magnum/magnum/drivers/k8s_coreos_v1/templates/fragments/configure-etcd.yaml

#cloud-config
write_files:
  - path: /etc/systemd/system/configure-etcd.service
    owner: "root:root"
    permissions: "0644"
    content: |
      [Unit]
      Description=Configure etcd

      [Service]
      Type=oneshot
      EnvironmentFile=/etc/sysconfig/heat-params
      ExecStart=/etc/sysconfig/configure-etcd.sh

      [Install]
      WantedBy=multi-user.target      

  - path: /etc/sysconfig/configure-etcd.sh
    owner: "root:root"
    permissions: "0755"
    content: |
      #!/bin/sh

      if [ -z "${KUBE_NODE_IP}" ]; then
        KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
      fi

      DROP_IN_FILE=/etc/systemd/system/etcd-member.service.d/20-configure-etcd.conf
      mkdir -p $(dirname $DROP_IN_FILE)
      protocol="https"

      if [ "$TLS_DISABLED" = "True" ]; then
          protocol="http"
      fi
      cat > $DROP_IN_FILE <<EOF
      [Service]
      EnvironmentFile=/etc/environment
      Environment=ETCD_NAME=$KUBE_NODE_IP
      Environment=ETCD_DATA_DIR=/var/lib/etcd/default.etcd
      Environment=ETCD_LISTEN_CLIENT_URLS=$protocol://$KUBE_NODE_IP:2379,http://127.0.0.1:2379
      Environment=ETCD_LISTEN_PEER_URLS=$protocol://$KUBE_NODE_IP:2380

      Environment=ETCD_ADVERTISE_CLIENT_URLS=$protocol://$KUBE_NODE_IP:2379,http://127.0.0.1:2379
      Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=$protocol://$KUBE_NODE_IP:2380
      Environment=ETCD_DISCOVERY=$ETCD_DISCOVERY_URL
      EOF

      if [ "$TLS_DISABLED" = "False" ]; then

      cat >> $DROP_IN_FILE <<EOF
      Environment=ETCD_CA_FILE=${KUBE_CERTS_PATH}/ca.pem
      Environment=ETCD_CERT_FILE=${KUBE_CERTS_PATH}/apiserver.pem
      Environment=ETCD_KEY_FILE=${KUBE_CERTS_PATH}/apiserver-key.pem
      Environment=ETCD_PEER_CA_FILE=${KUBE_CERTS_PATH}/ca.pem
      Environment=ETCD_PEER_CERT_FILE=${KUBE_CERTS_PATH}/apiserver.pem
      Environment=ETCD_PEER_KEY_FILE=${KUBE_CERTS_PATH}/apiserver-key.pem
      Environment="RKT_RUN_ARGS=--volume ssl,kind=host,source=${KUBE_CERTS_PATH} \
      --mount volume=ssl,target=${KUBE_CERTS_PATH}"
      EOF

      fi

      if [ -n "$HTTP_PROXY" ]; then
          echo "Environment=ETCD_DISCOVERY_PROXY=$HTTP_PROXY" >> $DROP_IN_FILE
      fi

      systemctl enable etcd-member
      systemctl --no-block start etcd-member