Configuration Specification v3.4.0
配置规范 v3.4.0

The Ignition configuration is a JSON document conforming to the following specification, with italicized entries being optional:
点火配置是符合以下规范的 JSON 文档,其中斜体条目是可选的:

  • ignition (object): metadata about the configuration itself.
    点火(对象):关于配置本身的元数据。
    • version (string): the semantic version number of the spec. The spec version must be compatible with the latest version (3.4.0). Compatibility requires the major versions to match and the spec version be less than or equal to the latest version. -experimental versions compare less than the final version with the same number, and previous experimental versions are not accepted.
      版本(字符串):规范的语义版本号。规范版本必须与最新版本兼容( 3.4.0 )。兼容性要求主要版本匹配,并且规范版本小于或等于最新版本。 -experimental 版本比具有相同数字的最终版本小,并且不接受以前的实验性版本。
    • config (object): options related to the configuration.
      配置(对象):与配置相关的选项。
      • merge (list of objects): a list of the configs to be merged to the current config.
        合并(对象列表):要合并到当前配置的配置列表。
        • source (string): the URL of the config. Supported schemes are http, https, tftp, s3, arn, gs, and data. When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          源(字符串):配置的 URL。支持的方案有 httphttpstftps3arngsdata 。当使用 http 时,建议使用验证选项以确保内容未被修改。
        • compression (string): the type of compression used on the config (null or gzip). Compression cannot be used with S3.
          压缩(字符串):配置中使用的压缩类型(null 或 gzip)。无法在 S3 中使用压缩。
        • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
          httpHeaders(对象列表):要添加到请求中的 HTTP 标头列表。仅适用于 httphttps 源方案。
          • name (string): the header name.
            名称 (字符串): 标头名称。
          • value (string): the header contents.
            值(字符串):标题内容。
        • verification (object): options related to the verification of the config.
          验证(对象):与配置验证相关的选项。
          • hash (string): the hash of the config, in the form <type>-<value> where type is either sha512 or sha256. If compression is specified, the hash describes the decompressed config.
            哈希(字符串):配置的哈希值,格式为 <type>-<value> ,其中类型为 sha512sha256 。如果指定了 compression ,哈希值描述的是解压缩后的配置。
      • replace (object): the config that will replace the current.
        替换(对象):将替换当前配置的配置。
        • source (string): the URL of the config. Supported schemes are http, https, tftp, s3, arn, gs, and data. When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          源(字符串):配置的 URL。支持的方案有 httphttpstftps3arngsdata 。当使用 http 时,建议使用验证选项以确保内容未被修改。
        • compression (string): the type of compression used on the config (null or gzip). Compression cannot be used with S3.
          压缩(字符串):配置中使用的压缩类型(null 或 gzip)。无法在 S3 中使用压缩。
        • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
          httpHeaders(对象列表):要添加到请求中的 HTTP 标头列表。仅适用于 httphttps 源方案。
          • name (string): the header name.
            名称 (字符串): 标头名称。
          • value (string): the header contents.
            值(字符串):标题内容。
        • verification (object): options related to the verification of the config.
          验证(对象):与配置验证相关的选项。
          • hash (string): the hash of the config, in the form <type>-<value> where type is either sha512 or sha256. If compression is specified, the hash describes the decompressed config.
            哈希(字符串):配置的哈希值,格式为 <type>-<value> ,其中类型为 sha512sha256 。如果指定了 compression ,哈希值描述的是解压缩后的配置。
    • timeouts (object): options relating to http timeouts when fetching files over http or https.
