MoinMoin in Production on CoreOS - Part9: Booting with iPXE on Vultr
Posted on
I've finally gotten used to creating CoreOS cluster with fleet. After successfully multi-cloud deployment across IDCF Cloud and DigitalOcean, this time I want to let a Vultr instance join to my CoreOS cluster and run a MoinMoin fleet unit service. It should be possible to be cloud provider agnostic using CoreOS as a platform of infrastructure.
I’ve finally gotten used to creating CoreOS cluster with fleet. After successfully multi-cloud deployment across IDCF Cloud and DigitalOcean, this time I want to let a Vultr instance join to my CoreOS cluster and run a MoinMoin fleet unit service. It should be possible to be cloud provider agnostic using CoreOS as a platform of infrastructure.
Serve a iPXE ChainURL
To run a CoreOS instance on Vultr via iPXE I refer to following official tutorials.
It takes about one minute to run a CoreOS instance.
Install CoreOS
Unlike DigitalOcean’s CoreOS integration it needed to take another steps. Because a iPXE booted CoreOS is running from RAM it should be installed to disk, otherwise it is useless. It’s similar to create CoreOS instance on IDCF Cloud. I ssh login to the just created CoreOS instance on Vultr.
$ ssh -A core@108.61.162.139
I create cloud-config.yml file pointing to dedicated etcd endpoint. As with the DigitalOCean instance I edit iptables rules in write_files directive.
if [ -e$(dirname"$0")/nsenter ];then # with boot2docker, nsenter is not in the PATH but it is in the same folder NSENTER=$(dirname"$0")/nsenter else NSENTER=nsenter fi
if [ -z"$1" ];then echo"Usage: `basename "$0"`CONTAINER [COMMAND [ARG]...]" echo "" echo "EnterstheDockerCONTAINERandexecutesthespecifiedCOMMAND." echo"If COMMAND is not specified, runs an interactive shell in CONTAINER." else PID=$(dockerinspect--format"{{.State.Pid}}""$1") [ -z"$PID" ] &&exit1 shift
if [ "$(id -u)"-ne"0" ];then whichsudo>/dev/null if [ "$?"-eq"0" ];then LAZY_SUDO="sudo" else echo "Warning:Cannotfindsudo;Invokingnsenterastheuser$USER.">&2 fi fi # Get environment variables from the container's root process
# env is to clear all host environment variables and set then anew if [ $#-lt1 ];then # No arguments, default to `su` which executes the default login shell $LAZY_SUDO"$NSENTER"$OPTSenv-i-$ENVsu-mroot else # Has command # "$@" is magic in bash, and needs to be in the invocation $LAZY_SUDO"$NSENTER"$OPTSenv-i-$ENV"$@" fi fi -path:/etc/iptables.rules permissions:0600 content:| *filter :INPUTDROP [0:0] :FORWARDACCEPT [0:0] :OUTPUTACCEPT [0:0] -AINPUT-ilo-jACCEPT -AINPUT-mconntrack--ctstateRELATED,ESTABLISHED-jACCEPT -AINPUT-ieth0-ptcp-mconntrack--ctstateNEW-mmultiport--dports22-jACCEPT -AINPUT-mlimit--limit5/min-jLOG--log-prefix"iptables denied: "--log-level7 -AINPUT-jDROP COMMIT # end of file ssh_authorized_keys: -ssh-rsaAAA...
I install a CoreOS to disk with cloud-config.yml file.
Then I run ngrok container to tunnel my private docker-registry.
$ docker run -it --rm wizardapps/ngrok:latest ngrok 10.1.1.32:5000
And I re-submit the fleet unit file before starting MoinMoin service.
$ cd ~/docker_apps/moin $ fleetctl destroy moin@.service Destroyed moin@.service $ fleetctl submit moin@.service $ fleetctl load moin@80.service Unit moin@80.service loaded on 6ad10563.../108.61.162.139 $ fleetctl start moin@80.service Unit moin@80.service launched on 6ad10563.../108.61.162.139
It takes about 6 minutes for downloading images from docker-registry and finish running process.
$ fleetctl journal -f moin@80.service -- Logs begin at Sun 2014-10-26 08:06:34 UTC. -- ... Oct 26 08:16:45 localhost systemd[1]: Started MoinMoin Service.