# Intended for OrangePI5 **(might work on other devices)**
- Tested on [ARMBIAN](https://www.armbian.com/orangepi-5/) Bullseye
- Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html)


# Requirements


- Create a username named "orangepi" with password "orangepi".
- Install sudo.
- Allow the user "orangepi" to have access to sudo.
- The user "orangepi" will be later deleted, so it's fine.

# Files

```yaml
arm_initial_setup.yaml: standalone playbook to normalize the initialization of an ARMBIAN device

run.sh: placeholder script used for testing

ksetup/:
  - playbook.yaml
  - tasks_prepare_node.yaml
  - tasks_master.yaml
  - tasks_slave.yaml
  - tasks_end.yaml
  - Exported:
    - kubeadm-join.command (exported file)
    - kubeconfig.conf (exported file)

inventory.yaml: Example inventory
```

## Inventory.yaml

Example inventory.

Contains 2 groups, `masters` and `slaves`.

Each group have the variable `is_master` configured.

For more info regarding Ansible Inventory, refer to their [documentation regarding the topic](https://docs.ansible.com/ansible/latest/inventory_guide/index.html).

## arm_initial_setup.yaml

It will:

- `apt-get update && apt-get upgrade`
- Install locale tools and `sudo`.
- Set the `loacale` for the ROOT user
- Set the `language` for the ROOT user
- Create the `wheel` group
- Add the `wheel` group to sudoers (using password)
- Add a new user with its password
- Add the new user to the `wheel` group
- Change the ROOT password
- Disable SSH login to the ROOT user
- Reboots the device and ignores if you can't connect back, why? Cause might receive a different IP from the DHCP client. This is convenient for myself.  

### Vars

A reminder that the point of this script, is to normalize the process of setting up a **fresh** ARMBIAN OS.

```yaml
# Initial Setup
initial_username: username used to to the first connection
initial_password: password used to to the first connection


# Connect
ansible_user: User used to connect
ansible_password: Password used to connect
ansible_become_password: Password used to execute `sudo`

# New values
## Users
new_user_name: Username to create/modify
new_user_pass: Password for the used to create/modify
new_root_pass: New password for root

## Locales
new_locale: New locale desired
new_language: New language desired
```

## ksetup

### playbook.yaml


Used to "orchestrate" the process and call the rest of the **task** playbooks.
#### Vars
```yaml
# Testing purposes
ansible_user: User used to connect
ansible_password: Password used to connect
ansible_become_password: Password used to execute `sudo`

# Actual vars
set_hostname: New hostname for the device, by default will obtain it's values from the variable `ansible_host` aka. the URL specified to connect to such device.
is_master: This variable determines which playbooks will run.

# Cluster shit
kubeadm_join_path: File path that will store the `kubeadm join` command to be executed by the worker nodes.
_kubeadm_join_command: Placeholder, will be populated at later stages of the script.
```

### TASK playbooks
#### tasks_prepare_node.yaml

- Changes the device hostname
- Disables RAM usage.
- Update -> Upgrade.
- Uninstalls `containerd`.
- Installs Docker (Debian) and Kubernetes repos.
- Installs `containerd.io`, `kubelet`, `kubeadm`, `kubectl`, `git`, `vim`.
- Sets default config for `containerd` with cGroups enabled.
- Enables some `iptables` modules. 
- "Resets" `/etc/hosts` file

#### tasks_master.yaml

##### Will only be executed if the variable `is_master` is set to `True`

- Executes `kubeadm init` aka initializes the node without further arguments assigned. 
- Export the `kubeconfig` file.
- Removes `node-role.kubernetes.io/control-plane` taint to allow deploying containers in the control plane node.
- Deploys `Calico` CNI network plugin.
- Deploys `MetalLB` CRDs.
- Generates a "join cluster" command and stores it in a file **LOCALLY** as `/Exported/ubeadm-join.command`, this file will be later used by the slave nodes, who will execute this file's contents.

#### tasks_slave.yaml

##### Will only be executed if the variable `is_master` is set to `False`

- Executes the "command" stored in the file `./Exported/kubeadm-join.command` located **LOCALLY**.

#### tasks_end.yaml

- As per the moment, only reboots.

# USAGE

## Update Calico/MetalLB versions

Open the file `tasks_master.yaml` and update the .yaml files for Calico and MetalLB to match the desired/newer versions.

## Setup

On my infrastructure/environment, **I** use a DHCP and DNS to connect / communicate the nodes.

You **might** need to edit the file `/etc/hosts` and <u>manually</u> point the resources IP addresses.

So my first step is to reserve the MAC addresses and configure the DHCP server.

Afterwards update the DNS server to point to those IPs.

### Set the SD card / SBC (Single Board Computer)
Beware of using the right IMG / device, as you don't want to <u>delete the wrong drive</u>, **right?**
```shell
dd if=Armbian_23.02.2_Orangepi5_bullseye_legacy_5.10.110_minimal.img of=/dev/sdg  status=progress bs=1M status=progress
```

### arm_initial_setup.yaml

#### Log in Values

I set up the variables on the `inventory.yaml` file.

```yaml
initial_username: username used to to the first connection
initial_password: password used to to the first connection
```



#### Change the values of the desired variables

```yaml
# New values
## Users
new_user_name: "orangepi"
new_user_pass: "orangepi"
new_root_pass: "1234"

## Locales
new_locale: "en_US.UTF-8"
new_language: "en_US.UTF-8"
```


#### Change the connection variables (Optional)

**Optional**, if you are not planning to use root, the playbook might require some slight changes in order to work with a user that's not root, idk, not my problem, this playbook <u>**assumes**</u> you will be using an ARMBIAN image.

```yaml
ansible_user: "root"
ansible_password: "1234"
```

## Run (?)



# License

## DWTFUW

Do whatever the fuck you want license ™