Spencer/Proxmox_k3_deployment
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
Proxmox_k3_deployment/fcos-tmplt.yaml
Pin ef9ab317aa pve side automation
2022-04-07 17:42:46 -04:00

350 lines
15 KiB
YAML
Raw Permalink Blame History

- path: /usr/local/bin/geco-cloudinit
mode: 0755
contents:
inline: |
#!/bin/bash
#
# Copyright (c) 2020 Geco-iT Team - All right reserved
# Geco-iT <contact@geco-it.fr>
#
# $Id: geco-cloudinit 2020-11-26 18:36:24Z cduchenoy $
#
# Apply Basic Cloudinit Settings
#
# ===================================================================================
declare -r VERSION=1.2011
set -e
trap 'catch $?' EXIT
CIPATH=/run/cloudinit
YQ="yq read --exitStatus --printMode v --stripComments --"
# ===================================================================================
# functions()
catch() {
${MOUNTED:-false} && umount ${CIPATH} && rmdir ${CIPATH}
}
mount | grep -q /run/cloudinit && MOUNTED=true # init
# use for vm clone
sysprep() {
echo "Remove all ssh system keys..."
rm -f /etc/ssh/ssh_host_*
echo "Clean ostree database..."
rpm-ostree cleanup --base --pending --rollback --repomd
echo "Remove all local user..."
for user in $(awk -F: -v uiduser="1000" '{if ($3>=uiduser) print $1}' /etc/passwd); do
userdel --force --remove ${user}
done
echo "Purge all docker ressources..."
docker system prune --all --force
echo "Remove all network/machine settings..."
rm -f /var/lib/NetworkManager/*
echo "" > /etc/machine-id
echo "Purge all system logs..."
journalctl --rotate --vacuum-time=1s
systemctl stop systemd-journald*
rm -rf /var/log/journal/*
rm -rf /var/log/ssd/*
echo "Force run cloudinit on next reboot..."
echo "fake" > /var/.cloudinit
echo -e "\nShutdown now..."
poweroff
exit 0
}
[[ "x${1}" == "xsysprep" ]]&& sysprep
setup_yq() {
local VER=3.4.1
[[ -x /usr/bin/wget ]]&& download_command="wget --quiet --show-progress --output-document" || download_command="curl -s --location --output"
[[ -x /usr/local/bin/yq ]]&& [[ "x$(/usr/local/bin/yq --version | awk '{print $NF}')" == "x${VER}" ]]&& return 0
echo "Setup yaml parser tools yq..."
rm -f /usr/local/bin/yq
${download_command} /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${VER}/yq_linux_amd64
chmod 755 /usr/local/bin/yq
}
setup_yq
# network
mask2cdr()
{
# Assumes there's no "255." after a non-255 byte in the mask
local x=${1##*255.}
set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*}
x=${1%%$3*}
echo $(( $2 + (${#x}/4) ))
}
cdr2mask()
{
# Number of args to shift, 255..255, first non-255 byte, zeroes
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
[[ $1 -gt 1 ]] && shift $1 || shift
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
# ===================================================================================
# main()
[[ ! -e /dev/sr0 ]]&& {
echo "[INFO]: Cloudinit: any drive found..."
exit 0
}
mkdir -p ${CIPATH}
mount -o ro /dev/sr0 ${CIPATH}
MOUNTED=true
[[ ! -e ${CIPATH}/meta-data ]]&& {
echo "[ERROR]: Cloudinit: nocloud metada not found..."
exit 1
}
cloudinit_instanceid="$(${YQ} ${CIPATH}/meta-data 'instance-id')"
if [[ -e /var/.cloudinit ]]
then
[[ "x$(cat /var/.cloudinit)" == "x${cloudinit_instanceid}" ]]&& {
echo "[INFO]: Cloudinit any change detected..."
exit 0
}
# hostname
NEWHOSTNAME="$(${YQ} ${CIPATH}/user-data 'hostname' 2> /dev/null)"
[[ -n "${NEWHOSTNAME}" ]]&& [[ "x${NEWHOSTNAME,,}" != "x$(hostname)" ]]&& {
echo -n "[INFO]: Cloudinit: set hostname to ${NEWHOSTNAME,,}... "
hostnamectl set-hostname ${NEWHOSTNAME,,} || { echo "[failed]"; exit 1; }
MUST_REBOOT=true
echo "[done]"
}
# username
NEWUSERNAME="$(${YQ} ${CIPATH}/user-data 'user' 2> /dev/null)" || true # cant be empty if no cloudinit user defined
[[ "x${NEWUSERNAME}" == "x" ]] && NEWUSERNAME="admin" # NEWUSERNAME="core" use "admin" on geco-template
getent passwd ${NEWUSERNAME} &> /dev/null || {
echo -n "[INFO]: Cloudinit: add sytem user: ${NEWUSERNAME}... "
useradd --comment "Geco-iT CoreOS Administrator" --create-home \
--groups adm,wheel,sudo,systemd-journal,docker ${NEWUSERNAME} &> /dev/null || { echo "[failed]"; exit 1; }
echo "[done]"
}
# passwd
NEWPASSWORD="$(${YQ} ${CIPATH}/user-data 'password' 2> /dev/null)"
[[ -n "${NEWPASSWORD}" ]]&& [[ "x${NEWPASSWORD}" != "x$(grep ^${NEWUSERNAME} /etc/shadow | awk -F: '{print $2}')" ]]&& {
echo -n "[INFO]: Cloudinit: set password for user ${NEWUSERNAME}... "
sed -e "/^${NEWUSERNAME}/d" -i /etc/shadow &> /dev/null || { echo "[failed]"; exit 1; }
echo "${NEWUSERNAME}:${NEWPASSWORD}:18000:0:99999:7:::" >> /etc/shadow || { echo "[failed]"; exit 1; }
chage --lastday "$(date +%Y-%m-%d)" ${NEWUSERNAME} &> /dev/null || { echo "[failed]"; exit 1; }
echo "[done]"
}
# ssh key
[[ -e /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d/ignition ]] || {
install --directory --owner=${NEWUSERNAME} --group=${NEWUSERNAME} \
--mode=0700 /var/home/${NEWUSERNAME}/.ssh &> /dev/null || { echo "[failed]"; exit 1; }
install --directory --owner=${NEWUSERNAME} --group=${NEWUSERNAME} \
--mode=0700 /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d &> /dev/null || { echo "[failed]"; exit 1; }
install --owner=${NEWUSERNAME} --group=${NEWUSERNAME} \
--mode=0600 /dev/null /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d/ignition &> /dev/null || { echo "[failed]"; exit 1; }
}
echo -n "[INFO]: Cloudinit: wrote ssh authorized keys file for user: ${NEWUSERNAME}... "
${YQ} ${CIPATH}/user-data 'ssh_authorized_keys[*]' > /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d/ignition 2> /dev/null || { echo "[failed]"; exit 1; }
echo "[done]"
# Network => ipv6: TODO
netcards="$(${YQ} ${CIPATH}/network-config 'config[*].name' 2> /dev/null | wc -l)"
nameservers="$(${YQ} ${CIPATH}/network-config "config[${netcards}].address[*]" 2> /dev/null | paste -s -d ";" -)"
searchdomain="$(${YQ} ${CIPATH}/network-config "config[${netcards}].search[*]" 2> /dev/null | paste -s -d ";" -)"
echo "[INFO]: Cloudinit: DNS Server=$nameservers - DNS Search=$searchdomain"
for (( i=O; i<${netcards}; i++ )); do
ipv4="" netmask="" gw="" macaddr="" # reset on each run
ipv4="$(${YQ} ${CIPATH}/network-config config[${i}].subnets[0].address 2> /dev/null)" || {
[[ -e /etc/NetworkManager/system-connections/net${i}.nmconnection ]]&& MUST_NETWORK_RELOAD=true
rm -f /etc/NetworkManager/system-connections/net${i}.nmconnection
continue # dhcp mode
}
netmask="$(${YQ} ${CIPATH}/network-config config[${i}].subnets[0].netmask 2> /dev/null)"
cidr="$(mask2cdr ${netmask})"
gw="$(${YQ} ${CIPATH}/network-config config[${i}].subnets[0].gateway 2> /dev/null)" || true # can be empty
macaddr="$(${YQ} ${CIPATH}/network-config config[${i}].mac_address 2> /dev/null)"
echo "[INFO]: Cloudinit: NET$i IPv4 Network: IP=${ipv4}/${netmask} - GW=${gw:-none} - MAC=${macaddr}"
rm -f /etc/NetworkManager/system-connections/default_connection.nmconnection # remove default connexion settings
if [[ -e /etc/NetworkManager/system-connections/net${i}.nmconnection ]]
then
[[ "x${ipv4}/${cidr}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.addresses: | awk '{print $2}')" ]]&& {
echo -n "[INFO]: Cloudinit: update Network config ipv4 for net${i}... "
nmcli c modify net${i} ipv4.addresses "${ipv4}/${cidr}"
MUST_NET_RECONFIG=true
echo "[done]"
}
[[ "x${gw}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.gateway: | awk '{print $2}')" ]] && {
echo -n "[INFO]: Cloudinit: update Network config gateway for net${i}... "
nmcli c modify net${i} ipv4.gateway "${gw}"
MUST_NET_RECONFIG=true
echo "[done]"
}
[[ "x${searchdomain}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.dns-search: | awk '{print $2}' | tr ',' ';')" ]]&& {
echo -n "[INFO]: Cloudinit: update Network config dns seach for net${i}... "
nmcli c modify net${i} ipv4.dns-search "$(echo ${searchdomain} | tr ";" ",")"
MUST_NET_RECONFIG=true
echo "[done]"
}
[[ "x${nameservers}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.dns: | awk '{print $2}' | tr ',' ';')" ]]&& {
echo -n "[INFO]: Cloudinit: update Network config dns server for net${i}... "
nmcli c modify net${i} ipv4.dns "$(echo ${nameservers} | tr ";" ",")"
MUST_NET_RECONFIG=true
echo "[done]"
}
else
echo -n "[INFO]: Cloudinit: wrote NetworkManager config for net${i}... "
install --mode=0600 /dev/null /etc/NetworkManager/system-connections/net${i}.nmconnection &> /dev/null || { echo "[failed]"; exit 1; }
echo -e "[connection]\ntype=ethernet\nid=net${i}\n#interface-name=eth${i}\n" >> /etc/NetworkManager/system-connections/net${i}.nmconnection
echo -e "[ethernet]\nmac-address=${macaddr}\n" >> /etc/NetworkManager/system-connections/net${i}.nmconnection
echo -e "[ipv4]\nmethod=manual\naddresses=${ipv4}/${netmask}\ngateway=${gw}\ndns=${nameservers}\ndns-search=${searchdomain}" >> /etc/NetworkManager/system-connections/net${i}.nmconnection
MUST_NET_RECONFIG=true
echo "[done]"
fi
done
fi
${MUST_NET_RECONFIG:-false}&& {
echo "[INFO]: Cloudinit: must reload network..."
nmcli connection reload
nmcli networking off
nmcli networking on
systemctl restart geco-motd.service
systemctl restart console-login-helper-messages-motdgen.service
}
echo -n "[INFO]: Cloudinit: save instance id... "
echo "${cloudinit_instanceid}" > /var/.cloudinit
echo "[done]"
${MUST_REBOOT:-false}&& {
echo "[INFO]: Cloudinit: applied settings; must reboot..."
/bin/systemctl --no-block reboot
}
exit 0
# kernel config
- path: /etc/sysctl.d/20-silence-audit.conf
mode: 0644
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# to hide audit messages from the interactive console
kernel.printk=4
- path: /usr/local/bin/run-k3s-prereq-installer
mode: 0755
contents:
inline: |
#!/usr/bin/env sh
main() {
rpm-ostree install https://github.com/k3s-io/k3s-selinux/releases/download/v1.1.stable.1/k3s-selinux-1.1-1.el7.noarch.rpm
return 0
}
main
- path: /usr/local/bin/run-k3s-installer
mode: 0755
contents:
inline: |
#!/usr/bin/env sh
main() {
export K3S_KUBECONFIG_MODE="644"
export INSTALL_K3S_EXEC=" --no-deploy servicelb --no-deploy traefik"
#curl -sfL https://get.k3s.io | sh -
return 0
}
main
systemd:
units:
# geco-cloudinit: apply cloudinit settings on boot
- name: geco-cloudinit.service
enabled: true
contents: |
[Unit]
Description=Geco-iT Cloudinit
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=oneshot
TimeoutStartSec=0
ExecStart=/usr/local/bin/geco-cloudinit
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
# qemu-guest-agent
- name: setup-qemu-guest-agent.service
enabled: true
contents: |
[Unit]
Description=Geco-iT Setup Qemu Guest Agent
After=network-online.target
Require=network-online.target
ConditionKernelCommandLine=ignition.platform.id=qemu
ConditionPathExists=!/var/lib/qemu-guest-agent.stamp
[Service]
Restart=on-failure
RestartSec=20s
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/rpm-ostree install qemu-guest-agent
ExecStart=/bin/touch /var/lib/qemu-guest-agent.stamp
ExecStart=/bin/systemctl --no-block reboot
[Install]
WantedBy=multi-user.target
- name: run-k3s-prereq-installer.service
enabled: true
contents: |
[Unit]
After=network-online.target
Wants=network-online.target
Before=systemd-user-sessions.service
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
ConditionPathExists=!/var/lib/k3s-prereq-installed
ConditionPathExists=/var/lib/qemu-guest-agent.stamp
[Service]
RemainAfterExit=yes
Type=oneshot
ExecStart=/usr/local/bin/run-k3s-prereq-installer
ExecStartPost=/usr/bin/touch /var/lib/k3s-prereq-installed
ExecStartPost=/usr/bin/systemctl --no-block reboot
StandardOutput=kmsg+console
StandardError=kmsg+console
[Install]
WantedBy=multi-user.target
- name: run-k3s-installer.service
enabled: true
contents: |
[Unit]
After=network-online.target
Wants=network-online.target
Before=systemd-user-sessions.service
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
ConditionPathExists=/var/lib/k3s-prereq-installed
ConditionPathExists=!/var/lib/k3s-installed
ConditionPathExists=/var/lib/qemu-guest-agent.stamp
[Service]
RemainAfterExit=yes
Type=oneshot
ExecStart=/usr/local/bin/run-k3s-installer
ExecStartPost=/usr/bin/touch /var/lib/k3s-installed
StandardOutput=kmsg+console
StandardError=kmsg+console
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink