Update to v1.32

configs/bootstrap.yaml

@@ -0,0 +1,146 @@
+---
+# early system configuration
+anti_phishing_code: "Direktil<3"
+
+modules: /modules.sqfs
+
+auths:
+- name:     local
+  password: {{ password "root" "bootstrap" }}
+{{ .vars.bootstrap_auths |yaml }}
+
+ssh:
+  listen: "[::]:22"
+  user_ca: "/user_ca.pub"
+
+networks:
+- name: loopback
+  interfaces: [ { var: iface, n: 1, regexps: [ "^lo$" ] } ]
+  script: |
+    ip a add 127.0.0.1/8 dev lo
+    ip a add ::1/128 dev lo
+    ip li set lo up
+
+{{ if .vars.net_custom }}
+{{   .vars.net_custom | indent "    " }}
+{{ else }}
+    ip link add name main type bond
+{{   if not .vars.net_dhcp }}
+    ip addr add {{host_ip}}/{{.vars.netmask}} dev main
+{{   end }}
+    ip link set main up
+{{   if .vars.gateway_mask }}
+    ip route add {{.vars.gateway}}/{{.vars.gateway_mask}} dev main
+{{   end }}
+{{   if not .vars.net_dhcp }}
+    ip route add default via {{.vars.gateway}}
+{{   end }}
+
+{{   if .vars.dns }}
+    echo "nameserver {{.vars.dns}}" >/etc/resolv.conf
+{{   end }}
+
+- name: main
+  interfaces:
+  - var: ifaces
+    n: -1 # grab all matches
+    regexps:
+    - {{ .vars.iface }}
+  script: |
+    for iface in $ifaces
+    do
+      ip link set $iface master main
+      ip li set $iface up
+    done
+{{   if .vars.net_dhcp }}
+    udhcpc -i main
+{{   end }}
+{{-  range .vars.extra_routes }}
+    ip route add {{.}}
+{{-  end }}
+
+{{   if and .vars.dmz_ip .vars.dmz_netmask .vars.dmz_interface }}
+- interfaces:
+  - var: ifaces
+    regexps:
+    - {{ .vars.dmz_interface }}
+      n: 1
+  script: |
+    ip a add {{.vars.dmz_ip}}/{{.vars.dmz_netmask}} dev $iface
+    ip li set $iface up
+{{     if .vars.dmz_net_custom }}
+{{       .vars.dmz_net_custom | indent "    " }}
+{{     end }}
+{{   end }}
+{{ end }}
+
+{{- with .vars.network_extra }}
+{{ . }}
+{{- end }}
+
+{{ if .vars.pre_lvm_crypt }}
+pre_lvm_crypt:
+{{ .vars.pre_lvm_crypt |yaml }}
+{{ end }}
+
+lvm:
+- vg: storage
+  pvs:
+    n: 1
+    regexps:
+    - {{ .vars.devname_match }}
+
+  defaults:
+    fs: ext4
+
+  lvs:
+  - name: bootstrap
+    size: 2g
+
+  - name: varlog
+    extents: 10%VG
+
+{{- if .vars.is_master }}
+  - name: etcd
+    extents: 10%VG
+{{- end }}
+  - name: kubelet
+    extents: 5%VG
+
+{{- if .vars.cri_o }}
+  - name: crio
+    extents: {{ .vars.containerd_size }}
+{{- else }}
+  - name: containerd
+    extents: {{ .vars.containerd_size }}
+{{- end }}
+
+crypt:
+  {{- if .vars.encrypt_disks }}
+  - dev: /dev/storage/bootstrap
+  - dev: /dev/storage/varlog
+  - dev: /dev/storage/kubelet
+  {{- if .vars.cri_o }}
+  - dev: /dev/storage/crio
+  {{- else }}
+  - dev: /dev/storage/containerd
+  {{- end }}
+  {{- if .vars.is_master }}
+  - dev: /dev/storage/etcd
+  {{- end }}
+  {{- end }}
+  - prefix: /dev/storage/k8s-crypt-
+    name:   k8s-pv-crypt-
+
+bootstrap:
+{{- if .vars.encrypt_disks }}
+  dev: /dev/mapper/bootstrap
+{{- else }}
+  dev: /dev/storage/bootstrap
+{{- end }}
+{{ if .vars.dls_base_url }}
+  seed: {{ .vars.dls_base_url }}/hosts-by-token/{{ host_download_token }}/bootstrap.tar
+  # TODO seed_sign_key: "..."
+{{ end }}
+  # TODO load_and_close: true
+