diff --git a/contrib/fleet/Dockerfile b/contrib/fleet/Dockerfile new file mode 100644 index 0000000..d4f3c12 --- /dev/null +++ b/contrib/fleet/Dockerfile @@ -0,0 +1,23 @@ +FROM google/golang:latest + +RUN apt-get -yqq update && apt-get -yqq install bc ssh vim + +RUN cd /root && \ + git clone https://github.com/coreos/fleet.git && \ + cd fleet && \ + git checkout v0.5.0 && \ + ./build && \ + mv bin/fleetctl /usr/bin/fleetctl + +RUN cd /root && \ + git clone https://github.com/coreos/etcdctl.git && \ + cd etcdctl && \ + ./build && \ + mv bin/etcdctl /usr/bin/etcdctl + +ADD . /installer + +RUN chmod +x /installer/install + +CMD /installer/install + diff --git a/contrib/fleet/install b/contrib/fleet/install new file mode 100644 index 0000000..c40b852 --- /dev/null +++ b/contrib/fleet/install @@ -0,0 +1,28 @@ +#!/bin/bash + +[[ -z $KEY ]] && exit 1 +[[ -z $ETCDCTL_PEERS ]] && exit 1 +[[ -z $FLEETCTL_ENDPOINT ]] && exit 1 +[[ -z $FLEETCTL_TUNNEL ]] && exit 1 + +etcdctl ls /database/install || etcdctl mkdir /database/install +etcdctl get /database/installl/installing && exit 0 +etcdctl get /database/install/complete && exit 0 + +etcdctl set --ttl=600 /database/install/installing 1 + +eval `ssh-agent` + +fleetctl load systemd/* \ + && fleetctl start database-1-data.service \ + && fleetctl start database-2-data.service \ + && fleetctl start database-3-data.service \ + && sleep 10 \ + && fleetctl start database-1.service \ + && sleep 10 \ + && fleetctl start database-2.service \ + && fleetctl start database-3.service \ + && etcdctl set --ttl 0 /database/install/complete true \ + && etcdctl set --ttl 0 /database/install/installed_by $ETCDCTL_PEERS + +etcdctl set --ttl=1 /database/install/installing 0 diff --git a/systemd/database-1-data.service b/contrib/fleet/systemd/database-1-data.service similarity index 100% rename from systemd/database-1-data.service rename to contrib/fleet/systemd/database-1-data.service diff --git a/systemd/database-1.service b/contrib/fleet/systemd/database-1.service similarity index 100% rename from systemd/database-1.service rename to contrib/fleet/systemd/database-1.service diff --git a/systemd/database-2-data.service b/contrib/fleet/systemd/database-2-data.service similarity index 100% rename from systemd/database-2-data.service rename to contrib/fleet/systemd/database-2-data.service diff --git a/systemd/database-2.service b/contrib/fleet/systemd/database-2.service similarity index 100% rename from systemd/database-2.service rename to contrib/fleet/systemd/database-2.service diff --git a/systemd/database-3-data.service b/contrib/fleet/systemd/database-3-data.service similarity index 100% rename from systemd/database-3-data.service rename to contrib/fleet/systemd/database-3-data.service diff --git a/systemd/database-3.service b/contrib/fleet/systemd/database-3.service similarity index 100% rename from systemd/database-3.service rename to contrib/fleet/systemd/database-3.service diff --git a/systemd/database-garbd.service b/contrib/fleet/systemd/database-garbd.service similarity index 100% rename from systemd/database-garbd.service rename to contrib/fleet/systemd/database-garbd.service diff --git a/systemd/database-loadbalancer.service b/contrib/fleet/systemd/database-loadbalancer.service similarity index 100% rename from systemd/database-loadbalancer.service rename to contrib/fleet/systemd/database-loadbalancer.service diff --git a/contrib/rackspace/README.md b/contrib/rackspace/README.md new file mode 100644 index 0000000..f68106e --- /dev/null +++ b/contrib/rackspace/README.md @@ -0,0 +1,48 @@ +Deploying to