diff --git a/examples/README.md b/examples/README.md index c0d06598..c9a09a97 100644 --- a/examples/README.md +++ b/examples/README.md @@ -1,7 +1,7 @@ # Examples -These examples show declarative configurations for network booting libvirt VMs into CoreOS clusters (Kubernetes, etcd) using `bootcfg`. +These examples network boot and provision VMs into CoreOS clusters using `bootcfg`. | Name | Description | CoreOS Version | FS | Reference | |------------|-------------|----------------|----|-----------| diff --git a/examples/cloud/.gitkeep b/examples/cloud/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/examples/ignition/install-shutdown.yaml b/examples/ignition/install-shutdown.yaml new file mode 100644 index 00000000..9f90e932 --- /dev/null +++ b/examples/ignition/install-shutdown.yaml @@ -0,0 +1,28 @@ +--- +ignition_version: 1 +systemd: + units: + - name: install.service + enable: true + contents: | + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + ExecStart=/usr/bin/curl {{.ignition_endpoint}}?{{.query}}&os=installed -o ignition.json + ExecStart=/usr/bin/coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -i ignition.json + ExecStart=/usr/bin/udevadm settle + ExecStart=/usr/bin/systemctl poweroff + [Install] + WantedBy=multi-user.target + +{{ if .ssh_authorized_keys }} +passwd: + users: + - name: core + ssh_authorized_keys: + {{ range $element := .ssh_authorized_keys }} + - {{$element}} + {{end}} +{{end}} diff --git a/examples/ignition/k8s-master.yaml b/examples/ignition/k8s-master.yaml index f171d9c1..d9a54845 100644 --- a/examples/ignition/k8s-master.yaml +++ b/examples/ignition/k8s-master.yaml @@ -42,23 +42,32 @@ systemd: Description=Acquire Kubernetes TLS CA and Certificate Requires=network-online.target After=network-online.target + ConditionPathExists=!/etc/kubernetes/ssl/ready [Service] Type=oneshot ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl ExecStart=/usr/bin/curl {{.k8s_cert_endpoint}}/tls/apiserver.pem -o /etc/kubernetes/ssl/apiserver.pem ExecStart=/usr/bin/curl {{.k8s_cert_endpoint}}/tls/apiserver-key.pem -o /etc/kubernetes/ssl/apiserver-key.pem ExecStart=/usr/bin/curl {{.k8s_cert_endpoint}}/tls/ca.pem -o /etc/kubernetes/ssl/ca.pem + ExecStart=/usr/bin/touch /etc/kubernetes/ssl/ready [Install] WantedBy=multi-user.target + - name: kubelet.path + enable: true + contents: | + [Unit] + Description=Watch for Kubelet TLS Assets + [Path] + PathExists=/etc/kubernetes/ssl/ready - name: kubelet.service enable: true contents: | [Unit] Description=Kubelet via Hyperkube ACI - Requires=k8stls.service - After=k8stls.service Requires=flanneld.service After=flanneld.service + Requires=kubelet.path + After=kubelet.path [Service] ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests Environment=KUBELET_VERSION={{.k8s_version}} @@ -94,7 +103,6 @@ storage: wipe_table: true partitions: - label: ROOT - number: 0 filesystems: - device: "/dev/sda1" format: "ext4" @@ -487,7 +495,7 @@ storage: } } - path: /opt/init-flannel - mode: 320 + mode: 0500 contents: | #!/bin/bash function init_flannel { @@ -514,7 +522,7 @@ storage: } init_flannel - path: /opt/k8s-addons - mode: 320 + mode: 0500 contents: | #!/bin/bash echo "Waiting for Kubernetes API..." diff --git a/examples/ignition/k8s-worker.yaml b/examples/ignition/k8s-worker.yaml index dc85a26a..4a6a14c5 100644 --- a/examples/ignition/k8s-worker.yaml +++ b/examples/ignition/k8s-worker.yaml @@ -41,21 +41,30 @@ systemd: Description=Acquire Kubernetes TLS CA and Certificate Requires=network-online.target After=network-online.target + ConditionPathExists=!/etc/kubernetes/ssl/ready [Service] Type=oneshot ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl ExecStart=/usr/bin/curl {{.k8s_cert_endpoint}}/tls/worker.pem -o /etc/kubernetes/ssl/worker.pem ExecStart=/usr/bin/curl {{.k8s_cert_endpoint}}/tls/worker-key.pem -o /etc/kubernetes/ssl/worker-key.pem ExecStart=/usr/bin/curl {{.k8s_cert_endpoint}}/tls/ca.pem -o /etc/kubernetes/ssl/ca.pem + ExecStart=/usr/bin/touch /etc/kubernetes/ssl/ready [Install] WantedBy=multi-user.target + - name: kubelet.path + enable: true + contents: | + [Unit] + Description=Watch for Kubelet TLS Assets + [Path] + PathExists=/etc/kubernetes/ssl/ready - name: kubelet.service enable: true contents: | [Unit] Description=Kubelet via Hyperkube ACI - Requires=k8stls.service - After=k8stls.service + Requires=kubelet.path + After=kubelet.path [Service] ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests Environment=KUBELET_VERSION={{.k8s_version}} @@ -82,7 +91,6 @@ storage: wipe_table: true partitions: - label: ROOT - number: 0 filesystems: - device: "/dev/sda1" format: "ext4" diff --git a/examples/profiles/install-shutdown/profile.json b/examples/profiles/install-shutdown/profile.json new file mode 100644 index 00000000..d7ef1cff --- /dev/null +++ b/examples/profiles/install-shutdown/profile.json @@ -0,0 +1,15 @@ +{ + "id": "install-shutdown", + "name": "Install CoreOS and Shutdown", + "boot": { + "kernel": "/assets/coreos/983.0.0/coreos_production_pxe.vmlinuz", + "initrd": ["/assets/coreos/983.0.0/coreos_production_pxe_image.cpio.gz"], + "cmdline": { + "coreos.config.url": "http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}", + "coreos.autologin": "", + "coreos.first_boot": "" + } + }, + "cloud_id": "", + "ignition_id": "install-shutdown.yaml" +} \ No newline at end of file