├── templates
├── users.yml
├── hostname.yml
├── write_files.yml
├── manage_etc_hosts.yml
├── ssh_authorized_keys.yml
├── user-data.yml
├── flannel-config.yml
├── units.yml
├── update.yml
├── enabled-unit.yml
├── locksmith.yml
├── preformatted-user-data.yml
├── coreos.yml
├── flannel.yml
├── fleet.yml
└── etcd2.yml
├── .gitignore
├── outputs.tf
├── user-data.tf
├── users.tf
├── hostname.tf
├── ssh_authorized_keys.tf
├── write_files.tf
├── manage_etc_hosts.tf
├── .travis.yml
├── units.tf
├── data
└── files.yml
├── validator.tf
├── preformatted-user-data.tf
├── update.tf
├── coreos.tf
├── LICENSE
├── locksmith.tf
├── vars.tfvars
├── flannel.tf
├── fleet.tf
├── etcd2.tf
└── README.md
/templates/users.yml:
--------------------------------------------------------------------------------
1 | users:
2 | ${join("\n ", split("\n", users))}
3 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | terraform.tfstate
2 | terraform.tfstate.backup
3 | crash.log
4 |
--------------------------------------------------------------------------------
/templates/hostname.yml:
--------------------------------------------------------------------------------
1 | ${replace(hostname, "/^.+$/", "hostname: '${hostname}'")}
2 |
--------------------------------------------------------------------------------
/templates/write_files.yml:
--------------------------------------------------------------------------------
1 | write_files:
2 | ${join("\n ", split("\n", write_files))}
3 |
--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
1 | output "user-data" {
2 | value = "${data.template_file.user-data.rendered}"
3 | }
4 |
--------------------------------------------------------------------------------
/templates/manage_etc_hosts.yml:
--------------------------------------------------------------------------------
1 | ${replace(manage_etc_hosts, "/^.+$/", "manage_etc_hosts: '${manage_etc_hosts}'")}
2 |
--------------------------------------------------------------------------------
/templates/ssh_authorized_keys.yml:
--------------------------------------------------------------------------------
1 | ssh_authorized_keys:
2 | ${join("\n ", split("\n", ssh_authorized_keys))}
3 |
--------------------------------------------------------------------------------
/templates/user-data.yml:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | ${replace(replace(preformatted-user-data, "var!", "$"), "/\n\s+\n/", "\n")}
3 |
--------------------------------------------------------------------------------
/templates/flannel-config.yml:
--------------------------------------------------------------------------------
1 | -
2 | name: 50-network-config.conf
3 | content: |
4 | [Service]
5 | ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '${config}'
6 |
--------------------------------------------------------------------------------
/templates/units.yml:
--------------------------------------------------------------------------------
1 | units:
2 | - # Ensure old version etcd is always masked
3 | name: etcd.service
4 | mask: true
5 | ${etcd2_unit}
6 | ${flannel_unit}
7 | ${fleet_unit}
8 | ${join("\n ", split("\n", units))}
9 |
--------------------------------------------------------------------------------
/templates/update.yml:
--------------------------------------------------------------------------------
1 | update:
2 | ${replace(reboot-strategy, "/^.+$/", "reboot-strategy: '${reboot-strategy}'")}
3 | ${replace(server, "/^.+$/", "server: '${server}'")}
4 | ${replace(group, "/^.+$/", "group: '${group}'")}
5 |
--------------------------------------------------------------------------------
/user-data.tf:
--------------------------------------------------------------------------------
1 | data "template_file" "user-data" {
2 | template = "${file("${path.module}/templates/user-data.yml")}"
3 |
4 | vars {
5 | preformatted-user-data = "${data.template_file.preformatted-user-data.rendered}"
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/templates/enabled-unit.yml:
--------------------------------------------------------------------------------
1 | -
2 | name: ${service}.service
3 | ${replace(replace("${enabled}", "/^(true|1)$/", "command: start"), enabled, "mask: true")}
4 | ${replace(drop-ins, "/^[\s\S]+$/", "drop-ins:\n ${join("\n ", split("\n", drop-ins))}")}
5 |
--------------------------------------------------------------------------------
/users.tf:
--------------------------------------------------------------------------------
1 | variable "users" {
2 | default = ""
3 | }
4 | output "users" {
5 | value = "${var.users}"
6 | }
7 |
8 | data "template_file" "users" {
9 | template = "${file("${path.module}/templates/users.yml")}"
10 |
11 | vars {
12 | users = "${var.users}"
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/templates/locksmith.yml:
--------------------------------------------------------------------------------
1 | locksmith:
2 | ${replace(endpoint, "/^.+$/", "endpoint: '${endpoint}'")}
3 | ${replace(etcd-keyfile, "/^.+$/", "etcd-keyfile: '${etcd-keyfile}'")}
4 | ${replace(etcd-certfile, "/^.+$/", "etcd-certfile: '${etcd-certfile}'")}
5 | ${replace(group, "/^.+$/", "group: '${group}'")}
6 |
--------------------------------------------------------------------------------
/hostname.tf:
--------------------------------------------------------------------------------
1 | variable "hostname" {
2 | default = ""
3 | }
4 | output "hostname" {
5 | value = "${var.hostname}"
6 | }
7 |
8 | data "template_file" "hostname" {
9 | template = "${file("${path.module}/templates/hostname.yml")}"
10 |
11 | vars {
12 | hostname = "${var.hostname}"
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/ssh_authorized_keys.tf:
--------------------------------------------------------------------------------
1 | variable "ssh_authorized_keys" {
2 | default = ""
3 | }
4 |
5 | data "template_file" "ssh_authorized_keys" {
6 | template = "${file("${path.module}/templates/ssh_authorized_keys.yml")}"
7 |
8 | vars {
9 | ssh_authorized_keys = "${var.ssh_authorized_keys}"
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/write_files.tf:
--------------------------------------------------------------------------------
1 | variable "write_files" {
2 | default = ""
3 | }
4 | output "write_files" {
5 | value = "${var.write_files}"
6 | }
7 |
8 | data "template_file" "write_files" {
9 | template = "${file("${path.module}/templates/write_files.yml")}"
10 |
11 | vars {
12 | write_files = "${var.write_files}"
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/manage_etc_hosts.tf:
--------------------------------------------------------------------------------
1 | variable "manage_etc_hosts" {
2 | default = ""
3 | }
4 | output "manage_etc_hosts" {
5 | value = "${var.manage_etc_hosts}"
6 | }
7 |
8 | data "template_file" "manage_etc_hosts" {
9 | template = "${file("${path.module}/templates/manage_etc_hosts.yml")}"
10 |
11 | vars {
12 | manage_etc_hosts = "${var.manage_etc_hosts}"
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/templates/preformatted-user-data.yml:
--------------------------------------------------------------------------------
1 | ${replace(coreos, "/^\s*coreos:\s*$/", "")}
2 | ${replace(ssh_authorized_keys, "/^\s*ssh_authorized_keys:\s*$/", "")}
3 | ${replace(hostname, "/^\s*hostname:\s*$/", "")}
4 | ${replace(users, "/^\s*users:\s*$/", "")}
5 | ${replace(write_files, "/^\s*write_files:\s*$/", "")}
6 | ${replace(manage_etc_hosts, "/^\s*manage_etc_hosts:\s*$/", "")}
7 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: bash
2 | sudo: true
3 | before_script:
4 | - sudo apt-get install unzip
5 | - wget https://releases.hashicorp.com/terraform/$(echo $TF_VERSION)/terraform_$(echo $TF_VERSION)_linux_amd64.zip
6 | - unzip terraform_$(echo $TF_VERSION)_linux_amd64.zip -d ./bin
7 | script:
8 | - ./bin/terraform apply -input=false -var-file vars.tfvars
9 | env:
10 | - TF_VERSION=0.7.0
11 | - TF_VERSION=0.7.1
12 | - TF_VERSION=0.7.2
13 | - TF_VERSION=0.7.3
14 |
--------------------------------------------------------------------------------
/templates/coreos.yml:
--------------------------------------------------------------------------------
1 | coreos:
2 | ${replace(join("\n ", split("\n", etcd2)), "/^\s*etcd2:\s*$/", "")}
3 | ${replace(join("\n ", split("\n", flannel)), "/^\s*flannel:\s*$/", "")}
4 | ${replace(join("\n ", split("\n", fleet)), "/^\s*fleet:\s*$/", "")}
5 | ${replace(join("\n ", split("\n", locksmith)), "/^\s*locksmith:\s*$/", "")}
6 | ${replace(join("\n ", split("\n", update)), "/^\s*update:\s*$/", "")}
7 | ${replace(join("\n ", split("\n", units)), "/^\s*units:\s*$/", "")}
8 |
--------------------------------------------------------------------------------
/units.tf:
--------------------------------------------------------------------------------
1 | variable "units" {
2 | default = ""
3 | }
4 | output "units" {
5 | value = "${var.units}"
6 | }
7 |
8 | // Template for units
9 | data "template_file" "units" {
10 | template = "${file("${path.module}/templates/units.yml")}"
11 |
12 | vars {
13 | etcd2_unit = "${data.template_file.etcd2_unit.rendered}"
14 | fleet_unit = "${data.template_file.fleet_unit.rendered}"
15 | flannel_unit = "${data.template_file.flannel_unit.rendered}"
16 | units = "${var.units}"
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/templates/flannel.yml:
--------------------------------------------------------------------------------
1 | flannel:
2 | ${replace(public-ip, "/^.+$/", "public-ip: '${public-ip}'")}
3 | ${replace(etcd-endpoints, "/^.+$/", "etcd-endpoints: '${etcd-endpoints}'")}
4 | ${replace(etcd-prefix, "/^.+$/", "etcd-prefix: '${etcd-prefix}'")}
5 | ${replace(etcd-keyfile, "/^.+$/", "etcd-keyfile: '${etcd-keyfile}'")}
6 | ${replace(etcd-certfile, "/^.+$/", "etcd-certfile: '${etcd-certfile}'")}
7 | ${replace(interface, "/^.+$/", "interface: '${interface}'")}
8 | ${replace(subnet-file, "/^.+$/", "subnet-file: '${subnet-file}'")}
9 | ${replace(ip-masq, "/^.+$/", "ip-masq: '${ip-masq}'")}
10 |
--------------------------------------------------------------------------------
/data/files.yml:
--------------------------------------------------------------------------------
1 | -
2 | path: /opt/bin/deis-debug-logs
3 | permissions: '0755'
4 | content: |
5 | #!/bin/bash
6 |
7 | echo '--- VERSIONS ---'
8 | source /etc/os-release
9 | echo $PRETTY_NAME
10 | source /etc/deis-release
11 | echo "Deis $DEIS_RELEASE"
12 | etcd -version
13 | fleet -version
14 | printf "\n"
15 |
16 | echo '--- SYSTEM STATUS ---'
17 | journalctl -n 50 -u etcd --no-pager
18 | journalctl -n 50 -u fleet --no-pager
19 | printf "\n"
20 |
21 | echo '--- DEIS STATUS ---'
22 | deisctl list
23 | etcdctl ls --recursive /deis
24 | printf "\n"
25 |
--------------------------------------------------------------------------------
/validator.tf:
--------------------------------------------------------------------------------
1 | resource "null_resource" "validator" {
2 | triggers {
3 | user-data = "${data.template_file.user-data.rendered}"
4 | validator-contents = "${file("${path.module}/validator.tf")}"
5 | }
6 |
7 | provisioner "local-exec" {
8 | command = <<-EOF
9 | set -e
10 | curl -sSLfk "https://validate.core-os.net/validate" -X PUT -H "Content-Type: text/plain" -H "Accept: application/json" --data-binary @- <<'__USERDATA__' | tee /dev/stderr | if grep -E "error|warning" ; then false ; else true ; fi
11 | ${data.template_file.user-data.rendered}
12 | __USERDATA__
13 | EOF
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/preformatted-user-data.tf:
--------------------------------------------------------------------------------
1 | data "template_file" "preformatted-user-data" {
2 | template = "${file("${path.module}/templates/preformatted-user-data.yml")}"
3 |
4 | vars {
5 | coreos = "${data.template_file.coreos.rendered}"
6 | ssh_authorized_keys = "${data.template_file.ssh_authorized_keys.rendered}"
7 | hostname = "${data.template_file.hostname.rendered}"
8 | users = "${data.template_file.users.rendered}"
9 | write_files = "${data.template_file.write_files.rendered}"
10 | manage_etc_hosts = "${data.template_file.manage_etc_hosts.rendered}"
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/update.tf:
--------------------------------------------------------------------------------
1 | variable "update_reboot-strategy" {
2 | default = "best-effort"
3 | }
4 | output "update_reboot-strategy" {
5 | value = "${var.update_reboot-strategy}"
6 | }
7 |
8 | variable "update_group" {
9 | default = "stable"
10 | }
11 | output "update_group" {
12 | value = "${var.update_group}"
13 | }
14 |
15 | variable "update_server" {
16 | default = ""
17 | }
18 | output "update_server" {
19 | value = "${var.update_server}"
20 | }
21 |
22 | data "template_file" "update" {
23 | template = "${file("${path.module}/templates/update.yml")}"
24 |
25 | vars {
26 | reboot-strategy = "${var.update_reboot-strategy}"
27 | group = "${var.update_group}"
28 | server = "${var.update_server}"
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/coreos.tf:
--------------------------------------------------------------------------------
1 | data "template_file" "coreos" {
2 | template = "${file("${path.module}/templates/coreos.yml")}"
3 |
4 | vars {
5 | etcd2 = "${replace(replace("${var.enable_etcd2}", "/^(true|1)$/", data.template_file.etcd2.rendered), "/^${var.enable_etcd2}$/", "")}"
6 | fleet = "${replace(replace("${var.enable_fleet}", "/^(true|1)$/", data.template_file.fleet.rendered), "/^${var.enable_fleet}$/", "")}"
7 | flannel = "${replace(replace("${var.enable_flannel}", "/^(true|1)$/", data.template_file.flannel.rendered), "/^${var.enable_flannel}$/", "")}"
8 | locksmith = "${data.template_file.locksmith.rendered}"
9 | update = "${data.template_file.update.rendered}"
10 | units = "${data.template_file.units.rendered}"
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/templates/fleet.yml:
--------------------------------------------------------------------------------
1 | fleet:
2 | ${replace(verbosity, "/^.+$/", "verbosity: ${verbosity}")}
3 | ${replace(etcd_servers, "/^.+$/", "etcd_servers: '${etcd_servers}'")}
4 | ${replace(etcd_request_timeout, "/^.+$/", "etcd_request_timeout: ${etcd_request_timeout}")}
5 | ${replace(etcd_keyfile, "/^.+$/", "etcd_keyfile: '${etcd_keyfile}'")}
6 | ${replace(etcd_certfile, "/^.+$/", "etcd_certfile: '${etcd_certfile}'")}
7 | ${replace(etcd_key_prefix, "/^.+$/", "etcd_key_prefix: '${etcd_key_prefix}'")}
8 | ${replace(public_ip, "/^.+$/", "public_ip: '${public_ip}'")}
9 | ${replace(metadata, "/^.+$/", "metadata: '${metadata}'")}
10 | ${replace(agent_ttl, "/^.+$/", "agent_ttl: '${agent_ttl}'")}
11 | ${replace(engine_reconcile_interval, "/^.+$/", "engine_reconcile_interval: ${engine_reconcile_interval}")}
12 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2016 Brandfolder
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/locksmith.tf:
--------------------------------------------------------------------------------
1 | variable "locksmith_reboot-strategy" {
2 | default = "best-effort"
3 | }
4 | output "locksmith_reboot-strategy" {
5 | value = "${var.locksmith_reboot-strategy}"
6 | }
7 |
8 | variable "locksmith_endpoint" {
9 | default = ""
10 | }
11 | output "locksmith_endpoint" {
12 | value = "${var.locksmith_endpoint}"
13 | }
14 |
15 | variable "locksmith_etcd-keyfile" {
16 | default = ""
17 | }
18 | output "locksmith_etcd-keyfile" {
19 | value = "${var.locksmith_etcd-keyfile}"
20 | }
21 |
22 | variable "locksmith_etcd-certfile" {
23 | default = ""
24 | }
25 | output "locksmith_etcd-certfile" {
26 | value = "${var.locksmith_etcd-certfile}"
27 | }
28 |
29 | variable "locksmith_group" {
30 | default = ""
31 | }
32 | output "locksmith_group" {
33 | value = "${var.locksmith_group}"
34 | }
35 |
36 | data "template_file" "locksmith" {
37 | template = "${file("${path.module}/templates/locksmith.yml")}"
38 |
39 | vars {
40 | reboot-strategy = "${var.locksmith_reboot-strategy}"
41 | endpoint = "${var.locksmith_endpoint}"
42 | etcd-keyfile = "${coalesce(var.locksmith_etcd-keyfile, var.etcd2_key-file)}"
43 | etcd-certfile = "${coalesce(var.locksmith_etcd-certfile, var.etcd2_cert-file)}"
44 | group = "${var.locksmith_group}"
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/vars.tfvars:
--------------------------------------------------------------------------------
1 | enable_etcd2 = "true"
2 | enable_flannel = "true"
3 | enable_fleet = "true"
4 |
5 | etcd2_advertise-client-urls = "value"
6 | etcd2_cert-file = "value"
7 | etcd2_client-cert-auth = "true"
8 | etcd2_cors = "value"
9 | etcd2_data-dir = "value"
10 | etcd2_debug = "true"
11 | etcd2_discovery = "value"
12 | etcd2_discovery-fallback = "value"
13 | etcd2_discovery-proxy = "value"
14 | etcd2_discovery-srv = "value"
15 | etcd2_election-timeout = "100"
16 | etcd2_heartbeat-interval = "100"
17 | etcd2_initial-advertise-peer-urls = "value"
18 | etcd2_initial-cluster = "value"
19 | etcd2_initial-cluster-state = "value"
20 | etcd2_initial-cluster-token = "value"
21 | etcd2_key-file = "value"
22 | etcd2_listen-client-urls = "value"
23 | etcd2_listen-peer-urls = "value"
24 | etcd2_log-package-levels = "value"
25 | etcd2_max-snapshots = "1000"
26 | etcd2_max-wals = "1000"
27 | etcd2_name = "value"
28 | etcd2_peer-cert-file = "value"
29 | etcd2_peer-client-cert-auth = "true"
30 | etcd2_peer-key-file = "value"
31 | etcd2_peer-trusted-ca-file = "value"
32 | etcd2_proxy = "on"
33 | etcd2_proxy-dial-timeout = "100"
34 | etcd2_proxy-failure-wait = "100"
35 | etcd2_proxy-read-timeout = "100"
36 | etcd2_proxy-refresh-interval = "100"
37 | etcd2_proxy-write-timeout = "100"
38 | etcd2_snapshot-count = "1000"
39 | etcd2_trusted-ca-file = "value"
40 | flannel_etcd-certfile = "value"
41 | flannel_etcd-endpoints = "value"
42 | flannel_etcd-keyfile = "value"
43 | flannel_etcd-prefix = "value"
44 | flannel_interface = "value"
45 | flannel_ip-masq = "value"
46 | flannel_public-ip = "value"
47 | flannel_subnet-file = "value"
48 | fleet_agent_ttl = "value"
49 | fleet_disable_engine = "value"
50 | fleet_disable_watches = "value"
51 | fleet_engine_reconcile_interval = "100"
52 | fleet_etcd_certfile = "value"
53 | fleet_etcd_key_prefix = "value"
54 | fleet_etcd_keyfile = "value"
55 | fleet_etcd_request_timeout = "1000"
56 | fleet_etcd_servers = "value"