Rackspace OnMetal +============================== + +Install Heat +------------ + +Ensure you have heat installed: + +```console +$ sudo pip install python-heatclient +``` + +Set up your environment: + +```console +export OS_AUTH_URL=https://identity.api.rackspacecloud.com/v2.0/ +export OS_AUTH_SYSTEM=rackspace +export OS_REGION_NAME=IAD +export OS_USERNAME=???? +export OS_TENANT_NAME=???? +export NOVA_RAX_AUTH=1 +export OS_PASSWORD=????? +export OS_PROJECT_ID=${OS_TENANT_NAME} +export OS_TENANT_ID=${OS_TENANT_NAME} +export OS_NO_CACHE=1 +export HEAT_URL="https://iad.orchestration.api.rackspacecloud.com/v1/${OS_TENANT_ID}" + +``` + +Deploy from Heat Template +------------------------- + +Deploy a three node MySQL onto Rackspace OnMetal IO flavor: + +```console +$ heat stack-create Example --template-file=contrib/rackspace/heat-vm.yaml \ + -P count=3 -P etcd_discovery=$(curl -s https://discovery.etcd.io/new) +``` + +Log into CoreOS +--------------- + +```console +$ eval `ssh-agent` +$ echo $(heat output-show Example private_key | sed 's/"//g') | ssh-add - +$ export LB=$(heat output-show Example loadbalancer | sed 's/"//g') && echo $LB +$ mysql -h $LB -u admin -padmin -e "show status like 'wsrep_cluster%'" +``` diff --git a/contrib/rackspace/heat-onmetal-io.yaml b/contrib/rackspace/heat-onmetal-io.yaml new file mode 100644 index 0000000..5de585f --- /dev/null +++ b/contrib/rackspace/heat-onmetal-io.yaml @@ -0,0 +1,317 @@ +heat_template_version: 2013-05-23 + +description: Deploy a CoreOS cluster that tracks the Stable Channel + +parameters: + count: + description: Number of CoreOS machines to deploy + type: number + default: 3 + constraints: + - range: + min: 1 + max: 12 + description: Must be between 3 and 12 servers. + flavor: + type: string + default: onmetal-io1 + constraints: + - allowed_values: + - onmetal-io1 + description: | + Must be a valid Rackspace Cloud Server flavor for the region you have + selected to deploy into. + image: + type: string + default: OnMetal - CoreOS (Alpha) + constraints: + - allowed_values: + - OnMetal - CoreOS (Alpha) # alpha + - OnMetal - CoreOS (Beta) # beta + - OnMetal - CoreOS (Stable) # stable + name: + type: string + description: Name of each CoreOS machine booted + default: CoreOS_OnMetal + etcd_discovery: + type: string + description: URL of etcd discovery + default: master + +resources: + + ssh_key: + type: "OS::Nova::KeyPair" + properties: + name: { get_param: name } + save_private_key: true + + coreos_nodes: + type: "OS::Heat::ResourceGroup" + properties: + count: { get_param: count } + resource_def: + type: OS::Nova::Server + properties: + key_name: { get_resource: ssh_key } + image: { get_param: image } + flavor: { get_param: flavor } + name: { get_param: name } + user_data_format: RAW + config_drive: "true" + user_data: + str_replace: + template: | + #cloud-config + write_files: + - path: /etc/sysctl.d/nmi_watchdog.conf + permissions: 0644 + content: | + kernel.nmi_watchdog=0 + - path: /root/bin/add_raid_uuid_to_fstab.sh + permissions: 0755 + content: | + #!/bin/bash + UUID=`lsblk -o NAME,TYPE,UUID | grep raid0 | awk '{print $3}' | head -n1` + grep -q $UUID /etc/fstab && echo "Device already in fstab" && exit 0 + echo "UUID=$UUID /var/lib/docker btrfs defaults 0 1" >> /etc/fstab + mkdir -p /var/lib/docker + mount /var/lib/docker + chown root:root /var/lib/docker + chmod 700 /var/lib/docker + - path: /root/bin/lsi_device_paths.sh + permissions: 0755 + content: | + #!/bin/bash + lsblk -i -o KNAME,MODEL | grep NWD-BLP4-1600 | awk '{print $1}' + - path: /root/bin/lsi_settings.sh + permissions: 0755 + content: | + #!