      超时(对象):在通过 httphttps 获取文件时与 http 超时相关的选项。
      • httpResponseHeaders (integer): the time to wait (in seconds) for the server’s response headers (but not the body) after making a request. 0 indicates no timeout. Default is 10 seconds.
        httpResponseHeaders(整数):在发出请求后等待服务器响应标头(但不包括正文)的时间(以秒为单位)。 0 表示无超时。默认为 10 秒。
      • httpTotal (integer): the time limit (in seconds) for the operation (connection, request, and response), including retries. 0 indicates no timeout. Default is 0.
        httpTotal(整数):操作的时间限制(连接、请求和响应),包括重试。 0 表示无超时。默认为 0。
    • security (object): options relating to network security.
      security(对象):与网络安全相关的选项。
      • tls (object): options relating to TLS when fetching resources over https.
        tls(对象):在通过 https 获取资源时与 TLS 相关的选项。
        • certificateAuthorities (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over https. All certificate authorities must have a unique source.
          certificateAuthorities(对象列表):用于在通过 https 获取时进行 TLS 验证的其他证书颁发机构列表(除系统证书颁发机构外)。所有证书颁发机构必须具有唯一的 source
          • source (string): the URL of the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. Supported schemes are http, https, tftp, s3, arn, gs, and data. When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
            源(字符串):证书包的 URL(PEM 格式)。该包可以包含多个连接的证书。支持的方案有 httphttpstftps3arngsdata 。当使用 http 时,建议使用验证选项以确保内容未被修改。
          • compression (string): the type of compression used on the certificate bundle (null or gzip). Compression cannot be used with S3.
            压缩 (字符串): 证书包使用的压缩类型 (null 或 gzip)。S3 不能使用压缩。
          • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
            httpHeaders(对象列表):要添加到请求中的 HTTP 标头列表。仅适用于 httphttps 源方案。
            • name (string): the header name.
              名称 (字符串): 标头名称。
            • value (string): the header contents.
              值(字符串):标题内容。
          • verification (object): options related to the verification of the certificate bundle.
            验证(对象):与证书包验证相关的选项。
            • hash (string): the hash of the certificate bundle, in the form <type>-<value> where type is either sha512 or sha256. If compression is specified, the hash describes the decompressed certificate bundle.
              哈希(字符串):证书包的哈希值,格式为 <type>-<value> ,其中类型为 sha512sha256 。如果指定了 compression ,哈希描述的是解压后的证书包。
    • proxy (object): options relating to setting an HTTP(S) proxy when fetching resources.
      代理(对象):与在获取资源时设置 HTTP(S) 代理相关的选项。
      • httpProxy (string): will be used as the proxy URL for HTTP requests and HTTPS requests unless overridden by httpsProxy or noProxy.
        httpProxy (string): 将用作 HTTP 请求和 HTTPS 请求的代理 URL,除非被 httpsProxynoProxy 覆盖。
      • httpsProxy (string): will be used as the proxy URL for HTTPS requests unless overridden by noProxy.
        httpsProxy (string): 将用作 HTTPS 请求的代理 URL,除非被 noProxy 覆盖。
      • noProxy (list of strings): specifies a list of strings to hosts that should be excluded from proxying. Each value is represented by an IP address prefix (1.2.3.4), an IP address prefix in CIDR notation (1.2.3.4/8), a domain name, or a special DNS label (*). An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). A domain name matches that name and all subdomains. A domain name with a leading . matches subdomains only. For example foo.com matches foo.com and bar.foo.com; .y.com matches x.y.com but not y.com. A single asterisk (*) indicates that no proxying should be done.
        noProxy (字符串列表): 指定应从代理中排除的主机列表。每个值由 IP address prefix (1.2.3.4)an IP address prefix in CIDR notation (1.2.3.4/8)a domain namea special DNS label (*) 表示。IP 地址前缀和域名还可以包括文字端口号 (1.2.3.4:80) 。域名匹配该名称及所有子域。带有前导 . 的域名仅匹配子域。例如 foo.com 匹配 foo.combar.foo.com.y.com 匹配 x.y.com 但不匹配 y.com 。单个星号 (*) 表示不进行代理。
  • storage (object): describes the desired state of the system’s storage devices.
    存储(对象):描述系统存储设备的期望状态。
    • disks (list of objects): the list of disks to be configured and their options. Every entry must have a unique device.
      磁盘(对象列表):要配置的磁盘列表及其选项。每个条目必须具有唯一的 device
      • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        设备(字符串):设备的绝对路径。设备通常由 /dev/disk/by-* 符号链接引用。
      • wipeTable (boolean): whether or not the partition tables shall be wiped. When true, the partition tables are erased before any further manipulation. Otherwise, the existing entries are left intact.
        清除表(布尔值):是否清除分区表。当为 true 时,在进行任何进一步操作之前会擦除分区表。否则,现有条目将保持不变。
      • partitions (list of objects): the list of partitions and their configuration for this particular disk. Every partition must have a unique number, or if 0 is specified, a unique label.
        分区 (对象列表): 此特定磁盘的分区及其配置列表。每个分区必须具有唯一的 number ,或者如果指定为 0,则必须具有唯一的 label
        • label (string): the PARTLABEL for the partition.
          标签 (字符串): 分区的 PARTLABEL。
        • number (integer): the partition number, which dictates its position in the partition table (one-indexed). If zero, use the next available partition slot.
          编号 (整数): 分区号,决定其在分区表中的位置(从 1 开始计数)。如果为零,则使用下一个可用的分区槽位。
        • sizeMiB (integer): the size of the partition (in mebibytes). If zero, the partition will be made as large as possible.
          sizeMiB(整数):分区的大小(以 mebibytes 为单位)。如果为零,则分区将尽可能大。
        • startMiB (integer): the start of the partition (in mebibytes). If zero, the partition will be positioned at the start of the largest block available.
          startMiB(整数):分区的起始位置(以 mebibytes 为单位)。如果为零,则分区将定位在可用最大块的开头。
        • typeGuid (string): the GPT partition type GUID. If omitted, the default will be 0FC63DAF-8483-4772-8E79-3D69D8477DE4 (Linux filesystem data).
          typeGuid(字符串):GPT 分区类型 GUID。如果省略,将使用默认值 0FC63DAF-8483-4772-8E79-3D69D8477DE4(Linux 文件系统数据)。
        • guid (string): the GPT unique partition GUID.
          guid(字符串):GPT 唯一分区 GUID。
        • wipePartitionEntry (boolean): if true, Ignition will clobber an existing partition if it does not match the config. If false (default), Ignition will fail instead.
          wipePartitionEntry(布尔值):如果为 true,则 Ignition 将覆盖现有分区,如果与配置不匹配。如果为 false(默认),Ignition 将失败。
        • shouldExist (boolean): whether or not the partition with the specified number should exist. If omitted, it defaults to true. If false Ignition will either delete the specified partition or fail, depending on wipePartitionEntry. If false number must be specified and non-zero and label, start, size, guid, and typeGuid must all be omitted.
          shouldExist(布尔值):指定的 number 分区是否应存在。如果省略,默认为 true。如果为 false,Ignition 将删除指定的分区或失败,取决于 wipePartitionEntry 。如果为 false,必须指定 number 且非零, labelstartsizeguidtypeGuid 必须全部省略。
        • resize (boolean): whether or not the existing partition should be resized. If omitted, it defaults to false. If true, Ignition will resize an existing partition if it matches the config in all respects except the partition size.
          调整大小(布尔值):是否调整现有分区的大小。如果省略,默认为 false。如果为 true,则 Ignition 将调整现有分区的大小,如果除分区大小外的所有方面与配置匹配。
    • raid (list of objects): the list of RAID arrays to be configured. Every RAID array must have a unique name.
      RAID(对象列表):要配置的 RAID 阵列列表。每个 RAID 阵列必须具有唯一的 name
      • name (string): the name to use for the resulting md device.
        名称(字符串):用于生成的 md 设备的名称。
      • level (string): the redundancy level of the array (e.g. linear, raid1, raid5, etc.).
        等级(字符串):阵列的冗余级别(例如线性、raid1、raid5 等)。
      • devices (list of strings): the list of devices (referenced by their absolute path) in the array.
        设备(字符串列表):数组中设备的列表(按其绝对路径引用)。
      • spares (integer): the number of spares (if applicable) in the array.
