0064db95fe
The original image-builder approach had an entirely containerized approach for building target images. This approach was flawed because: 1. There are a number of debian packages which will not install without /sys, /proc, /dev, or /dev/pts mountpoints, and 2. Container build process does not support building with privileges needed to bind-mount these directories into the chroot build space 3. It is a requirement for all packages to be installed in the container image in order to avoid deployment risk of missing mirror resources This patchset addresses this problem by performing necessary privileged steps outside of a containerized build process. At the end of this process, the root filesystem is packaged into a docker container when elevated permissions are no longer required. Change-Id: I5f8dc972f67c5649bf5f9403a5a512d06c948720
111 lines
2.8 KiB
YAML
111 lines
2.8 KiB
YAML
rootfs_root: build
|
|
|
|
kernel:
|
|
modules:
|
|
load:
|
|
- name: 8021q
|
|
- name: bonding
|
|
- name: ip_vs
|
|
- name: ip_vs_rr
|
|
- name: ip_vs_wrr
|
|
- name: ip_vs_sh
|
|
- name: br_netfilter
|
|
blacklist:
|
|
- name: krbd
|
|
|
|
banners:
|
|
login: |
|
|
Airship Node \l: \n.\o
|
|
Kernel: \s \m \r \v
|
|
IP address: \4
|
|
motd: |
|
|
#!/bin/sh
|
|
. /etc/lsb-release
|
|
printf "Airship Node, based on: %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
|
|
|
|
kubelet:
|
|
# Add only image-builder appropriate kubelet args here.
|
|
# Add all others to kubeadmcontrolplane.yaml
|
|
extra_systemd_args: []
|
|
#- name: reserved-cpus
|
|
# value: '0-3'
|
|
|
|
grub:
|
|
GRUB_TIMEOUT: 5
|
|
GRUB_CMDLINE_LINUX_DEFAULT:
|
|
- name: cgroup_disable
|
|
value: 'hugetlb'
|
|
|
|
limits:
|
|
- name: core_dump
|
|
domain: '0:'
|
|
type: 'hard'
|
|
item: 'core'
|
|
value: 0
|
|
|
|
sysctl:
|
|
- name: net.bridge.bridge-nf-call-ip6tables
|
|
value: '1'
|
|
- name: net.bridge.bridge-nf-call-iptables
|
|
value: '1'
|
|
|
|
# Any directories to create on disk can be defined here
|
|
directories:
|
|
# Full path to file to create
|
|
- name: /testdir
|
|
permissions: '0755'
|
|
owner: root
|
|
group: root
|
|
|
|
# Any files to write to disk can be defined here
|
|
files:
|
|
# Full path to file to create
|
|
- name: /testdir/test.sh
|
|
file_content: |
|
|
#!/bin/bash
|
|
echo hello world
|
|
permissions: '0755'
|
|
owner: root
|
|
group: root
|
|
|
|
systemd:
|
|
# Full name, including systemd suffix. sample.service. sample.mount, sample.timer, etc.
|
|
- name: sample.service
|
|
file_content: |
|
|
[Unit]
|
|
Description=sample service
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/bin/sleep infinity
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
# whether the target image should run this service on boot
|
|
enabled: yes
|
|
# whether to override existing symlinks (e.g. name collision).
|
|
# Use only if you are intenting to overwrite an existing systemd unit
|
|
force: no
|
|
|
|
# If any custom shell scripts are needed for qcow building for image building,
|
|
# they can be added here.
|
|
buildtime_user_scripts:
|
|
- file_content: |
|
|
#!/bin/bash
|
|
echo "custom container buildtime script"
|
|
|
|
# Custom user shell scripts to be run during container execution, right before
|
|
# final QCOW image is created.
|
|
runtime_user_scripts:
|
|
- file_content: |
|
|
#!/bin/bash
|
|
echo "custom container buildtime script"
|
|
|
|
# Any other adjustments to file or directory permissions, for files that already exist.
|
|
file_permissions:
|
|
# Full path to file to create
|
|
- name: /testdir/test.sh
|
|
permissions: '0700'
|
|
owner: root
|
|
group: root
|