57 | fleet_metadata = "value"
58 | fleet_public_ip = "value"
59 | fleet_token_limit = "value"
60 | fleet_verbosity = "1"
61 | hostname = "value"
62 | locksmith_endpoint = "value"
63 | locksmith_etcd-certfile = "value"
64 | locksmith_etcd-keyfile = "value"
65 | locksmith_group = "value"
66 | manage_etc_hosts = "value"
67 | ssh_authorized_keys = "- ''"
68 | units = "- {}"
69 | update_group = "value"
70 | update_reboot-strategy = "best-effort"
71 | update_server = "value"
72 | users = " - {}"
73 | write_files = "- {}"
74 |
--------------------------------------------------------------------------------
/flannel.tf:
--------------------------------------------------------------------------------
1 | variable "enable_flannel" {
2 | default = true
3 | }
4 | output "enable_flannel" {
5 | value = "${var.enable_flannel}"
6 | }
7 |
8 | variable "flannel_public-ip" {
9 | default = ""
10 | }
11 | output "flannel_public-ip" {
12 | value = "${var.flannel_public-ip}"
13 | }
14 |
15 | variable "flannel_etcd-endpoints" {
16 | default = ""
17 | }
18 | output "flannel_etcd-endpoints" {
19 | value = "${var.flannel_etcd-endpoints}"
20 | }
21 |
22 | variable "flannel_etcd-prefix" {
23 | default = ""
24 | }
25 | output "flannel_etcd-prefix" {
26 | value = "${var.flannel_etcd-prefix}"
27 | }
28 |
29 | variable "flannel_etcd-keyfile" {
30 | default = ""
31 | }
32 | output "flannel_etcd-keyfile" {
33 | value = "${var.flannel_etcd-keyfile}"
34 | }
35 |
36 | variable "flannel_etcd-certfile" {
37 | default = ""
38 | }
39 | output "flannel_etcd-certfile" {
40 | value = "${var.flannel_etcd-certfile}"
41 | }
42 |
43 | variable "flannel_interface" {
44 | default = ""
45 | }
46 | output "flannel_interface" {
47 | value = "${var.flannel_interface}"
48 | }
49 |
50 | variable "flannel_subnet-file" {
51 | default = ""
52 | }
53 | output "flannel_subnet-file" {
54 | value = "${var.flannel_subnet-file}"
55 | }
56 |
57 | variable "flannel_ip-masq" {
58 | default = ""
59 | }
60 | output "flannel_ip-masq" {
61 | value = "${var.flannel_ip-masq}"
62 | }
63 |
64 | variable "flannel_config" {
65 | default = "{ \"Network\": \"10.1.0.0/16\" }"
66 | }
67 | output "flannel_config" {
68 | value = "${var.flannel_config}"
69 | }
70 |
71 | data "template_file" "flannel_config" {
72 | template = "${file("${path.module}/templates/flannel-config.yml")}"
73 |
74 | vars {
75 | config = "${var.flannel_config}"
76 | }
77 | }
78 |
79 | data "template_file" "flannel_unit" {
80 | template = "${file("${path.module}/templates/enabled-unit.yml")}"
81 |
82 | vars {
83 | service = "flanneld"
84 | enabled = "${var.enable_flannel}"
85 | drop-ins = "${data.template_file.flannel_config.rendered}"
86 | }
87 | }
88 |
89 | data "template_file" "flannel" {
90 | template = "${file("${path.module}/templates/flannel.yml")}"
91 |
92 | vars {
93 | public-ip = "${var.flannel_public-ip}"
94 | etcd-endpoints = "${var.flannel_etcd-endpoints}"
95 | etcd-prefix = "${var.flannel_etcd-prefix}"
96 | etcd-keyfile = "${coalesce(var.flannel_etcd-keyfile, var.etcd2_key-file)}"
97 | etcd-certfile = "${coalesce(var.flannel_etcd-certfile, var.etcd2_cert-file)}"
98 | interface = "${var.flannel_interface}"
99 | subnet-file = "${var.flannel_subnet-file}"
100 | ip-masq = "${var.flannel_ip-masq}"
101 | }
102 | }
103 |
--------------------------------------------------------------------------------
/fleet.tf:
--------------------------------------------------------------------------------
1 | variable "enable_fleet" {
2 | default = true
3 | }
4 | output "enable_fleet" {
5 | value = "${var.enable_fleet}"
6 | }
7 |
8 | variable "fleet_verbosity" {
9 | default = ""
10 | }
11 | output "fleet_verbosity" {
12 | value = "${var.fleet_verbosity}"
13 | }
14 |
15 | variable "fleet_etcd_servers" {
16 | default = ""
17 | }
18 | output "fleet_etcd_servers" {
19 | value = "${var.fleet_etcd_servers}"
20 | }
21 |
22 | variable "fleet_etcd_request_timeout" {
23 | default = ""
24 | }
25 | output "fleet_etcd_request_timeout" {
26 | value = "${var.fleet_etcd_request_timeout}"
27 | }
28 |
29 | variable "fleet_etcd_cafile" {
30 | default = ""
31 | }
32 | output "fleet_etcd_cafile" {
33 | value = "${var.fleet_etcd_cafile}"
34 | }
35 |
36 | variable "fleet_etcd_keyfile" {
37 | default = ""
38 | }
39 | output "fleet_etcd_keyfile" {
40 | value = "${var.fleet_etcd_keyfile}"
41 | }
42 |
43 | variable "fleet_etcd_certfile" {
44 | default = ""
45 | }
46 | output "fleet_etcd_certfile" {
47 | value = "${var.fleet_etcd_certfile}"
48 | }
49 |
50 | variable "fleet_etcd_key_prefix" {
51 | default = ""
52 | }
53 | output "fleet_etcd_key_prefix" {
54 | value = "${var.fleet_etcd_key_prefix}"
55 | }
56 |
57 | variable "fleet_public_ip" {
58 | default = "var!public_ipv4"
59 | }
60 | output "fleet_public_ip" {
61 | value = "${var.fleet_public_ip}"
62 | }
63 |
64 | variable "fleet_metadata" {
65 | default = ""
66 | }
67 | output "fleet_metadata" {
68 | value = "${var.fleet_metadata}"
69 | }
70 |
71 | variable "fleet_agent_ttl" {
72 | default = ""
73 | }
74 | output "fleet_agent_ttl" {
75 | value = "${var.fleet_agent_ttl}"
76 | }
77 |
78 | variable "fleet_engine_reconcile_interval" {
79 | default = ""
80 | }
81 | output "fleet_engine_reconcile_interval" {
82 | value = "${var.fleet_engine_reconcile_interval}"
83 | }
84 |
85 | data "template_file" "fleet_unit" {
86 | template = "${file("${path.module}/templates/enabled-unit.yml")}"
87 |
88 | vars {
89 | service = "fleet"
90 | enabled = "${var.enable_fleet}"
91 | drop-ins = ""
92 | }
93 | }
94 |
95 | data "template_file" "fleet" {
96 | template = "${file("${path.module}/templates/fleet.yml")}"
97 |
98 | vars {
99 | verbosity = "${var.fleet_verbosity}"
100 | etcd_servers = "${var.fleet_etcd_servers}"
101 | etcd_request_timeout = "${var.fleet_etcd_request_timeout}"
102 | etcd_keyfile = "${coalesce(var.fleet_etcd_keyfile, var.etcd2_key-file)}"
103 | etcd_certfile = "${coalesce(var.fleet_etcd_certfile, var.etcd2_cert-file)}"
104 | etcd_key_prefix = "${var.fleet_etcd_key_prefix}"
105 | public_ip = "${var.fleet_public_ip}"
106 | metadata = "${var.fleet_metadata}"
107 | agent_ttl = "${var.fleet_agent_ttl}"
