Intended for OrangePI5 (might work on other devices)

• Tested on ARMBIAN Bullseye
• Previously on the orangepi

Requirements

• Create a username named "orangepi" with password "orangepi".
• Install sudo.
• Allow the user "orangepi" to have access to sudo.
• The user "orangepi" will be later deleted, so it's fine.

Files

arm_initial_setup.yaml: standalone playbook to normalize the initialization of an ARMBIAN device

run.sh: placeholder script used for testing

ksetup/:
  - playbook.yaml
  - tasks_prepare_node.yaml
  - tasks_master.yaml
  - tasks_slave.yaml
  - tasks_end.yaml
  - Exported:
    - kubeadm-join.command (exported file)
    - kubeconfig.conf (exported file)

inventory.yaml: Example inventory

Inventory.yaml

Example inventory.

Contains 2 groups, masters and slaves.

Each group have the variable is_master configured.

For more info regarding Ansible Inventory, refer to their documentation regarding the topic.

arm_initial_setup.yaml

It will:

• apt-get update && apt-get upgrade
• Install locale tools and sudo.
• Set the loacale for the ROOT user
• Set the language for the ROOT user
• Create the wheel group
• Add the wheel group to sudoers (using password)
• Add a new user with its password
• Add the new user to the wheel group
• Change the ROOT password
• Disable SSH login to the ROOT user
• Reboots the device and ignores if you can't connect back, why? Cause might receive a different IP from the DHCP client. This is convenient for myself.

Vars

A reminder that the point of this script, is to normalize the process of setting up a fresh ARMBIAN OS.

# Initial Setup
initial_username: username used to to the first connection
initial_password: password used to to the first connection


# Connect
ansible_user: User used to connect
ansible_password: Password used to connect
ansible_become_password: Password used to execute `sudo`

# New values
## Users
new_user_name: Username to create/modify
new_user_pass: Password for the used to create/modify
new_root_pass: New password for root

## Locales
new_locale: New locale desired
new_language: New language desired

ksetup

playbook.yaml

Used to "orchestrate" the process and call the rest of the task playbooks.

Vars

# Testing purposes
ansible_user: User used to connect
ansible_password: Password used to connect
ansible_become_password: Password used to execute `sudo`

# Actual vars
set_hostname: New hostname for the device, by default will obtain it's values from the variable `ansible_host` aka. the URL specified to connect to such device.
is_master: This variable determines which playbooks will run. (default false)
is_proxmox_vm: If true it will install the quemu agent for monitoring. (default false)
setup_only: If true will prevent creating/joining a kubernetes cluster. 

# Cluster shit
kubeadm_join_path: File path that will store the `kubeadm join` command to be executed by the worker nodes.
_kubeadm_join_command: Placeholder, will be populated at later stages of the script.

TASK playbooks

tasks_prepare_node.yaml

• Changes the device hostname
• Disables RAM usage.
• Update -> Upgrade.
• Uninstalls containerd.
• Installs Docker (Debian) and Kubernetes repos.
• Installs containerd.io, kubelet, kubeadm, kubectl, git, vim. (and others)
• If the variable is_proxmox_vm is set to true, will also install the quemu agent.
• Sets default config for containerd with cGroups enabled.
• Enables some iptables modules.
• "Resets" /etc/hosts file

tasks_master.yaml

Will only be executed if the variable is_master is set to True

• Executes kubeadm init aka initializes the node without further arguments assigned.
• Export the kubeconfig file.
• Removes node-role.kubernetes.io/control-plane taint to allow deploying containers in the control plane node.
• Deploys Calico CNI network plugin.
• Deploys MetalLB CRDs.
• Generates a "join cluster" command and stores it in a file LOCALLY as /Exported/ubeadm-join.command, this file will be later used by the slave nodes, who will execute this file's contents.

tasks_slave.yaml

Will only be executed if the variable is_master is set to False

• Executes the "command" stored in the file ./Exported/kubeadm-join.command located LOCALLY.

tasks_end.yaml

• As per the moment, deletes the "default user specified" (usually orangepi, on my scenario atleast) then reboots the system.

USAGE

Update Calico/MetalLB versions

Open the file tasks_master.yaml and update the .yaml files for Calico and MetalLB to match the desired/newer versions.

Setup

On my infrastructure/environment, I use a DHCP and DNS to connect / communicate the nodes.

You might need to edit the file /etc/hosts and manually point the resources IP addresses.

So my first step is to reserve the MAC addresses and configure the DHCP server.

Afterwards update the DNS server to point to those IPs.

Set the SD card / SBC (Single Board Computer)

Beware of using the right IMG / device, as you don't want to delete the wrong drive, right?

dd if=Armbian_23.02.2_Orangepi5_bullseye_legacy_5.10.110_minimal.img of=/dev/sdg  status=progress bs=1M status=progress

arm_initial_setup.yaml

Log in Values

I set up the variables on the inventory.yaml file.

initial_username: username used to to the first connection
initial_password: password used to to the first connection

Change the values of the desired variables

# New values
## Users
new_user_name: "orangepi"
new_user_pass: "orangepi"
new_root_pass: "1234"

## Locales
new_locale: "en_US.UTF-8"
new_language: "en_US.UTF-8"

Change the connection variables (Optional)

Optional, if you are not planning to use root, the playbook might require some slight changes in order to work with a user that's not root, idk, not my problem, this playbook assumes you will be using an ARMBIAN image.

ansible_user: "root"
ansible_password: "1234"

Run (?)

License

DWTFUW

Do whatever the fuck you want license ™