414 lines
9.6 KiB
Markdown
414 lines
9.6 KiB
Markdown
|
#OS - RANCHER
|
||
|
Different operating setups with rancher
|
||
|
|
||
|
#### FLATCAR
|
||
|
|
||
|
rancher cluster.yml for coreos/flatcar
|
||
|
canal network provider
|
||
|
````
|
||
|
network:
|
||
|
mtu: 0
|
||
|
options:
|
||
|
flannel_backend_type: vxlan
|
||
|
canal_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
|
||
|
plugin: canal
|
||
|
|
||
|
services:
|
||
|
kube-controller:
|
||
|
extra_args:
|
||
|
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
|
||
|
````
|
||
|
|
||
|
calico network provider
|
||
|
|
||
|
````
|
||
|
network:
|
||
|
mtu: 0
|
||
|
options:
|
||
|
flannel_backend_type: vxlan
|
||
|
calico_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
|
||
|
plugin: calico
|
||
|
|
||
|
services:
|
||
|
kube-controller:
|
||
|
extra_args:
|
||
|
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
|
||
|
````
|
||
|
|
||
|
PXE SETUP
|
||
|
````
|
||
|
:flatcar
|
||
|
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz append flatcar.first_boot=1 root=/dev/sda1 ignition.config.url=http://$IP/flatcar/pxe-config.ign
|
||
|
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
|
||
|
boot
|
||
|
|
||
|
:flatcar-init
|
||
|
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz coreos.config.url=http://$IP/flatcar/init.ign cloud-config-url=http://$IP/flatcar/cloud-control.sh flatcar.first_boot=1
|
||
|
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
|
||
|
boot
|
||
|
````
|
||
|
init.yml
|
||
|
````
|
||
|
storage:
|
||
|
disks:
|
||
|
- device: /dev/sda
|
||
|
wipe_table: true
|
||
|
partitions:
|
||
|
- label: ROOT
|
||
|
filesystems:
|
||
|
- mount:
|
||
|
device: /dev/disk/by-partlabel/ROOT
|
||
|
format: ext4
|
||
|
wipe_filesystem: true
|
||
|
label: ROOT
|
||
|
|
||
|
````
|
||
|
cloud-control
|
||
|
````
|
||
|
#!/bin/bash
|
||
|
|
||
|
# local disk install
|
||
|
# curl -kO https://$IP/flatcar/pxe-config.ign
|
||
|
# sudo flatcar-install -d /dev/sda -i pxe-config.ign
|
||
|
sudo reboot
|
||
|
|
||
|
````
|
||
|
|
||
|
|
||
|
pxe-config
|
||
|
````
|
||
|
networkd:
|
||
|
units:
|
||
|
- name: 00-ens.network
|
||
|
contents: |
|
||
|
[Match]
|
||
|
Name=ens*
|
||
|
|
||
|
[Network]
|
||
|
LinkLocalAddressing=ipv4
|
||
|
DHCP=yes
|
||
|
storage:
|
||
|
files:
|
||
|
- path: /etc/modules-load.d/nf.conf
|
||
|
filesystem: root
|
||
|
mode: 0644
|
||
|
contents:
|
||
|
inline: |
|
||
|
nf_conntrack
|
||
|
- path: /etc/modules-load.d/iscsi.conf
|
||
|
filesystem: root
|
||
|
mode: 0644
|
||
|
contents:
|
||
|
inline: |
|
||
|
iscsi_tcp
|
||
|
- path: /etc/sysctl.d/nf.conf
|
||
|
filesystem: root
|
||
|
mode: 0644
|
||
|
contents:
|
||
|
inline: |
|
||
|
fs.inotify.max_user_watches = 1048576
|
||
|
vm.max_map_count = 262144
|
||
|
net.ipv4.conf.all.forwarding = 1
|
||
|
vm.swappiness = 0
|
||
|
vm.overcommit_memory = 1
|
||
|
kernel.panic = 10
|
||
|
kernel.panic_on_oops = 1
|
||
|
- path: /etc/motd.d/pi.conf
|
||
|
filesystem: root
|
||
|
mode: 0644
|
||
|
contents:
|
||
|
inline: PI MONSTER
|
||
|
- filesystem: "root"
|
||
|
path: "/opt/get-metadata.sh"
|
||
|
mode: 0755
|
||
|
contents:
|
||
|
remote:
|
||
|
url: "https://$IP/flatcar/metadata-script.sh"
|
||
|
- path: /etc/systemd/timesyncd.conf
|
||
|
filesystem: root
|
||
|
mode: 0644
|
||
|
contents:
|
||
|
inline: |
|
||
|
[Time]
|
||
|
NTP=ntp0.rug.nl
|
||
|
directories:
|
||
|
- path: /mnt/snapshots
|
||
|
filesystem: root
|
||
|
overwrite: true
|
||
|
mode: 0755
|
||
|
systemd:
|
||
|
units:
|
||
|
- name: vmware.service
|
||
|
enable: true
|
||
|
contents: |
|
||
|
[Unit]
|
||
|
Description=Service for virtual machines hosted on VMware
|
||
|
|
||
|
[Service]
|
||
|
Restart=yes
|
||
|
ExecStart=/usr/bin/docker run --rm --net=host -v /run/systemd:/run/systemd --name open-vm-tools registry.webhosting.rug.nl/k8s/vmwaretools:latest
|
||
|
Type=oneshot
|
||
|
RemainAfterExit=true
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
- name: mnt-snapshots.mount
|
||
|
enable: true
|
||
|
contents: |
|
||
|
[Unit]
|
||
|
Description=Mount for rancher service volumes
|
||
|
Before=timezone.service
|
||
|
[Mount]
|
||
|
What=$IP:/home/www/snapshot
|
||
|
Where=/mnt/snapshots
|
||
|
Type=nfs
|
||
|
[Install]
|
||
|
WantedBy=remote-fs.target
|
||
|
- name: sshd.socket
|
||
|
dropins:
|
||
|
- name: 10-sshd-port.conf
|
||
|
contents: |
|
||
|
[Socket]
|
||
|
ListenStream=
|
||
|
ListenStream=8822
|
||
|
- name: timezone.service
|
||
|
enable: true
|
||
|
contents: |
|
||
|
[Unit]
|
||
|
Before=rancher.service
|
||
|
Description=Set timezone
|
||
|
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
RemainAfterExit=true
|
||
|
ExecStart=/usr/bin/timedatectl set-timezone Europe/Amsterdam
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
- name: "flatcar-metadata.service"
|
||
|
dropins:
|
||
|
- name: "use-script.conf"
|
||
|
contents: |
|
||
|
[Service]
|
||
|
ExecStart=/opt/get-metadata.sh
|
||
|
|
||
|
- name: rancher.service
|
||
|
enable: true
|
||
|
contents: |
|
||
|
[Unit]
|
||
|
Description=Rancher service for docker management
|
||
|
After=flatcar-metadata.service
|
||
|
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
RemainAfterExit=true
|
||
|
ExecStart=/opt/get-metadata.sh
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
passwd:
|
||
|
users:
|
||
|
- name:
|
||
|
ssh_authorized_keys:
|
||
|
- "ssh-rsa "
|
||
|
````
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
#### RANCHEROS
|
||
|
|
||
|
PXE SETUP
|
||
|
````
|
||
|
:RancherOs
|
||
|
kernel https://$IP/rancher/v1.5.5/vmlinuz elevator=deadline nomodeset vsyscall=emulate printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] rancher.state.formatzero=true panic=10 rancher.state.wait rancher.cloud_init.datasources=[url:https://$IP/rancher/${net0/ip}.yml]
|
||
|
initrd https://$IP/rancher/v1.5.5/initrd
|
||
|
boot
|
||
|
|
||
|
:RancherOs-Init
|
||
|
kernel https://$IP/rancher/v1.5.5/vmlinuz panic=10 rancher.cloud_init.datasources=[url:http://$IP/rancher/format.yml]
|
||
|
initrd https://$IP/rancher/v1.5.5/initrd
|
||
|
boot
|
||
|
|
||
|
````
|
||
|
|
||
|
$IP.yml
|
||
|
|
||
|
````
|
||
|
#cloud-config
|
||
|
ssh_authorized_keys:
|
||
|
- ssh-rsa
|
||
|
- ssh-rsa
|
||
|
write_files:
|
||
|
- container: ntp
|
||
|
- path: /etc/ntp.conf
|
||
|
permissions: "0644"
|
||
|
content: |
|
||
|
driftfile /var/lib/ntp/ntp.drift
|
||
|
statsdir /var/log/ntpstats/
|
||
|
statistics loopstats peerstats clockstats
|
||
|
filegen loopstats file loopstats type day enable
|
||
|
filegen peerstats file peerstats type day enable
|
||
|
filegen clockstats file clockstats type day enable
|
||
|
server ntp0.rug.nl burst iburst prefer
|
||
|
server 127.127.1.0
|
||
|
fudge 127.127.1.0 stratum 10
|
||
|
restrict 127.0.0.1
|
||
|
restrict ::1
|
||
|
enable ntp
|
||
|
enable kernel
|
||
|
multicastclient
|
||
|
rancher:
|
||
|
ssh:
|
||
|
port: 8822
|
||
|
modules:
|
||
|
- iscsi_tcp
|
||
|
state:
|
||
|
autoformat:
|
||
|
- /dev/sda
|
||
|
sysctl:
|
||
|
fs.inotify.max_user_watches: 1048576
|
||
|
vm.max_map_count: 262144
|
||
|
net.ipv4.conf.all.forwarding: 1
|
||
|
vm.swappiness: 0
|
||
|
vm.panic_on_oom: 0
|
||
|
vm.overcommit_memory: 1
|
||
|
kernel.panic: 10
|
||
|
kernel.panic_on_oops: 1
|
||
|
services:
|
||
|
nfs-client:
|
||
|
image: outstand/nfs-client:latest
|
||
|
restart: always
|
||
|
labels:
|
||
|
- io.rancher.os.remove=false
|
||
|
volumes:
|
||
|
- /mnt/snapshot:/mnt/snapshot:shared
|
||
|
- io.rancher.os.remove=false
|
||
|
- io.rancher.os.after=docker
|
||
|
privileged: true
|
||
|
net: host
|
||
|
environment:
|
||
|
SERVER: $IP
|
||
|
SHARE: /home/www/snapshot
|
||
|
MOUNTPOINT: /mnt/snapshot
|
||
|
FSTYPE: nfs
|
||
|
MOUNT_OPTIONS: rsize=1048576,wsize=1048576,timeo=600,retrans=2
|
||
|
console:
|
||
|
environment:
|
||
|
TZ: Europe/Amsterdam
|
||
|
console: alpine
|
||
|
services_include:
|
||
|
open-vm-tools: true
|
||
|
# open-iscsi: true
|
||
|
network:
|
||
|
dns:
|
||
|
nameservers:
|
||
|
- 129.125.4.161
|
||
|
- 129.125.4.162
|
||
|
write_files:
|
||
|
- path: /etc/motd
|
||
|
permissions: "0644"
|
||
|
owner: rancher
|
||
|
content: |
|
||
|
PI POWER
|
||
|
write_files:
|
||
|
- path: /etc/rc.local
|
||
|
permissions: "0755"
|
||
|
owner: root
|
||
|
content: |
|
||
|
#!/bin/bash
|
||
|
# wait for network
|
||
|
while ! curl -o /dev/null -sf https://hub.docker.com/; do
|
||
|
echo "wait network up"
|
||
|
done
|
||
|
wait-for-docker
|
||
|
apk update && apk add open-iscsi
|
||
|
if [ -e /etc/installed ]; then
|
||
|
echo "already installed"
|
||
|
else
|
||
|
wget https://$IP/rancher/metadata-script.sh -O /home/rancher/metadata-script.sh
|
||
|
chmod +x /home/rancher/metadata-script.sh
|
||
|
exec bash -c /home/rancher/metadata-script.sh
|
||
|
touch /etc/installed
|
||
|
fi
|
||
|
|
||
|
|
||
|
````
|
||
|
|
||
|
#### K3OS
|
||
|
|
||
|
PXE-CONFIG
|
||
|
|
||
|
````
|
||
|
:K3OS-MASTER
|
||
|
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os-master.yml
|
||
|
initrd https://$IP/k3os/k3os-initrd-amd64
|
||
|
boot
|
||
|
|
||
|
:K3OS-SLAVE
|
||
|
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os.yml
|
||
|
initrd https://$IP/k3os/k3os-initrd-amd64
|
||
|
boot
|
||
|
|
||
|
````
|
||
|
k3os-master
|
||
|
|
||
|
````
|
||
|
ssh_authorized_keys:
|
||
|
- ssh-rsa
|
||
|
- ssh-rsa
|
||
|
write_files:
|
||
|
- encoding: ""
|
||
|
content: |-
|
||
|
#!/bin/bash
|
||
|
wget -O /tmp/call-rancher.sh https://$IP/k3os/call-rancher.sh
|
||
|
owner: root
|
||
|
path: /etc/rc.local
|
||
|
permissions: '0755'
|
||
|
|
||
|
k3os:
|
||
|
data_sources:
|
||
|
modules:
|
||
|
- kvm
|
||
|
sysctl:
|
||
|
kernel.printk: 4 4 1 7
|
||
|
kernel.kptr_restrict: 1
|
||
|
labels:
|
||
|
master: true
|
||
|
dns_nameservers:
|
||
|
- 129.125.4.161
|
||
|
- 129.125.4.162
|
||
|
password: verysecure
|
||
|
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
|
||
|
k3s_args:
|
||
|
- server
|
||
|
- "--cluster-cidr=10.107.0.0/23"
|
||
|
- "--service-cidr=10.107.1.0/23"
|
||
|
- "--no-deploy=traefik"
|
||
|
|
||
|
````
|
||
|
k3os-slave
|
||
|
|
||
|
````
|
||
|
ssh_authorized_keys:
|
||
|
- ssh-rsa
|
||
|
- ssh-rsa
|
||
|
k3os:
|
||
|
data_sources:
|
||
|
modules:
|
||
|
server_url: https://$MASTER:6443
|
||
|
sysctl:
|
||
|
kernel.printk: 4 4 1 7
|
||
|
kernel.kptr_restrict: 1
|
||
|
labels:
|
||
|
slave: true
|
||
|
dns_nameservers:
|
||
|
- 129.125.4.161
|
||
|
- 129.125.4.162
|
||
|
password: verysecure
|
||
|
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
|
||
|
k3s_args:
|
||
|
- agent
|
||
|
|
||
|
````
|