doc
/
website
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
website/docs/os.md

414 lines
9.6 KiB
Markdown
Raw Normal View History

update
2020-09-24 21:01:44 +02:00
#OS - RANCHER
Different operating setups with rancher
#### FLATCAR
rancher cluster.yml for coreos/flatcar
canal network provider
````
network:
mtu: 0
options:
flannel_backend_type: vxlan
canal_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
plugin: canal
services:
kube-controller:
extra_args:
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
````
calico network provider
````
network:
mtu: 0
options:
flannel_backend_type: vxlan
calico_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
plugin: calico
services:
kube-controller:
extra_args:
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
````
PXE SETUP
````
:flatcar
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz append flatcar.first_boot=1 root=/dev/sda1 ignition.config.url=http://$IP/flatcar/pxe-config.ign
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
boot
:flatcar-init
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz coreos.config.url=http://$IP/flatcar/init.ign cloud-config-url=http://$IP/flatcar/cloud-control.sh flatcar.first_boot=1
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
boot
````
init.yml
````
storage:
disks:
- device: /dev/sda
wipe_table: true
partitions:
- label: ROOT
filesystems:
- mount:
device: /dev/disk/by-partlabel/ROOT
format: ext4
wipe_filesystem: true
label: ROOT
````
cloud-control
````
#!/bin/bash
# local disk install
# curl -kO https://$IP/flatcar/pxe-config.ign
# sudo flatcar-install -d /dev/sda -i pxe-config.ign
sudo reboot
````
pxe-config
````
networkd:
units:
- name: 00-ens.network
contents: |
[Match]
Name=ens*
[Network]
LinkLocalAddressing=ipv4
DHCP=yes
storage:
files:
- path: /etc/modules-load.d/nf.conf
filesystem: root
mode: 0644
contents:
inline: |
nf_conntrack
- path: /etc/modules-load.d/iscsi.conf
filesystem: root
mode: 0644
contents:
inline: |
iscsi_tcp
- path: /etc/sysctl.d/nf.conf
filesystem: root
mode: 0644
contents:
inline: |
fs.inotify.max_user_watches = 1048576
vm.max_map_count = 262144
net.ipv4.conf.all.forwarding = 1
vm.swappiness = 0
vm.overcommit_memory = 1
kernel.panic = 10
kernel.panic_on_oops = 1
- path: /etc/motd.d/pi.conf
filesystem: root
mode: 0644
contents:
inline: PI MONSTER
- filesystem: "root"
path: "/opt/get-metadata.sh"
mode: 0755
contents:
remote:
url: "https://$IP/flatcar/metadata-script.sh"
- path: /etc/systemd/timesyncd.conf
filesystem: root
mode: 0644
contents:
inline: |
[Time]
NTP=ntp0.rug.nl
directories:
- path: /mnt/snapshots
filesystem: root
overwrite: true
mode: 0755
systemd:
units:
- name: vmware.service
enable: true
contents: |
[Unit]
Description=Service for virtual machines hosted on VMware
[Service]
Restart=yes
ExecStart=/usr/bin/docker run --rm --net=host -v /run/systemd:/run/systemd --name open-vm-tools registry.webhosting.rug.nl/k8s/vmwaretools:latest
Type=oneshot
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
- name: mnt-snapshots.mount
enable: true
contents: |
[Unit]
Description=Mount for rancher service volumes
Before=timezone.service
[Mount]
What=$IP:/home/www/snapshot
Where=/mnt/snapshots
Type=nfs
[Install]
WantedBy=remote-fs.target
- name: sshd.socket
dropins:
- name: 10-sshd-port.conf
contents: |
[Socket]
ListenStream=
ListenStream=8822
- name: timezone.service
enable: true
contents: |
[Unit]
Before=rancher.service
Description=Set timezone
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/timedatectl set-timezone Europe/Amsterdam
[Install]
WantedBy=multi-user.target
- name: "flatcar-metadata.service"
dropins:
- name: "use-script.conf"
contents: |
[Service]
ExecStart=/opt/get-metadata.sh
- name: rancher.service
enable: true
contents: |
[Unit]
