Last active
March 22, 2019 11:07
-
-
Save mlgrm/5e4059e992d675390c0d9306066cb78f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
# | |
# run docker with tls for remote management | |
packages: | |
- dmsetup | |
- libdevmapper1.02.1 | |
- libparted2 | |
- parted | |
write_files: | |
- path: /etc/docker/daemon.json | |
owner: root:root | |
permissions: 0644 | |
content: | | |
{ | |
"hosts": ["fd://","unix:///var/run/docker.sock","tcp://0.0.0.0:2376"], | |
"ip": "0.0.0.0", | |
"live-restore": true, | |
"storage-driver": "overlay2", | |
"tls": true, | |
"tlsverify": true, | |
"tlscacert": "/etc/docker/tls/ca.pem", | |
"tlscert": "/etc/docker/tls/server-cert.pem", | |
"tlskey": "/etc/docker/tls/server-key.pem" | |
} | |
- path: /etc/docker/tls/ca.pem | |
permissions: '0444' | |
content: | | |
-- ca.pem goes here -- | |
- path: /etc/docker/tls/server-cert.pem | |
permissions: '0444' | |
content: | | |
-- server-cert.pem goes here -- | |
- path: /etc/docker/tls/server-key.pem | |
permissions: '0400' | |
content: | | |
-- server-key.pem goes here -- | |
# override systemd's docker command; it interferes with daemon.json | |
- path: /etc/systemd/system/docker.service.d/override.conf | |
permissions: '0644' | |
content: | | |
[Service] | |
ExecStart= | |
ExecStart=/usr/bin/dockerd | |
disk_setup: | |
/dev/disk/by-id/google-data: | |
table_type: 'mbr' | |
layout: true | |
fs_setup: | |
- label: data | |
filesystem: ext4 | |
device: /dev/disk/by-id/google-data | |
partition: none | |
overwrite: false | |
runcmd: | |
- systemctl daemon-reload | |
- systemctl restart docker | |
- iptables -w -A INPUT -p tcp --dport 2376 -j ACCEPT | |
- mkdir -p /mnt/disks/data | |
- mount -t ext4 /dev/disk/by-id/google-data /mnt/disks/data | |
- tar c -C /var/lib . | tar x --skip-old-files -C /mnt/disks/data | |
- umount /mnt/disks/data | |
- rm -rf /var/lib | |
# | |
# check if /dev/disk/by-id/google-data is formatted and format if not | |
# - | | |
# if $FORMAT; then | |
# mkfs -t ext4 /dev/disk/by-id/google-data | |
# mkdir -p /mnt/disks/data | |
# mount -t ext4 /dev/disk/by-id/google-data /mnt/disks/data | |
# tar c -C /var/lib . | tar x -C /mnt/disks/data | |
# umount /mnt/disks/data | |
# rm -rf /var/lib | |
# ln -s /mnt/disks/data /var/lib | |
# fi | |
bootcmd: | |
- fsck.ext4 -tvy /dev/disk/by-id/google-data | |
- mkdir -p /mnt/disks/data | |
- mount -t ext4 /dev/disk/by-id/google-data /mnt/disks/data | |
package_update: true | |
package_upgrade: true | |
output: { all: "| tee -a /var/log/cloud-init-output.log" } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment