rootfs_root: build default_run_context: common qcow_run_context: qcow user_scripts_dir_default: "/config/scripts/{{ default_run_context }}" user_scripts_dir_qcow: "/config/scripts/{{ qcow_run_context }}" kernel: modules: load: - name: 8021q - name: bonding - name: ip_vs - name: ip_vs_rr - name: ip_vs_wrr - name: ip_vs_sh - name: br_netfilter blacklist: - name: krbd banners: login: | Airship Node \l: \n.\o Kernel: \s \m \r \v IP address: \4 motd: | #!/bin/sh . /etc/lsb-release printf "Airship Node, based on: %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)" kubelet: # Add only image-builder appropriate kubelet args here. # Add all others to kubeadmcontrolplane.yaml extra_systemd_args: [] #- name: reserved-cpus # value: '0-3' grub: GRUB_TIMEOUT: 10 GRUB_CMDLINE_LINUX_DEFAULT: - name: console value: 'ttyS0,115200n8' - name: console value: 'tty0' - name: amd_iommu value: 'on' - name: intel_iommu value: 'on' - name: iommu value: 'pt' - name: cgroup_disable value: 'hugetlb' - name: dpdk-socket-mem value: '4096,4096' - name: rcu_nocb_poll value: 'true' GRUB_SERIAL_COMMAND: - name: speed value: 'ttyS0,115200n8' - name: unit value: '0' - name: word value: '8' - name: parity value: 'no' - name: stop value: '1' kdump_tools: crashkernel: '768M' limits: - name: core_dump domain: '0:' type: 'hard' item: 'core' value: 0 - name: nofile-root-soft domain: 'root' type: 'soft' item: 'nofile' value: '65536' - name: nofile-root-hard domain: 'root' type: 'hard' item: 'nofile' value: '1048576' - name: nofile-all-soft domain: '*' type: 'soft' item: 'nofile' value: '65536' - name: nofile-all-hard domain: '*' type: 'hard' item: 'nofile' value: '1048576' sysctl: - name: net.bridge.bridge-nf-call-ip6tables value: '1' - name: net.bridge.bridge-nf-call-iptables value: '1' - name: net.nf_conntrack_max value: '1048576' - name: kernel.panic value: '3' - name: kernel.pid_max value: '4194303' - name: net.ipv4.conf.default.arp_accept value: '1' - name: net.ipv4.conf.all.arp_accept value: '1' - name: net.ipv4.tcp_keepalive_intvl value: '15' - name: net.ipv4.tcp_keepalive_time value: '30' - name: net.ipv4.tcp_keepalive_probes value: '8' - name: net.ipv4.tcp_retries2 value: '5' - name: net.ipv4.neigh.default.gc_thresh1 value: '4096' - name: net.ipv4.neigh.default.gc_thresh3 value: '16384' - name: net.ipv4.conf.default.rp_filter value: '2' - name: net.ipv6.conf.all.accept_ra value: '0' - name: net.ipv6.conf.default.accept_ra value: '0' - name: net.ipv6.conf.lo.accept_ra value: '0' - name: net.ipv6.conf.lo.disable_ipv6 value: '0' - name: net.netfilter.nf_conntrack_acct value: '1' - name: fs.suid_dumpable value: '2' - name: fs.inotify.max_user_watches value: '1048576' - name: fs.protected_hardlinks value: '1' - name: fs.protected_symlinks value: '1' - name: kernel.sysrq value: '8' # Any directories to create on disk can be defined here directories: # Full path to file to create - name: /testdir permissions: '0755' owner: root group: root # The contexts where this operation is performed # {{ default_run_context }} = part of shared base image # qcow = is performed for QCOW but not ephemeral (unless # combined with previous item) run_contexts: - "{{ default_run_context }}" # Any files to write to disk can be defined here files: # Full path to file to create - name: /testdir/test.sh file_content: | #!/bin/bash echo hello world permissions: '0755' owner: root group: root # The contexts where this operation is performed # {{ default_run_context }} = part of shared base image # qcow = is performed for QCOW but not ephemeral (unless # combined with previous item) run_contexts: - "{{ default_run_context }}" systemd: # Full name, including systemd suffix. sample.service. sample.mount, sample.timer, etc. - name: sample.service file_content: | [Unit] Description=sample service After=network.target [Service] ExecStart=/bin/sleep infinity [Install] WantedBy=multi-user.target # whether the target image should run this service on boot enabled: yes # whether to override existing symlinks (e.g. name collision). # Use only if you are intenting to overwrite an existing systemd unit force: no # The contexts where this operation is performed # {{ default_run_context }} = part of shared base image # qcow = is performed for QCOW but not ephemeral (unless # combined with previous item) run_contexts: - "{{ default_run_context }}" # If any custom shell scripts are needed for image building, they can be added here. user_scripts: - file_content: | #!/bin/bash echo "custom container buildtime script" # The contexts where this operation is performed # {{ default_run_context }} = part of shared base image # qcow = is performed for QCOW but not ephemeral (unless # combined with previous item) run_contexts: - "{{ default_run_context }}" # Any other adjustments to file or directory permissions, for files that already exist. file_permissions: # Full path to file to create - name: /testdir/test.sh permissions: '0700' owner: root group: root # The contexts where this operation is performed # {{ default_run_context }} = part of shared base image # qcow = is performed for QCOW but not ephemeral (unless # combined with previous item) run_contexts: - "{{ default_run_context }}" # Set password and login shell for existing users # Mainly intended to lock down system users # Creates user if does not exist user_management: - name: test shell: /bin/false password: '' password_lock: yes run_contexts: - "{{ default_run_context }}" # If any required resources need to be fetched from URL for image build customization, they can be added here. # Downloaded resources can be found in /tmp/url_resources directory. # Example:- # fetch_from_url: # - url: https://www.example.com/resource.tar.gz # use_proxy: no fetch_from_url: []