#OS - RANCHER Different operating setups with rancher #### FLATCAR rancher cluster.yml for coreos/flatcar canal network provider ```` network: mtu: 0 options: flannel_backend_type: vxlan canal_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds" plugin: canal services: kube-controller: extra_args: flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/" ```` calico network provider ```` network: mtu: 0 options: flannel_backend_type: vxlan calico_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds" plugin: calico services: kube-controller: extra_args: flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/" ```` PXE SETUP ```` :flatcar kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz append flatcar.first_boot=1 root=/dev/sda1 ignition.config.url=http://$IP/flatcar/pxe-config.ign initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz boot :flatcar-init kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz coreos.config.url=http://$IP/flatcar/init.ign cloud-config-url=http://$IP/flatcar/cloud-control.sh flatcar.first_boot=1 initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz boot ```` init.yml ```` storage: disks: - device: /dev/sda wipe_table: true partitions: - label: ROOT filesystems: - mount: device: /dev/disk/by-partlabel/ROOT format: ext4 wipe_filesystem: true label: ROOT ```` cloud-control ```` #!/bin/bash # local disk install # curl -kO https://$IP/flatcar/pxe-config.ign # sudo flatcar-install -d /dev/sda -i pxe-config.ign sudo reboot ```` pxe-config ```` networkd: units: - name: 00-ens.network contents: | [Match] Name=ens* [Network] LinkLocalAddressing=ipv4 DHCP=yes storage: files: - path: /etc/modules-load.d/nf.conf filesystem: root mode: 0644 contents: inline: | nf_conntrack - path: /etc/modules-load.d/iscsi.conf filesystem: root mode: 0644 contents: inline: | iscsi_tcp - path: /etc/sysctl.d/nf.conf filesystem: root mode: 0644 contents: inline: | fs.inotify.max_user_watches = 1048576 vm.max_map_count = 262144 net.ipv4.conf.all.forwarding = 1 vm.swappiness = 0 vm.overcommit_memory = 1 kernel.panic = 10 kernel.panic_on_oops = 1 - path: /etc/motd.d/pi.conf filesystem: root mode: 0644 contents: inline: PI MONSTER - filesystem: "root" path: "/opt/get-metadata.sh" mode: 0755 contents: remote: url: "https://$IP/flatcar/metadata-script.sh" - path: /etc/systemd/timesyncd.conf filesystem: root mode: 0644 contents: inline: | [Time] NTP=ntp0.rug.nl directories: - path: /mnt/snapshots filesystem: root overwrite: true mode: 0755 systemd: units: - name: vmware.service enable: true contents: | [Unit] Description=Service for virtual machines hosted on VMware [Service] Restart=yes ExecStart=/usr/bin/docker run --rm --net=host -v /run/systemd:/run/systemd --name open-vm-tools registry.webhosting.rug.nl/k8s/vmwaretools:latest Type=oneshot RemainAfterExit=true [Install] WantedBy=multi-user.target - name: mnt-snapshots.mount enable: true contents: | [Unit] Description=Mount for rancher service volumes Before=timezone.service [Mount] What=$IP:/home/www/snapshot Where=/mnt/snapshots Type=nfs [Install] WantedBy=remote-fs.target - name: sshd.socket dropins: - name: 10-sshd-port.conf contents: | [Socket] ListenStream= ListenStream=8822 - name: timezone.service enable: true contents: | [Unit] Before=rancher.service Description=Set timezone [Service] Type=oneshot RemainAfterExit=true ExecStart=/usr/bin/timedatectl set-timezone Europe/Amsterdam [Install] WantedBy=multi-user.target - name: "flatcar-metadata.service" dropins: - name: "use-script.conf" contents: | [Service] ExecStart=/opt/get-metadata.sh - name: rancher.service enable: true contents: | [Unit] Description=Rancher service for docker management After=flatcar-metadata.service [Service] Type=oneshot RemainAfterExit=true ExecStart=/opt/get-metadata.sh [Install] WantedBy=multi-user.target passwd: users: - name: ssh_authorized_keys: - "ssh-rsa " ```` #### RANCHEROS PXE SETUP ```` :RancherOs kernel https://$IP/rancher/v1.5.5/vmlinuz elevator=deadline nomodeset vsyscall=emulate printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] rancher.state.formatzero=true panic=10 rancher.state.wait rancher.cloud_init.datasources=[url:https://$IP/rancher/${net0/ip}.yml] initrd https://$IP/rancher/v1.5.5/initrd boot :RancherOs-Init kernel https://$IP/rancher/v1.5.5/vmlinuz panic=10 rancher.cloud_init.datasources=[url:http://$IP/rancher/format.yml] initrd https://$IP/rancher/v1.5.5/initrd boot ```` $IP.yml ```` #cloud-config ssh_authorized_keys: - ssh-rsa - ssh-rsa write_files: - container: ntp - path: /etc/ntp.conf permissions: "0644" content: | driftfile /var/lib/ntp/ntp.drift statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable server ntp0.rug.nl burst iburst prefer server 127.127.1.0 fudge 127.127.1.0 stratum 10 restrict 127.0.0.1 restrict ::1 enable ntp enable kernel multicastclient rancher: ssh: port: 8822 modules: - iscsi_tcp state: autoformat: - /dev/sda sysctl: fs.inotify.max_user_watches: 1048576 vm.max_map_count: 262144 net.ipv4.conf.all.forwarding: 1 vm.swappiness: 0 vm.panic_on_oom: 0 vm.overcommit_memory: 1 kernel.panic: 10 kernel.panic_on_oops: 1 services: nfs-client: image: outstand/nfs-client:latest restart: always labels: - io.rancher.os.remove=false volumes: - /mnt/snapshot:/mnt/snapshot:shared - io.rancher.os.remove=false - io.rancher.os.after=docker privileged: true net: host environment: SERVER: $IP SHARE: /home/www/snapshot MOUNTPOINT: /mnt/snapshot FSTYPE: nfs MOUNT_OPTIONS: rsize=1048576,wsize=1048576,timeo=600,retrans=2 console: environment: TZ: Europe/Amsterdam console: alpine services_include: open-vm-tools: true # open-iscsi: true network: dns: nameservers: - 129.125.4.161 - 129.125.4.162 write_files: - path: /etc/motd permissions: "0644" owner: rancher content: | PI POWER write_files: - path: /etc/rc.local permissions: "0755" owner: root content: | #!/bin/bash # wait for network while ! curl -o /dev/null -sf https://hub.docker.com/; do echo "wait network up" done wait-for-docker apk update && apk add open-iscsi if [ -e /etc/installed ]; then echo "already installed" else wget https://$IP/rancher/metadata-script.sh -O /home/rancher/metadata-script.sh chmod +x /home/rancher/metadata-script.sh exec bash -c /home/rancher/metadata-script.sh touch /etc/installed fi ```` #### K3OS PXE-CONFIG ```` :K3OS-MASTER kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os-master.yml initrd https://$IP/k3os/k3os-initrd-amd64 boot :K3OS-SLAVE kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os.yml initrd https://$IP/k3os/k3os-initrd-amd64 boot ```` k3os-master ```` ssh_authorized_keys: - ssh-rsa - ssh-rsa write_files: - encoding: "" content: |- #!/bin/bash wget -O /tmp/call-rancher.sh https://$IP/k3os/call-rancher.sh owner: root path: /etc/rc.local permissions: '0755' k3os: data_sources: modules: - kvm sysctl: kernel.printk: 4 4 1 7 kernel.kptr_restrict: 1 labels: master: true dns_nameservers: - 129.125.4.161 - 129.125.4.162 password: verysecure token: d9349b6c-dd0e-464c-a7e8-0c9213626a38 k3s_args: - server - "--cluster-cidr=10.107.0.0/23" - "--service-cidr=10.107.1.0/23" - "--no-deploy=traefik" ```` k3os-slave ```` ssh_authorized_keys: - ssh-rsa - ssh-rsa k3os: data_sources: modules: server_url: https://$MASTER:6443 sysctl: kernel.printk: 4 4 1 7 kernel.kptr_restrict: 1 labels: slave: true dns_nameservers: - 129.125.4.161 - 129.125.4.162 password: verysecure token: d9349b6c-dd0e-464c-a7e8-0c9213626a38 k3s_args: - agent ````