airship/images
Code Issues Proposed changes
images/image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml
Pallav Gupta dcc91451ea Adding fetch from url option 
Adding fetch from url option to osconfig so that any resource can
be downloaded from given url and installed it during image build
process. Typical scenario in which user has to install custom package
in user defined script. Eg. Installing kernel driver 'i40e' etc.

Change-Id: Ic7d18f24e6faa4666b9d913cf360fe0bf11f2ef4
2021-03-03 08:05:57 +00:00

222 lines
6.4 KiB
YAML
Raw Blame History

rootfs_root: build
default_run_context: common
qcow_run_context: qcow
user_scripts_dir_default: "/config/scripts/{{ default_run_context }}"
user_scripts_dir_qcow: "/config/scripts/{{ qcow_run_context }}"
kernel:
modules:
load:
- name: 8021q
- name: bonding
- name: ip_vs
- name: ip_vs_rr
- name: ip_vs_wrr
- name: ip_vs_sh
- name: br_netfilter
blacklist:
- name: krbd
banners:
login: |
Airship Node \l: \n.\o
Kernel: \s \m \r \v
IP address: \4
motd: |
#!/bin/sh
. /etc/lsb-release
printf "Airship Node, based on: %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
kubelet:
# Add only image-builder appropriate kubelet args here.
# Add all others to kubeadmcontrolplane.yaml
extra_systemd_args: []
#- name: reserved-cpus
# value: '0-3'
grub:
GRUB_TIMEOUT: 5
GRUB_CMDLINE_LINUX_DEFAULT:
- name: console
value: 'ttyS0,115200n8'
- name: console
value: 'tty0'
- name: amd_iommu
value: 'on'
- name: intel_iommu
value: 'on'
- name: iommu
value: 'pt'
- name: cgroup_disable
value: 'hugetlb'
- name: dpdk-socket-mem
value: '4096,4096'
- name: rcu_nocb_poll
value: 'true'
limits:
- name: core_dump
domain: '0:'
type: 'hard'
item: 'core'
value: 0
- name: nofile-root-soft
domain: 'root'
type: 'soft'
item: 'nofile'
value: '65536'
- name: nofile-root-hard
domain: 'root'
type: 'hard'
item: 'nofile'
value: '1048576'
- name: nofile-all-soft
domain: '*'
type: 'soft'
item: 'nofile'
value: '65536'
- name: nofile-all-hard
domain: '*'
type: 'hard'
item: 'nofile'
value: '1048576'
sysctl:
- name: net.bridge.bridge-nf-call-ip6tables
value: '1'
- name: net.bridge.bridge-nf-call-iptables
value: '1'
- name: net.nf_conntrack_max
value: '1048576'
- name: kernel.panic
value: '3'
- name: kernel.pid_max
value: '4194303'
- name: net.ipv4.conf.default.arp_accept
value: '1'
- name: net.ipv4.conf.all.arp_accept
value: '1'
- name: net.ipv4.tcp_keepalive_intvl
value: '15'
- name: net.ipv4.tcp_keepalive_time
value: '30'
- name: net.ipv4.tcp_keepalive_probes
value: '8'
- name: net.ipv4.tcp_retries2
value: '5'
- name: net.ipv4.neigh.default.gc_thresh1
value: '4096'
- name: net.ipv4.neigh.default.gc_thresh3
value: '16384'
- name: net.ipv4.conf.default.rp_filter
value: '2'
- name: net.ipv6.conf.all.accept_ra
value: '0'
- name: net.ipv6.conf.default.accept_ra
value: '0'
- name: net.ipv6.conf.lo.accept_ra
value: '0'
- name: net.ipv6.conf.lo.disable_ipv6
value: '0'
- name: net.netfilter.nf_conntrack_acct
value: '1'
- name: fs.suid_dumpable
value: '2'
- name: fs.inotify.max_user_watches
value: '1048576'
- name: fs.protected_hardlinks
value: '1'
- name: fs.protected_symlinks
value: '1'
- name: kernel.sysrq
value: '8'
# Any directories to create on disk can be defined here
directories:
# Full path to file to create
- name: /testdir
permissions: '0755'
owner: root
group: root
# The contexts where this operation is performed
# {{ default_run_context }} = part of shared base image
# qcow = is performed for QCOW but not ephemeral (unless
# combined with previous item)
run_contexts:
- "{{ default_run_context }}"
# Any files to write to disk can be defined here
files:
# Full path to file to create
- name: /testdir/test.sh
file_content: |
#!/bin/bash
echo hello world
permissions: '0755'
owner: root
group: root
# The contexts where this operation is performed
# {{ default_run_context }} = part of shared base image
# qcow = is performed for QCOW but not ephemeral (unless
# combined with previous item)
run_contexts:
- "{{ default_run_context }}"
systemd:
# Full name, including systemd suffix. sample.service. sample.mount, sample.timer, etc.
- name: sample.service
file_content: |
[Unit]
Description=sample service
After=network.target
[Service]
ExecStart=/bin/sleep infinity
[Install]
WantedBy=multi-user.target
# whether the target image should run this service on boot
enabled: yes
# whether to override existing symlinks (e.g. name collision).
# Use only if you are intenting to overwrite an existing systemd unit
force: no
# The contexts where this operation is performed
# {{ default_run_context }} = part of shared base image
# qcow = is performed for QCOW but not ephemeral (unless
# combined with previous item)
run_contexts:
- "{{ default_run_context }}"
# If any custom shell scripts are needed for image building, they can be added here.
user_scripts:
- file_content: |
#!/bin/bash
echo "custom container buildtime script"
# The contexts where this operation is performed
# {{ default_run_context }} = part of shared base image
# qcow = is performed for QCOW but not ephemeral (unless
# combined with previous item)
run_contexts:
- "{{ default_run_context }}"
# Any other adjustments to file or directory permissions, for files that already exist.
file_permissions:
# Full path to file to create
- name: /testdir/test.sh
permissions: '0700'
owner: root
group: root
# The contexts where this operation is performed
# {{ default_run_context }} = part of shared base image
# qcow = is performed for QCOW but not ephemeral (unless
# combined with previous item)
run_contexts:
- "{{ default_run_context }}"
# If any required resources need to be fetched from URL for image build customization, they can be added here.
# Downloaded resources can be found in /tmp/url_resources directory.
# Example:-
# fetch_from_url:
# - url: https://www.example.com/resource.tar.gz
# use_proxy: no
fetch_from_url: []
View Git Blame Copy Permalink