-
-
Notifications
You must be signed in to change notification settings - Fork 81
/
Copy pathk3s-install-agent.sh
275 lines (213 loc) · 7.11 KB
/
k3s-install-agent.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
#!/bin/bash
check_os() {
name=$(cat /etc/os-release | grep ^NAME= | sed 's/"//g')
clean_name=$${name#*=}
version=$(cat /etc/os-release | grep ^VERSION_ID= | sed 's/"//g')
clean_version=$${version#*=}
major=$${clean_version%.*}
minor=$${clean_version#*.}
if [[ "$clean_name" == "Ubuntu" ]]; then
operating_system="ubuntu"
elif [[ "$clean_name" == "Oracle Linux Server" ]]; then
operating_system="oraclelinux"
else
operating_system="undef"
fi
echo "K3S install process running on: "
echo "OS: $operating_system"
echo "OS Major Release: $major"
echo "OS Minor Release: $minor"
}
install_oci_cli_ubuntu(){
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y python3 python3-pip nginx libnginx-mod-stream
systemctl enable nginx
# https://github.com/oracle/oci-cli/issues/875
LATEST_OCICLI=$(curl -L https://api.github.com/repos/oracle/oci-cli/releases | \
jq -r 'sort_by(.name) | reverse | .[0].name') ;
echo "LATEST_OCICLI=$${LATEST_OCICLI}" ;
bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)" \
-s \
--accept-all-defaults \
--oci-cli-version $${LATEST_OCICLI}
}
install_oci_cli_oracle(){
if [[ $major -eq 9 ]]; then
dnf -y install oraclelinux-developer-release-el9
dnf -y install python39-oci-cli python3-jinja2 nginx-all-modules
else
dnf -y install oraclelinux-developer-release-el8
dnf -y module enable nginx:1.20 python36:3.6
dnf -y install python36-oci-cli python3-jinja2 nginx-all-modules
fi
}
wait_lb() {
while [ true ]
do
curl --output /dev/null --silent -k https://${k3s_url}:6443
if [[ "$?" -eq 0 ]]; then
break
fi
sleep 5
echo "wait for LB"
done
}
check_os
if [[ "$operating_system" == "ubuntu" ]]; then
# Disable firewall
/usr/sbin/netfilter-persistent stop
/usr/sbin/netfilter-persistent flush
systemctl stop netfilter-persistent.service
systemctl disable netfilter-persistent.service
# END Disable firewall
apt-get update
apt-get install -y software-properties-common jq
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
%{ if ! disable_ingress }
install_oci_cli_ubuntu
%{ endif }
# Fix /var/log/journal dir size
echo "SystemMaxUse=100M" >> /etc/systemd/journald.conf
echo "SystemMaxFileSize=100M" >> /etc/systemd/journald.conf
systemctl restart systemd-journald
fi
if [[ "$operating_system" == "oraclelinux" ]]; then
# Disable firewall
systemctl disable --now firewalld
# END Disable firewall
# Fix iptables/SELinux bug
echo '(allow iptables_t cgroup_t (dir (ioctl)))' > /root/local_iptables.cil
semodule -i /root/local_iptables.cil
dnf -y update
dnf -y install jq curl
%{ if ! disable_ingress }
install_oci_cli_oracle
%{ endif }
# Nginx Selinux Fix
setsebool httpd_can_network_connect on -P
fi
k3s_install_params=()
%{ if k3s_subnet != "default_route_table" }
local_ip=$(ip -4 route ls ${k3s_subnet} | grep -Po '(?<=src )(\S+)')
flannel_iface=$(ip -4 route ls ${k3s_subnet} | grep -Po '(?<=dev )(\S+)')
k3s_install_params+=("--node-ip $local_ip")
k3s_install_params+=("--flannel-iface $flannel_iface")
%{ endif }
if [[ "$operating_system" == "oraclelinux" ]]; then
k3s_install_params+=("--selinux")
fi
INSTALL_PARAMS="$${k3s_install_params[*]}"
%{ if k3s_version == "latest" }
K3S_VERSION=$(curl --silent https://api.github.com/repos/k3s-io/k3s/releases/latest | jq -r '.name')
