sekka1/gist:ab5048516e93b6ee18d4

## gistfile1.txt
#cloud-config
ssh_authorized_keys:
 - ssh-rsa <YOUR SSH KEY HERE>

write_files:
 - path: /etc/systemd/system/fleet.socket.d/30-ListenStream.conf
   owner: root:root
   permissions: 0644
   content: |
     [Socket]
     ListenStream=0.0.0.0:49153

 - path: /run/systemd/system/etcd.service.d/30-certificates.conf
   permissions: 0644
   content: |
     [Service]
     # Client Env Vars
     Environment=ETCD_CA_FILE=/home/core/ca.crt
     Environment=ETCD_CERT_FILE=/home/core/key.crt
     Environment=ETCD_KEY_FILE=/home/core/key.key
     # Peer Env Vars
     Environment=ETCD_PEER_CA_FILE=/home/core/ca.crt
     Environment=ETCD_PEER_CERT_FILE=/home/core/key.crt
     Environment=ETCD_PEER_KEY_FILE=/home/core/key.key

 - path: /run/systemd/system/fleet.service.d/30-certificates.conf
   permissions: 0644
   content: |
     [Service]
     # Client auth certs
     Environment=FLEET_ETCD_CAFILE=/home/core/ca.crt
     Environment=FLEET_ETCD_CERTFILE=/home/core/key.crt
     Environment=FLEET_ETCD_KEYFILE=/home/core/key.key

 - path: /home/core/ca.crt
   permissions: 0644
   content: |
     -----BEGIN CERTIFICATE-----
     <CA CERTIFICATE OUTPUT HERE>
     -----END CERTIFICATE-----

 -----BEGIN CERTIFICATE-----
     <CA CERTIFICATE OUTPUT HERE>
     -----END CERTIFICATE-----

 - path: /home/core/key.crt
   permissions: 0644
   content: |
     -----BEGIN CERTIFICATE-----
     <CERT FOR THE PRIVATE KEY>
     -----END CERTIFICATE-----

 - path: /home/core/key.key
   permissions: 0644
   content: |
     -----BEGIN RSA PRIVATE KEY-----
     <PRIVATE KEY HERE
     -----END RSA PRIVATE KEY-----

coreos:
 etcd:
   # generate a new token for each unique cluster from https://discovery.etcd.io/new
   discovery: https://discovery.etcd.io/<YOUR DISCOVERY TOKEN>
   name: host1.example.com
   addr: $public_ip:4001
   peer-addr: $public_ip:7001
 fleet:
   etcd_servers: https://$public_ip:4001
   endpoint: https://$public_ip:4001
   verbosity: 0
 units:
   - name: etcd.service
     command: start
   - name: fleet.service
     command: start
 update:
   reboot-strategy: etcd-lock
	#cloud-config
	ssh_authorized_keys:
	- ssh-rsa <YOUR SSH KEY HERE>

	write_files:
	- path: /etc/systemd/system/fleet.socket.d/30-ListenStream.conf
	owner: root:root
	permissions: 0644
	content: \|
	[Socket]
	ListenStream=0.0.0.0:49153

	- path: /run/systemd/system/etcd.service.d/30-certificates.conf
	permissions: 0644
	content: \|
	[Service]
	# Client Env Vars
	Environment=ETCD_CA_FILE=/home/core/ca.crt
	Environment=ETCD_CERT_FILE=/home/core/key.crt
	Environment=ETCD_KEY_FILE=/home/core/key.key
	# Peer Env Vars
	Environment=ETCD_PEER_CA_FILE=/home/core/ca.crt
	Environment=ETCD_PEER_CERT_FILE=/home/core/key.crt
	Environment=ETCD_PEER_KEY_FILE=/home/core/key.key

	- path: /run/systemd/system/fleet.service.d/30-certificates.conf
	permissions: 0644
	content: \|
	[Service]
	# Client auth certs
	Environment=FLEET_ETCD_CAFILE=/home/core/ca.crt
	Environment=FLEET_ETCD_CERTFILE=/home/core/key.crt
	Environment=FLEET_ETCD_KEYFILE=/home/core/key.key

	- path: /home/core/ca.crt
	permissions: 0644
	content: \|
	-----BEGIN CERTIFICATE-----
	<CA CERTIFICATE OUTPUT HERE>
	-----END CERTIFICATE-----

	-----BEGIN CERTIFICATE-----
	<CA CERTIFICATE OUTPUT HERE>
	-----END CERTIFICATE-----

	- path: /home/core/key.crt
	permissions: 0644
	content: \|
	-----BEGIN CERTIFICATE-----
	<CERT FOR THE PRIVATE KEY>
	-----END CERTIFICATE-----

	- path: /home/core/key.key
	permissions: 0644
	content: \|
	-----BEGIN RSA PRIVATE KEY-----
	<PRIVATE KEY HERE
	-----END RSA PRIVATE KEY-----

	coreos:
	etcd:
	# generate a new token for each unique cluster from https://discovery.etcd.io/new
	discovery: https://discovery.etcd.io/<YOUR DISCOVERY TOKEN>
	name: host1.example.com
	addr: $public_ip:4001
	peer-addr: $public_ip:7001
	fleet:
	etcd_servers: https://$public_ip:4001
	endpoint: https://$public_ip:4001
	verbosity: 0
	units:
	- name: etcd.service
	command: start
	- name: fleet.service
	command: start
	update:
	reboot-strategy: etcd-lock