From 3c5b65ad3f6665d795ffbb3e66187c5f0db3d09c Mon Sep 17 00:00:00 2001 From: chendexi Date: Wed, 23 Mar 2022 03:31:25 +0000 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0ignition=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E5=B9=B6=E5=AF=B9=E5=BA=94=E4=BF=AE=E6=94=B9README?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 修改README --- README.md | 3 +- "docs/ignition\351\205\215\347\275\256.md" | 186 +++++++++++++++++++++ 2 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 "docs/ignition\351\205\215\347\275\256.md" diff --git a/README.md b/README.md index 0393163..dec9440 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ NestOS将配置工具ignition与rpm-ostree、OCI支持、SElinux强化等技术 2. [k8s+iSulad搭建](https://gitee.com/openeuler/NestOS/blob/master/docs/K8S+iSulad%E6%90%AD%E5%BB%BA.md) 3. [zincati自动更新](https://gitee.com/openeuler/NestOS/blob/master/docs/zincati%E8%87%AA%E5%8A%A8%E6%9B%B4%E6%96%B0%E4%BD%BF%E7%94%A8.md) 4. [NestOS定制化](https://gitee.com/openeuler/NestOS/blob/master/docs/%E5%AE%9A%E5%88%B6NestOS.md) +5. [ignition配置示例](https://gitee.com/openeuler/NestOS/blob/master/docs/ignition%E9%85%8D%E7%BD%AE.md) #### 功能特性 @@ -72,4 +73,4 @@ config是制作NestOS镜像时使用的配置文件,由于现阶段没有跟 欢迎感兴趣的小伙伴加入我们 - [1]: ./images/NestOS-roadmap.png "NestOS-roadmap.png" \ No newline at end of file + [1]: ./images/NestOS-roadmap.png "NestOS-roadmap.png" diff --git "a/docs/ignition\351\205\215\347\275\256.md" "b/docs/ignition\351\205\215\347\275\256.md" new file mode 100644 index 0000000..7b26998 --- /dev/null +++ "b/docs/ignition\351\205\215\347\275\256.md" @@ -0,0 +1,186 @@ +# ign文件说明 + +## 用户和组配置 + +使用如下配置文件来创建nest用户并配置密码(hash值)、组和SSH密钥 + +``` +variant: fcos +version: 1.1.0 +passwd: + users: + - name: nest + # Password is qwer1234!@#$ + password_hash: "$1$yoursalt$UGhjCXAJKpWWpeN8xsF.c/" + "groups": [ + "adm", + "sudo", + "systemd-journal", + "wheel" + ] + # SSH key for the local user. + ssh_authorized_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsgIP2uIynA2cUSRwaHpE7VV8enHhIv/Npp/wESgOyImkTH7ye89Al1Wo00hpxiIZqN6rKxj/DCL4HraM76uJ6nTJTdRs/XzVyNa5jfOe1YDmHnn3MN6cOUqn48v2+JU0o3eIaL7w72s9KOuk+NwrePyQd2BEhJiKDqOAiU/lf5xw+bpfxk8G8FzYWqtF7vGyVMw8Jlo+jQbPoc5ImO4yQ8tC7klwqPJ4v26Fz4ihUFXZk10+o2qVdtkaLOfA8MNbHXU1PTx6fqIPC+Vhd5n8X4WfgcdYIFmoovEg8lhpqCB3TIzZI7eSU4hSEEas3pVVCi58pQBAt5xSfF/Shr0+qGEGyub9rgweMm/Avv5s3CIEhWUDgwUZ5sfRUiLqN2Hil8ugsNmAUIqGLa536yNTYFUTGQHimq2qchrETIX3xD5emcWORQikaxdXixq/tDbAgr4q+M9zAMy0CzIDbUCi+2DDIjr9tL/r9KiZYpQUAai8yCkJb6g3Ct2pMsqnQdEk= root" +``` + +## 文件管理配置 + +使用如下配置文件来实现: + +1.创建文件夹/opt/tools; + +2.