k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/jobs/e2e_node/crio/templates/crio_cgroupsv2_imagefs.yaml (about) 1 --- 2 variant: fcos 3 version: 1.4.0 4 kernel_arguments: 5 should_not_exist: 6 - mitigations=auto,nosmt 7 storage: 8 files: 9 - path: /etc/zincati/config.d/90-disable-auto-updates.toml 10 contents: 11 local: 90-disable-auto-updates.toml 12 mode: 0644 13 - path: /root/kubelet-e2e.te 14 contents: 15 local: kubelet-e2e.te 16 mode: 0644 17 - path: /etc/crio/crio.conf.d/crio.conf 18 contents: 19 local: crio.conf 20 mode: 0644 21 - path: /etc/sysctl.d/99-e2e-sysctl.conf 22 contents: 23 local: 99-e2e-sysctl.conf 24 mode: 0644 25 - path: /etc/ssh-key-secret/ssh-public 26 contents: 27 # base64 encoded "GCE_SSH_PUBLIC_KEY_FILE_CONTENT" 28 source: data:text/plain;base64,R0NFX1NTSF9QVUJMSUNfS0VZX0ZJTEVfQ09OVEVOVA== 29 mode: 0644 30 - path: /etc/containers/storage.conf 31 contents: 32 local: 50-storage.conf 33 mode: 0644 34 disks: 35 - device: /dev/disk/by-id/coreos-boot-disk 36 wipe_table: false 37 partitions: 38 - number: 4 39 label: root 40 # Allocate at least 8 GiB to the rootfs. See NOTE above about this. 41 size_mib: 8192 42 resize: true 43 - size_mib: 0 44 label: imagefs 45 filesystems: 46 - path: /var/lib/imagefs 47 device: /dev/disk/by-partlabel/imagefs 48 format: ext4 49 with_mount_unit: true 50 systemd: 51 units: 52 - name: configure-sysctl.service 53 enabled: true 54 contents: | 55 [Unit] 56 Description=Configure required sysctls. 57 58 [Service] 59 Type=oneshot 60 ExecStart=/usr/lib/systemd/systemd-sysctl 61 62 [Install] 63 WantedBy=multi-user.target 64 - name: tools-install.service 65 enabled: true 66 contents: | 67 [Unit] 68 Description=Download and install required tools. 69 Before=crio-install.service 70 After=NetworkManager-wait-online.service 71 72 [Service] 73 Type=oneshot 74 ExecStart=rpm-ostree install \ 75 -y \ 76 --apply-live \ 77 --allow-inactive \ 78 dbus-tools \ 79 checkpolicy 80 81 [Install] 82 WantedBy=multi-user.target 83 - name: selinux-install.service 84 enabled: true 85 contents: | 86 [Unit] 87 Description=Setup SELinux policy 88 After=tools-install.service 89 90 [Service] 91 Type=oneshot 92 ExecStartPre=setenforce 1 93 ExecStartPre=checkmodule -M -m -o /root/kubelet-e2e.mod /root/kubelet-e2e.te 94 ExecStartPre=semodule_package -o /root/kubelet-e2e.pp -m /root/kubelet-e2e.mod 95 ExecStartPre=semodule -i /root/kubelet-e2e.pp 96 ExecStartPre=mkdir -p /var/lib/kubelet 97 ExecStart=chcon -R -u system_u -r object_r -t var_lib_t /var/lib/kubelet 98 99 [Install] 100 WantedBy=multi-user.target 101 - name: crio-install.service 102 enabled: true 103 contents: | 104 [Unit] 105 Description=Download and install crio binaries and configurations. 106 After=selinux-install.service 107 108 [Service] 109 Type=oneshot 110 Environment="SCRIPT_COMMIT=3e02ed6de9f516af9d8884c06ee3d709b2fa413d" 111 Environment="CRIO_COMMIT=v1.30.0" 112 113 ExecStartPre=mount /tmp /tmp -o remount,exec,suid 114 ExecStartPre=mount -o remount,rw /dev/sda4 /usr 115 ExecStartPre=bash -c '\ 116 curl --fail --retry 5 --retry-delay 3 --silent --show-error \ 117 https://raw.githubusercontent.com/cri-o/packaging/$SCRIPT_COMMIT/get |\ 118 bash -s -- -t $CRIO_COMMIT' 119 ExecStartPre=rm -f /etc/cni/net.d/87-podman-bridge.conflist 120 ExecStartPre=rm -f /etc/crio/crio.conf.d/10-crio.conf 121 ExecStart=systemctl enable --now crio.service 122 123 [Install] 124 WantedBy=multi-user.target 125 - name: authorized-key.service 126 enabled: true 127 contents: | 128 [Unit] 129 Description=Copy authorized keys 130 Before=crio-install.service 131 After=NetworkManager-wait-online.service 132 133 [Service] 134 Type=oneshot 135 ExecStart=/bin/sh -c '\ 136 /usr/bin/mkdir -m 0700 -p /home/core/.ssh && \ 137 /usr/bin/cat /etc/ssh-key-secret/ssh-public \ 138 >> /home/core/.ssh/authorized_keys && \ 139 /usr/bin/chown -R core:core /home/core/.ssh && \ 140 /usr/bin/chmod 0600 /home/core/.ssh/authorized_keys' 141 142 [Install] 143 WantedBy=multi-user.target 144 - name: label-graphroot.service 145 enabled: true 146 contents: | 147 [Unit] 148 Description=Label Graphroot 149 After=crio-install.service 150 151 [Service] 152 Type=oneshot 153 ExecStart=rpm-ostree install \ 154 -y \ 155 --apply-live \ 156 --allow-inactive \ 157 policycoreutils-python-utils 158 ExecStart=semanage fcontext -a -e /var/lib/containers /var/lib/imagefs 159 ExecStart=restorecon -R -v /var/lib/imagefs 160 161 [Install] 162 WantedBy=multi-user.target