参考
- Setup CoreOS with iptables on DigitalOcean · Matt Carrier
- Scheduling Tasks with systemd Timers
- CoreOS用cloud-config.ymlメモ - Qiita
cloud-config.yml
user,ssh鍵
userのパスワード文字列生成
$ openssl passwd -salt coreos -1 fjpoaeifji
$1$coreos$5tow1kTF0qjJ0qi.G8N9/1
cloud-config.yml
users:
- name: core
passwd: $1$coreos$5tow1kTF0qjJ0qi.G8N9/1
ssh-authorized-keys:
- ssh-rsa ... osx/id_rsa
- groups:
- sudo
- docker
hostname
clod-config.yml
hostname: core01
reboot strategy
clod-config.yml
coreos:
update:
reboot-strategy: off
手動アップデートする場合以下コマンド
update_engine_client -update
sshd
clod-config.yml
coreos:
units:
- name: sshd.socket
command: start
content: |
[Socket]
#ListenStream=22
ListenStream=2222
Accept=yes
#
PermitRootLogin no
PasswordAuthentication no
AllowUsers core
iptables
clod-config.yml
coreos:
units:
- name: iptables-restore.service
enable: true
command: start
write_files:
- path: /var/lib/iptables/rules-save
permissions: 0644
owner: 'root:root'
content: |
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
COMMIT
screen
clod-config.yml
write_files:
- path: /home/core/install_screen.sh
permissions: 0700
owner: core:core
content: |
sudo wget -q https://raw.githubusercontent.com/tukiyo/coreos-screen.run/master/screen.run -O /usr/share/oem/screen.run
sudo sh /usr/share/oem/screen.run