From 7144c2d74b814a7a5326f2d0c1202e411a0e1bad Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Tue, 1 Aug 2023 15:39:36 +0200 Subject: [PATCH] Commit --- Initial_Setup/armbian_initial_setup.yaml | 16 +++-- README.md | 40 +++++++---- inventory.yaml | 17 +++-- ksetup/{ => Exported}/kubeadm-join.command | 0 ksetup/Exported/kubeconfig.conf | 0 ksetup/playbook.yaml | 41 ++++++----- ksetup/tasks_end.yaml | 7 ++ ksetup/tasks_master.yaml | 81 +++++++--------------- main_issues.md | 21 ------ run.sh | 4 +- 10 files changed, 104 insertions(+), 123 deletions(-) rename ksetup/{ => Exported}/kubeadm-join.command (100%) create mode 100644 ksetup/Exported/kubeconfig.conf delete mode 100644 main_issues.md diff --git a/Initial_Setup/armbian_initial_setup.yaml b/Initial_Setup/armbian_initial_setup.yaml index ffcad36..221dc51 100644 --- a/Initial_Setup/armbian_initial_setup.yaml +++ b/Initial_Setup/armbian_initial_setup.yaml @@ -8,8 +8,8 @@ vars: # Connect - ansible_user: "root" - ansible_password: "1234" + ansible_user: "{{ initial_user }}" + ansible_password: "{{ initial_password }}" ansible_become_password: "{{ ansible_password }}" # New values @@ -74,7 +74,8 @@ - name: Configure locale to '{{ new_locale }}' and language to '{{ new_language }}' command: localectl set-locale LANG={{ new_locale }} LANGUAGE={{ new_language }} # changed_when: locale_lang != new_locale or locale_language != new_language -# become: yes # no idea if it's needed nor I care about +# become: yes # no idea if it's needed, nor I care about + # Wheel group with sudo access # https://stackoverflow.com/a/33362805 @@ -120,13 +121,20 @@ # become: yes # Disable SSH with ROOT - - name: PermitRootLogin = no ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config regexp: '^PermitRootLogin' line: PermitRootLogin = no backrefs: yes + +# Disable SSH with empty password users + - name: PermitEmptyPasswords = no + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitEmptyPasswords' + line: PermitEmptyPasswords = no + backrefs: yes # become: yes # REBOOT diff --git a/README.md b/README.md index 2d851c1..e78a62b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Intended for OrangePI5 **(might work on other devices)** - Tested on [ARMBIAN](https://www.armbian.com/orangepi-5/) Bullseye -- Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html) official Debian versions, but can't **confirm still works** +- Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html) # Files @@ -17,7 +17,9 @@ ksetup/: - tasks_master.yaml - tasks_slave.yaml - tasks_end.yaml - - kubeadm-join.command + - Exported: + - kubeadm-join.command (exported file) + - kubeconfig.conf (exported file) inventory.yaml: Example inventory ``` @@ -36,6 +38,8 @@ For more info regarding Ansible Inventory, refer to their [documentation regardi It will: +- `apt-get update && apt-get upgrade` +- Install locale tools and `sudo`. - Set the `loacale` for the ROOT user - Set the `language` for the ROOT user - Create the `wheel` group @@ -44,13 +48,18 @@ It will: - Add the new user to the `wheel` group - Change the ROOT password - Disable SSH login to the ROOT user -- Executes `sleep 1 && dhclient -r && dhclient && reboot`. The `dhclient` is for my own usage so **modify it if it bothers you**. +- Reboots the device and ignores if you can't connect back, why? Cause might receive a different IP from the DHCP client. This is convenient for myself. ### Vars A reminder that the point of this script, is to normalize the process of setting up a **fresh** ARMBIAN OS. ```yaml +# Initial Setup +initial_username: username used to to the first connection +initial_password: password used to to the first connection + + # Connect ansible_user: User used to connect ansible_password: Password used to connect @@ -99,7 +108,7 @@ _kubeadm_join_command: Placeholder, will be populated at later stages of the scr - Installs Docker (Debian) and Kubernetes repos. - Installs `containerd.io`, `kubelet`, `kubeadm`, `kubectl`, `git`, `vim`. - Sets default config for `containerd` with cGroups enabled. -- Enables some `iptables`. +- Enables some `iptables` modules. - "Resets" `/etc/hosts` file #### tasks_master.yaml @@ -107,22 +116,22 @@ _kubeadm_join_command: Placeholder, will be populated at later stages of the scr ##### Will only be executed if