        备用(整数):数组中备用的数量(如果适用)。
      • options (list of strings): any additional options to be passed to mdadm.
        选项(字符串列表):要传递给 mdadm 的任何附加选项。
    • filesystems (list of objects): the list of filesystems to be configured. device and format need to be specified. Every filesystem must have a unique device.
      文件系统(对象列表):要配置的文件系统列表。需要指定 deviceformat 。每个文件系统必须具有唯一的 device
      • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        设备(字符串):设备的绝对路径。设备通常由 /dev/disk/by-* 符号链接引用。
      • format (string): the filesystem format (ext4, btrfs, xfs, vfat, swap, or none).
        格式(字符串):文件系统格式(ext4、btrfs、xfs、vfat、swap 或无)。
      • path (string): the mount-point of the filesystem while Ignition is running relative to where the root filesystem will be mounted. This is not necessarily the same as where it should be mounted in the real root, but it is encouraged to make it the same.
        路径(字符串):Ignition 运行时文件系统的挂载点,相对于将要挂载根文件系统的位置。这不一定与实际根目录中应该挂载的位置相同,但建议使其相同。
      • wipeFilesystem (boolean): whether or not to wipe the device before filesystem creation, see Ignition’s documentation on filesystems for more information. Defaults to false.
        wipeFilesystem(布尔值):在创建文件系统之前是否擦除设备,请参阅 Ignition 关于文件系统的文档以获取更多信息。默认值为 false。
      • label (string): the label of the filesystem.
        标签(字符串):文件系统的标签。
      • uuid (string): the uuid of the filesystem.
        文件系统的 uuid(字符串)。
      • options (list of strings): any additional options to be passed to the format-specific mkfs utility.
        附加选项列表,用于传递给特定格式的 mkfs 实用程序。
      • mountOptions (list of strings): any special options to be passed to the mount command.
        mountOptions(字符串列表):要传递给挂载命令的任何特殊选项。
    • files (list of objects): the list of files to be written. Every file, directory and link must have a unique path.
      要写入的文件列表。每个文件、目录和链接必须具有唯一的 path
      • path (string): the absolute path to the file.
        路径(字符串):文件的绝对路径。
      • overwrite (boolean): whether to delete preexisting nodes at the path. contents must be specified if overwrite is true. Defaults to false.
        覆盖(布尔值):是否删除路径上预先存在的节点。如果为真,则必须指定 contents 。默认为 false。
      • contents (object): options related to the contents of the file.
        内容(对象):与文件内容相关的选项。
        • source (string): the URL of the file. Supported schemes are http, https, tftp, s3, arn, gs, and data. When using http, it is advisable to use the verification option to ensure the contents haven’t been modified. If source is omitted and a regular file already exists at the path, Ignition will do nothing. If source is omitted and no file exists, an empty file will be created.
          源(字符串):文件的 URL。支持的方案有 httphttpstftps3arngsdata 。当使用 http 时,建议使用验证选项以确保内容未被修改。如果省略源并且路径处已经存在常规文件,则 Ignition 将不执行任何操作。如果省略源并且不存在文件,则将创建一个空文件。
        • compression (string): the type of compression used on the file (null or gzip). Compression cannot be used with S3.
          压缩(字符串):文件使用的压缩类型(null 或 gzip)。无法在 S3 中使用压缩。
        • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
          httpHeaders(对象列表):要添加到请求中的 HTTP 标头列表。仅适用于 httphttps 源方案。
          • name (string): the header name.
            名称 (字符串): 标头名称。
          • value (string): the header contents.
            值(字符串):标题内容。
        • verification (object): options related to the verification of the file.
          验证(对象):与文件验证相关的选项。
          • hash (string): the hash of the file, in the form <type>-<value> where type is either sha512 or sha256. If compression is specified, the hash describes the decompressed file.
            哈希(字符串):文件的哈希值,格式为 <type>-<value> ,其中类型为 sha512sha256 。如果指定了 compression ,哈希值描述的是解压后的文件。
      • append (list of objects): list of fragments to be appended to the file. Follows the same structure as contents.
