with hostname prefix + random text and rpm-ostree instal lpython3
variant: fcos
version: 1.5.0
storage:
files:
- path: /usr/local/bin/crictl
mode: 0755
overwrite: true
contents:
source: "http://jbn2.mooo.com/src/hardway/binary/crictl/crictl"
- path: /etc/crictl.yaml
overwrite: true
contents:
inline: |
runtime-endpoint: "unix:///var/run/containerd/containerd.sock"
image-endpoint: "unix:///var/run/containerd/containerd.sock"
timeout: 5
- path: /usr/local/bin/x-set-hostname.sh
mode: 0755
contents:
inline: |
#!/bin/bash
PREFIX="coreos-wk-"
RANDOM_STRING=$(head /dev/urandom | tr -dc a-z0-9 | head -c 8)
NEW_HOSTNAME="${PREFIX}${RANDOM_STRING}"
hostnamectl set-hostname "$NEW_HOSTNAME"
if grep -q "127.0.1.1" /etc/hosts; then
sed -i "s/127.0.1.1.*/127.0.1.1 $NEW_HOSTNAME/g" /etc/hosts
else
echo "127.0.1.1 $NEW_HOSTNAME" | sudo tee -a /etc/hosts > /dev/null
fi
systemctl disable run-script.service
rm -rf $0
- path: /etc/sysctl.d/90-k8s.conf
contents:
inline: |
fs.file-max=6815744
net.core.rmem_max=4194304
net.core.wmem_max=1048576
net.ipv4.ip_forward=1
net.ipv4.ip_local_reserved_ports=30000-32767
kernel.pid_max=4194304
net.ipv4.conf.all.arp_announce=2
net.ipv4.neigh.default.gc_thresh1=8192
net.ipv4.neigh.default.gc_thresh2=32768
net.ipv4.neigh.default.gc_thresh3=65536
net.ipv6.neigh.default.gc_thresh1=8192
net.ipv6.neigh.default.gc_thresh2=32768
net.ipv6.neigh.default.gc_thresh3=65536
vm.max_map_count=262144
fs.inotify.max_user_watches=65536
fs.inotify.max_user_instances=8192
net.ipv4.tcp_syncookies=1
kernel.panic=10
kernel.panic_on_oops=1
vm.overcommit_memory=1
net.netfilter.nf_conntrack_max=1000000
net.nf_conntrack_max=1000000
- path: /etc/NetworkManager/conf.d/99-k8s.conf
overwrite: true
contents:
inline: |
[main]
rc-manager=unmanaged
- path: /etc/selinux/config
mode: 0644
overwrite: true
contents:
inline: |
# disabled selinux
SELINUX=disabled
SELINUXTYPE=targeted
- path: /etc/chrony.conf
mode: 0644
overwrite: true
contents:
inline: |
pool time.google.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
- path: /etc/systemd/resolved.conf
mode: 0644
overwrite: true
contents:
inline: |
[Resolve]
DNSStubListener=no
- path: /etc/resolv.conf
mode: 0644
overwrite: true
contents:
inline: |
nameserver 192.168.1.74
links:
- path: /etc/localtime
overwrite: true
target: /usr/share/zoneinfo/Asia/Bangkok
passwd:
users:
- name: kubeadm
groups:
- wheel
- sudo
shell : /sbin/nologin
password_hash: $6$QhbCS.QtWL3kikkax6WkK1n1cFLpaSjA/NNyT.WZr/wX0
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1Nasdfe11sIE4guQl0KxwtNdzzXZdVyKZfUkBEHHaPnMPC+uU4KUDr
systemd:
units:
- name: containerd.service
enabled: true
- name: systemd-resolved.service
enabled: false
- name: polkit.service
enabled: false
- name: fwupd.service
enabled: false
- name: fwupd-refresh.service
enabled: false
- name: fwupd-refresh.timer
enabled: false
- name: run-script.service
enabled: true
contents: |
[Unit]
Description=Run Script
ConditionFirstBoot=yes
[Service]
Type=oneshot
ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive python3
ExecStart=/usr/local/bin/x-set-hostname.sh
ExecStart=/usr/sbin/usermod --shell /bin/bash kubeadm
ExecStart=/bin/systemctl --no-block reboot
[Install]
WantedBy=multi-user.target
