---
layout: null
---
#cloud-config

coreos:
  update:
    reboot-strategy: 'off'
  fleet:
    public-ip: $public_ipv4
    etcd_servers: http://172.17.8.101:2379
  units:
  - name: fleet.service
    command: start
  - name: download-reqs.service
    command: start
    content: |-
      [Unit]
      Description=Download and unpack the prereqs
      Wants=network-online.target
      After=network-online.target

      [Service]
      RemainAfterExit=yes
      Type=oneshot
      ExecStart=/home/core/add_path.sh
      ExecStart=/home/core/get_calicoctl.sh
  - name: docker.service
    command: restart
    content: |-
      [Unit]
      Description=Docker Application Container Engine
      Documentation=http://docs.docker.com
      After=containerd.service docker.socket network.target download-reqs.service
      Requires=containerd.service docker.socket download-reqs.service
      
      [Service]
      Type=notify
      
      # the default is not to use systemd for cgroups because the delegate issues still
      # exists and systemd currently does not support the cgroup feature set required
      # for containers run by docker
      ExecStart=/usr/lib/coreos/dockerd --cluster-store=etcd://172.17.8.101:2379 --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
      ExecReload=/bin/kill -s HUP $MAINPID
      LimitNOFILE=1048576
      # Having non-zero Limit*s causes performance problems due to accounting overhead
      # in the kernel. We recommend using cgroups to do container-local accounting.
      LimitNPROC=infinity
      LimitCORE=infinity
      # Uncomment TasksMax if your systemd version supports it.
      # Only systemd 226 and above support this version.
      TasksMax=infinity
      TimeoutStartSec=0
      # set delegate yes so that systemd does not reset the cgroups of docker containers
      Delegate=yes
      
      [Install]
      WantedBy=multi-user.target
write_files:
- path: /home/core/add_path.sh
  permissions: 777
  owner: root
  content: |
    #!/usr/bin/bash -e
    # Add /opt/bin to the _front_ of the PATH.
    # Can't directly write to .profile since it's a symlink to a RO filesystem
    mkdir -p /opt/bin
    rm /home/core/.bashrc
    echo 'PATH=$PATH:/opt/bin' > /home/core/.bashrc
    echo 'export ETCD_ENDPOINTS="http://172.17.8.101:2379"' >> /home/core/.bashrc
    echo 'Defaults env_keep +="ETCD_ENDPOINTS"' >>/etc/sudoers.d/etcd
- path: /home/core/get_calicoctl.sh
  permissions: 777
  owner: root
  content: |
    #!/usr/bin/bash -e
    wget -O /opt/bin/calicoctl {{site.data.versions[page.version].first.components.calicoctl.download_url}}
    chmod +x /opt/bin/calicoctl
