images/image-builder/examples/osconfig-control-plane-vars.yaml

kernel:
    modules:
        load:
            - name: 8021q
            - name: bonding
            - name: ip_vs
            - name: ip_vs_rr
            - name: ip_vs_wrr
            - name: ip_vs_sh
            - name: br_netfilter
        blacklist:
            - name: krbd

banners:
    login: |
        Airship Node \l: \n.\o
        Kernel: \s \m \r \v
        IP address: \4
    motd: |
        #!/bin/sh
        . /etc/lsb-release
        printf "Airship Node, based on: %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

limits:
    - name: core_dump
      domain: '0:'
      type: 'hard'
      item: 'core'
      value: 0
    - name: nofile-root-soft
      domain: 'root'
      type: 'soft'
      item: 'nofile'
      value: '65536'
    - name: nofile-root-hard
      domain: 'root'
      type: 'hard'
      item: 'nofile'
      value: '1048576'
    - name: nofile-all-soft
      domain: '*'
      type: 'soft'
      item: 'nofile'
      value: '65536'
    - name: nofile-all-hard
      domain: '*'
      type: 'hard'
      item: 'nofile'
      value: '1048576'

grub:
    GRUB_TIMEOUT: 5
    GRUB_CMDLINE_LINUX_DEFAULT:
       - name: console
         value: 'ttyS0,115200n8'
       - name: console
         value: 'tty0'
       - name: amd_iommu
         value: 'on'
       - name: intel_iommu
         value: 'on'
       - name: iommu
         value: 'pt'
       - name: cgroup_disable
         value: 'hugetlb'
       - name: dpdk-socket-mem
         value: '4096,4096'
       - name: rcu_nocb_poll
         value: 'true'

sysctl:
    - name: net.nf_conntrack_max
      value: '1048576'
    - name: kernel.panic
      value: '60'
    - name: kernel.pid_max
      value: '4194303'
    - name: kernel.randomize_va_space
      value: '2'
    - name: net.ipv4.conf.default.arp_accept
      value: '1'
    - name: net.ipv4.conf.all.arp_accept
      value: '1'
    - name: net.core.netdev_max_backlog
      value: '261144'
    - name: net.ipv4.tcp_keepalive_intvl
      value: '3'
    - name: net.ipv4.tcp_keepalive_time
      value: '30'
    - name: net.ipv4.tcp_keepalive_probes
      value: '8'
    - name: net.ipv4.tcp_retries2
      value: '5'
    - name: net.ipv4.neigh.default.gc_thresh1
      value: '4096'
    - name: net.ipv4.neigh.default.gc_thresh2
      value: '8192'
    - name: net.ipv4.neigh.default.gc_thresh3
      value: '16384'
    - name: net.ipv4.conf.default.rp_filter
      value: '0'
    - name: net.ipv6.conf.all.accept_ra
      value: '0'
    - name: net.ipv6.conf.all.disable_ipv6
      value: '1'
    - name: net.ipv6.conf.default.accept_ra
      value: '0'
    - name: net.ipv6.conf.default.disable_ipv6
      value: '1'
    - name: net.ipv6.conf.lo.accept_ra
      value: '0'
    - name: net.ipv6.conf.lo.disable_ipv6
      value: '0'
    - name: net.netfilter.nf_conntrack_acct
      value: '1'
    - name: fs.suid_dumpable
      value: '0'
    - name: fs.inotify.max_user_watches
      value: '1048576'
    - name: fs.protected_hardlinks
      value: '1'
    - name: fs.protected_symlinks
      value: '1'
    - name: kernel.sysrq
      value: '1'
    - name: net.bridge.bridge-nf-call-ip6tables
      value: '1'
    - name: net.bridge.bridge-nf-call-iptables
      value: '1'

directories:
    - name: /testdir
      permissions: '0755'
      owner: root
      group: root

files:
    - name: /testdir/test.sh
      file_content: |
          #!/bin/bash
          echo hello world
      permissions: '0755'
      owner: root
      group: root

systemd:
    - name: sample.service
      file_content: |
          [Unit]
          Description=sample service
          After=network.target

          [Service]
          ExecStart=/bin/sleep infinity

          [Install]
          WantedBy=multi-user.target
      enabled: yes
      force: no

buildtime_user_scripts:
    - file_content: |
          #!/bin/bash
          echo "custom container buildtime script"

file_permissions:
      # Full path to file to create
    - name: /testdir/test.sh
      permissions: '0700'
      owner: root
      group: root