From 4d2fb39e477fb271f3f98c79c8db968f8aaa7f4f Mon Sep 17 00:00:00 2001 From: Oriol Date: Sun, 12 Mar 2023 05:42:53 +0000 Subject: [PATCH] backup --- README.md | 107 +++++++++++++++++++ armbian_initial_setup.yaml | 122 ++++++++++++++++++++++ inventory.yaml | 8 ++ ksetup/end_tasks.yaml | 5 + ksetup/kubeadm-join.command | 1 + ksetup/master_tasks.yaml | 85 +++++++++++++++ ksetup/playbook.yaml | 47 +++++++++ ksetup/set_node_tasks.yaml | 201 ++++++++++++++++++++++++++++++++++++ ksetup/slave_tasks.yaml | 8 ++ main_issues.md | 21 ++++ run.sh | 14 +++ 11 files changed, 619 insertions(+) create mode 100644 README.md create mode 100644 armbian_initial_setup.yaml create mode 100644 inventory.yaml create mode 100755 ksetup/end_tasks.yaml create mode 100644 ksetup/kubeadm-join.command create mode 100755 ksetup/master_tasks.yaml create mode 100755 ksetup/playbook.yaml create mode 100755 ksetup/set_node_tasks.yaml create mode 100755 ksetup/slave_tasks.yaml create mode 100644 main_issues.md create mode 100755 run.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..5638cef --- /dev/null +++ b/README.md @@ -0,0 +1,107 @@ +# Intended for OrangePI5 **(might work on other devices)** +- Tested on [ARMBIAN](https://www.armbian.com/orangepi-5/) Bullseye +- Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html) official Debian versions, but can't **confirm still works** + + +# Files + + +```yaml +arm_initial_setup.yaml: standalone playbook to normalize the initialization of an ARMBIAN device + +run.sh: placeholder script used for testing + +ksetup/: +``` + +## arm_initial_setup.yaml + +It will: + +- Set the loacale for ROOT user +- Set the language for ROOT user +- Create `wheel` group +- Add `wheel` group to sudoers (using password) +- Add a new user with its password +- Add the new user to the `wheel` group +- Change ROOT password +- Disable SSH to the ROOT user +- Executes `sleep 1 && dhclient -r && dhclient && reboot`. The `dhclient -r` it's for my own usage so **modify it if it bothers you**. + + +## ksetup + +### playbook.yaml + +Used to "orchestrate" the process and call the rest of the **task** playbooks. + + +### TASK playbooks + +- list (TODO) + + + + + + + + + + +# USAGE +## Setup + +On my infrastructure, **I** use a DHCP and DNS to connect / communicate the nodes. + +You **might** need to edit the file `/etc/hosts` and manually point the resources IP addresses. + +So my first step is to reserve the MAC addresses and configure the DHCP server. + +Afterwards update the DNS server to point to those IPs. + +## Set the SD card / SBC (Single Board Computer) +Beware of using the right IMG / device, as you don't want to delete the wrong drive, **right?** +```shell +dd if=Armbian_23.02.2_Orangepi5_bullseye_legacy_5.10.110_minimal.img of=/dev/sdg status=progress bs=1M status=progress +``` + +## arm_initial_setup.yaml + + +### Change the values of the desired variables + +```yaml +# New values +## Users +new_user_name: "orangepi" +new_user_pass: "orangepi" +new_root_pass: "1234" + +## Locales +new_locale: "en_US.UTF-8" +new_language: "en_US.UTF-8" +``` + + +### Change the connection variables (Optional) + +**Optional**, if you are not planning to use root, the playbook might require some slight changes in order to work with an user that's not root, idk, not my problem, this playbook **assumes** you will be using an ARMBIAN image. + +```yaml +ansible_user: "root" +ansible_password: "1234" +``` + + + + + + + + + +# License + +## DWTFUW +Do whatever the fuck you want license ™ diff --git a/armbian_initial_setup.yaml b/armbian_initial_setup.yaml new file mode 100644 index 0000000..e28aee2 --- /dev/null +++ b/armbian_initial_setup.yaml @@ -0,0 +1,122 @@ +# Author: Oriol Filter +# 12/03/2023 +# Intended for armbian (bullseye, fuck ubuntu tho) +- name: Pre Setup + hosts: all + gather_facts: false + + vars: + # Connect + ansible_user: "root" + ansible_password: "1234" + ansible_become_password: "{{ ansible_password }}" +# ansible_user: "orangepi" +# ansible_password: "orangepi" +# ansible_become_password: "orangepi" # Temporal + + # New values + ## Users + new_user_name: "orangepi" + new_user_pass: "orangepi" + new_root_pass: "1234" + + ## Locales + new_locale: "en_US.UTF-8" + new_language: "en_US.UTF-8" + + + + +# SSH with ROOT + tasks: + +# Set locale + # https://serverfault.com/a/981742 + - name: Ensure localisation files for '{{ new_locale }}' are available + locale_gen: + name: "{{ new_locale }}" + state: present + + - name: Ensure localisation files for '{{ new_language }}' are available + locale_gen: + name: "{{ new_language }}" + state: present + + - name: Get current locale and language configuration + command: localectl status + register: locale_status + changed_when: false + + - name: Parse 'LANG' from current locale and language configuration + set_fact: + locale_lang: "{{ locale_status.stdout | regex_search('LANG=([^\n]+)', '\\1') | first }}" + + - name: Parse 'LANGUAGE' from current locale and language configuration + set_fact: + locale_language: "{{ locale_status.stdout | regex_search('LANGUAGE=([^\n]+)', '\\1') | default([locale_lang], true) | first }}" + + - name: Configure locale to '{{ new_locale }}' and language to '{{ new_language }}' + command: localectl set-locale LANG={{ new_locale }} LANGUAGE={{ new_language }} + changed_when: locale_lang != new_locale or locale_language != new_language + become: yes # no idea if it's needed nor I care about + + +# Wheel group with sudo access + # https://stackoverflow.com/a/33362805 + - name: Make sure we have a 'wheel' group + group: + name: wheel + state: present + become: true + + - name: Allow 'wheel' group to have passwordless sudo + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) PASSWD: ALL' + validate: visudo -cf %s + become: true + +# Create orangepi user (will bother about it later) move to -> kuser (kluster user) + + - name: Add user new_user_name + ansible.builtin.user: + name: "{{ new_user_name }}" + password: "{{ new_user_pass | password_hash }}" + shell: /bin/bash + become: true + + + - name: adding user '{{ new_user_name }}' to group wheel + user: + name: '{{ new_user_name }}' + groups: sudo + append: yes + become: true + + +# Set root password to whatever shit + + - name: Change root default password + ansible.builtin.user: + name: root + password: "{{ new_root_pass | password_hash }}" + become: yes + +# Disable SSH with ROOT + + - name: PermitRootLogin = no + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: PermitRootLogin = no + backrefs: yes + become: yes + +# REBOOT + - name: reboot + ansible.builtin.shell: 'sleep 1 && dhclient -r && dhclient && reboot' +# ignore_errors: true # expected to fail due the imminent restart + ignore_unreachable: true + become: yes diff --git a/inventory.yaml b/inventory.yaml new file mode 100644 index 0000000..263aa07 --- /dev/null +++ b/inventory.yaml @@ -0,0 +1,8 @@ +master: + hosts: + masterk.filter.home: + is_master: yes +slaves: + hosts: + slave[01:01].filter.home: + is_master: no diff --git a/ksetup/end_tasks.yaml b/ksetup/end_tasks.yaml new file mode 100755 index 0000000..86bc821 --- /dev/null +++ b/ksetup/end_tasks.yaml @@ -0,0 +1,5 @@ + +#reboot +- name: reboot + reboot: + diff --git a/ksetup/kubeadm-join.command b/ksetup/kubeadm-join.command new file mode 100644 index 0000000..0d47340 --- /dev/null +++ b/ksetup/kubeadm-join.command @@ -0,0 +1 @@ +kubeadm join 192.168.1.10:6443 --token ezekcz.n6hwck49wfvj4h6f --discovery-token-ca-cert-hash sha256:7f78629fddc1310a35d2534d5dafa77761fa9770ff4da871583e32bc549470f7 diff --git a/ksetup/master_tasks.yaml b/ksetup/master_tasks.yaml new file mode 100755 index 0000000..35f96b5 --- /dev/null +++ b/ksetup/master_tasks.yaml @@ -0,0 +1,85 @@ +# Init +- name: Init cluster + ansible.builtin.command: "kubeadm init" + become: true + +# Set kubectl tool +- user: + name: "{{ ansible_user_id }}" + state: present + register: user_info_registered + +- name: create .kube directory + become: yes + become_user: "{{ ansible_user_id }}" + file: + path: "{{ user_info_registered.home }}/.kube" + state: directory + mode: 0755 + +- debug: var=user_info_registered.home + +- name: copy admin.conf to user's kube config + copy: + src: /etc/kubernetes/admin.conf + remote_src: yes + dest: "{{ user_info_registered.home }}/.kube/config" + owner: "{{ ansible_user_id }}" + become: true + + +# Network Plugin + +# Download and install Flannel + +#- name: Download and install Flannel +# ansible.builtin.get_url: +# url: https://github.com/flannel-io/flannel/releases/download/v0.19.2/flanneld-arm64 +# dest: /usr/local/bin/flanneld +# owner: root +# group: root +# mode: '0755' +# +#- name: Create Flannel networks directory +# ansible.builtin.file: +# path: /var/lib/k8s/flannel/networks +# state: directory +# recurse: yes +# owner: root +# group: root +# mode: '0755' +#- +# +- name: Calico + ansible.builtin.command: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml" + +#- name: Calico Tigera ? +# ansible.builtin.shell: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml" +# become_user: some_user +#- name: Calico Custom resources ? +# ansible.builtin.command: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml" +# +# +## Remove taints +- name: Remove Taint (allows deployment in control plane) + ansible.builtin.shell: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" + + +# Join token / command + +- name: Generate join token + shell: kubeadm token create --print-join-command + register: kubeadm_join_cmd + +- set_fact: + kubeadm_join_command: "{{ kubeadm_join_cmd.stdout }}" + +- debug: var=kubeadm_join_command + +- name: Store join command in "{{ kubeadm_join_path }}" + copy: + dest: "{{ kubeadm_join_path }}" + content: | + {{ kubeadm_join_command }} + delegate_to: localhost + diff --git a/ksetup/playbook.yaml b/ksetup/playbook.yaml new file mode 100755 index 0000000..d3500b0 --- /dev/null +++ b/ksetup/playbook.yaml @@ -0,0 +1,47 @@ +# Author: Oriol Filter +# 11/03/2023 +# Intended for armbian (bullseye, fuck ubuntu tho) it's aarch64 +# Maybe still works for orangepi "official" versions, but I don't care about them unless I used soooooo... gl! +# https://medium.com/karlmax-berlin/how-to-install-kubernetes-on-raspberry-pi-53b4ce300b58 +- name: Preparethings + hosts: all + gather_facts: true + vars: + + # Testing purpouses + ansible_user: "orangepi" # Testing purposes + ansible_password: "orangepi" # Testing purposes + ansible_become_password: "orangepi" # Testing purposes + + # Actual vars + set_hostname: "{{ ansible_host }}" + # is_master: Figurative + + # Cluster shit + kubeadm_join_path: "./kubeadm-join.command" + kubeadm_join_command: "" + + + tasks: +# - check vars + - debug: var=set_hostname + - debug: var=is_master + +# Init / Basic setup + - name: set up node + import_tasks: set_node_tasks.yaml + become: true + +# If is_master: init + - name: init cluster + import_tasks: master_tasks.yaml + when: is_master + +# else: join + - name: join cluster + import_tasks: slave_tasks.yaml + when: not is_master + +# Do other stuff + - name: post setup + import_tasks: end_tasks.yaml diff --git a/ksetup/set_node_tasks.yaml b/ksetup/set_node_tasks.yaml new file mode 100755 index 0000000..8705451 --- /dev/null +++ b/ksetup/set_node_tasks.yaml @@ -0,0 +1,201 @@ +# Hostname +## Set hostname +- name: Set a hostname + ansible.builtin.hostname: + name: "{{ set_hostname }}" + + +# Swap +- name: Swapoff + ansible.builtin.command: swapoff -a + +- name: Disable ram on boot (orangepi) # Untested + copy: + dest: "/etc/default/orangepi-zram-config" + content: ENABLED=false + when: + - ansible_distribution | lower == "orangepi" + - ansible_architecture == "aarch64" + +- name: Disable ram on boot (armbian) # Untested + copy: + dest: "/etc/default/armbian-zram-config" + content: ENABLED=false + when: + - ansible_architecture == "aarch64" + - ansible_distribution | lower == "ubuntu" or ansible_distribution | lower == "debian" + + +# INTENDED FOR ARM DISTROS FUCK U +#- name: Sed when x86_64 +# ansible.builtin.command: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab +# when: ansible_architecture == "x86_64" + + +# Packages +# Delete default containerd +## Looking forward the version 1.6 +- name: apt prune containerd + ansible.builtin.apt: + name: containerd + state: absent + purge: true + +## BnB +- name: apt update + ansible.builtin.apt: + update_cache: yes + +- name: apt upgrade + ansible.builtin.apt: + name: "*" + state: latest + +## Keyrings directory +- name: Creating a new directory + file: + path: "/etc/apt/keyrings" + state: directory + recurse: true + mode: '0755' +# ignore_errors: true + +## Docker repo +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/debian/gpg + state: present + +- name: Add Docker APT repository + apt_repository: + repo: deb [arch=arm64] https://download.docker.com/linux/debian bullseye stable + state: present + +## Kubeshit repo +- name: Download Kubernetes GPG key + ansible.builtin.get_url: + url: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" + dest: "/etc/apt/keyrings/kubernetes-archive-keyring.gpg" + timeout: 10 + +- name: Add Kubernetes keyring + copy: + dest: "/etc/apt/sources.list.d/kubernetes.list" + content: "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" + + +## Install packages +- name: apt update + ansible.builtin.apt: + update_cache: yes + +- name: Install Kubelet Kubeadm Kubectl + ansible.builtin.apt: + pkg: + - kubelet + - kubeadm + - kubectl + +- name: Hold kubeadm + ansible.builtin.dpkg_selections: + name: kubeadm + selection: hold + +- name: Hold kubelet + ansible.builtin.dpkg_selections: + name: kubelet + selection: hold + +- name: Hold kubectl + ansible.builtin.dpkg_selections: + name: kubectl + selection: hold + +## Containerd +- name: Install Container Runtime + ansible.builtin.apt: + pkg: + - containerd.io + - containernetworking-plugins + +- name: Containerd set default config + ansible.builtin.shell: containerd config default | tee /etc/containerd/config.toml + become: yes + +- name: SystemdCgroup = true + lineinfile: + dest: /etc/containerd/config.toml + regexp: '^\s*SystemdCgroup = false$' + line: ' SystemdCgroup = true' + backrefs: yes + +# Iptables +## Set files +- name: Iptables thingies (not touching specific firewall rules.) + copy: + dest: "/etc/sysctl.d/k8s.conf" + content: | + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + +- name: Iptables thingies + copy: + dest: "/etc/modules-load.d/k8s.conf" + content: | + overlay + br_netfilter + +## Modprobe +- name: Add the overlay module + community.general.modprobe: + name: overlay + state: present + +- name: Add the br_netfilter module + community.general.modprobe: + name: br_netfilter + state: present + +- name: Apply changes (might need to use sysctl module with the reload flag, will try eventually) + ansible.builtin.command: "sysctl --system" + + +## Systemctl +### Enable +- name: Enable kubelet + ansible.builtin.systemd: + name: kubelet + enabled: true + +- name: Enable containerd + ansible.builtin.systemd: + name: containerd + enabled: true + +### Restart +- name: Enable kubelet + ansible.builtin.systemd: + name: kubelet + state: restarted + +- name: Restart containerd + ansible.builtin.systemd: + name: containerd + state: restarted + +## Set /etc/hosts +### This could be better but who cares +- name: Set /etc/hosts file content (template/base) + copy: + dest: "/etc/hosts" + content: | + 127.0.0.1 localhost + 127.0.1.1 {{ set_hostname }} + ::1 localhost {{ set_hostname }} ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ff00::0 ip6-mcastprefix + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + + diff --git a/ksetup/slave_tasks.yaml b/ksetup/slave_tasks.yaml new file mode 100755 index 0000000..c89f0e2 --- /dev/null +++ b/ksetup/slave_tasks.yaml @@ -0,0 +1,8 @@ +- name: Populate {{ kubeadm_join_command }} + ansible.builtin.set_fact: kubeadm_join_command="{{ lookup('file', kubeadm_join_path ) }}" + +- debug: var=kubeadm_join_command + +- name: Join kubeadm + ansible.builtin.command: "{{ kubeadm_join_command }}" + become: yes \ No newline at end of file diff --git a/main_issues.md b/main_issues.md new file mode 100644 index 0000000..f7a90c3 --- /dev/null +++ b/main_issues.md @@ -0,0 +1,21 @@ +# Main issues I ran into + +## kubeadm init + +### Something something API V1 + +Probably ~~(surely)~~ the `containerd` version you are using is 1.4 something, that's due being the default version installed / from the default repositories. + +To fix it, install `containerd.io`. + +If currently can't find `containerd.io`, follow the [Set up the repository](https://docs.docker.com/engine/install/debian/#install-using-the-repository) to set up the repositories and finally run `apt-get install containerd.io` + +You can check the version by running `containerd --version` + +## CNI plugin initializing + +Wait, if after a while still this way, confirm that you actually deployed the network plugin. + +```shell +kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml +``` diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..55c9d04 --- /dev/null +++ b/run.sh @@ -0,0 +1,14 @@ +#!/bin/bash +export ANSIBLE_HOST_KEY_CHECKING=False + +# Replace for an inventory +IP="192.168.1.50,192.168.1.51," + +ansible-playbook -i $IP, armbian_initial_setup.yaml && sleep 25 # Wait for reboot + +ansible-playbook -i inventory.yaml ksetup/playbook.yaml + + + + +