        追加(对象列表):要追加到文件的片段列表。遵循与 contents 相同的结构。
        • source (string): the URL of the fragment. Supported schemes are http, https, tftp, s3, arn, gs, and data. When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          源(字符串):片段的 URL。支持的方案有 httphttpstftps3arngsdata 。当使用 http 时,建议使用验证选项以确保内容未被修改。
        • compression (string): the type of compression used on the fragment (null or gzip). Compression cannot be used with S3.
          压缩 (字符串): 片段上使用的压缩类型 (null 或 gzip)。无法在 S3 上使用压缩。
        • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
          httpHeaders(对象列表):要添加到请求中的 HTTP 标头列表。仅适用于 httphttps 源方案。
          • name (string): the header name.
            名称 (字符串): 标头名称。
          • value (string): the header contents.
            值(字符串):标题内容。
        • verification (object): options related to the verification of the fragment.
          验证 (对象): 与片段验证相关的选项。
          • hash (string): the hash of the fragment, in the form <type>-<value> where type is either sha512 or sha256. If compression is specified, the hash describes the decompressed fragment.
            哈希(字符串):片段的哈希值,格式为 <type>-<value> ,其中类型为 sha512sha256 。如果指定了 compression ,哈希描述的是解压后的片段。
      • mode (integer): the file’s permission mode. Note that the mode must be properly specified as a decimal value (i.e. 0644 -> 420). Setuid/setgid/sticky bits are supported. If not specified, the permission mode for files defaults to 0644 or the existing file’s permissions if overwrite is false, contents is unspecified, and a file already exists at the path.
        模式(整数):文件的权限模式。请注意,模式必须以十进制值正确指定(即 0644 -> 420)。支持 Setuid/setgid/sticky 位。如果未指定,则文件的权限模式默认为 0644,或者如果 overwrite 为 false, contents 未指定,并且路径处已存在文件,则为现有文件的权限。
      • user (object): specifies the file’s owner.
        用户(对象):指定文件的所有者。
        • id (integer): the user ID of the owner.
          ID(整数):所有者的用户 ID。
        • name (string): the user name of the owner.
          name(字符串):所有者的用户名。
      • group (object): specifies the file’s group.
        组(对象):指定文件的组。
        • id (integer): the group ID of the group.
          ID(整数):组的组 ID。
        • name (string): the group name of the group.
          名称(字符串):组的组名称。
    • directories (list of objects): the list of directories to be created. Every file, directory, and link must have a unique path.
      目录(对象列表):要创建的目录列表。每个文件、目录和链接必须具有唯一的 path
      • path (string): the absolute path to the directory.
        路径(字符串):目录的绝对路径。
      • overwrite (boolean): whether to delete preexisting nodes at the path. If false and a directory already exists at the path, Ignition will only set its permissions. If false and a non-directory exists at that path, Ignition will fail. Defaults to false.
        覆盖(布尔值):是否删除路径上已存在的节点。如果为 false,并且路径上已经存在一个目录,Ignition 只会设置其权限。如果为 false,并且路径上存在一个非目录节点,Ignition 将会失败。默认为 false。
      • mode (integer): the directory’s permission mode. Note that the mode must be properly specified as a decimal value (i.e. 0755 -> 493). Setuid/setgid/sticky bits are supported. If not specified, the permission mode for directories defaults to 0755 or the mode of an existing directory if overwrite is false and a directory already exists at the path.
        模式(整数):目录的权限模式。请注意,模式必须以十进制值正确指定(即 0755 -> 493)。支持 Setuid/setgid/sticky 位。如果未指定,则目录的权限模式默认为 0755,或者如果 overwrite 为 false,并且路径处已存在目录,则为现有目录的模式。
      • user (object): specifies the directory’s owner.
        用户(对象):指定目录的所有者。
        • id (integer): the user ID of the owner.
          ID(整数):所有者的用户 ID。
        • name (string): the user name of the owner.
          name(字符串):所有者的用户名。
      • group (object): specifies the directory’s group.
        group(对象):指定目录的组。
        • id (integer): the group ID of the group.