the variable `is_master` is set to `True` - Executes `kubeadm init` aka initializes the node without further arguments assigned. -- Sets the `kubectl` conf to the user specified. -- Deploys `Calico` network plugin (might change in the future) +- Export the `kubeconfig` file. - Removes `node-role.kubernetes.io/control-plane` taint to allow deploying containers in the control plane node. -- Generates a "join cluster" command and stores it in a file **LOCALLY** as `kubeadm-join.command`, this file will be later used by the slave nodes, who will execute this file's contents. +- Deploys `Calico` CNI network plugin. +- Deploys `MetalLB` CRDs. +- Generates a "join cluster" command and stores it in a file **LOCALLY** as `/Exported/ubeadm-join.command`, this file will be later used by the slave nodes, who will execute this file's contents. #### tasks_slave.yaml ##### Will only be executed if the variable `is_master` is set to `False` -- Executes the "command" stored in the file `kubeadm-join.command` located **LOCALLY**. +- Executes the "command" stored in the file `./Exported/kubeadm-join.command` located **LOCALLY**. #### tasks_end.yaml - As per the moment, only reboots. - # USAGE ## Setup @@ -143,6 +152,16 @@ dd if=Armbian_23.02.2_Orangepi5_bullseye_legacy_5.10.110_minimal.img of=/dev/sdg ### arm_initial_setup.yaml +#### Log in Values + +I set up the variables on the `inventory.yaml` file. + +```yaml +initial_username: username used to to the first connection +initial_password: password used to to the first connection +``` + + #### Change the values of the desired variables @@ -168,9 +187,6 @@ ansible_user: "root" ansible_password: "1234" ``` - - - ## Run (?) diff --git a/inventory.yaml b/inventory.yaml index f5981d1..cca4375 100644 --- a/inventory.yaml +++ b/inventory.yaml @@ -1,11 +1,16 @@ masters: hosts: pi4.filter.home: -# masterk.filter.home: vars: is_master: yes -#slaves: -# hosts: -# slave[01:01].filter.home: -# vars: -# is_master: no + initial_username: root + initial_password: "" + +slaves: + hosts: + slave[02:02].filter.home: + vars: + is_master: no + initial_username: orangepi + initial_password: orangepi + delete_user_name: orangepi diff --git a/ksetup/kubeadm-join.command b/ksetup/Exported/kubeadm-join.command similarity index 100% rename from ksetup/kubeadm-join.command rename to ksetup/Exported/kubeadm-join.command diff --git a/ksetup/Exported/kubeconfig.conf b/ksetup/Exported/kubeconfig.conf new file mode 100644 index 0000000..e69de29 diff --git a/ksetup/playbook.yaml b/ksetup/playbook.yaml index e020960..8f48fbc 100755 --- a/ksetup/playbook.yaml +++ b/ksetup/playbook.yaml @@ -1,7 +1,7 @@ # Author: Oriol Filter -# 11/03/2023 +# 30/07/2023 # Intended for armbian (bullseye, fuck ubuntu tho) it's aarch64 -# Maybe still works for orangepi "official" versions, but I don't care about them unless I used soooooo... gl! +# Maybe still works for orangepi "official" versions, but I only care of make it work for myself soooooo... gl! # https://medium.com/karlmax-berlin/how-to-install-kubernetes-on-raspberry-pi-53b4ce300b58 - name: Preparethings order: inventory @@ -19,30 +19,29 @@ # is_master: Figurative # Cluster shit - kubeadm_join_path: "./kubeadm-join.command" + kubeadm_join_path: "./Exported/kubeadm-join.command" _kubeadm_join_command: "" #placeholder - tasks: -## - check vars -# - debug: var=set_hostname -# - debug: var=is_master -# -## Init / Basic setup -# - name: set up node -# import_tasks: tasks_prepare_node.yaml -# become: true +# - check vars + - debug: var=set_hostname + - debug: var=is_master + +# Init / Basic setup + - name: set up node + import_tasks: tasks_prepare_node.yaml + become: true # If is_master: init - name: init cluster import_tasks: tasks_master.yaml when: is_master -# -## else: join -# - name: join cluster -# import_tasks: tasks_slave.yaml -# when: not is_master -# -## Do other stuff -# - name: post setup -# import_tasks: tasks_end.yaml + +# else: join + - name: join cluster + import_tasks: tasks_slave.yaml + when: not is_master + +# Do other stuff + - name: post setup + import_tasks: tasks_end.yaml diff --git a/ksetup/tasks_end.yaml b/ksetup/tasks_end.yaml index 5b32952..21dae44 100755 --- a/ksetup/tasks_end.yaml +++ b/ksetup/tasks_end.yaml @@ -1,3 +1,10 @@ +- name: Delete user + ansible.builtin.user: + name: "{{ delete_user_name }}" + remove: true + state: absent + when: not is_master + become: true #reboot - name: reboot diff --git a/ksetup/tasks_master.yaml b/ksetup/tasks_master.yaml index 044f5c2..c0ec861 100755 --- a/ksetup/tasks_master.yaml +++ b/ksetup/tasks_master.yaml @@ -1,9 +1,10 @@ ## Init -#- name: Init cluster -# ansible.builtin.command: "kubeadm init" -# become: true +- name: Init cluster + ansible.builtin.command: "kubeadm init" + become: true -### get kubectl file + +## Export kubeconfig file - name: Export remote kubeconfig file ansible.builtin.fetch: @@ -13,6 +14,12 @@ become: true +## Taints + +### Schedule pods on master +- name: Remove Taint (allows deployment in control plane node) + ansible.builtin.shell: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" + ## CNI ### Calico @@ -26,59 +33,19 @@ ansible.builtin.command: "kubectl create --kubeconfig /etc/kubernetes/admin.conf -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml" become: true -#- name: Calico custom -# ansible.builtin.command: "kubectl create --kubeconfig /etc/kubernetes/admin.conf -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml" -# become: true +## Export join command +- name: Generate join token + shell: kubeadm token create --print-join-command + register: kubeadm_join_cmd +- set_fact: + kubeadm_join_command: "{{ kubeadm_join_cmd.stdout }}" +- debug: var=kubeadm_join_command -## Set kubectl tool -#- user: -# name: "{{ ansible_user_id }}" -# state: present -# register: user_info_registered - -#- name: create .kube directory -# become: yes -# become_user: "{{ ansible_user_id }}" -# file: -# path: "{{ user_info_registered.home }}/.kube" -# state: directory -# mode: 0755 - -#- debug: var=user_info_registered.home - -#- name: copy admin.conf to user's kube config -# copy: -# src: /etc/kubernetes/admin.conf -# remote_src: yes -# dest: "{{ user_info_registered.home }}/.kube/config" -# owner: "{{ ansible_user_id }}" -# become: true - - -## Network Plugin -#- name: Calico -# ansible.builtin.command: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml" -# -## Remove taints -#- name: Remove Taint (allows deployment in control plane) -# ansible.builtin.shell: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" -# -## Join token / command -#- name: Generate join token -# shell: kubeadm token create --print-join-command -# register: kubeadm_join_cmd -# -#- set_fact: -# kubeadm_join_command: "{{ kubeadm_join_cmd.stdout }}" -# -#- debug: var=kubeadm_join_command -# -#- name: Store join command in "{{ kubeadm_join_path }}" -# copy: -# dest: "{{ kubeadm_join_path }}" -# content: | -# {{ kubeadm_join_command }} -# delegate_to: localhost - +- name: Store join command in "{{ kubeadm_join_path }}" + copy: + dest: "{{ kubeadm_join_path }}" + content: | + {{ kubeadm_join_command }} + delegate_to: localhost diff --git a/main_issues.md b/main_issues.md deleted file mode 100644 index 8915fa6..0000000 --- a/main_issues.md +++ /dev/null @@ -1,21 +0,0 @@ -# Main issues I ran into - -## kubeadm init - -### Something something API V1 - -Probably ~~(surely)~~ the `containerd` version you are using is 1.4 something, that's due being the default version installed / from the default repositories. - -To fix it, install `containerd.io`. - -If currently can't find `containerd.io`, follow the [Set up the repository](https://docs.docker.com/engine/install/debian/#install-using-the-repository) to set up the repositories and finally run `apt-get install containerd.io` - -You can check the version by running `containerd --version` - -## CNI plugin initializing - -Wait, if after a while it still this way, confirm that you actually deployed the (right) network plugin. - -```shell -kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml -``` diff --git a/run.sh b/run.sh index 3a6a22f..1b34738 100755 --- a/run.sh +++ b/run.sh @@ -2,10 +2,10 @@ export ANSIBLE_HOST_KEY_CHECKING=False # Replace for an inventory -IP="192.168.1.2" +#IP="192.168.1.2" #IP="192.168.1.50,192.168.1.51" -#ansible-playbook -i $IP, Initial_Setup/armbian_initial_setup.yaml && sleep 25 # Wait for reboot +ansible-playbook -i inventory.yaml Initial_Setup/armbian_initial_setup.yaml && sleep 25 # Wait for reboot ansible-playbook -i inventory.yaml ksetup/playbook.yaml