Description=Rancher service for docker management
After=flatcar-metadata.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/opt/get-metadata.sh
[Install]
WantedBy=multi-user.target
passwd:
users:
- name:
ssh_authorized_keys:
- "ssh-rsa "
````
#### RANCHEROS
PXE SETUP
````
:RancherOs
kernel https://$IP/rancher/v1.5.5/vmlinuz elevator=deadline nomodeset vsyscall=emulate printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] rancher.state.formatzero=true panic=10 rancher.state.wait rancher.cloud_init.datasources=[url:https://$IP/rancher/${net0/ip}.yml]
initrd https://$IP/rancher/v1.5.5/initrd
boot
:RancherOs-Init
kernel https://$IP/rancher/v1.5.5/vmlinuz panic=10 rancher.cloud_init.datasources=[url:http://$IP/rancher/format.yml]
initrd https://$IP/rancher/v1.5.5/initrd
boot
````
$IP.yml
````
#cloud-config
ssh_authorized_keys:
- ssh-rsa
- ssh-rsa
write_files:
- container: ntp
- path: /etc/ntp.conf
permissions: "0644"
content: |
driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server ntp0.rug.nl burst iburst prefer
server 127.127.1.0
fudge 127.127.1.0 stratum 10
restrict 127.0.0.1
restrict ::1
enable ntp
enable kernel
multicastclient
rancher:
ssh:
port: 8822
modules:
- iscsi_tcp
state:
autoformat:
- /dev/sda
sysctl:
fs.inotify.max_user_watches: 1048576
vm.max_map_count: 262144
net.ipv4.conf.all.forwarding: 1
vm.swappiness: 0
vm.panic_on_oom: 0
vm.overcommit_memory: 1
kernel.panic: 10
kernel.panic_on_oops: 1
services:
nfs-client:
image: outstand/nfs-client:latest
restart: always
labels:
- io.rancher.os.remove=false
volumes:
- /mnt/snapshot:/mnt/snapshot:shared
- io.rancher.os.remove=false
- io.rancher.os.after=docker
privileged: true
net: host
environment:
SERVER: $IP
SHARE: /home/www/snapshot
MOUNTPOINT: /mnt/snapshot
FSTYPE: nfs
MOUNT_OPTIONS: rsize=1048576,wsize=1048576,timeo=600,retrans=2
console:
environment:
TZ: Europe/Amsterdam
console: alpine
services_include:
open-vm-tools: true
# open-iscsi: true
network:
dns:
nameservers:
- 129.125.4.161
- 129.125.4.162
write_files:
- path: /etc/motd
permissions: "0644"
owner: rancher
content: |
PI POWER
write_files:
- path: /etc/rc.local
permissions: "0755"
owner: root
content: |
#!/bin/bash
# wait for network
while ! curl -o /dev/null -sf https://hub.docker.com/; do
echo "wait network up"
done
wait-for-docker
apk update && apk add open-iscsi
if [ -e /etc/installed ]; then
echo "already installed"
else
wget https://$IP/rancher/metadata-script.sh -O /home/rancher/metadata-script.sh
chmod +x /home/rancher/metadata-script.sh
exec bash -c /home/rancher/metadata-script.sh
touch /etc/installed
fi
````
#### K3OS
PXE-CONFIG
````
:K3OS-MASTER
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os-master.yml
initrd https://$IP/k3os/k3os-initrd-amd64
boot
:K3OS-SLAVE
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os.yml
initrd https://$IP/k3os/k3os-initrd-amd64
boot
````
k3os-master
````
ssh_authorized_keys:
- ssh-rsa
- ssh-rsa
write_files:
- encoding: ""
content: |-
#!/bin/bash
wget -O /tmp/call-rancher.sh https://$IP/k3os/call-rancher.sh
owner: root
path: /etc/rc.local
permissions: '0755'
k3os:
data_sources:
modules:
- kvm
sysctl:
kernel.printk: 4 4 1 7
kernel.kptr_restrict: 1
labels:
master: true
dns_nameservers:
- 129.125.4.161
- 129.125.4.162
password: verysecure
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
k3s_args:
- server
- "--cluster-cidr=10.107.0.0/23"
- "--service-cidr=10.107.1.0/23"
- "--no-deploy=traefik"
````
k3os-slave
````
ssh_authorized_keys:
- ssh-rsa
- ssh-rsa
k3os:
data_sources:
modules:
server_url: https://$MASTER:6443
sysctl:
kernel.printk: 4 4 1 7
kernel.kptr_restrict: 1
labels:
slave: true
dns_nameservers:
- 129.125.4.161
- 129.125.4.162
password: verysecure
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
k3s_args:
- agent
````