How to set sysctl variables at CoreOS cloud-init

cloud-initcoreos

I'm looking for a way to set CoreOS sysctl settings during its cloud-init stage.

The CoreOS version of cloud-init only allows for a handful of configuration directives and is not the same as the regular cloud-init. For example, there is no runcmd section (see http://coreos.com/docs/cluster-management/setup/cloudinit-cloud-config/).

systemd provides a way to manage sysctl settings though files (http://www.freedesktop.org/software/systemd/man/sysctl.d.html). I am using the CoreOS cloud-init write_files section to create a file at /etc/sysctl.d/50-nf_conntrack.conf. But it won't be picked up because the CoreOS cloud configuration happens after the sysctl.d configuration has already taken place.

Perhaps I could somehow use another systemd unit file to restart the sysctl.d unit? How could this be accomplished?

Best Answer

See answer on CoreOS github issue tracker: https://github.com/coreos/bugs/issues/747#issuecomment-142764415

There might be a simpler way in future, but for now you can simply write a unit to invoke systemd-sysctl during cloudinit; it'll be started after any files specified in write_files are written:
#cloud-config 
.... 
coreos:
  units:
    - name: update-sysctl.service
      command: start
      content: |
        [Unit]
        Description=Update sysctl values written by cloud-config
        [Service]
        ExecStart=/usr/lib/systemd/systemd-sysctl ...

Related Solutions

Simple dynamic user_data service for cloud-config in CoreOS

So, I probably should have rummaged through some of the other cloud providers... like there is this 'exoscale' provider which provides a bash script and a unit to fire off that bash script...

  - name: exoscale-cloudinit.service
    command: restart
    runtime: yes
    content: |
      [Unit]
      Description=Cloudinit from exoscale (cloudstack-style) metadata
      Requires=coreos-setup-environment.service
      After=coreos-setup-environment.service

      [Service]
      Type=oneshot
      EnvironmentFile=/etc/environment
      ExecStart=/usr/share/oem/bin/exoscale-coreos-cloudinit

...and the method of getting CoreOS to parse a cloud-config via URL...

#!/bin/bash

. /usr/share/oem/bin/exoscale-dhcp

DHCP_SERVER=$(get_dhcp_ip)
USERDATA_URL="http://${DHCP_SERVER}/latest/user-data"

block-until-url "${USERDATA_URL}"
coreos-cloudinit --from-url="${USERDATA_URL}"

...but now I have a bit of a chicken/egg problem unless I have some method of getting a temporary IP address to perform the curl operation...

CoreOS: Inject a real private IP in etcd2 cloud-config

They also provide a way to create your own private network and attach your server to it. As explained KB Article ID: 2163. If you did that and had the servicenet connected interface removed, it would no longer be an issue. However, the caveat to this would be that you would no longer have a way to utilize servicenet related services. More on intricacies about that is their KB Article ID: 2250.

Or, you could configure your firewall so that only the services that you use/need servicenet for are able to reach your server. You could even venture into the world of orchestrating a true private network through a cloud vyatta appliance and still retain access to Rackspace services as explained in KB Article ID: 3454.

All of those articles can be found at: http://www.rackspace.com/knowledge_center/

Ultimately, you'd have to weigh what option works best for you.

HTH

Best Answer

Related Solutions

Simple dynamic user_data service for cloud-config in CoreOS

CoreOS: Inject a real private IP in etcd2 cloud-config

Related Topic