typhoon/bare-metal/container-linux/kubernetes/cl/container-linux-install.yam...

---
systemd:
  units:
    - name: installer.service
      enable: true
      contents: |
        [Unit]
        Requires=network-online.target
        After=network-online.target
        [Service]
        Type=simple
        ExecStart=/opt/installer
        [Install]
        WantedBy=multi-user.target
    # Avoid using the standard SSH port so terraform apply cannot SSH until
    # post-install. But admins may SSH to debug disk install problems.
    # After install, sshd will use port 22 and users/terraform can connect.
    - name: sshd.socket
      dropins:
        - name: 10-sshd-port.conf
          contents: |
            [Socket]
            ListenStream=
            ListenStream=2222
storage:
  files:
    - path: /opt/installer
      filesystem: root
      mode: 0500
      contents:
        inline: |
          #!/bin/bash -ex
          curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json
          coreos-install \
            -d ${install_disk} \
            -C ${container_linux_channel} \
            -V ${container_linux_version} \
            -o "${container_linux_oem}" \
            ${baseurl_flag} \
            -i ignition.json
          udevadm settle
          systemctl reboot
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - "${ssh_authorized_key}"
Add bare-metal support for Container Linux with Matchbox 2017-07-25 08:16:34 +02:00			`---`
			`systemd:`
			`units:`
			`- name: installer.service`
			`enable: true`
			`contents: \|`
			`[Unit]`
			`Requires=network-online.target`
			`After=network-online.target`
			`[Service]`
			`Type=simple`
			`ExecStart=/opt/installer`
			`[Install]`
			`WantedBy=multi-user.target`
Fix bare-metal multiple apply/ssh on Terraform v0.11.4+ * Terraform v0.11.4 introduced changes to remote-exec that mean Typhoon bare-metal clusters require multiple runs of terraform apply to ssh and bootstrap. * Bare-metal installs PXE boot a live instance to install to disk and then reboot from disk as controllers/workers. Terraform remote-exec has no way to "know" to wait until the reboot has occurred to kickoff Kubernetes bootstrap. Previously Typhoon created a "debug" user during this install phase to allow an admin to SSH, but remote-exec would hang, trying to connect as user "core". Terraform v0.11.4 changes this behavior so remote-exec fails and a user must re-run terraform apply until succeeding. * A new way to "trick" remote-exec into waiting for the reboot into the disk install is to run SSH on a non-standard port during the disk install. This retains the ability for an admin to SSH during install (most distros don't have this) and fixes the issue so only a single run of terraform apply is needed. * https://github.com/hashicorp/terraform/pull/17359#issuecomment-376415464 2018-04-05 06:38:03 +02:00			`# Avoid using the standard SSH port so terraform apply cannot SSH until`
			`# post-install. But admins may SSH to debug disk install problems.`
			`# After install, sshd will use port 22 and users/terraform can connect.`
			`- name: sshd.socket`
			`dropins:`
			`- name: 10-sshd-port.conf`
			`contents: \|`
			`[Socket]`
			`ListenStream=`
			`ListenStream=2222`
Add bare-metal support for Container Linux with Matchbox 2017-07-25 08:16:34 +02:00			`storage:`
			`files:`
			`- path: /opt/installer`
			`filesystem: root`
			`mode: 0500`
			`contents:`
			`inline: \|`
			`#!/bin/bash -ex`
			`curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json`
			`coreos-install \`
			`-d ${install_disk} \`
			`-C ${container_linux_channel} \`
			`-V ${container_linux_version} \`
			`-o "${container_linux_oem}" \`
			`${baseurl_flag} \`
			`-i ignition.json`
			`udevadm settle`
			`systemctl reboot`
			`passwd:`
			`users:`
Fix bare-metal multiple apply/ssh on Terraform v0.11.4+ * Terraform v0.11.4 introduced changes to remote-exec that mean Typhoon bare-metal clusters require multiple runs of terraform apply to ssh and bootstrap. * Bare-metal installs PXE boot a live instance to install to disk and then reboot from disk as controllers/workers. Terraform remote-exec has no way to "know" to wait until the reboot has occurred to kickoff Kubernetes bootstrap. Previously Typhoon created a "debug" user during this install phase to allow an admin to SSH, but remote-exec would hang, trying to connect as user "core". Terraform v0.11.4 changes this behavior so remote-exec fails and a user must re-run terraform apply until succeeding. * A new way to "trick" remote-exec into waiting for the reboot into the disk install is to run SSH on a non-standard port during the disk install. This retains the ability for an admin to SSH during install (most distros don't have this) and fixes the issue so only a single run of terraform apply is needed. * https://github.com/hashicorp/terraform/pull/17359#issuecomment-376415464 2018-04-05 06:38:03 +02:00			`- name: core`
Add bare-metal support for Container Linux with Matchbox 2017-07-25 08:16:34 +02:00			`ssh_authorized_keys:`
Fix bare-metal multiple apply/ssh on Terraform v0.11.4+ * Terraform v0.11.4 introduced changes to remote-exec that mean Typhoon bare-metal clusters require multiple runs of terraform apply to ssh and bootstrap. * Bare-metal installs PXE boot a live instance to install to disk and then reboot from disk as controllers/workers. Terraform remote-exec has no way to "know" to wait until the reboot has occurred to kickoff Kubernetes bootstrap. Previously Typhoon created a "debug" user during this install phase to allow an admin to SSH, but remote-exec would hang, trying to connect as user "core". Terraform v0.11.4 changes this behavior so remote-exec fails and a user must re-run terraform apply until succeeding. * A new way to "trick" remote-exec into waiting for the reboot into the disk install is to run SSH on a non-standard port during the disk install. This retains the ability for an admin to SSH during install (most distros don't have this) and fixes the issue so only a single run of terraform apply is needed. * https://github.com/hashicorp/terraform/pull/17359#issuecomment-376415464 2018-04-05 06:38:03 +02:00			`- "${ssh_authorized_key}"`