%{ else }
K3S_VERSION="${k3s_version}"
%{ endif }
wait_lb
until (curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=$K3S_VERSION K3S_TOKEN=${k3s_token} K3S_URL=https://${k3s_url}:6443 sh -s - $INSTALL_PARAMS); do
echo 'k3s did not install correctly'
sleep 2
done
proxy_protocol_stuff(){
cat << 'EOF' > /root/find_ips.sh
export OCI_CLI_AUTH=instance_principal
private_ips=()
export PATH="/root/bin:$PATH"
# Fetch the OCID of all the running instances in OCI and store to an array
instance_ocids=$(oci search resource structured-search --query-text "QUERY instance resources where lifeCycleState='RUNNING'" --query 'data.items[*].identifier' --raw-output | jq -r '.[]' )
# Iterate through the array to fetch details of each instance one by one
for val in $${instance_ocids[@]} ; do
echo $val
# Get name of the instance
instance_name=$(oci compute instance get --instance-id $val --raw-output --query 'data."display-name"')
echo $instance_name
# Get Public Ip of the instance
public_ip=$(oci compute instance list-vnics --instance-id $val --raw-output --query 'data[0]."public-ip"')
echo $public_ip
private_ip=$(oci compute instance list-vnics --instance-id $val --raw-output --query 'data[0]."private-ip"')
echo $private_ip
private_ips+=($private_ip)
done
for i in "$${private_ips[@]}"
do
echo "$i" >> /tmp/private_ips
done
EOF
if [[ "$operating_system" == "ubuntu" ]]; then
NGINX_MODULE=/usr/lib/nginx/modules/ngx_stream_module.so
NGINX_USER=www-data
fi
if [[ "$operating_system" == "oraclelinux" ]]; then
NGINX_MODULE=/usr/lib64/nginx/modules/ngx_stream_module.so
NGINX_USER=nginx
fi
cat << EOD > /root/nginx-header.tpl
load_module $NGINX_MODULE;
user $NGINX_USER;
worker_processes auto;
pid /run/nginx.pid;
EOD
cat << 'EOF' > /root/nginx-footer.tpl
events {
worker_connections 768;
# multi_accept on;
}
stream {
upstream k3s-http {
{% for private_ip in private_ips -%}
server {{ private_ip }}:${ingress_controller_http_nodeport} max_fails=3 fail_timeout=10s;
{% endfor -%}
}
upstream k3s-https {
{% for private_ip in private_ips -%}
server {{ private_ip }}:${ingress_controller_https_nodeport} max_fails=3 fail_timeout=10s;
{% endfor -%}
}
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/k3s_access.log basic;
error_log /var/log/nginx/k3s_error.log;
proxy_protocol on;
server {
listen ${https_lb_port};
proxy_pass k3s-https;
proxy_next_upstream on;
}
server {
listen ${http_lb_port};
proxy_pass k3s-http;
proxy_next_upstream on;
}
}
EOF
cat /root/nginx-header.tpl /root/nginx-footer.tpl > /root/nginx.tpl
cat << 'EOF' > /root/render_nginx_config.py
from jinja2 import Template
import os
RAW_IP = open('/tmp/private_ips', 'r').readlines()
IPS = [i.replace('\n','') for i in RAW_IP]
nginx_config_template_path = '/root/nginx.tpl'
nginx_config_path = '/etc/nginx/nginx.conf'
with open(nginx_config_template_path, 'r') as handle:
nginx_config_template = handle.read()
new_nginx_config = Template(nginx_config_template).render(
private_ips = IPS
)
with open(nginx_config_path, 'w') as handle:
handle.write(new_nginx_config)
EOF
chmod +x /root/find_ips.sh
./root/find_ips.sh
python3 /root/render_nginx_config.py
nginx -t
systemctl restart nginx
}
%{ if ! disable_ingress }
proxy_protocol_stuff
%{ endif }
%{ if install_longhorn }
if [[ "$operating_system" == "ubuntu" ]]; then
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y open-iscsi curl util-linux
fi
systemctl enable --now iscsid.service
%{ endif }