108 | engine_reconcile_interval = "${var.fleet_engine_reconcile_interval}"
109 | }
110 | }
111 |
--------------------------------------------------------------------------------
/templates/etcd2.yml:
--------------------------------------------------------------------------------
1 | etcd2:
2 | ${replace(name, "/^.+$/", "name: '${name}'")}
3 | ${replace(data-dir, "/^.+$/", "data-dir: '${data-dir}'")}
4 | ${replace(snapshot-count, "/^.+$/", "snapshot-count: ${snapshot-count}")}
5 | ${replace(heartbeat-interval, "/^.+$/", "heartbeat-interval: ${heartbeat-interval}")}
6 | ${replace(election-timeout, "/^.+$/", "election-timeout: ${election-timeout}")}
7 | ${replace(listen-peer-urls, "/^.+$/", "listen-peer-urls: '${listen-peer-urls}'")}
8 | ${replace(listen-client-urls, "/^.+$/", "listen-client-urls: '${listen-client-urls}'")}
9 | ${replace(max-snapshots, "/^.+$/", "max-snapshots: ${max-snapshots}")}
10 | ${replace(max-wals, "/^.+$/", "max-wals: ${max-wals}")}
11 | ${replace(cors, "/^.+$/", "cors: '${cors}'")}
12 | ${replace(initial-advertise-peer-urls, "/^.+$/", "initial-advertise-peer-urls: '${initial-advertise-peer-urls}'")}
13 | ${replace(initial-cluster, "/^.+$/", "initial-cluster: '${initial-cluster}'")}
14 | ${replace(initial-cluster-state, "/^.+$/", "initial-cluster-state: '${initial-cluster-state}'")}
15 | ${replace(initial-cluster-token, "/^.+$/", "initial-cluster-token: '${initial-cluster-token}'")}
16 | ${replace(advertise-client-urls, "/^.+$/", "advertise-client-urls: '${advertise-client-urls}'")}
17 | ${replace(discovery, "/^.+$/", "discovery: '${discovery}'")}
18 | ${replace(discovery-srv, "/^.+$/", "discovery-srv: '${discovery-srv}'")}
19 | ${replace(discovery-fallback, "/^.+$/", "discovery-fallback: '${discovery-fallback}'")}
20 | ${replace(discovery-proxy, "/^.+$/", "discovery-proxy: '${discovery-proxy}'")}
21 | ${replace(proxy, "/^.+$/", "proxy: '${proxy}'")}
22 | ${replace(proxy-failure-wait, "/^.+$/", "proxy-failure-wait: ${proxy-failure-wait}")}
23 | ${replace(proxy-refresh-interval, "/^.+$/", "proxy-refresh-interval: ${proxy-refresh-interval}")}
24 | ${replace(proxy-dial-timeout, "/^.+$/", "proxy-dial-timeout: ${proxy-dial-timeout}")}
25 | ${replace(proxy-write-timeout, "/^.+$/", "proxy-write-timeout: ${proxy-write-timeout}")}
26 | ${replace(proxy-read-timeout, "/^.+$/", "proxy-read-timeout: ${proxy-read-timeout}")}
27 | ${replace(cert-file, "/^.+$/", "cert-file: '${cert-file}'")}
28 | ${replace(key-file, "/^.+$/", "key-file: '${key-file}'")}
29 | ${replace(replace("${client-cert-auth}", "/^(true|1)$/", "client-cert-auth: true"), "/^${client-cert-auth}$/", "")}
30 | ${replace(trusted-ca-file, "/^.+$/", "trusted-ca-file: '${trusted-ca-file}'")}
31 | ${replace(peer-cert-file, "/^.+$/", "peer-cert-file: '${peer-cert-file}'")}
32 | ${replace(peer-key-file, "/^.+$/", "peer-key-file: '${peer-key-file}'")}
33 | ${replace(replace("${peer-client-cert-auth}", "/^(true|1)$/", "peer-client-cert-auth: true"), "/^${peer-client-cert-auth}$/", "")}
34 | ${replace(peer-trusted-ca-file, "/^.+$/", "peer-trusted-ca-file: '${peer-trusted-ca-file}'")}
35 | ${replace(replace("${debug}", "/^(true|1)$/", "debug: true"), "/^${debug}$/", "")}
36 | ${replace(log-package-levels, "/^.+$/", "log-package-levels: '${log-package-levels}'")}
37 |
--------------------------------------------------------------------------------
/etcd2.tf:
--------------------------------------------------------------------------------
1 | # etcd2 Configuration
2 | # Enable/Disable etcd2, when false, the remaining config options have no affect.
3 | variable "enable_etcd2" {
4 | default = true
5 | }
6 | output "enable_etcd2" {
7 | value = "${var.enable_etcd2}"
8 | }
9 |
10 | variable "etcd2_name" {
11 | default = ""
12 | }
13 | output "etcd2_name" {
14 | value = "${var.etcd2_name}"
15 | }
16 |
17 | variable "etcd2_data-dir" {
18 | default = ""
19 | }
20 | output "etcd2_data-dir" {
21 | value = "${var.etcd2_data-dir}"
22 | }
23 |
24 | variable "etcd2_snapshot-count" {
25 | default = ""
26 | }
27 | output "etcd2_snapshot-count" {
28 | value = "${var.etcd2_snapshot-count}"
29 | }
30 |
31 | variable "etcd2_heartbeat-interval" {
32 | default = ""
33 | }
34 | output "etcd2_heartbeat-interval" {
35 | value = "${var.etcd2_heartbeat-interval}"
36 | }
37 |
38 | variable "etcd2_election-timeout" {
39 | default = ""
40 | }
41 | output "etcd2_election-timeout" {
42 | value = "${var.etcd2_election-timeout}"
43 | }
44 |
45 | variable "etcd2_listen-peer-urls" {
46 | default = ""
47 | }
48 | output "etcd2_listen-peer-urls" {
49 | value = "${var.etcd2_listen-peer-urls}"
50 | }
51 |
52 | variable "etcd2_listen-client-urls" {
53 | default = ""
54 | }
55 | output "etcd2_listen-client-urls" {
56 | value = "${var.etcd2_listen-client-urls}"
57 | }
58 |
59 | variable "etcd2_max-snapshots" {
60 | default = ""
61 | }
62 | output "etcd2_max-snapshots" {
63 | value = "${var.etcd2_max-snapshots}"
64 | }
65 |
66 | variable "etcd2_max-wals" {
67 | default = ""
68 | }
69 | output "etcd2_max-wals" {
70 | value = "${var.etcd2_max-wals}"
71 | }
72 |
73 | variable "etcd2_cors" {
74 | default = ""
75 | }
76 | output "etcd2_cors" {
77 | value = "${var.etcd2_cors}"
78 | }
79 |
80 | variable "etcd2_initial-advertise-peer-urls" {
81 | default = ""
82 | }
83 | output "etcd2_initial-advertise-peer-urls" {
84 | value = "${var.etcd2_initial-advertise-peer-urls}"
85 | }
86 |
87 | variable "etcd2_initial-cluster" {
88 | default = ""
89 | }
90 | output "etcd2_initial-cluster" {
91 | value = "${var.etcd2_initial-cluster}"
92 | }
93 |
94 | variable "etcd2_initial-cluster-state" {
95 | default = ""
96 | }
97 | output "etcd2_initial-cluster-state" {
98 | value = "${var.etcd2_initial-cluster-state}"
99 | }
100 |
101 | variable "etcd2_initial-cluster-token" {
102 | default = ""
103 | }
104 | output "etcd2_initial-cluster-token" {
105 | value = "${var.etcd2_initial-cluster-token}"
106 | }
107 |
108 | variable "etcd2_advertise-client-urls" {
109 | default = ""
110 | }
111 | output "etcd2_advertise-client-urls" {
112 | value = "${var.etcd2_advertise-client-urls}"
113 | }
114 |