创建文件/var/helloworld并设置文件权限、所属用户和组 + +``` +variant: fcos +version: 1.1.0 +passwd: + users: + - name: nest + password_hash: "$1$yoursalt$UGhjCXAJKpWWpeN8xsF.c/" + "groups": [ + "adm", + "sudo", + "systemd-journal", + "wheel" + ] + # Public key + ssh_authorized_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsgIP2uIynA2cUSRwaHpE7VV8enHhIv/Npp/wESgOyImkTH7ye89Al1Wo00hpxiIZqN6rKxj/DCL4HraM76uJ6nTJTdRs/XzVyNa5jfOe1YDmHnn3MN6cOUqn48v2+JU0o3eIaL7w72s9KOuk+NwrePyQd2BEhJiKDqOAiU/lf5xw+bpfxk8G8FzYWqtF7vGyVMw8Jlo+jQbPoc5ImO4yQ8tC7klwqPJ4v26Fz4ihUFXZk10+o2qVdtkaLOfA8MNbHXU1PTx6fqIPC+Vhd5n8X4WfgcdYIFmoovEg8lhpqCB3TIzZI7eSU4hSEEas3pVVCi58pQBAt5xSfF/Shr0+qGEGyub9rgweMm/Avv5s3CIEhWUDgwUZ5sfRUiLqN2Hil8ugsNmAUIqGLa536yNTYFUTGQHimq2qchrETIX3xD5emcWORQikaxdXixq/tDbAgr4q+M9zAMy0CzIDbUCi+2DDIjr9tL/r9KiZYpQUAai8yCkJb6g3Ct2pMsqnQdEk= root +storage: + # This creates a directory. Its mode is set to 0755 by default + directories: + - path: /opt/tools + overwrite: true + files: + - + # Creates a file /var/helloworld containing a string defined in-line + path: /var/helloworld + overwrite: true + contents: + inline: Hello, world! + # Sets the file mode to 0644 (readable by all, writable by the owner). + mode: 0644 + # Sets owernship to dnsmasq:dnsmasq. + user: + name: nest + group: + name: engineering +``` + +## 存储配置 + +使用如下配置文件来改变root文件系统为ext4格式 + +``` +variant: fcos +version: 1.1.0 +storage: + filesystems: + - device: /dev/disk/by-partlabel/root + wipe_filesystem: true + format: ext4 + label: root +``` + +## 内核参数配置 + +使用如下配置文件来禁用sysrq + +``` +variant: fcos +version: 1.1.0 +storage: + files: + - path: /etc/sysctl.d/90-sysrq.conf + contents: + inline: | + kernel.sysrq = 0 +``` + +## 主机名配置 + +使用如下配置文件来将您需要设置的主机名写入/etc/hostname + +``` +variant: fcos +version: 1.1.0 +storage: + files: + - path: /etc/hostname + mode: 0644 + contents: + inline: nestoshost +``` + +## 时区配置 + +默认情况下,NestOS机器将时间保持在UTC,并将其时钟与网络时间协议 (NTP) 同步。 + +可以通过如下配置文件设置您所需的时区 + +``` +variant: fcos +version: 1.1.0 +storage: + links: + - path: /etc/localtime + target: ../usr/share/zoneinfo/America/New_York +``` + +## 网络配置 + +通过如下配置文件为网卡ens33配置静态IP + +``` +variant: fcos +version: 1.1.0 +storage: + files: + - path: /etc/hostname + mode: 0644 + contents: + inline: nestoshost + + - path: /etc/NetworkManager/system-connections/ens33.nmconnection + mode: 0600 + contents: + inline: | + [connection] + id=ens33 + type=ethernet + interface-name=ens33 + [ipv4] + address1=192.168.237.188/24,192.168.237.2 + dns=8.8.8.8; + dns-search= + method=manual +``` + +## 容器配置 + +使用如下配置文件使系统启动后,开启docker服务,并录取busybox镜像,运行busybox容器 + +``` +variant: fcos +version: 1.1.0 +systemd: + units: + - name: hello.service + enabled: true + contents: | + [Unit] + Description=MyApp + After=network-online.target + Wants=network-online.target + + [Service] + TimeoutStartSec=0 + ExecStartPre=systemctl start docker + ExecStartPre=/bin/docker pull busybox + ExecStart=/bin/docker run --name busybox1 busybox /bin/sh -c "trap 'exit 0' INT TERM; while true; do echo Hello World; sleep 1; done" + + [Install] + WantedBy=multi-user.target +``` + -- Gitee