          ID(整数):组的组 ID。
        • name (string): the group name of the group.
          名称(字符串):组的组名称。
    • links (list of objects): the list of links to be created. Every file, directory, and link must have a unique path.
      链接(对象列表):要创建的链接列表。每个文件、目录和链接必须具有唯一的 path
      • path (string): the absolute path to the link
        路径(字符串):链接的绝对路径
      • overwrite (boolean): whether to delete preexisting nodes at the path. If overwrite is false and a matching link exists at the path, Ignition will only set the owner and group. Defaults to false.
        覆盖(布尔值):是否删除路径上已存在的节点。如果覆盖为 false 并且路径上存在匹配的链接,Ignition 只会设置所有者和组。默认为 false。
      • user (object): specifies the owner for a symbolic link. Ignored for hard links.
        用户(对象):指定符号链接的所有者。对于硬链接不起作用。
        • id (integer): the user ID of the owner.
          ID(整数):所有者的用户 ID。
        • name (string): the user name of the owner.
          name(字符串):所有者的用户名。
      • group (object): specifies the group for a symbolic link. Ignored for hard links.
        group(对象):指定符号链接的组。对于硬链接不起作用。
        • id (integer): the group ID of the group.
          ID(整数):组的组 ID。
        • name (string): the group name of the group.
          名称(字符串):组的组名称。
      • target (string): the target path of the link
        target(字符串):链接的目标路径。
      • hard (boolean): a symbolic link is created if this is false, a hard one if this is true.
        硬 (布尔值): 如果为 false,则创建一个符号链接,如果为 true,则创建一个硬链接。
    • luks (list of objects): the list of luks devices to be created. Every device must have a unique name.
      luks(对象列表):要创建的 luks 设备列表。每个设备必须具有唯一的 name
      • name (string): the name of the luks device.
        名称(字符串):luks 设备的名称。
      • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        设备(字符串):设备的绝对路径。设备通常由 /dev/disk/by-* 符号链接引用。
      • keyFile (object): options related to the contents of the key file.
        keyFile(对象):与密钥文件内容相关的选项。
        • source (string): the URL of the key file. Supported schemes are http, https, tftp, s3, arn, gs, and data. When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          源(字符串):密钥文件的 URL。支持的方案有 httphttpstftps3arngsdata 。当使用 http 时,建议使用验证选项以确保内容未被修改。
        • compression (string): the type of compression used on the key file (null or gzip). Compression cannot be used with S3.
          压缩 (字符串): 用于密钥文件的压缩类型 (null 或 gzip)。S3 不能使用压缩。
        • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
          httpHeaders(对象列表):要添加到请求中的 HTTP 标头列表。仅适用于 httphttps 源方案。
          • name (string): the header name.
            名称 (字符串): 标头名称。
          • value (string): the header contents.
            值(字符串):标题内容。
        • verification (object): options related to the verification of the key file.
          验证 (对象): 与密钥文件验证相关的选项。
          • hash (string): the hash of the key file, in the form <type>-<value> where type is either sha512 or sha256. If compression is specified, the hash describes the decompressed key file.
            哈希 (字符串): 密钥文件的哈希值,格式为 <type>-<value> ,其中类型为 sha512sha256 。如果指定了 compression ,哈希描述的是解压后的密钥文件。
      • label (string): the label of the luks device.
        标签(字符串):luks 设备的标签。
      • uuid (string): the uuid of the luks device.
        UUID(字符串):luks 设备的 UUID。
      • options (list of strings): any additional options to be passed to cryptsetup luksFormat.
        选项(字符串列表):要传递给 cryptsetup luksFormat 的任何附加选项。
      • discard (boolean): whether to issue discard commands to the underlying block device when blocks are freed. Enabling this improves performance and device longevity on SSDs and space utilization on thinly provisioned SAN devices, but leaks information about which disk blocks contain data. If omitted, it defaults to false.
