hash167
November 12, 2019, 6:35pm
1
Has anybody tried using Amazon Linux 2 as the ami for for drone agent(in use with autoscaler)? If so how can we update the user-data cloud-config to install docker on amazon linux 2? This is the current cloud config that I am giving the autoscaler. The agent unfortunately can’t connect to the server because docker doesn’t run.
# comes from https://autoscale.drone.io/configure/cloud-init/
#cloud-config
package_update: false
package_upgrade: false
packages:
- docker-ce
write_files:
- path: /etc/systemd/system/docker.service.d/override.conf
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
- path: /etc/default/docker
content: |
DOCKER_OPTS=""
- path: /etc/docker/daemon.json
content: |
{
"hosts": [ "0.0.0.0:2376", "unix:///var/run/docker.sock" ],
"tls": true,
"tlsverify": true,
"tlscacert": "/etc/docker/ca.pem",
"tlscert": "/etc/docker/server-cert.pem",
"tlskey": "/etc/docker/server-key.pem",
"log-driver": "fluentd",
"log-opts": {
"tag": "docker.drone-agent"
}
}
- path: /etc/docker/ca.pem
encoding: b64
content: {{ .CACert | base64 }}
- path: /etc/docker/server-cert.pem
encoding: b64
content: {{ .TLSCert | base64 }}
- path: /etc/docker/server-key.pem
encoding: b64
content: {{ .TLSKey | base64 }}
runcmd:
- [ yum, install, docker, -y ]
- [ systemctl, daemon-reload ]
- [ systemctl, restart, docker ]
ScOut3R
November 14, 2019, 12:29am
2
@hash167
I am using it with the following settings (it works with “d” instances as well, where the direct attached NVMe drive is used for /var/lib/docker).
DRONE_AMAZON_DEVICE_NAME: '/dev/xvda'
User data:
#cloud-config
package_update: false
package_upgrade: false
packages:
- docker
bootcmd:
- test -z "$(blkid /dev/nvme1n1)" && mkfs -t ext4 /dev/nvme1n1
- mkdir -p /var/lib/docker
- amazon-linux-extras enable docker
mounts:
- [/dev/nvme1n1, /var/lib/docker, ext4, "defaults,nofail", 0, 2]
write_files:
- path: /etc/systemd/system/docker.service.d/override.conf
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
- path: /etc/default/docker
content: |
DOCKER_OPTS=""
- path: /etc/docker/daemon.json
content: |
{
"hosts": [ "0.0.0.0:2376", "unix:///var/run/docker.sock" ],
"tls": true,
"tlsverify": true,
"tlscacert": "/etc/docker/ca.pem",
"tlscert": "/etc/docker/server-cert.pem",
"tlskey": "/etc/docker/server-key.pem",
"registry-mirrors": ["https://docker-registry.factory.playhq.com"]
}
- path: /etc/docker/ca.pem
encoding: b64
content: {{ .CACert | base64 }}
- path: /etc/docker/server-cert.pem
encoding: b64
content: {{ .TLSCert | base64 }}
- path: /etc/docker/server-key.pem
encoding: b64
content: {{ .TLSKey | base64 }}
runcmd:
- [ systemctl, daemon-reload ]
- [ systemctl, restart, docker ]
- sysctl -w fs.inotify.max_user_instances=524288
- sysctl -w fs.inotify.max_user_watches=524288
- sysctl -w fs.inotify.max_queued_events=524288
hash167
November 15, 2019, 6:01pm
3
Thanks for this. We decided to use a slightly more simplified version without the mounting bits for the ‘d’ instances.
#cloud-config
package_update: false
package_upgrade: false
packages:
- docker
- yum-cron # Applies security patches while instance is running (yum update security)
bootcmd:
- amazon-linux-extras enable docker
runcmd:
- yum clean all
- chkconfig yum-cron on
- service yum-cron start
- mkdir -p /etc/systemd/system/docker.service.d # Needed this as cloud-config was failing
write_files:
- path: /etc/docker/daemon.json
content: |
{
"hosts": [ "0.0.0.0:2376", "unix:///var/run/docker.sock" ],
"tls": true,
"tlsverify": true,
"tlscacert": "/etc/docker/ca.pem",
"tlscert": "/etc/docker/server-cert.pem",
"tlskey": "/etc/docker/server-key.pem",
"log-driver": "fluentd",
"log-opts": {
"tag": "docker.${AppName}-agent" # We use custom logging for the agent
}
}
- path: /etc/systemd/system/docker.service.d/override.conf
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
- path: /etc/default/docker
content: |
DOCKER_OPTS=""
- path: /etc/docker/ca.pem
encoding: b64
content: {{ .CACert | base64 }}
- path: /etc/docker/server-cert.pem
encoding: b64
content: {{ .TLSCert | base64 }}
- path: /etc/docker/server-key.pem
encoding: b64
content: {{ .TLSKey | base64 }}
runcmd:
- some commands to initiate td-agent for logging
- [ systemctl, daemon-reload ]
- [ systemctl, restart, docker ]