k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/jobs/e2e_node/crio/templates/base/root.yaml (about) 1 --- 2 variant: fcos 3 version: 1.4.0 4 kernel_arguments: 5 should_not_exist: 6 - mitigations=auto,nosmt 7 storage: 8 files: 9 - path: /etc/zincati/config.d/90-disable-auto-updates.toml 10 contents: 11 local: 90-disable-auto-updates.toml 12 mode: 0644 13 - path: /root/kubelet-e2e.te 14 contents: 15 local: kubelet-e2e.te 16 mode: 0644 17 - path: /etc/crio/crio.conf.d/crio.conf 18 contents: 19 local: crio.conf 20 mode: 0644 21 - path: /etc/sysctl.d/99-e2e-sysctl.conf 22 contents: 23 local: 99-e2e-sysctl.conf 24 mode: 0644 25 - path: /etc/ssh-key-secret/ssh-public 26 contents: 27 # base64 encoded "GCE_SSH_PUBLIC_KEY_FILE_CONTENT" 28 source: data:text/plain;base64,R0NFX1NTSF9QVUJMSUNfS0VZX0ZJTEVfQ09OVEVOVA== 29 mode: 0644 30 systemd: 31 units: 32 - name: configure-sysctl.service 33 enabled: true 34 contents: | 35 [Unit] 36 Description=Configure required sysctls. 37 38 [Service] 39 Type=oneshot 40 ExecStart=/usr/lib/systemd/systemd-sysctl 41 42 [Install] 43 WantedBy=multi-user.target 44 45 - name: tools-install.service 46 enabled: true 47 contents: | 48 [Unit] 49 Description=Download and install required tools. 50 Before=crio-install.service 51 After=NetworkManager-wait-online.service 52 53 [Service] 54 Type=oneshot 55 ExecStart=rpm-ostree install \ 56 -y \ 57 --apply-live \ 58 --allow-inactive \ 59 dbus-tools \ 60 checkpolicy 61 62 [Install] 63 WantedBy=multi-user.target 64 65 - name: selinux-install.service 66 enabled: true 67 contents: | 68 [Unit] 69 Description=Setup SELinux policy 70 After=tools-install.service 71 72 [Service] 73 Type=oneshot 74 ExecStartPre=setenforce 1 75 ExecStartPre=checkmodule -M -m -o /root/kubelet-e2e.mod /root/kubelet-e2e.te 76 ExecStartPre=semodule_package -o /root/kubelet-e2e.pp -m /root/kubelet-e2e.mod 77 ExecStartPre=semodule -i /root/kubelet-e2e.pp 78 ExecStartPre=mkdir -p /var/lib/kubelet 79 ExecStart=chcon -R -u system_u -r object_r -t var_lib_t /var/lib/kubelet 80 81 [Install] 82 WantedBy=multi-user.target 83 84 - name: crio-install.service 85 enabled: true 86 contents: | 87 [Unit] 88 Description=Download and install crio binaries and configurations. 89 After=selinux-install.service 90 91 [Service] 92 Type=oneshot 93 Environment="SCRIPT_COMMIT=3e02ed6de9f516af9d8884c06ee3d709b2fa413d" 94 Environment="CRIO_COMMIT=v1.30.0" 95 96 ExecStartPre=mount /tmp /tmp -o remount,exec,suid 97 ExecStartPre=mount -o remount,rw /dev/sda4 /usr 98 ExecStartPre=bash -c '\ 99 curl --fail --retry 5 --retry-delay 3 --silent --show-error \ 100 https://raw.githubusercontent.com/cri-o/packaging/$SCRIPT_COMMIT/get |\ 101 bash -s -- -t $CRIO_COMMIT' 102 ExecStartPre=rm -f /etc/cni/net.d/87-podman-bridge.conflist 103 ExecStartPre=rm -f /etc/crio/crio.conf.d/10-crio.conf 104 ExecStart=systemctl enable --now crio.service 105 106 [Install] 107 WantedBy=multi-user.target 108 109 - name: authorized-key.service 110 enabled: true 111 contents: | 112 [Unit] 113 Description=Copy authorized keys 114 Before=crio-install.service 115 After=NetworkManager-wait-online.service 116 117 [Service] 118 Type=oneshot 119 ExecStart=/bin/sh -c '\ 120 /usr/bin/mkdir -m 0700 -p /home/core/.ssh && \ 121 /usr/bin/cat /etc/ssh-key-secret/ssh-public \ 122 >> /home/core/.ssh/authorized_keys && \ 123 /usr/bin/chown -R core:core /home/core/.ssh && \ 124 /usr/bin/chmod 0600 /home/core/.ssh/authorized_keys' 125 126 [Install] 127 WantedBy=multi-user.target