構成

Mesos などを立てるため、Master 3台, Slave 2台以上の予定で作る。

OSイメージ

VMware用のイメージを利用。
/usr/share/oem/cloud-config.yml に vmware tools周りの設定が入っているので便利。

password の変更

grub で linux...の行の末尾に coreos.autologin と入れてパスワードなしログインをしてから、パスワード変更する。

初期設定: cloud-config

/var/lib/coreos-install/user_data を編集する。
(作法を無視すれば、 /usr/share/oem/cloud-config.yml でも良いはず。)

#cloud-config
coreos:
  units:
    - name: docker-tcp.socket
      command: start
      enable: true
      content: |
        [Unit]
        Description=Docker Socket for the API

        [Socket]
        ListenStream=2375
        BindIPv6Only=both
        Service=docker.service

        [Install]
        WantedBy=sockets.target

    - name: ens192-static.network
      runtime: false
      content: |
        [Match]
        Name=ens192

        [Network]
        Address=192.168.101.11/24
        Gateway=192.168.101.1
        DNS=8.8.8.8
        DNS=8.8.4.4
    - name: down-ens192.service
      command: start
      content: |
        [Service]
        Type=oneshot
        ExecStart=/usr/bin/ip link set ens192 down
        ExecStart=/usr/bin/ip addr flush dev ens192
    - name: ens224-static.network
      runtime: false
      content: |
        [Match]
        Name=ens224

        [Network]
        Address=192.168.105.11/24
    - name: down-ens224.service
      command: start
      content: |
        [Service]
        Type=oneshot
        ExecStart=/usr/bin/ip link set ens224 down
        ExecStart=/usr/bin/ip addr flush dev ens224
    - name: systemd-networkd.service
      command: restart

ssh_authorized_keys:
  - "ssh-rsa ..."
hostname: "coreos-00x"
users:
  - name: "hitsumabushi"
    passwd: "hashed password: https://coreos.com/os/docs/latest/cloud-config.html#users"
    groups:
      - "sudo"
      - "docker"
    ssh-authorized-keys:
      - "ssh-key ..."
write_files:
  - path: "/etc/resolv.conf"
    permissions: "0644"
    owner: "root"
    content: |
      nameserver 8.8.8.8
      nameserver 8.8.4.4

もうすこし設定する

NTP

デフォルトで、 systemd-timesyncd が上がっていて、 /etc/ntp.conf をみると [0-3].coreos.pool.ntp.org へ接続している。

etcd2

coreos:
  etcd2:
    # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
    discovery: "https://discovery.etcd.io/<token>"
    # multi-region and multi-cloud deployments need to use $public_ipv4
    advertise-client-urls: "http://192.168.101.11:2379"
    initial-advertise-peer-urls: "http://192.168.105.11:2380"
    # listen on both the official ports and the legacy ports
    # legacy ports can be omitted if your application doesn't depend on them
    listen-client-urls: "http://0.0.0.0:2379,http://0.0.0.0:4001"
    listen-peer-urls: "http://192.168.105.11:2380,http://192.168.105.11:7001"
...
  units:
...
    - name: etcd2.service
      command: start
...

locksmith

coreos:
  update:
    reboot-strategy: "best-effort"
...
  units:
...
    - name: locksmithd.service
      command: start

Comments

comments powered by Disqus