115 | variable "etcd2_discovery" {
116 | default = ""
117 | }
118 | output "etcd2_discovery" {
119 | value = "${var.etcd2_discovery}"
120 | }
121 |
122 | variable "etcd2_discovery-srv" {
123 | default = ""
124 | }
125 | output "etcd2_discovery-srv" {
126 | value = "${var.etcd2_discovery-srv}"
127 | }
128 |
129 | variable "etcd2_discovery-fallback" {
130 | default = ""
131 | }
132 | output "etcd2_discovery-fallback" {
133 | value = "${var.etcd2_discovery-fallback}"
134 | }
135 |
136 | variable "etcd2_discovery-proxy" {
137 | default = ""
138 | }
139 | output "etcd2_discovery-proxy" {
140 | value = "${var.etcd2_discovery-proxy}"
141 | }
142 |
143 | variable "etcd2_proxy" {
144 | default = ""
145 | }
146 | output "etcd2_proxy" {
147 | value = "${var.etcd2_proxy}"
148 | }
149 |
150 | variable "etcd2_proxy-failure-wait" {
151 | default = ""
152 | }
153 | output "etcd2_proxy-failure-wait" {
154 | value = "${var.etcd2_proxy-failure-wait}"
155 | }
156 |
157 | variable "etcd2_proxy-refresh-interval" {
158 | default = ""
159 | }
160 | output "etcd2_proxy-refresh-interval" {
161 | value = "${var.etcd2_proxy-refresh-interval}"
162 | }
163 |
164 | variable "etcd2_proxy-dial-timeout" {
165 | default = ""
166 | }
167 | output "etcd2_proxy-dial-timeout" {
168 | value = "${var.etcd2_proxy-dial-timeout}"
169 | }
170 |
171 | variable "etcd2_proxy-write-timeout" {
172 | default = ""
173 | }
174 | output "etcd2_proxy-write-timeout" {
175 | value = "${var.etcd2_proxy-write-timeout}"
176 | }
177 |
178 | variable "etcd2_proxy-read-timeout" {
179 | default = ""
180 | }
181 | output "etcd2_proxy-read-timeout" {
182 | value = "${var.etcd2_proxy-read-timeout}"
183 | }
184 |
185 | variable "etcd2_cert-file" {
186 | default = ""
187 | }
188 | output "etcd2_cert-file" {
189 | value = "${var.etcd2_cert-file}"
190 | }
191 |
192 | variable "etcd2_key-file" {
193 | default = ""
194 | }
195 | output "etcd2_key-file" {
196 | value = "${var.etcd2_key-file}"
197 | }
198 |
199 | variable "etcd2_client-cert-auth" {
200 | default = ""
201 | }
202 | output "etcd2_client-cert-auth" {
203 | value = "${var.etcd2_client-cert-auth}"
204 | }
205 |
206 | variable "etcd2_trusted-ca-file" {
207 | default = ""
208 | }
209 | output "etcd2_trusted-ca-file" {
210 | value = "${var.etcd2_trusted-ca-file}"
211 | }
212 |
213 | variable "etcd2_peer-cert-file" {
214 | default = ""
215 | }
216 | output "etcd2_peer-cert-file" {
217 | value = "${var.etcd2_peer-cert-file}"
218 | }
219 |
220 | variable "etcd2_peer-key-file" {
221 | default = ""
222 | }
223 | output "etcd2_peer-key-file" {
224 | value = "${var.etcd2_peer-key-file}"
225 | }
226 |
227 | variable "etcd2_peer-client-cert-auth" {
228 | default = ""
229 | }
230 | output "etcd2_peer-client-cert-auth" {
231 | value = "${var.etcd2_peer-client-cert-auth}"
232 | }
233 |
234 | variable "etcd2_peer-trusted-ca-file" {
235 | default = ""
236 | }
237 | output "etcd2_peer-trusted-ca-file" {
238 | value = "${var.etcd2_peer-trusted-ca-file}"
239 | }
240 |
241 | variable "etcd2_debug" {
242 | default = ""
243 | }
244 | output "etcd2_debug" {
245 | value = "${var.etcd2_debug}"
246 | }
247 |
248 | variable "etcd2_log-package-levels" {
249 | default = ""
250 | }
251 | output "etcd2_log-package-levels" {
252 | value = "${var.etcd2_log-package-levels}"
253 | }
254 |
255 | // Unit file for etcd2
256 | data "template_file" "etcd2_unit" {
257 | template = "${file("${path.module}/templates/enabled-unit.yml")}"
258 |
259 | vars {
260 | service = "etcd2"
261 | enabled = "${var.enable_etcd2}"
262 | drop-ins = ""
263 | }
264 | }
265 |
266 | data "template_file" "etcd2" {
267 | template = "${file("${path.module}/templates/etcd2.yml")}"
268 |
269 | vars {
270 | name = "${var.etcd2_name}"
271 | data-dir = "${var.etcd2_data-dir}"
272 | snapshot-count = "${var.etcd2_snapshot-count}"
273 | heartbeat-interval = "${var.etcd2_heartbeat-interval}"
274 | election-timeout = "${var.etcd2_election-timeout}"
275 | listen-peer-urls = "${var.etcd2_listen-peer-urls}"
276 | listen-client-urls = "${var.etcd2_listen-client-urls}"
277 | max-snapshots = "${var.etcd2_max-snapshots}"
278 | max-wals = "${var.etcd2_max-wals}"
279 | cors = "${var.etcd2_cors}"
280 | initial-advertise-peer-urls = "${var.etcd2_initial-advertise-peer-urls}"
281 | initial-cluster = "${var.etcd2_initial-cluster}"
282 | initial-cluster-state = "${var.etcd2_initial-cluster-state}"
283 | initial-cluster-token = "${var.etcd2_initial-cluster-token}"
284 | advertise-client-urls = "${var.etcd2_advertise-client-urls}"
285 | discovery = "${var.etcd2_discovery}"
286 | discovery-srv = "${var.etcd2_discovery-srv}"
287 | discovery-fallback = "${var.etcd2_discovery-fallback}"
288 | discovery-proxy = "${var.etcd2_discovery-proxy}"
289 | proxy = "${var.etcd2_proxy}"
290 | proxy-failure-wait = "${var.etcd2_proxy-failure-wait}"
291 | proxy-refresh-interval = "${var.etcd2_proxy-refresh-interval}"
292 | proxy-dial-timeout = "${var.etcd2_proxy-dial-timeout}"
293 | proxy-write-timeout = "${var.etcd2_proxy-write-timeout}"
294 | proxy-read-timeout = "${var.etcd2_proxy-read-timeout}"
295 | cert-file = "${var.etcd2_cert-file}"
296 | key-file = "${var.etcd2_key-file}"
297 | client-cert-auth = "${var.etcd2_client-cert-auth}"
298 | trusted-ca-file = "${var.etcd2_trusted-ca-file}"
299 | peer-cert-file = "${var.etcd2_peer-cert-file}"
300 | peer-key-file = "${var.etcd2_peer-key-file}"
301 | peer-client-cert-auth = "${var.etcd2_peer-client-cert-auth}"
302 | peer-trusted-ca-file = "${var.etcd2_trusted-ca-file}"
303 | debug = "${var.etcd2_debug}"
304 | log-package-levels = "${var.etcd2_log-package-levels}"
305 | }
306 | }
307 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Terraform 0.7.x CoreOS UserData for CloudConfig
2 |  [](https://travis-ci.org/jwaldrip/terraform-coreos-user-data)
3 |
4 | Terraform module that allows for configuration for CoreOS using terraform
5 | variables. The result will be an output containing the user-data for use in
6 | provisioning instances with any provider. In addition, the package also
7 | validates the outputted user-data using a service hosted by the CoreOS team.