        丢弃(布尔值):是否在释放块时向底层块设备发出丢弃命令。启用此选项可提高 SSD 的性能和设备寿命,以及在薄利用 SAN 设备上提高空间利用率,但会泄露包含数据的磁盘块的信息。如果省略,默认值为 false。
      • openOptions (list of strings): any additional options to be passed to cryptsetup luksOpen. Supported options will be persistently written to the luks volume.
        openOptions(字符串列表):要传递给 cryptsetup luksOpen 的任何附加选项。支持的选项将被持久地写入 luks 卷。
      • wipeVolume (boolean): whether or not to wipe the device before volume creation, see Ignition’s documentation on filesystems for more information.
        wipeVolume(布尔值):在创建卷之前是否擦除设备,请参阅 Ignition 的文件系统文档以获取更多信息。
      • clevis (object): describes the clevis configuration for the luks device.
        clevis(对象):描述 luks 设备的 clevis 配置。
        • tang (list of objects): describes a tang server. Every server must have a unique url.
          tang(对象列表):描述 tang 服务器。每个服务器必须具有唯一的 url
          • url (string): url of the tang server.
            url(字符串):唐服务器的网址。
          • thumbprint (string): thumbprint of a trusted signing key.
            thumbprint(字符串):受信任签名密钥的指纹。
          • advertisement (string): the advertisement JSON. If not specified, the advertisement is fetched from the tang server during provisioning.
            广告(字符串):广告 JSON。如果未指定,则在配置期间从 tang 服务器获取广告。
        • tpm2 (boolean): whether or not to use a tpm2 device.
          tpm2(布尔值):是否使用 tpm2 设备。
        • threshold (integer): sets the minimum number of pieces required to decrypt the device. Default is 1.
          阈值(整数):设置解密设备所需的最小碎片数。默认值为 1。
        • custom (object): overrides the clevis configuration. The pin & config will be passed directly to clevis luks bind. If specified, all other clevis options must be omitted.
          自定义(对象):覆盖 clevis 配置。 pinconfig 将直接传递给 clevis luks bind 。如果指定,则必须省略所有其他 clevis 选项。
          • pin (string): the clevis pin.
            PIN(字符串):clevis PIN。
          • config (string): the clevis configuration JSON.
            配置(字符串):clevis 配置 JSON。
          • needsNetwork (boolean): whether or not the device requires networking.
            需要网络(布尔值):设备是否需要网络。
  • systemd (object): describes the desired state of the systemd units.
    systemd (对象): 描述 systemd 单元的期望状态。
    • units (list of objects): the list of systemd units. Every unit must have a unique name.
      单元 (对象列表): systemd 单元的列表。每个单元必须具有唯一的 name
      • name (string): the name of the unit. This must be suffixed with a valid unit type (e.g. “thing.service”).
        名称(字符串):单位的名称。必须以有效的单位类型结尾(例如“thing.service”)。
      • enabled (boolean): whether or not the service shall be enabled. When true, the service is enabled. When false, the service is disabled. When omitted, the service is unmodified. In order for this to have any effect, the unit must have an install section.
        启用(布尔值):服务是否应启用。为 true 时,服务已启用。为 false 时,服务已禁用。如果省略,则服务未修改。为了使其生效,单位必须有一个安装部分。
      • mask (boolean): whether or not the service shall be masked. When true, the service is masked by symlinking it to /dev/null. When false, the service is unmasked by deleting the symlink to /dev/null if it exists.
        掩码(布尔值):服务是否应该被掩盖。为 true 时,通过将其符号链接到 /dev/null 来掩盖服务。为 false 时,通过删除符号链接 /dev/null (如果存在)来取消掩盖服务。
      • contents (string): the contents of the unit.
        内容(字符串):单元的内容。
      • dropins (list of objects): the list of drop-ins for the unit. Every drop-in must have a unique name.
        dropins(对象列表):单元的插件列表。每个插件必须具有唯一的 name
        • name (string): the name of the drop-in. This must be suffixed with “.conf”.
          名称(字符串):插件的名称。必须以“.conf”结尾。
        • contents (string): the contents of the drop-in.
