k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/jobs/e2e_node/crio/templates/crio_cgroupsv1.yaml (about) 1 --- 2 variant: fcos 3 version: 1.4.0 4 kernel_arguments: 5 should_not_exist: 6 - mitigations=auto,nosmt 7 should_exist: 8 - systemd.unified_cgroup_hierarchy=0 9 storage: 10 files: 11 - path: /etc/zincati/config.d/90-disable-auto-updates.toml 12 contents: 13 local: 90-disable-auto-updates.toml 14 mode: 0644 15 - path: /root/kubelet-e2e.te 16 contents: 17 local: kubelet-e2e.te 18 mode: 0644 19 - path: /etc/crio/crio.conf.d/crio.conf 20 contents: 21 local: crio.conf 22 mode: 0644 23 - path: /etc/sysctl.d/99-e2e-sysctl.conf 24 contents: 25 local: 99-e2e-sysctl.conf 26 mode: 0644 27 - path: /etc/ssh-key-secret/ssh-public 28 contents: 29 # base64 encoded "GCE_SSH_PUBLIC_KEY_FILE_CONTENT" 30 source: data:text/plain;base64,R0NFX1NTSF9QVUJMSUNfS0VZX0ZJTEVfQ09OVEVOVA== 31 mode: 0644 32 - path: /etc/crio/crio.conf.d/42-checkpoint-enabled.conf 33 contents: 34 local: 42-checkpoint-enabled.conf 35 mode: 0644 36 systemd: 37 units: 38 - name: configure-sysctl.service 39 enabled: true 40 contents: | 41 [Unit] 42 Description=Configure required sysctls. 43 44 [Service] 45 Type=oneshot 46 ExecStart=/usr/lib/systemd/systemd-sysctl 47 48 [Install] 49 WantedBy=multi-user.target 50 - name: tools-install.service 51 enabled: true 52 contents: | 53 [Unit] 54 Description=Download and install required tools. 55 Before=crio-install.service 56 After=NetworkManager-wait-online.service 57 58 [Service] 59 Type=oneshot 60 ExecStart=rpm-ostree install \ 61 -y \ 62 --apply-live \ 63 --allow-inactive \ 64 dbus-tools \ 65 checkpolicy 66 67 [Install] 68 WantedBy=multi-user.target 69 - name: selinux-install.service 70 enabled: true 71 contents: | 72 [Unit] 73 Description=Setup SELinux policy 74 After=tools-install.service 75 76 [Service] 77 Type=oneshot 78 ExecStartPre=setenforce 1 79 ExecStartPre=checkmodule -M -m -o /root/kubelet-e2e.mod /root/kubelet-e2e.te 80 ExecStartPre=semodule_package -o /root/kubelet-e2e.pp -m /root/kubelet-e2e.mod 81 ExecStartPre=semodule -i /root/kubelet-e2e.pp 82 ExecStartPre=mkdir -p /var/lib/kubelet 83 ExecStart=chcon -R -u system_u -r object_r -t var_lib_t /var/lib/kubelet 84 85 [Install] 86 WantedBy=multi-user.target 87 - name: crio-install.service 88 enabled: true 89 contents: | 90 [Unit] 91 Description=Download and install crio binaries and configurations. 92 After=selinux-install.service 93 94 [Service] 95 Type=oneshot 96 Environment="SCRIPT_COMMIT=3e02ed6de9f516af9d8884c06ee3d709b2fa413d" 97 Environment="CRIO_COMMIT=v1.30.0" 98 99 ExecStartPre=mount /tmp /tmp -o remount,exec,suid 100 ExecStartPre=mount -o remount,rw /dev/sda4 /usr 101 ExecStartPre=bash -c '\ 102 curl --fail --retry 5 --retry-delay 3 --silent --show-error \ 103 https://raw.githubusercontent.com/cri-o/packaging/$SCRIPT_COMMIT/get |\ 104 bash -s -- -t $CRIO_COMMIT' 105 ExecStartPre=rm -f /etc/cni/net.d/87-podman-bridge.conflist 106 ExecStartPre=rm -f /etc/crio/crio.conf.d/10-crio.conf 107 ExecStart=systemctl enable --now crio.service 108 109 [Install] 110 WantedBy=multi-user.target 111 - name: authorized-key.service 112 enabled: true 113 contents: | 114 [Unit] 115 Description=Copy authorized keys 116 Before=crio-install.service 117 After=NetworkManager-wait-online.service 118 119 [Service] 120 Type=oneshot 121 ExecStart=/bin/sh -c '\ 122 /usr/bin/mkdir -m 0700 -p /home/core/.ssh && \ 123 /usr/bin/cat /etc/ssh-key-secret/ssh-public \ 124 >> /home/core/.ssh/authorized_keys && \ 125 /usr/bin/chown -R core:core /home/core/.ssh && \ 126 /usr/bin/chmod 0600 /home/core/.ssh/authorized_keys' 127 128 [Install] 129 WantedBy=multi-user.target