8 |
9 | ## Usage
10 |
11 | ### Basic Overview
12 | To use the module, include it in your project and assign the variables. You can
13 | then use the output to gather the user-data file.
14 |
15 | ```hcl
16 | module "coreos-config" {
17 | source = "github.com/jwaldrip/terraform-coreos-user-data"
18 | var_1 = "value"
19 | }
20 |
21 | resource "aws_instance" "web" {
22 | ami = "ami-408c7f28"
23 | instance_type = "t1.micro"
24 | user_data = "${module.coreos-config.user-data}"
25 | }
26 | ```
27 |
28 | ### Systemd Variable Interpolation
29 | Terraform has an issue with interpolation of `$`. In order to get around that we do dynamic replacement of `var!` and replace it with `$`.
30 |
31 | ##### Example:
32 | `$public_ipv4` would be written as `var!public_ipv4`.
33 |
34 | ### Outputs
35 | name | description
36 | --------------------------|----------------------------
37 | `module.user-data` | user-data string
38 |
39 | ### Variables
40 | The following variables can be used to configure the user data.
41 |
42 | #### Basic Configuration
43 | name | default | description
44 | ------------------------------------|-------------------------|------------
45 | hostname | *none* | A custom hostname for the instance
46 | manage_etc_hosts | *none* | A string representing the etc hosts.
47 | ssh_authorized_keys | *none* | A YAML file containing an array of keys
48 | units | *none* | A YAML file containing an array of units
49 | users | *none* | A YAML file containing an array of users
50 | write_files | *none* | A YAML file containing an array of files
51 |
52 | #### Etcd2
53 | name | default | description
54 | ------------------------------------|-------------------------|------------
55 | enable_etcd2 | `true` | Enable ETCD
56 |
57 | ##### Member Flags
58 | name | default | description
59 | ------------------------------------|-------------------------|------------
60 | etcd2_cors | *none* | Comma-separated white list of origins for CORS (cross-origin resource sharing).
61 | etcd2_data-dir | `${name}.etcd` | Path to the data directory.
62 | etcd2_election-timeout | `1000` | Time (in milliseconds) for an election to timeout.
63 | etcd2_heartbeat-interval | `100` | Time (in milliseconds) of a heartbeat interval.
64 | etcd2_listen-client-urls | `http://localhost:2379,http://localhost:4001` | List of URLs to listen on for client traffic. This flag tells the etcd to accept incoming requests from the clients on the specified scheme://IP:port combinations. Scheme can be either http or https. If 0.0.0.0 is specified as the IP, etcd listens to the given port on all interfaces. If an IP address is given as well as a port, etcd will listen on the given port and interface. Multiple URLs may be used to specify a number of addresses and ports to listen on. The etcd will respond to requests from any of the listed addresses and ports.
65 | etcd2_listen-peer-urls | `http://localhost:2380,http://localhost:7001` | List of URLs to listen on for peer traffic. This flag tells the etcd to accept incoming requests from its peers on the specified scheme://IP:port combinations. Scheme can be either http or https.If 0.0.0.0 is specified as the IP, etcd listens to the given port on all interfaces. If an IP address is given as well as a port, etcd will listen on the given port and interface. Multiple URLs may be used to specify a number of addresses and ports to listen on. The etcd will respond to requests from any of the listed addresses and ports.
66 | etcd2_max-snapshots | `5` | Maximum number of snapshot files to retain (0 is unlimited).
67 | etcd2_max-wals | `5` | Maximum number of wal files to retain (0 is unlimited).
68 | etcd2_name | `default` | Human-readable name for this member.
69 | etcd2_snapshot-count | `10000` | Number of committed transactions to trigger a snapshot to disk.
70 |
71 | ##### Clustering Flags
72 | `etcd2_initial` prefix flags are used in bootstrapping (static bootstrap, discovery-service bootstrap or runtime reconfiguration) a new member, and ignored when restarting an existing member.
73 |
74 | `etcd2_discovery` prefix flags need to be set when using discovery service.
75 |
76 | name | default | description
77 | ------------------------------------|-------------------------|------------
78 | etcd2_advertise-client-urls | `http://localhost:2379,http://localhost:4001` | List of this member’s client URLs to advertise to the rest of the cluster. These URLs can contain domain names.
79 | etcd2_discovery | *none* | Discovery URL used to bootstrap the cluster.
80 | etcd2_discovery-fallback | *none* | Expected behavior (“exit” or “proxy”) when discovery services fails.
81 | etcd2_discovery-proxy | *none* | HTTP proxy to use for traffic to discovery service.
82 | etcd2_discovery-srv | *none* | DNS SRV domain used to bootstrap the cluster.
83 | etcd2_initial-advertise-peer-url | `http://localhost:2380,http://localhost:7001` | List of this member’s peer URLs to advertise to the rest of the cluster. These addresses are used for communicating etcd data around the cluster. At least one must be routable to all cluster members. These URLs can contain domain names.
84 | etcd2_initial-cluster | `default=http://localhost:2380,default=http://localhost:7001` | Initial cluster configuration for bootstrapping.