          内容(字符串):插入内容的内容。
  • passwd (object): describes the desired additions to the passwd database.
    密码(对象):描述要添加到密码数据库的内容。
    • users (list of objects): the list of accounts that shall exist. All users must have a unique name.
      用户(对象列表):应存在的帐户列表。所有用户必须具有唯一的 name
      • name (string): the username for the account.
        名称(字符串):账户的用户名。
      • passwordHash (string): the hashed password for the account.
        密码哈希(字符串):账户的哈希密码。
      • sshAuthorizedKeys (list of strings): a list of SSH keys to be added as an SSH key fragment at .ssh/authorized_keys.d/ignition in the user’s home directory. All SSH keys must be unique.
        SSH 授权密钥(字符串列表):要添加为用户主目录中的 SSH 密钥片段的 SSH 密钥列表。所有 SSH 密钥必须是唯一的。
      • uid (integer): the user ID of the account.
        uid(整数):账户的用户 ID。
      • gecos (string): the GECOS field of the account.
        gecos(字符串):账户的 GECOS 字段。
      • homeDir (string): the home directory of the account.
        homeDir(字符串):账户的主目录。
      • noCreateHome (boolean): whether or not to create the user’s home directory. This only has an effect if the account doesn’t exist yet.
        noCreateHome(布尔值):是否创建用户的主目录。仅当帐户尚不存在时才会生效。
      • primaryGroup (string): the name of the primary group of the account.
        primaryGroup(字符串):帐户的主组名称。
      • groups (list of strings): the list of supplementary groups of the account.
        groups(字符串列表):帐户的附加组列表。
      • noUserGroup (boolean): whether or not to create a group with the same name as the user. This only has an effect if the account doesn’t exist yet.
        noUserGroup(布尔值):是否创建与用户同名的组。仅当帐户尚不存在时才会生效。
      • noLogInit (boolean): whether or not to add the user to the lastlog and faillog databases. This only has an effect if the account doesn’t exist yet.
        noLogInit(布尔值):是否将用户添加到 lastlog 和 faillog 数据库。仅当帐户尚不存在时才会生效。
      • shell (string): the login shell of the new account.
        shell(字符串):新帐户的登录 shell。
      • shouldExist (boolean): whether or not the user with the specified name should exist. If omitted, it defaults to true. If false, then Ignition will delete the specified user.
        应存在(布尔值):指定的 name 用户是否应存在。如果省略,则默认为 true。如果为 false,则 Ignition 将删除指定的用户。
      • system (boolean): whether or not this account should be a system account. This only has an effect if the account doesn’t exist yet.
        系统(布尔值):此帐户是否应为系统帐户。仅当帐户尚不存在时才会生效。
    • groups (list of objects): the list of groups to be added. All groups must have a unique name.
      组(对象列表):要添加的组列表。所有组必须具有唯一的 name
      • name (string): the name of the group.
        名称(字符串):组的名称。
      • gid (integer): the group ID of the new group.
        gid(整数):新组的组 ID。
      • passwordHash (string): the hashed password of the new group.
        passwordHash(字符串):新组的哈希密码。
      • shouldExist (boolean): whether or not the group with the specified name should exist. If omitted, it defaults to true. If false, then Ignition will delete the specified group.
        shouldExist(布尔值):指定的 name 组是否应存在。如果省略,默认为 true。如果为 false,则 Ignition 将删除指定的组。
      • system (boolean): whether or not the group should be a system group. This only has an effect if the group doesn’t exist yet.
        system(布尔值):该组是否应为系统组。仅当该组尚不存在时才会生效。
  • kernelArguments (object): describes the desired kernel arguments.
    kernelArguments(对象):描述所需的内核参数。
    • shouldExist (list of strings): the list of kernel arguments that should exist.
      shouldExist(字符串列表):应存在的内核参数列表。
    • shouldNotExist (list of strings): the list of kernel arguments that should not exist.
      shouldNotExist(字符串列表):不应存在的内核参数列表。