147 lines
2.9 KiB
YAML
147 lines
2.9 KiB
YAML
---
|
|
# early system configuration
|
|
anti_phishing_code: "Direktil<3"
|
|
|
|
modules: /modules.sqfs
|
|
|
|
auths:
|
|
- name: local
|
|
password: {{ password "root" "bootstrap" }}
|
|
{{ .vars.bootstrap_auths |yaml }}
|
|
|
|
ssh:
|
|
listen: "[::]:22"
|
|
user_ca: "/user_ca.pub"
|
|
|
|
networks:
|
|
- name: loopback
|
|
interfaces: [ { var: iface, n: 1, regexps: [ "^lo$" ] } ]
|
|
script: |
|
|
ip a add 127.0.0.1/8 dev lo
|
|
ip a add ::1/128 dev lo
|
|
ip li set lo up
|
|
|
|
{{ if .vars.net_custom }}
|
|
{{ .vars.net_custom | indent " " }}
|
|
{{ else }}
|
|
ip link add name main type bond
|
|
{{ if not .vars.net_dhcp }}
|
|
ip addr add {{host_ip}}/{{.vars.netmask}} dev main
|
|
{{ end }}
|
|
ip link set main up
|
|
{{ if .vars.gateway_mask }}
|
|
ip route add {{.vars.gateway}}/{{.vars.gateway_mask}} dev main
|
|
{{ end }}
|
|
{{ if not .vars.net_dhcp }}
|
|
ip route add default via {{.vars.gateway}}
|
|
{{ end }}
|
|
|
|
{{ if .vars.dns }}
|
|
echo "nameserver {{.vars.dns}}" >/etc/resolv.conf
|
|
{{ end }}
|
|
|
|
- name: main
|
|
interfaces:
|
|
- var: ifaces
|
|
n: -1 # grab all matches
|
|
regexps:
|
|
- {{ .vars.iface }}
|
|
script: |
|
|
for iface in $ifaces
|
|
do
|
|
ip link set $iface master main
|
|
ip li set $iface up
|
|
done
|
|
{{ if .vars.net_dhcp }}
|
|
udhcpc -i main
|
|
{{ end }}
|
|
{{- range .vars.extra_routes }}
|
|
ip route add {{.}}
|
|
{{- end }}
|
|
|
|
{{ if and .vars.dmz_ip .vars.dmz_netmask .vars.dmz_interface }}
|
|
- interfaces:
|
|
- var: ifaces
|
|
regexps:
|
|
- {{ .vars.dmz_interface }}
|
|
n: 1
|
|
script: |
|
|
ip a add {{.vars.dmz_ip}}/{{.vars.dmz_netmask}} dev $iface
|
|
ip li set $iface up
|
|
{{ if .vars.dmz_net_custom }}
|
|
{{ .vars.dmz_net_custom | indent " " }}
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
{{- with .vars.network_extra }}
|
|
{{ . }}
|
|
{{- end }}
|
|
|
|
{{ if .vars.pre_lvm_crypt }}
|
|
pre_lvm_crypt:
|
|
{{ .vars.pre_lvm_crypt |yaml }}
|
|
{{ end }}
|
|
|
|
lvm:
|
|
- vg: storage
|
|
pvs:
|
|
n: 1
|
|
regexps:
|
|
- {{ .vars.devname_match }}
|
|
|
|
defaults:
|
|
fs: ext4
|
|
|
|
lvs:
|
|
- name: bootstrap
|
|
size: 2g
|
|
|
|
- name: varlog
|
|
extents: 10%VG
|
|
|
|
{{- if .vars.is_master }}
|
|
- name: etcd
|
|
extents: 10%VG
|
|
{{- end }}
|
|
- name: kubelet
|
|
extents: 5%VG
|
|
|
|
{{- if .vars.cri_o }}
|
|
- name: crio
|
|
extents: {{ .vars.containerd_size }}
|
|
{{- else }}
|
|
- name: containerd
|
|
extents: {{ .vars.containerd_size }}
|
|
{{- end }}
|
|
|
|
crypt:
|
|
{{- if .vars.encrypt_disks }}
|
|
- dev: /dev/storage/bootstrap
|
|
- dev: /dev/storage/varlog
|
|
- dev: /dev/storage/kubelet
|
|
{{- if .vars.cri_o }}
|
|
- dev: /dev/storage/crio
|
|
{{- else }}
|
|
- dev: /dev/storage/containerd
|
|
{{- end }}
|
|
{{- if .vars.is_master }}
|
|
- dev: /dev/storage/etcd
|
|
{{- end }}
|
|
{{- end }}
|
|
- prefix: /dev/storage/k8s-crypt-
|
|
name: k8s-pv-crypt-
|
|
|
|
bootstrap:
|
|
{{- if .vars.encrypt_disks }}
|
|
dev: /dev/mapper/bootstrap
|
|
{{- else }}
|
|
dev: /dev/storage/bootstrap
|
|
{{- end }}
|
|
{{ if .vars.dls_base_url }}
|
|
seed: {{ .vars.dls_base_url }}/hosts-by-token/{{ host_download_token }}/bootstrap.tar
|
|
# TODO seed_sign_key: "..."
|
|
{{ end }}
|
|
# TODO load_and_close: true
|
|
|