Cradicle Explorer
home
/ ops / fcos / fcos-worker.bu
fcos-worker.bu
  1  variant: fcos
  2  version: 1.4.0
  3  passwd:
  4    users:
  5      - name: core
  6        ssh_authorized_keys:
  7          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
  8          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
  9          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
 10      - name: robot
 11        password_hash: "$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0"
 12        ssh_authorized_keys:
 13          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
 14          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
 15          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
 16        groups: [ sudo ]
 17  storage:
 18    directories:
 19      - path: /var/cache/rpm-ostree-install
 20    files:
 21      # CRI-O DNF module
 22      - path: /etc/dnf/modules.d/cri-o.module
 23        mode: 0644
 24        overwrite: true
 25        contents:
 26          inline: |
 27            [cri-o]
 28            name=cri-o
 29            stream=1.29
 30            profiles=
 31            state=enabled
 32      # YUM repository for kubeadm, kubelet and kubectl
 33      - path: /etc/yum.repos.d/kubernetes.repo
 34        mode: 0644
 35        overwrite: true
 36        contents:
 37          inline: |
 38            [kubernetes]
 39            name=Kubernetes
 40            baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-aarch64
 41            enabled=1
 42            gpgcheck=1
 43            gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
 44              https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
 45      # configuring automatic loading of br_netfilter on startup
 46      - path: /etc/modules-load.d/br_netfilter.conf
 47        mode: 0644
 48        overwrite: true
 49        contents:
 50          inline: br_netfilter
 51      # setting kernel parameters required by kubelet
 52      - path: /etc/sysctl.d/kubernetes.conf
 53        mode: 0644
 54        overwrite: true
 55        contents:
 56          inline: |
 57            net.bridge.bridge-nf-call-iptables=1
 58            net.ipv4.ip_forward=1
 59      - path: /etc/hostname
 60        mode: 0644
 61        contents:
 62          inline: ~HOSTNAME~
 63    disks:
 64    - # The link to the block device the OS was booted from.
 65      device: /dev/disk/by-id/coreos-boot-disk
 66      # We do not want to wipe the partition table since this is the primary
 67      # device.
 68      wipe_table: false
 69      partitions:
 70      - number: 4
 71        label: root
 72        size_mib: 15360 # 15GB
 73        resize: true
 74      - size_mib: 0
 75        # We assign a descriptive label to the partition. This is important
 76        # for referring to it in a device-agnostic way in other parts of the
 77        # configuration.
 78        label: var
 79    filesystems:
 80      - path: /var
 81        device: /dev/disk/by-partlabel/var
 82        # We can select the filesystem we'd like.
 83        format: ext4
 84        # Ask Butane to generate a mount unit for us so that this filesystem
 85        # gets mounted in the real root.
 86        with_mount_unit: true
 87  
 88  systemd:
 89    units:
 90      - name: rpm-ostree-install@.service
 91        enabled: true
 92        contents: |
 93          [Unit]
 94          Description=Layer %i with rpm-ostree
 95          Wants=network-online.target
 96          After=network-online.target
 97          Before=zincati.service
 98          ConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp
 99  
100          [Service]
101          Type=oneshot
102          RemainAfterExit=yes
103          ExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c "/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp"
104  
105          [Install]
106          WantedBy=multi-user.target
107      - name: rpm-ostree-install@python3.service
108        enabled: true
109      - name: rpm-ostree-install@libselinux-python3.service
110        enabled: true
111      - name: rpm-ostree-install@kubeadm.service
112        enabled: true
113      - name: rpm-ostree-install@kubelet.service
114        enabled: true
115      - name: rpm-ostree-install@kubectl.service
116        enabled: true
117      - name: rpm-ostree-install@cri-o.service
118        enabled: true
119      - name: rpm-ostree-install@htop.service
120        enabled: true