From 1986a7111818548032ac02bb09a4ab0e2659becf Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Wed, 13 Dec 2023 17:14:13 +0100 Subject: [PATCH] Added support for x64 bit Debian. --- Initial_Setup/armbian_initial_setup.yaml | 165 ++++++++++++----------- README.md | 10 +- inventory.yaml | 18 +-- ksetup/playbook.yaml | 10 +- ksetup/tasks_end.yaml | 30 ++++- ksetup/tasks_prepare_node.yaml | 40 ++++-- ksetup/tasks_slave.yaml | 2 +- run.sh | 2 +- 8 files changed, 171 insertions(+), 106 deletions(-) diff --git a/Initial_Setup/armbian_initial_setup.yaml b/Initial_Setup/armbian_initial_setup.yaml index 6d315fd..d115e5d 100644 --- a/Initial_Setup/armbian_initial_setup.yaml +++ b/Initial_Setup/armbian_initial_setup.yaml @@ -14,38 +14,110 @@ # New values ## Users - new_user_name: "kluser" - new_user_pass: "kluser_1234" - new_root_pass: "root_1234" + new_user_name: "my_user" + new_user_password: "my_password" + new_root_password: "my_root_password" + + ansible_python_interpreter: "/usr/bin/python3" ## Locales new_locale: "en_US.UTF-8" new_language: "en_US.UTF-8" + new_timezone: "Europe/Madrid" # SSH with ROOT tasks: - # Install sudo and locale thingies + + - name: ping + ping: + + # Install locale thingies and configure sudo for the new user - name: apt update ansible.builtin.apt: update_cache: yes - +# - name: apt upgrade ansible.builtin.apt: name: "*" state: latest - - - name: Install sudo +# + - name: Install locale thingies ansible.builtin.apt: pkg: - - sudo - locales - locales-all +# +# - name: update facts +# setup: +# +# # Wheel group with sudo access +# # https://stackoverflow.com/a/33362805 + - name: Make sure we have a 'wheel' group + group: + name: wheel + state: present +# +# + - name: Allow 'wheel' group to have passwordless sudo + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) PASSWD: ALL' + validate: visudo -cf %s +# +# +# # Create `orangepi` (or whatever user u want to create) user (will bother about it later) # maybe move to -> kuser (kluster user)? +# +# + - name: Add user new_user_name + ansible.builtin.user: + name: "{{ new_user_name }}" + password: "{{ new_user_password | password_hash }}" + shell: /bin/bash +# +# + - name: adding user '{{ new_user_name }}' to group wheel + ansible.builtin.user: + name: '{{ new_user_name }}' + groups: sudo + append: yes - - name: update facts - setup: + - name: Select new user + set_fact: + ansible_user: "{{ new_user_name }}" + ansible_password: "{{ new_user_password }}" -# Set locale + + # Set root password to whatever shit + + - name: Change root default password + ansible.builtin.user: + name: root + password: "{{ new_root_password | password_hash }}" + + + # Disable SSH with ROOT + - name: PermitRootLogin = no + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: PermitRootLogin no + backrefs: yes + + + # Disable SSH with empty password users + - name: PermitEmptyPasswords = no + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitEmptyPasswords' + line: PermitEmptyPasswords = no + backrefs: yes + + + + # Set locale # https://serverfault.com/a/981742 # https://andreas.scherbaum.la/blog/archives/941-Configuring-locales-in-Debian-and-Ubuntu,-using-Ansible-Reloaded.html - name: Ensure localisation files for '{{ new_locale }}' are available @@ -76,70 +148,13 @@ # changed_when: locale_lang != new_locale or locale_language != new_language # become: yes # no idea if it's needed, nor I care about - -# Wheel group with sudo access - # https://stackoverflow.com/a/33362805 - - name: Make sure we have a 'wheel' group - group: - name: wheel - state: present -# become: true - - - name: Allow 'wheel' group to have passwordless sudo - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: '^%wheel' - line: '%wheel ALL=(ALL) PASSWD: ALL' - validate: visudo -cf %s -# become: true - -# Create `orangepi` (or whatever user u want to create) user (will bother about it later) # maybe move to -> kuser (kluster user)? - - - name: Add user new_user_name - ansible.builtin.user: - name: "{{ new_user_name }}" - password: "{{ new_user_pass | password_hash }}" - shell: /bin/bash -# become: true + - name: Set timezone + command: timedatectl set-timezone {{ new_timezone }} - - name: adding user '{{ new_user_name }}' to group wheel - ansible.builtin.user: - name: '{{ new_user_name }}' - groups: sudo - append: yes -# become: true - - -# Set root password to whatever shit - - - name: Change root default password - ansible.builtin.user: - name: root - password: "{{ new_root_pass | password_hash }}" -# become: yes - -# Disable SSH with ROOT - - name: PermitRootLogin = no - ansible.builtin.lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^PermitRootLogin' - line: PermitRootLogin = no - backrefs: yes - -# Disable SSH with empty password users - - name: PermitEmptyPasswords = no - ansible.builtin.lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^PermitEmptyPasswords' - line: PermitEmptyPasswords = no - backrefs: yes -# become: yes - -# REBOOT + # REBOOT - name: reboot -# ansible.builtin.reboot: - ansible.builtin.shell: 'sleep 1 && dhclient -r && dhclient && reboot' - ignore_unreachable: true -# become: yes + ansible.builtin.reboot: + become: no +# ansible.builtin.shell: 'sleep 1 && dhclient -r && dhclient && reboot' +# ignore_unreachable: true \ No newline at end of file diff --git a/README.md b/README.md index e78a62b..e0843ba 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,16 @@ - Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html) -# Files +# Requirements +- Create a username named "orangepi" with password "orangepi". +- Install sudo. +- Allow the user "orangepi" to have access to sudo. +- The user "orangepi" will be later deleted, so it's fine. + +# Files + ```yaml arm_initial_setup.yaml: standalone playbook to normalize the initialization of an ARMBIAN device @@ -191,7 +198,6 @@ ansible_password: "1234" - # License ## DWTFUW diff --git a/inventory.yaml b/inventory.yaml index da05526..b6ea510 100644 --- a/inventory.yaml +++ b/inventory.yaml @@ -1,15 +1,15 @@ -masters: - hosts: - pi4.filter.home: - vars: - is_master: yes - initial_username: root - initial_password: "" - delete_user_name: orangepi +#masters: +# hosts: +# pi4.filter.home: +# vars: +# is_master: yes +# initial_username: root +# initial_password: "" +# delete_user_name: orangepi slaves: hosts: - slave[02:02].filter.home: + slave[03:03].filter.home: vars: is_master: no initial_username: orangepi diff --git a/ksetup/playbook.yaml b/ksetup/playbook.yaml index 61301ba..878c6c7 100755 --- a/ksetup/playbook.yaml +++ b/ksetup/playbook.yaml @@ -1,5 +1,5 @@ # Author: Oriol Filter -# 30/07/2023 +# 13/12/2023 # Intended for armbian (bullseye, fuck ubuntu tho) it's aarch64 # Maybe still works for orangepi "official" versions, but I only care of make it work for myself soooooo... gl! # https://medium.com/karlmax-berlin/how-to-install-kubernetes-on-raspberry-pi-53b4ce300b58 @@ -10,8 +10,8 @@ vars: # Testing purposes - ansible_user: "kluser" # Testing purposes - ansible_password: "kluser_1234" # Testing purposes + ansible_user: "my_user" # Testing purposes + ansible_password: "my_password" # Testing purposes ansible_become_password: "{{ ansible_password }}" # Testing purposes # Actual vars @@ -26,7 +26,9 @@ # - check vars - debug: var=set_hostname - debug: var=is_master - + - name: Ping check + ping: +# # Init / Basic setup - name: set up node import_tasks: tasks_prepare_node.yaml diff --git a/ksetup/tasks_end.yaml b/ksetup/tasks_end.yaml index 2677e78..3a9c316 100755 --- a/ksetup/tasks_end.yaml +++ b/ksetup/tasks_end.yaml @@ -1,9 +1,37 @@ +# https://stackoverflow.com/questions/46515704/how-to-kill-a-running-process-using-ansible +- name: Get running processes + shell: "ps -ef | grep -v grep | grep -w ^orangepi | awk '{print $2}'" + register: running_processes + when: delete_user_name is defined and delete_user_name | length > 0 + +- name: Debug Running processes + debug: var=running_processes + +- name: Kill running processes + shell: "kill {{ item }}" + with_items: "{{ running_processes.stdout_lines }}" + when: delete_user_name is defined and delete_user_name | length > 0 + +- wait_for: + path: "/proc/{{ item }}/status" + state: absent + with_items: "{{ running_processes.stdout_lines }}" + ignore_errors: yes + register: killed_processes + when: delete_user_name is defined and delete_user_name | length > 0 + +- name: Force kill stuck processes + shell: "kill -9 {{ item }}" + with_items: "{{ killed_processes.results | select('failed') | map(attribute='item') | list }}" + when: delete_user_name is defined and delete_user_name | length > 0 + + - name: Delete user ansible.builtin.user: name: "{{ delete_user_name }}" remove: true state: absent - when: delete_user_name != "" + when: delete_user_name is defined and delete_user_name | length > 0 #reboot diff --git a/ksetup/tasks_prepare_node.yaml b/ksetup/tasks_prepare_node.yaml index 3bd3540..38880f3 100755 --- a/ksetup/tasks_prepare_node.yaml +++ b/ksetup/tasks_prepare_node.yaml @@ -4,7 +4,6 @@ ansible.builtin.hostname: name: "{{ set_hostname }}" - # Swap - name: Swapoff ansible.builtin.command: swapoff -a @@ -25,21 +24,26 @@ - ansible_architecture == "aarch64" - ansible_distribution | lower == "ubuntu" or ansible_distribution | lower == "debian" - -# INTENDED FOR ARM DISTROS FUCK U -#- name: Sed when x86_64 -# ansible.builtin.command: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab -# when: ansible_architecture == "x86_64" +- name: Sed when x86_64 + ansible.builtin.command: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab + when: + - ansible_architecture == "x86_64" + - ansible_distribution | lower == "ubuntu" or ansible_distribution | lower == "debian" # Packages -# Delete default containerd -## Looking forward the version 1.6 -- name: apt prune containerd + +## Delete default containerd and kuberelated thingies +- name: apt prune containerd and other kube related ansible.builtin.apt: - name: containerd + name: + - containerd + - kubelet + - kubeadm + - kubectl state: absent purge: true + allow_change_held_packages: true ## BnB - name: apt update @@ -71,18 +75,28 @@ url: https://download.docker.com/linux/debian/gpg state: present -- name: Add Docker APT repository +- name: Add Docker APT repository (ARM Arch) apt_repository: repo: deb [arch=arm64] https://download.docker.com/linux/debian bullseye stable state: present + when: + - ansible_architecture == "aarch64" -## Kubeshit repo +- name: Add Docker APT repository (x64 Arch) + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable + state: present + when: + - ansible_architecture == "x86_64" -- name: Add Kubernetes GPG key +## Kubeshit repo ARM + +- name: Add Kubernetes GPG key (ARM) apt_key: url: https://packages.cloud.google.com/apt/doc/apt-key.gpg state: present + - name: Add Kubernetes APT repository apt_repository: repo: deb https://apt.kubernetes.io/ kubernetes-xenial main diff --git a/ksetup/tasks_slave.yaml b/ksetup/tasks_slave.yaml index 8f7a571..0ec647b 100755 --- a/ksetup/tasks_slave.yaml +++ b/ksetup/tasks_slave.yaml @@ -3,6 +3,6 @@ - debug: var=_kubeadm_join_command -- name: Join kubeadm +- name: Join kubeadm (this can take a while ... like 20 mins?? idk. probably lot less) ansible.builtin.command: "{{ _kubeadm_join_command }}" become: yes \ No newline at end of file diff --git a/run.sh b/run.sh index 075b76d..fa5b663 100755 --- a/run.sh +++ b/run.sh @@ -1,7 +1,7 @@ #!/bin/bash export ANSIBLE_HOST_KEY_CHECKING=False -#ansible-playbook -i inventory.yaml Initial_Setup/armbian_initial_setup.yaml && sleep 25 # Wait for reboot +#ansible-playbook -i inventory.yaml Initial_Setup/armbian_initial_setup.yaml && sleep 25 && # Wait for reboot ansible-playbook -i inventory.yaml ksetup/playbook.yaml