#cloud-config

coreos:
  update:
    reboot-strategy: 'off'
  etcd2:
    advertise-client-urls: http://$private_ipv4:2379
    listen-client-urls: http://0.0.0.0:2379
  fleet:
    public-ip: $public_ipv4
    etcd_servers: http://$private_ipv4:2379
  units:
  - name: etcd2.service
    command: start
  - name: fleet.service
    command: start
  - name: download-reqs.service
    command: start
    content: |-
      [Unit]
      Description=Download and unpack the prereqs
      Wants=network-online.target
      After=network-online.target

      [Service]
      RemainAfterExit=yes
      Type=oneshot
      ExecStart=/home/core/add_path.sh
      ExecStart=/home/core/get_calicoctl.sh
  - name: docker.service
    command: restart
    content: |-
      [Unit]
      Description=Docker Application Container Engine
      Documentation=http://docs.docker.com
      After=containerd.service docker.socket early-docker.target network.target download-reqs.service
      Requires=containerd.service docker.socket early-docker.target download-reqs.service
      
      [Service]
      Type=notify
      
      # the default is not to use systemd for cgroups because the delegate issues still
      # exists and systemd currently does not support the cgroup feature set required
      # for containers run by docker
      ExecStart=/usr/lib/coreos/dockerd --cluster-store=etcd://172.17.8.101:2379 --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
      ExecReload=/bin/kill -s HUP $MAINPID
      LimitNOFILE=1048576
      # Having non-zero Limit*s causes performance problems due to accounting overhead
      # in the kernel. We recommend using cgroups to do container-local accounting.
      LimitNPROC=infinity
      LimitCORE=infinity
      # Uncomment TasksMax if your systemd version supports it.
      # Only systemd 226 and above support this version.
      TasksMax=infinity
      TimeoutStartSec=0
      # set delegate yes so that systemd does not reset the cgroups of docker containers
      Delegate=yes
      
      [Install]
      WantedBy=multi-user.target
write_files:
- path: /home/core/add_path.sh
  permissions: 777
  owner: root
  content: |
    #!/usr/bin/bash -e
    # Add /opt/bin to the _front_ of the PATH.
    # Can't directly write to .profile since it's a symlink to a RO filesystem
    mkdir -p /opt/bin
    rm /home/core/.bashrc
    echo 'PATH=$PATH:/opt/bin' > /home/core/.bashrc
    echo 'export ETCD_AUTHORITY="$private_ipv4:2379"' >> /home/core/.bashrc
    echo 'Defaults env_keep +="ETCD_AUTHORITY"' >>/etc/sudoers.d/etcd
- path: /home/core/get_calicoctl.sh
  permissions: 777
  owner: root
  content: |
    #!/usr/bin/bash -e
    wget -O /opt/bin/calicoctl https://github.com/projectcalico/calico-containers/releases/download/v0.23.1/calicoctl
    chmod +x /opt/bin/calicoctl