commit dd4ddffdcf910c0bd9f548c3f71b1a5bbcdd0721
parent dcc23d468109f4304249850a02673bfce91404ee
Author: Vincent Demeester <vincent@sbr.pm>
Date: Thu, 4 Jan 2024 18:03:56 +0100
fcos: add some Fedora CoreOS configuration
Those files are generated from my notes.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
4 files changed, 125 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -16,4 +16,5 @@ networking.nix
hardware-configuration.nix
/key.bin
/tools/emacs/nix-buffer/
-/tools/emacs/var/backup-
\ No newline at end of file
+/tools/emacs/var/backup
+*.qcow2+
\ No newline at end of file
diff --git a/ops/fcos/fcos-master.bu b/ops/fcos/fcos-master.bu
@@ -0,0 +1,120 @@
+variant: fcos
+version: 1.4.0
+passwd:
+ users:
+ - name: core
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
+ - name: robot
+ password_hash: "$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0"
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
+ groups: [ sudo ]
+storage:
+ directories:
+ - path: /var/cache/rpm-ostree-install
+ files:
+ # CRI-O DNF module
+ - path: /etc/dnf/modules.d/cri-o.module
+ mode: 0644
+ overwrite: true
+ contents:
+ inline: |
+ [cri-o]
+ name=cri-o
+ stream=1.29
+ profiles=
+ state=enabled
+ # YUM repository for kubeadm, kubelet and kubectl
+ - path: /etc/yum.repos.d/kubernetes.repo
+ mode: 0644
+ overwrite: true
+ contents:
+ inline: |
+ [kubernetes]
+ name=Kubernetes
+ baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+ enabled=1
+ gpgcheck=1
+ gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
+ https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+ # configuring automatic loading of br_netfilter on startup
+ - path: /etc/modules-load.d/br_netfilter.conf
+ mode: 0644
+ overwrite: true
+ contents:
+ inline: br_netfilter
+ # setting kernel parameters required by kubelet
+ - path: /etc/sysctl.d/kubernetes.conf
+ mode: 0644
+ overwrite: true
+ contents:
+ inline: |
+ net.bridge.bridge-nf-call-iptables=1
+ net.ipv4.ip_forward=1
+ - path: /etc/hostname
+ mode: 0644
+ contents:
+ inline: ~HOSTNAME~
+ disks:
+ - # The link to the block device the OS was booted from.
+ device: /dev/disk/by-id/coreos-boot-disk
+ # We do not want to wipe the partition table since this is the primary
+ # device.
+ wipe_table: false
+ partitions:
+ - number: 4
+ label: root
+ size_mib: 10240 # 10GB
+ resize: true
+ - size_mib: 0
+ # We assign a descriptive label to the partition. This is important
+ # for referring to it in a device-agnostic way in other parts of the
+ # configuration.
+ label: var
+ filesystems:
+ - path: /var
+ device: /dev/disk/by-partlabel/var
+ # We can select the filesystem we'd like.
+ format: ext4
+ # Ask Butane to generate a mount unit for us so that this filesystem
+ # gets mounted in the real root.
+ with_mount_unit: true
+
+systemd:
+ units:
+ - name: rpm-ostree-install@.service
+ enabled: true
+ contents: |
+ [Unit]
+ Description=Layer %i with rpm-ostree
+ Wants=network-online.target
+ After=network-online.target
+ Before=zincati.service
+ ConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp
+
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c "/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp"
+
+ [Install]
+ WantedBy=multi-user.target
+ - name: rpm-ostree-install@python3.service
+ enabled: true
+ - name: rpm-ostree-install@libselinux-python3.service
+ enabled: true
+ - name: rpm-ostree-install@kubeadm.service
+ enabled: true
+ - name: rpm-ostree-install@kubelet.service
+ enabled: true
+ - name: rpm-ostree-install@kubectl.service
+ enabled: true
+ - name: rpm-ostree-install@cri-o.service
+ enabled: true
+ - name: rpm-ostree-install@htop.service
+ enabled: true
diff --git a/ops/fcos/fcos-master1.ign b/ops/fcos/fcos-master1.ign
@@ -0,0 +1 @@
+{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":10240},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMUcrCMBCE33OKXiAJP/xUEXoCjyAi6XbYQpLukjRgby+i1Nc+zTDM991iG1EWrKh3s4SM4boPZgwVraRhXletF+81UAyM6ihJmxyLcIIjyX5r2ReoVP/zWaSTfZ77R/9vsIQxYRr+DCvTDIqfGrEdtE9C77QRm2Nl03XHuaLZfl87/woAAP//5RZjlPkAAAA="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-master1"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}
diff --git a/ops/fcos/fcos-master2.ign b/ops/fcos/fcos-master2.ign
@@ -0,0 +1 @@
+{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":10240},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMUcrCMBCE33OKXiAJP/xUEXoCjyAi6XbYQpLukjRgby+i1Nc+zTDM991iG1EWrKh3s4SM4boPZgwVraRhXletF+81UAyM6ihJmxyLcIIjyX5r2ReoVP/zWaSTfZ77R/9vsIQxYRr+DCvTDIqfGrEdtE9C77QRm2Nl03XHuaLZfl87/woAAP//5RZjlPkAAAA="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-master2"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}