I was able to use the /opt/rancher/bin/start.sh method successfully with RancherOS v1.1.2 this afternoon, with one caveat – during boot, a message scrolls by about an untrusted certificate. I added this to the above write_files configuration:
- content: |+
#!/bin/sh
cat << _EOF_ >> /etc/ssl/certs/ca-certificates.crt
-----BEGIN CERTIFICATE-----
[CA cert/chain here]
-----END CERTIFICATE-----
_EOF_
owner: root
path: /opt/rancher/bin/start.sh
permissions: "0755"
It’s not pretty, but once the console is available, I’m able to run “sudo ros engine list”. This fails if I don’t add the private CA certificates that our proxy uses.