85 | etcd2_initial-cluster-state | `new` | Initial cluster state (“new” or “existing”). Set to new for all members present during initial static or DNS bootstrapping. If this option is set to existing, etcd will attempt to join the existing cluster. If the wrong value is set, etcd will attempt to start but fail safely.
86 | etcd2_initial-cluster-token | `etcd-cluster` | Initial cluster token for the etcd cluster during bootstrap.
87 |
88 | ##### Proxy Flags
89 | `etcd2_proxy` prefix flags configures etcd to run in proxy mode.
90 |
91 | name | default | description
92 | ------------------------------------|-------------------------|------------
93 | etcd2_proxy | `off` | Proxy mode setting (“off”, “readonly” or “on”).
94 | etcd2_proxy-dial-timeout | `1000` | Time (in milliseconds) for a dial to timeout or 0 to disable the timeout.
95 | etcd2_proxy-failure-wait | `5000` | Time (in milliseconds) an endpoint will be held in a failed state before being reconsidered for proxied requests.
96 | etcd2_proxy-read-timeout | `0` | Time (in milliseconds) for a read to timeout or 0 to disable the timeout
97 | etcd2_proxy-refresh-interval | `30000` | Time (in milliseconds) of the endpoints refresh interval.
98 | etcd2_proxy-write-timeout | `5000` | Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
99 |
100 | ##### Security Flags
101 |
102 | The security flags help to build a secure etcd cluster.
103 |
104 | name | default | description
105 | ------------------------------------|-------------------------|------------
106 | etcd2_cert-file | *none* | Path to the client server TLS cert file.
107 | etcd2_client-cert-auth | `false` | Enable client cert authentication.
108 | etcd2_key-file | *none* | Path to the client server TLS key file.
109 | etcd2_peer-cert-file | *none* | Path to the peer server TLS cert file.
110 | etcd2_peer-client-cert-auth | `false` | Enable peer client cert authentication.
111 | etcd2_peer-key-file | *none* | Path to the peer server TLS key file.
112 | etcd2_peer-trusted-ca-file | *none* | Path to the peer server TLS trusted CA file.
113 | etcd2_trusted-ca-file | *none* | Path to the client server TLS trusted CA key file.
114 |
115 | ##### Logging Flags
116 |
117 | name | default | description
118 | ------------------------------------|-------------------------|------------
119 | etcd2_debug | `false` | Drop the default log level to DEBUG for all subpackages.
120 | etcd2_log-package-levels | *none* | Set individual etcd subpackages to specific log levels.
ex: `"etcdserver=WARNING,security=DEBUG"`
121 |
122 | #### Fleet
123 | name | default | description
124 | ------------------------------------|---------------|------------
125 | enable_fleet | `true` | Enable Fleet
126 | fleet_agent_ttl | `30s` | An Agent will be considered dead if it exceeds this amount of time to communicate with the Registry. The agent will attempt a heartbeat at half of this value.
127 | fleet_engine_reconcile_interval | `2` | Interval in seconds at which the engine should reconcile the cluster schedule in etcd.
128 | fleet_etcd_certfile | *none* | Provide TLS configuration when SSL certificate authentication is enabled in etcd endpoints.
129 | fleet_etcd_key_prefix | `/\_coreos.com/fleet/` | Keyspace path for fleet data in etcd.
130 | fleet_etcd_keyfile | *none* | Provide TLS configuration when SSL certificate authentication is enabled in etcd endpoints.
131 | fleet_etcd_request_timeout | `1.0` | Amount of time in seconds to allow a single etcd request before considering it failed.
132 | fleet_etcd_servers | `http://127.0.0.1:2379,http://127.0.0.1:4001` | Provide a custom set of etcd endpoints.
133 | fleet_metadata | *none* | Comma-delimited key/value pairs that are published with the local to the fleet registry. This data can be used directly by a client of fleet to make scheduling decisions.
ex: `"region=us-west,az=us-west-1"`
134 | fleet_public_ip | *none* | IP address that should be published with the local Machine's state and any socket information. If not set, fleetd will attempt to detect the IP it should publish based on the machine's IP routing information.
135 | fleet_token_limit | `100` | Maximum number of entries per page returned from API requests.
136 | fleet_verbosity | `0` | Enable debug logging by setting this to an integer value greater than zero. Only a single debug level exists, so all values greater than zero are considered equivalent.
137 |
138 | #### Flannel
139 | name | default | description
140 | ------------------------------------|---------------|------------
141 | enable_flannel | `true` | Enable flannel
142 | flannel_config | `{ \"Network\": \"10.1.0.0/16\" }` | Configuration for flannel
143 | flannel_etcd-certfile | *none* | Path to certificate file used for TLS communication with etcd.
144 | flannel_etcd-endpoints | `http://127.0.0.1:2379,http://127.0.0.1:4001` | Provide a custom set of etcd endpoints.
145 | flannel_etcd-keyfile | *none* | Path to private key file used for TLS communication with etcd.
146 | flannel_etcd-prefix | `/coreos.com/network` | etcd prefix path to be used for flannel keys.
147 | flannel_interface | *none* | Interface (name or IP) that should be used for inter-host communication.
148 | flannel_ip-masq | *none* | Install IP masquerade rules for traffic outside of flannel subnet.
149 | flannel_public-ip | *none* | IP accessible by other nodes for inter-host communication
150 | flannel_subnet-file | `/run/flannel/subnet.env` | filename where env variables (subnet and MTU values) will be written to.
151 |
152 | #### Locksmith
153 | name | default | description
154 | ------------------------------------|---------------|------------
155 | locksmith_endpoint | `http://127.0.0.1:2379,http://127.0.0.1:4001` | Provide a custom set of etcd endpoints.
156 | locksmith_etcd-certfile | *none* | Provide TLS configuration when SSL certificate authentication is enabled in etcd endpoints.
157 | locksmith_etcd-keyfile | *none* | Provide TLS configuration when SSL certificate authentication is enabled in etcd endpoints.
158 | locksmith_group | `default` | The groupname to check locks against.
159 |
160 | #### Update Service
161 | name | default | description
162 | ------------------------------------|---------------|------------
163 | enable_update | `true` | Enable Update Service
164 | update_group | `stable` | signifies the channel which should be used for automatic updates. This value defaults to the version of the image initially downloaded. (one of “master”, “alpha”, “beta”, “stable”)
165 | update_reboot-strategy | `best-effort` | One of “reboot”, “etcd-lock”, “best-effort” or “off” for controlling when reboots are issued after an update is performed.- reboot: Reboot immediately after an update is applied.
- etcd-lock: Reboot after first taking a distributed lock in etcd, this guarantees that only one host will reboot concurrently and that the cluster will remain available during the update.
- best-effort - If etcd is running, “etcd-lock”, otherwise simply “reboot”.
- off - Disable rebooting after updates are applied (not recommended).
166 | update_server | *none* | The location of the CoreUpdate server which will be queried for updates. Also known as the omaha server endpoint.
167 |
--------------------------------------------------------------------------------