From de00a35ef1f8aefc3fb29fadd99f9b2bd5758f3d Mon Sep 17 00:00:00 2001 From: Jiwon Hu Date: Tue, 19 Nov 2024 19:47:45 +0800 Subject: [PATCH] Add example of Rancher on 2 nodes --- examples/README.md | 13 ++++ .../custom/files/basic-setup.sh | 15 +++++ .../rancher-on-2nodes/custom/files/rancher.sh | 61 +++++++++++++++++++ .../custom/scripts/99-alias.sh | 5 ++ examples/rancher-on-2nodes/eib-config.yaml | 51 ++++++++++++++++ .../kubernetes/config/server.yaml | 6 ++ .../kubernetes/helm/values/certmanager.yaml | 1 + .../kubernetes/helm/values/rancher.yaml | 4 ++ .../network/node1.suse.com.yaml | 31 ++++++++++ .../network/node2.suse.com.yaml | 30 +++++++++ .../rpms/gpg-keys/rancher-public.key | 41 +++++++++++++ 11 files changed, 258 insertions(+) create mode 100755 examples/rancher-on-2nodes/custom/files/basic-setup.sh create mode 100755 examples/rancher-on-2nodes/custom/files/rancher.sh create mode 100755 examples/rancher-on-2nodes/custom/scripts/99-alias.sh create mode 100644 examples/rancher-on-2nodes/eib-config.yaml create mode 100644 examples/rancher-on-2nodes/kubernetes/config/server.yaml create mode 100644 examples/rancher-on-2nodes/kubernetes/helm/values/certmanager.yaml create mode 100644 examples/rancher-on-2nodes/kubernetes/helm/values/rancher.yaml create mode 100644 examples/rancher-on-2nodes/network/node1.suse.com.yaml create mode 100644 examples/rancher-on-2nodes/network/node2.suse.com.yaml create mode 100644 examples/rancher-on-2nodes/rpms/gpg-keys/rancher-public.key diff --git a/examples/README.md b/examples/README.md index d2cdef4e..1053a0da 100644 --- a/examples/README.md +++ b/examples/README.md @@ -110,3 +110,16 @@ podman run --rm --privileged -it \ Examples in this section require more setup than a simple image definition file and base image. This section will describe the necessary image configuration directory structure and supplemental files in order to run each definition. + +### rancher-2-nodes + +| Option | Default Value | +|--------------|--------------------------------------------------------------------| +| Base Image | `base-images/SL-Micro.aarch64-6.0-Base-SelfInstall-GM.install.iso` | +| Output Image | `out/rancher-2node-aarch64-6.0.iso` | + +* A multi node configuration that runs Rancher Prime. 1st node functions as server node, 2nd node functions as agent node. This can be used to spin up only 1 node too. +* This definition is used to run VMs on Apple Silicon Mac, by defaulting installation device to `/dev/vda`. +* 1st node uses 192.168.64.1 ip and 2nd node uses 192.168.64.2 ip. Update the MAC address in `network/node1.suse.com.yaml` and `network/node2.suse.com.yaml` accordingly so the interface can pick up the intended ip. The cluster uses 192.168.64.11 VIP and you may want to update the IPs for your subnet configuration. +* Update `sccRegistrationCode` with a proper code for SLE Micro 6.0. +* Configures the `root` password to be `eib`. diff --git a/examples/rancher-on-2nodes/custom/files/basic-setup.sh b/examples/rancher-on-2nodes/custom/files/basic-setup.sh new file mode 100755 index 00000000..bd33a2f2 --- /dev/null +++ b/examples/rancher-on-2nodes/custom/files/basic-setup.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Pre-requisites. Cluster already running +export KUBECTL="/var/lib/rancher/rke2/bin/kubectl" +export KUBECONFIG="/etc/rancher/rke2/rke2.yaml" + +########### +# RANCHER # +########### +export RANCHER_CHART_TARGETNAMESPACE="cattle-system" +export RANCHER_FINALPASSWORD="adminadminadmin" + +die(){ + echo ${1} 1>&2 + exit ${2} +} \ No newline at end of file diff --git a/examples/rancher-on-2nodes/custom/files/rancher.sh b/examples/rancher-on-2nodes/custom/files/rancher.sh new file mode 100755 index 00000000..c18912d6 --- /dev/null +++ b/examples/rancher-on-2nodes/custom/files/rancher.sh @@ -0,0 +1,61 @@ +#!/bin/bash +set -euo pipefail + +BASEDIR="$(dirname "$0")" +source ${BASEDIR}/basic-setup.sh + +RANCHERLOCKNAMESPACE="default" +RANCHERLOCKCMNAME="rancher-lock" + +if [ -z "${RANCHER_FINALPASSWORD}" ]; then + # If there is no final password, then finish the setup right away + exit 0 +fi + +trap 'catch $? $LINENO' EXIT + +catch() { + if [ "$1" != "0" ]; then + echo "Error $1 occurred on $2" + ${KUBECTL} delete configmap ${RANCHERLOCKCMNAME} -n ${RANCHERLOCKNAMESPACE} + fi +} + +# Get or create the lock to run all those steps just in a single node +# As the first node is created WAY before the others, this should be enough +# TODO: Investigate if leases is better +if [ $(${KUBECTL} get cm -n ${RANCHERLOCKNAMESPACE} ${RANCHERLOCKCMNAME} -o name | wc -l) -lt 1 ]; then + ${KUBECTL} create configmap ${RANCHERLOCKCMNAME} -n ${RANCHERLOCKNAMESPACE} --from-literal foo=bar +else + exit 0 +fi + +# Wait for rancher to be deployed +while ! ${KUBECTL} wait --for condition=ready -n ${RANCHER_CHART_TARGETNAMESPACE} $(${KUBECTL} get pods -n ${RANCHER_CHART_TARGETNAMESPACE} -l app=rancher -o name) --timeout=10s; do sleep 2 ; done + +RANCHERBOOTSTRAPPASSWORD=$(${KUBECTL} get secret -n ${RANCHER_CHART_TARGETNAMESPACE} bootstrap-secret -o jsonpath='{.data.bootstrapPassword}' | base64 -d) +RANCHERHOSTNAME=$(${KUBECTL} get ingress -n ${RANCHER_CHART_TARGETNAMESPACE} rancher -o jsonpath='{.spec.rules[0].host}') + +# Skip the whole process if things have been set already +if [ -z $(${KUBECTL} get settings.management.cattle.io first-login -ojsonpath='{.value}') ]; then + # Add the protocol + RANCHERHOSTNAME="https://${RANCHERHOSTNAME}" + TOKEN="" + while [ -z "${TOKEN}" ]; do + # Get token + sleep 2 + TOKEN=$(curl -sk -X POST ${RANCHERHOSTNAME}/v3-public/localProviders/local?action=login -H 'content-type: application/json' -d "{\"username\":\"admin\",\"password\":\"${RANCHERBOOTSTRAPPASSWORD}\"}" | jq -r .token) + done + + # Set password + curl -sk ${RANCHERHOSTNAME}/v3/users?action=changepassword -H 'content-type: application/json' -H "Authorization: Bearer $TOKEN" -d "{\"currentPassword\":\"${RANCHERBOOTSTRAPPASSWORD}\",\"newPassword\":\"${RANCHER_FINALPASSWORD}\"}" + + # Create a temporary API token (ttl=60 minutes) + APITOKEN=$(curl -sk ${RANCHERHOSTNAME}/v3/token -H 'content-type: application/json' -H "Authorization: Bearer ${TOKEN}" -d '{"type":"token","description":"automation","ttl":3600000}' | jq -r .token) + + curl -sk ${RANCHERHOSTNAME}/v3/settings/server-url -H 'content-type: application/json' -H "Authorization: Bearer ${APITOKEN}" -X PUT -d "{\"name\":\"server-url\",\"value\":\"${RANCHERHOSTNAME}\"}" + curl -sk ${RANCHERHOSTNAME}/v3/settings/telemetry-opt -X PUT -H 'content-type: application/json' -H 'accept: application/json' -H "Authorization: Bearer ${APITOKEN}" -d '{"value":"out"}' +fi + +# Clean up the lock cm +${KUBECTL} delete configmap ${RANCHERLOCKCMNAME} -n ${RANCHERLOCKNAMESPACE} diff --git a/examples/rancher-on-2nodes/custom/scripts/99-alias.sh b/examples/rancher-on-2nodes/custom/scripts/99-alias.sh new file mode 100755 index 00000000..37fe736e --- /dev/null +++ b/examples/rancher-on-2nodes/custom/scripts/99-alias.sh @@ -0,0 +1,5 @@ +#!/bin/bash +echo "alias k=kubectl" >> /etc/profile.local +echo "alias ku=kubectl" >> /etc/profile.local +echo "alias kubectl=/var/lib/rancher/rke2/bin/kubectl" >> /etc/profile.local +echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml" >> /etc/profile.local \ No newline at end of file diff --git a/examples/rancher-on-2nodes/eib-config.yaml b/examples/rancher-on-2nodes/eib-config.yaml new file mode 100644 index 00000000..947c97c5 --- /dev/null +++ b/examples/rancher-on-2nodes/eib-config.yaml @@ -0,0 +1,51 @@ +apiVersion: 1.1 +image: + imageType: iso + arch: aarch64 + baseImage: SL-Micro.aarch64-6.0-Base-SelfInstall-GM.install.iso + outputImageName: rancher-2node-aarch64-6.0.iso +operatingSystem: + isoConfiguration: + installDevice: /dev/vda + users: + - username: root + encryptedPassword: "$6$DIL3SYTayoaM13GP$zAfXEofZd154Wuuj.fMqJXKd2p8fieu75zLgta6dWz7rCHsxw0x4CcFjLH3V5Dy4sQKN9/VotNS9E37RYRTeD." + packages: + packageList: + - jq + - wget + - openssh-server-config-rootlogin + sccRegistrationCode: REPLACE-ME-WITH-SCC-CODE + #additionalRepos: + #- url: https://dl.suse.com/SLE16 +kubernetes: + version: v1.28.8+rke2r1 + network: + apiVIP: 192.168.64.11 + nodes: + - hostname: node1.suse.com + type: server + initializer: true + - hostname: node2.suse.com + type: agent + helm: + charts: + - name: cert-manager + repositoryName: jetstack + version: 1.14.2 + targetNamespace: cert-manager + valuesFile: certmanager.yaml + createNamespace: true + installationNamespace: kube-system + - name: rancher + version: 2.9.1 + repositoryName: rancher-prime + targetNamespace: cattle-system + createNamespace: true + installationNamespace: kube-system + valuesFile: rancher.yaml + repositories: + - name: jetstack + url: https://charts.jetstack.io + - name: rancher-prime + url: https://charts.rancher.com/server-charts/prime diff --git a/examples/rancher-on-2nodes/kubernetes/config/server.yaml b/examples/rancher-on-2nodes/kubernetes/config/server.yaml new file mode 100644 index 00000000..c68f0f68 --- /dev/null +++ b/examples/rancher-on-2nodes/kubernetes/config/server.yaml @@ -0,0 +1,6 @@ +cni: + - multus + - cilium +write-kubeconfig-mode: '0644' +selinux: true +token: foobar \ No newline at end of file diff --git a/examples/rancher-on-2nodes/kubernetes/helm/values/certmanager.yaml b/examples/rancher-on-2nodes/kubernetes/helm/values/certmanager.yaml new file mode 100644 index 00000000..1ed23bb1 --- /dev/null +++ b/examples/rancher-on-2nodes/kubernetes/helm/values/certmanager.yaml @@ -0,0 +1 @@ +installCRDs: "true" diff --git a/examples/rancher-on-2nodes/kubernetes/helm/values/rancher.yaml b/examples/rancher-on-2nodes/kubernetes/helm/values/rancher.yaml new file mode 100644 index 00000000..e40a1039 --- /dev/null +++ b/examples/rancher-on-2nodes/kubernetes/helm/values/rancher.yaml @@ -0,0 +1,4 @@ +hostname: rancher-192.168.64.11.sslip.io +bootstrapPassword: "foobar" +replicas: 1 +global.cattle.psp.enabled: "false" diff --git a/examples/rancher-on-2nodes/network/node1.suse.com.yaml b/examples/rancher-on-2nodes/network/node1.suse.com.yaml new file mode 100644 index 00000000..baae8ece --- /dev/null +++ b/examples/rancher-on-2nodes/network/node1.suse.com.yaml @@ -0,0 +1,31 @@ +routes: + config: + - destination: 0.0.0.0/0 + metric: 100 + next-hop-address: 192.168.64.1 + next-hop-interface: eth0 + table-id: 254 + - destination: 192.168.100.0/24 + metric: 100 + next-hop-address: + next-hop-interface: eth0 + table-id: 254 +dns-resolver: + config: + server: + - 192.168.64.1 + - 8.8.8.8 +interfaces: +- name: eth0 + type: ethernet + state: up + mac-address: 34:8A:B1:4B:16:E1 + ipv4: + address: + - ip: 192.168.64.21 + prefix-length: 24 + dhcp: false + enabled: true + ipv6: + enabled: false + diff --git a/examples/rancher-on-2nodes/network/node2.suse.com.yaml b/examples/rancher-on-2nodes/network/node2.suse.com.yaml new file mode 100644 index 00000000..1eb45ff3 --- /dev/null +++ b/examples/rancher-on-2nodes/network/node2.suse.com.yaml @@ -0,0 +1,30 @@ +routes: + config: + - destination: 0.0.0.0/0 + metric: 100 + next-hop-address: 192.168.64.1 + next-hop-interface: eth0 + table-id: 254 + - destination: 192.168.100.0/24 + metric: 100 + next-hop-address: + next-hop-interface: eth0 + table-id: 254 +dns-resolver: + config: + server: + - 192.168.64.1 + - 8.8.8.8 +interfaces: +- name: eth0 + type: ethernet + state: up + mac-address: 34:8A:B1:4B:16:E2 + ipv4: + address: + - ip: 192.168.64.22 + prefix-length: 24 + dhcp: false + enabled: true + ipv6: + enabled: false diff --git a/examples/rancher-on-2nodes/rpms/gpg-keys/rancher-public.key b/examples/rancher-on-2nodes/rpms/gpg-keys/rancher-public.key new file mode 100644 index 00000000..a8c8f0de --- /dev/null +++ b/examples/rancher-on-2nodes/rpms/gpg-keys/rancher-public.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBF5oF/oBDADo7r/dYVfDbsWDmVf1Ma/SbvXPIiS0nEZ1xiDuxYyoMJ0VqKM1 +9HJ/G3yzubqhlmtMM3UqqB00YZ8J7DCoC1QAb+3hzXyLLWZXV+6OaKqKxjZeQZyL +Q1WzFMxCF/Ugc9g0Qnyt5lHgbar5/Lfb2nTs5+9RPYOwqIMKmRThYqjqmRksXqHJ +tMMcRTkmI8r2hh65vcRG6G7EKDQymdFY9B9zXCVNyujHatnqV5Jiqw7Qa3s/VRyJ +dfaI66Q0QtRgtiVve0rlsgtRsbaZYPUsL7WIx8mgTxvLXsHrBlOWljDSTXjq9OyF +k67OFO8BFYuh86pIgg5UCoWm4GnhdiPkQyTGWXY1eC58KJShoA2YzR5ZBNHiuFfz +CStWfAQNCQ75lBU43dqrs6QBSElwqx6JBNv7LqE1vWkHpxA3+oEYgOanAcq2QH8b +ALd69E3L1y5lderc5YODbu3jMlEq2ybTe8Al3iiuWNPcUcz9KL5r4wFLeD1JZgW1 ++L3AMyEyrijF1oUAEQEAAbQdUmFuY2hlciAoQ0kpIDxjaUByYW5jaGVyLmNvbT6J +Ac4EEwEKADgWIQTIz/IWRVEm6bnJGL6SXqKa4leBSgUCXmgX+gIbAwULCQgHAgYV +CgkICwIEFgIDAQIeAQIXgAAKCRCSXqKa4leBSo7nDAC0YgyUEh4FbudvkEBWYEeS +/cLMTUzSU4Qz+eYMQA9GwrCv+cKRojzfN3uQxw1UwoEX51c/HDG15vnDqvEn7CqJ +Tuc2PaLkgCTACO73wjgNEne/1QD2pA9WHglsh2iO5i7PCX0s3WCeMjINwFFyym6l +WRGgn/erQjtuQafqrPsPa++iaLw9XEYCSHnA2YjqKLTABC6R8RqwDba20hw0ADjk +IA2zGOaIbMbzC/eFKuVx++H4cTdNPL/TXikPm9xKHR9g+DyxvOrYh3c4Lqc2ex4v +GhY8eFslkaqGADpOOSHN7p7+Ve6H4qnIP/WLTjyzioXKgQP/FuVa4BhCmr0C/l8i +weBPGy5ZJtgT7ymQhW2FQ5C5JlkJczeX7XkJXxXO9uX58ihZaxJs+PpC+TPLc5u+ +kpie1CKg2wEYwhi9ChEKF138k8fZI15LMgFQBHxTdqvh8BezqHh7f/DgJICXq2Wh +0THJIQhLN/RXK1D/86bSdM1QAS88/+QIzeSufCxmLG+5AY0EXmgX+gEMAL5lWBK8 +Wr5dtvtZrCp3iB/MbVGm0Kv8TS1xWjKCbcY+kCmFg2tZ70MPWTCIa82+rz8fz575 +ksODo5ah+1eDr4R5tcM/vidD+8h4947H6oV496P403fiUr6pA3JOmBBgq6cNnPP/ +HolmLNkq4wE0MAL9lib2nt6lccKcPgoHORqiYo0RyJv2OUpIK607A3Rl4J4/i2EY +NPhCwsicnuHkRuMgVVnbKn1vx7sAs4O2qWWMJ3xFPsDRcxXBvwUPdanFcUoQedIk +HAMoxPpVJDhLq6DWCX3evCYLH1ihZJ4x172/mZY20ldvjXTyi9uvtNsQ3zHvIZy4 +mBtDgd0Gl6Kj/rkZoxaxS9LZ7+LIhqbNXAX0bY7PQBAJYh4OpjbRBgpJCgplP84g +c8ZhcWekl277W4AWeyT30rw8C9QjKWR0KRua1LENn1POjtmVdzIim8UCIEVi/Ew8 +RzERpe0gGC8pG1P1aaq8eDC1jY/WzuNBXoDGciL7yca1loRJd3jt4VGMswARAQAB +iQG2BBgBCgAgFiEEyM/yFkVRJum5yRi+kl6imuJXgUoFAl5oF/oCGwwACgkQkl6i +muJXgUoXIQwA3b6Ek6ZwVOhmpcc2TbXjjnwjpRl3zNFCjZrfHk4irYA2G7l4OGRC +joTskMRjyqN64krSf3pbH5nTIJeN7fKpHadvONO1gYLQmozfxFwKARssIRkiYIEA +5kqt9WBFUaw/fTJAcdDuP9vcQe+UpbnU1VXeFtsUU59D05mhWBmWG+KQUAcohODc +VqiAPvdlSOdu8UPLFFOz9T5AcCJFC2IbFPNVKctbxlQcdRaI2DZrd+alMeUTEzDV +ReeIT1BMBS3VGtgSaV8Vr7ockyTTxTrkG8RZIetzuTOiJCtAwV4M34qjAlAe9vxI +8+XaU5r5ZyzxvHCoT5aXrYO+fxv5sPyEvUclJ7ff5KoVtQZe71xI+YyyWvAdMK+S +OVyXqO/n6GBfl8Cl6v6X+zTbou5nwqwbA4lrefYqkeOMzpSgtY1m8TQqROqI14sD +yWrq15QoHxcyTS8upUNmEwXxy7EUI98cDIzf7ugyQWH7QyyZ/h92RC2t2Z6bWNjn +51EaKIT6lPXy +=08O8 +-----END PGP PUBLIC KEY BLOCK-----