/bin/bash + for blockdev in `/root/bin/lsi_device_paths.sh`; do + echo "Applying SSD settings to ${blockdev}" + echo noop | tee /sys/block/${blockdev}/queue/scheduler + echo 4096 | tee /sys/block/${blockdev}/queue/nr_requests + echo 1024 | tee /sys/block/${blockdev}/queue/max_sectors_kb + echo 1 | tee /sys/block/${blockdev}/queue/nomerges + echo 512 | tee /sys/block/${blockdev}/device/queue_depth + done + - path: /root/bin/lsi_format.sh + permissions: 0755 + content: | + #!/bin/bash -e + fail() { + echo $@ + exit 1 + } + # Machine ID is "free" from systemd. This also is bonus protection + # against someone running this outside of systemd and breaking their machine. + MACHINE_ID=${1} + [ -z "$MACHINE_ID" ] && fail "error; machine ID should be passed in" + GFILE="/etc/${MACHINE_ID}.raid-setup" + [ -e "${GFILE}" ] && echo "${GFILE} exists, raid already setup?" && exit 0 + [ -b "/dev/md0" ] && mdadm --stop /dev/md0 + BLOCKS="" + for blockdev in `/root/bin/lsi_device_paths.sh`; do + BLOCKS="${BLOCKS} /dev/${blockdev}" + done + yes | mdadm --create --verbose -f /dev/md0 --level=stripe --raid-devices=2 ${BLOCKS} + mkfs.btrfs /dev/md0 + touch /etc/${MACHINE_ID}.raid-setup + - path: /etc/motd + content: "CoreOS on RAX\n" + - path: /etc/profile.d/nse-function.sh + permissions: 0755 + content: | + function nse() { + sudo nsenter --pid --uts --mount --ipc --net --target $(docker inspect --format="{{ .State.Pid }}" $1) + } + - path: /etc/iptables.rules + permissions: 0600 + content: | + *filter + :INPUT DROP [0:0] + :FORWARD DROP [0:0] + :OUTPUT ACCEPT [0:0] + -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + -A INPUT -p tcp --dport 22 -j ACCEPT + -A INPUT -p tcp --dport 3306 -j ACCEPT + -A INPUT -i lo -j ACCEPT + -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT + -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT + -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT + #-A INPUT -p tcp -i bond0.101 --dport 4001 -j DROP + #-A INPUT -p tcp -i bond0.101 --dport 7001 -j DROP + #-A INPUT -i bond0.101 -j DROP + COMMIT + - path: /etc/motd + content: "Database Cluster Demo\n" + - path: /etc/profile.d/db-functions.sh + permissions: '0755' + content: | + function nse() { + sudo nsenter --pid --uts --mount --ipc --net --target $(docker inspect --format="{{ .State.Pid }}" $1) + } + function dev_db() { + eval `cat /etc/environment` + /usr/bin/docker run -it -e DEBUG=1 -p 3306:3306 -p 4444:4444 -p 4567:4567 -p 4568:4568 -e PUBLISH=3306 -e HOST=$COREOS_PRIVATE_IPV4 -e CLUSTER=galera paulczar/percona-galera:latest bash + } + function database() { + sudo nsenter --pid --uts --mount --ipc --net --target $(docker inspect --format="{{ .State.Pid }}" database) + } + function rebuild() { + docker build -t paulczar/percona-galera /home/core/share + } + function cleanup() { + etcdctl rm --recursive /database + } + coreos: + etcd: + # generate a new token for each unique cluster from https://discovery.etcd.io/new + # uncomment the following line and replace it with your discovery URL + addr: $private_ipv4:4001 + peer-addr: $private_ipv4:7001 + discovery: %etcd_discovery% + fleet: + units: + - name: systemd-sysctl.service + command: restart + - name: lsi-settings.service + command: start + content: | + [Unit] + Description=Configure performance settings for LSI cards + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/root/bin/lsi_settings.sh + - name: lsi-initial-setup.service + command: start + content: | + [Unit] + Description=Format and raid LSI cards if not already done + After=lsi-settings.service + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/root/bin/lsi_format.sh %m + - name: lsi-docker-mount.service + command: start + content: | + [Unit] + Description=Add mounts for lsi cards into /var/lib/docker + Before=docker.service + After=lsi-initial-setup.service + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/root/bin/add_raid_uuid_to_fstab.sh + units: + - name: etcd.service + command: start + - name: fleet.service + command: start + - name: stop-update-engine.service + command: start + content: | + [Unit] + Description=stop update-engine + [Service] + Type=oneshot + ExecStart=/usr/bin/systemctl stop update-engine.service + ExecStartPost=/usr/bin/systemctl mask update-engine.service + - name: firewall.service + command: stop + content: | + [Unit] + Description=firewall + DefaultDependencies=no + After=systemd-sysctl.service + Before=sysinit.target + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/sbin/iptables-restore /etc/iptables.rules + ExecReload=/usr/sbin/iptables-restore /etc/iptables.rules + ExecStop=/usr/sbin/iptables --flush + RemainAfterExit=yes + [Install] + WantedBy=sysinit.target + - name: create-coreos-env.service + command: start + content: | + [Unit] + Description=creates coreos environment + [Service] + Before=fix-etcd-env.service + Type=oneshot + ExecStartPre=/bin/sh -c "echo COREOS_PUBLIC_IPV4=`ifconfig bond0.101 | grep 'inet ' | awk '{print $2}'` >> /etc/environment" + ExecStart=/bin/sh -c "echo COREOS_PRIVATE_IPV4=`ifconfig bond0.401 | grep 'inet ' | awk '{print $2}'` >> /etc/environment" + - name: fix-etcd-env.service + command: start + content: | + [Unit] + Description=fixes etcd service + [Service] + Before=etcd.service + Type=oneshot + ExecStart=/bin/sh -c "sed -i \"s/=:/=`ifconfig bond0.401 | grep 'inet ' | awk '{print $2}'`:/\" /run/systemd/system/etcd.service.d/20-cloudinit.conf" + ExecStartPost=/usr/bin/systemctl daemon-reload + - name: database-data.service + command: start + enable: true + content: | + [Unit] + Description=database data + After=docker.service + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStartPre=/usr/bin/docker pull paulczar/percona-galera:latest + ExecStart=/bin/sh -c "/usr/bin/docker inspect database-data >/dev/null 2>&1 || docker run --name database-data -v /var/lib/mysql paulczar/percona-galera:latest true" + - name: database.service + command: start + enable: true + content: | + [Unit] + Description=database + After=database-data.service + [Service] + Restart=always + EnvironmentFile=/etc/environment + TimeoutStartSec=20m + ExecStartPre=/usr/bin/docker pull paulczar/percona-galera:latest + ExecStart=/bin/sh -c "/usr/bin/docker run --name database --rm -p 3306:3306 -p 4444:4444 -p 4567:4567 -p 4568:4568 -e PUBLISH=3306 -e HOST=$COREOS_PRIVATE_IPV4 -e CLUSTER=galera --volumes-from database-data paulczar/percona-galera:latest" + ExecStop=/usr/bin/docker stop database + params: + "%ssh_private_key%": { get_attr: [ssh_key, private_key] } + "%etcd_discovery%": { get_param: etcd_discovery } + + coreos_loadbalancer: + type: Rackspace::Cloud::LoadBalancer + properties: + name: { get_param: name } + nodes: + - addresses: { get_attr: [coreos_nodes, accessIPv4]} # This is where the + # wiring magic happens + port: 3306 + condition: ENABLED + protocol: MYSQL + port: 3306 + virtualIps: + - type: PUBLIC + ipVersion: IPV4 + +outputs: + loadbalancer: + description: The public IP address of the load balancer + value: { get_attr: [coreos_loadbalancer, PublicIp]} + public_ips: + description: The public IP addresses of coreos nodes + value: { get_attr: [coreos_nodes, accessIPv4]} + networks: + description: The networks of the coreos nodes. + value: { get_attr: [coreos_nodes, networks]} + private_key: + description: SSH Private Key + value: { get_attr: [ssh_key, private_key] } diff --git a/contrib/rackspace/heat-vm.yaml b/contrib/rackspace/heat-vm.yaml new file mode 100644 index 0000000..ad5732e --- /dev/null +++ b/contrib/rackspace/heat-vm.yaml @@ -0,0 +1,191 @@ +heat_template_version: 2013-05-23 + +description: Deploy a CoreOS cluster that tracks the Stable Channel + +parameters: + count: + description: Number of CoreOS machines to deploy + type: number + default: 3 + constraints: + - range: + min: 1 + max: 12 + description: Must be between 3 and 12 servers. + flavor: + type: string + default: 2 GB Performance + constraints: + - allowed_values: + - 1 GB Performance + - 2 GB Performance + - 4 GB Performance + - 8 GB Performance + - 15 GB Performance + - 30 GB Performance + description: | + Must be a valid Rackspace Cloud Server flavor for the region you have + selected to deploy into. + image: + type: string + default: CoreOS (Stable) + constraints: + - allowed_values: + - CoreOS (Alpha) # alpha + - CoreOS (Beta) # beta + - CoreOS (Stable) # stable + name: + type: string + description: Name of each CoreOS machine booted + default: CoreOS-MySQL + etcd_discovery: + type: string + description: URL of etcd discovery + default: master + network_range: + label: Private Network CIDR + description: Private Network to use for CoreOS Communications + type: string + default: 192.168.224.0/20 + + +resources: + + ssh_key: + type: "OS::Nova::KeyPair" + properties: + name: { get_param: name } + save_private_key: true + + coreos_network: + type: Rackspace::Cloud::Network + properties: + label: { get_param: name } + cidr: { get_param: network_range } + + coreos_nodes: + type: "OS::Heat::ResourceGroup" + properties: + count: { get_param: count } + resource_def: + type: OS::Nova::Server + properties: + key_name: { get_resource: ssh_key } + image: "513f96f3-20e4-4865-b039-d2ca3944af4e" + flavor: { get_param: flavor } + name: { get_param: name } + networks: + - uuid: "00000000-0000-0000-0000-000000000000" + - uuid: { get_resource: coreos_network } + user_data_format: RAW + config_drive: "true" + user_data: + str_replace: + template: | + #cloud-config + --- + write_files: + - path: /etc/profile.d/nse-function.sh + permissions: 0755 + content: | + function nse() { + sudo nsenter --pid --uts --mount --ipc --net --target $(docker inspect --format="{{ .State.Pid }}" $1) + } + - path: /etc/iptables.rules + permissions: 0600 + content: | + *filter + :INPUT DROP [0:0] + :FORWARD DROP [0:0] + :OUTPUT ACCEPT [0:0] + -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + -A INPUT -p tcp --dport 22 -j ACCEPT + -A INPUT -p tcp --dport 3306 -j ACCEPT + -A INPUT -i lo -j ACCEPT + -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT + -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT + -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT + -A INPUT -p tcp -i eth0 --dport 4001 -j DROP + -A INPUT -p tcp -i eth0 --dport 7001 -j DROP + -A INPUT -i eth0 -j DROP + COMMIT + coreos: + etcd: + # generate a new token for each unique cluster from https://discovery.etcd.io/new + # uncomment the following line and replace it with your discovery URL + addr: $private_ipv4:4001 + peer-addr: $private_ipv4:7001 + discovery: %etcd_discovery% + fleet: + units: + - name: etcd.service + command: start + - name: fleet.service + command: start + - name: stop-update-engine.service + command: start + content: | + [Unit] + Description=stop update-engine + [Service] + Type=oneshot + ExecStart=/usr/bin/systemctl stop update-engine.service + ExecStartPost=/usr/bin/systemctl mask update-engine.service + - name: database-data.service + command: start + enable: true + content: | + [Unit] + Description=database data + After=docker.service + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStartPre=/usr/bin/docker pull paulczar/percona-galera:latest + ExecStart=/bin/sh -c "/usr/bin/docker inspect database-data >/dev/null 2>&1 || docker run --name database-data -v /var/lib/mysql paulczar/percona-galera:latest true" + - name: database.service + command: start + enable: true + content: | + [Unit] + Description=database + After=database-data.service + [Service] + Restart=always + EnvironmentFile=/etc/environment + TimeoutStartSec=20m + ExecStartPre=/usr/bin/docker pull paulczar/percona-galera:latest + ExecStart=/bin/sh -c "/usr/bin/docker run --name database --rm -p 3306:3306 -p 4444:4444 -p 4567:4567 -p 4568:4568 -e PUBLISH=3306 -e HOST=$COREOS_PRIVATE_IPV4 -e CLUSTER=galera --volumes-from database-data paulczar/percona-galera:latest" + ExecStop=/usr/bin/docker stop database + params: + "%ssh_private_key%": { get_attr: [ssh_key, private_key] } + "%etcd_discovery%": { get_param: etcd_discovery } + + coreos_loadbalancer: + type: Rackspace::Cloud::LoadBalancer + properties: + name: { get_param: name } + nodes: + - addresses: { get_attr: [coreos_nodes, accessIPv4]} # This is where the + # wiring magic happens + port: 3306 + condition: ENABLED + protocol: MYSQL + port: 3306 + virtualIps: + - type: PUBLIC + ipVersion: IPV4 + +outputs: + loadbalancer: + description: The public IP address of the load balancer + value: { get_attr: [coreos_loadbalancer, PublicIp]} + public_ips: + description: The public IP addresses of coreos nodes + value: { get_attr: [coreos_nodes, accessIPv4]} + networks: + description: The networks of the coreos nodes. + value: { get_attr: [coreos_nodes, networks]} + private_key: + description: SSH Private Key + value: { get_attr: [ssh_key, private_key] } diff --git a/user-data.erb b/user-data.erb index 0e5fd30..16be598 100644 --- a/user-data.erb +++ b/user-data.erb @@ -23,23 +23,32 @@ coreos: BindIPv6Only=both [Install] WantedBy=sockets.target -<% unless ENV['dev'] %> - - name: database.service + - name: database-data.service command: start enable: true content: | [Unit] - Description=database + Description=database data After=docker.service - Command=<%= @command %> + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStartPre=/usr/bin/docker pull paulczar/percona-galera:latest + ExecStart=/bin/sh -c "/usr/bin/docker inspect database-data >/dev/null 2>&1 || docker run --name database-data -v /var/lib/mysql paulczar/percona-galera:latest true" + - name: database.service + command: <%= @command %> + enable: true + content: | + [Unit] + Description=database + After=database-data.service [Service] Restart=always EnvironmentFile=/etc/environment TimeoutStartSec=20m ExecStartPre=/usr/bin/docker pull paulczar/percona-galera:latest - ExecStart=/bin/sh -c "/usr/bin/docker run --name database --rm -p 3306:3306 -p 4444:4444 -p 4567:4567 -p 4568:4568 -e PUBLISH=3306 -e HOST=$COREOS_PRIVATE_IPV4 -e CLUSTER=galera paulczar/percona-galera:latest" + ExecStart=/bin/sh -c "/usr/bin/docker run --name database --rm -p 3306:3306 -p 4444:4444 -p 4567:4567 -p 4568:4568 -e PUBLISH=3306 -e HOST=$COREOS_PRIVATE_IPV4 -e CLUSTER=galera --volumes-from database-data paulczar/percona-galera:latest" ExecStop=/usr/bin/docker stop database -<% end %> write_files: - path: /etc/motd content: "Database Cluster Demo\n"