| reboot-strategy: best-effort | |
| units: | |
| - name: vultr-meta.service | |
| command: start | |
| runtime: yes | |
| content: | | |
| [Unit] | |
| Description=Initialize Vultr network settings | |
| [Service] | |
| Type=oneshot | |
| WorkingDirectory=/root | |
| ExecStart=/usr/bin/bash /root/vultr-metadata.sh | |
| - name: iptables-restore.service | |
| enable: true | |
| - name: etcd.service | |
| command: start | |
| - name: fleet.service | |
| command: start | |
| EOF | |
| sudo coreos-install -d /dev/vda -c cloud-config.yaml | |
| sudo reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment