162 lines
3.7 KiB
YAML
162 lines
3.7 KiB
YAML
kernel:
|
|
modules:
|
|
load:
|
|
- name: 8021q
|
|
- name: bonding
|
|
- name: ip_vs
|
|
- name: ip_vs_rr
|
|
- name: ip_vs_wrr
|
|
- name: ip_vs_sh
|
|
- name: br_netfilter
|
|
blacklist:
|
|
- name: krbd
|
|
|
|
banners:
|
|
login: |
|
|
Airship Node \l: \n.\o
|
|
Kernel: \s \m \r \v
|
|
IP address: \4
|
|
motd: |
|
|
#!/bin/sh
|
|
. /etc/lsb-release
|
|
printf "Airship Node, based on: %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
|
|
|
|
limits:
|
|
- name: core_dump
|
|
domain: '0:'
|
|
type: 'hard'
|
|
item: 'core'
|
|
value: 0
|
|
- name: nofile-root-soft
|
|
domain: 'root'
|
|
type: 'soft'
|
|
item: 'nofile'
|
|
value: '65536'
|
|
- name: nofile-root-hard
|
|
domain: 'root'
|
|
type: 'hard'
|
|
item: 'nofile'
|
|
value: '1048576'
|
|
- name: nofile-all-soft
|
|
domain: '*'
|
|
type: 'soft'
|
|
item: 'nofile'
|
|
value: '65536'
|
|
- name: nofile-all-hard
|
|
domain: '*'
|
|
type: 'hard'
|
|
item: 'nofile'
|
|
value: '1048576'
|
|
|
|
grub:
|
|
GRUB_TIMEOUT: 5
|
|
GRUB_CMDLINE_LINUX_DEFAULT:
|
|
- name: console
|
|
value: 'ttyS0,115200n8'
|
|
- name: console
|
|
value: 'tty0'
|
|
- name: amd_iommu
|
|
value: 'on'
|
|
- name: intel_iommu
|
|
value: 'on'
|
|
- name: iommu
|
|
value: 'pt'
|
|
- name: cgroup_disable
|
|
value: 'hugetlb'
|
|
- name: dpdk-socket-mem
|
|
value: '4096,4096'
|
|
- name: rcu_nocb_poll
|
|
value: 'true'
|
|
|
|
sysctl:
|
|
- name: net.bridge.bridge-nf-call-ip6tables
|
|
value: '1'
|
|
- name: net.bridge.bridge-nf-call-iptables
|
|
value: '1'
|
|
- name: net.nf_conntrack_max
|
|
value: '1048576'
|
|
- name: kernel.panic
|
|
value: '3'
|
|
- name: kernel.pid_max
|
|
value: '4194303'
|
|
- name: net.ipv4.conf.default.arp_accept
|
|
value: '1'
|
|
- name: net.ipv4.conf.all.arp_accept
|
|
value: '1'
|
|
- name: net.ipv4.tcp_keepalive_intvl
|
|
value: '15'
|
|
- name: net.ipv4.tcp_keepalive_time
|
|
value: '30'
|
|
- name: net.ipv4.tcp_keepalive_probes
|
|
value: '8'
|
|
- name: net.ipv4.tcp_retries2
|
|
value: '5'
|
|
- name: net.ipv4.neigh.default.gc_thresh1
|
|
value: '4096'
|
|
- name: net.ipv4.neigh.default.gc_thresh3
|
|
value: '16384'
|
|
- name: net.ipv4.conf.default.rp_filter
|
|
value: '2'
|
|
- name: net.ipv6.conf.all.accept_ra
|
|
value: '0'
|
|
- name: net.ipv6.conf.default.accept_ra
|
|
value: '0'
|
|
- name: net.ipv6.conf.lo.accept_ra
|
|
value: '0'
|
|
- name: net.ipv6.conf.lo.disable_ipv6
|
|
value: '0'
|
|
- name: net.netfilter.nf_conntrack_acct
|
|
value: '1'
|
|
- name: fs.suid_dumpable
|
|
value: '2'
|
|
- name: fs.inotify.max_user_watches
|
|
value: '1048576'
|
|
- name: fs.protected_hardlinks
|
|
value: '1'
|
|
- name: fs.protected_symlinks
|
|
value: '1'
|
|
- name: kernel.sysrq
|
|
value: '8'
|
|
|
|
directories:
|
|
- name: /testdir
|
|
permissions: '0755'
|
|
owner: root
|
|
group: root
|
|
|
|
files:
|
|
- name: /testdir/test.sh
|
|
file_content: |
|
|
#!/bin/bash
|
|
echo hello world
|
|
permissions: '0755'
|
|
owner: root
|
|
group: root
|
|
|
|
systemd:
|
|
- name: sample.service
|
|
file_content: |
|
|
[Unit]
|
|
Description=sample service
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/bin/sleep infinity
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
enabled: yes
|
|
force: no
|
|
|
|
buildtime_user_scripts:
|
|
- file_content: |
|
|
#!/bin/bash
|
|
echo "custom container buildtime script"
|
|
|
|
file_permissions:
|
|
# Full path to file to create
|
|
- name: /testdir/test.sh
|
|
permissions: '0700'
|
|
owner: root
|
|
group: root
|