Last active
April 14, 2020 15:04
-
-
Save amon-ra/e20a8c450ea4c8e571c6898ab7998938 to your computer and use it in GitHub Desktop.
RKE node install
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IPFAILOVER="" | |
| FIRSTHOST="hiro" | |
| KUBE_VER="1.17" | |
| MYNET="10.2.85." | |
| CARPNET="10.174.1." | |
| N1="167" | |
| N2="168" | |
| N3="169" | |
| CARPPASS="rascaldev2020" | |
| WORMHOLE="false" | |
| ##---------------- Finish config | |
| echo $* > /var/log/cri-provision.log | |
| systemctl restart networking | |
| # IP1="${MYNET}${N1}" | |
| # IP2="${MYNET}${N2}" | |
| # IP3="${MYNET}${N3}" | |
| CARP1="${CARPNET}${N1}" | |
| CARP2="${CARPNET}${N2}" | |
| CARP3="${CARPNET}${N3}" | |
| HOSTNAME="$(hostname -s)" | |
| #fix only one network in rancher provision | |
| if [ -e "/root/.openrc.sh" ] | |
| then | |
| . /root/.openrc.sh | |
| apt-get update && apt-get install -y python-openstackclient | |
| python2-openstack server add network $HOSTNAME OONDEO | |
| fi | |
| EXTIP=$(ip route get 8.8.8.8 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}') | |
| MY=$(ip route get ${MYNET}1 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}') | |
| MYCARP=$(ip route get ${CARPNET}1 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}') | |
| IPID=$(echo $MY | cut -d"." -f4) | |
| CARPID=$(echo $MYCARP | cut -d"." -f4) | |
| # DATASTORE_ENDPOINT='--datastore-endpoint="http://127.0.0.1:2379"' | |
| DATASTORE_ENDPOINT='' | |
| K3S_ENDPOINT="" | |
| # K3S_ENDPOINT="--container-runtime-endpoint=/run/crio/crio.sock" | |
| # skip already configured hosts | |
| if [ "$(grep -e '^bpffs' /etc/fstab)" == "" ] | |
| then | |
| #5.4 grub: mitigations=off | |
| #grub: noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off | |
| sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT\="/GRUB_CMDLINE_LINUX_DEFAULT\="apparmor=0 mitigations=off /' /etc/default/grub | |
| echo "bpffs /sys/fs/bpf bpf defaults 0 0" >> /etc/fstab | |
| mount /sys/fs/bpf | |
| modprobe overlay | |
| modprobe br_netfilter | |
| cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.ipv4.ip_forward = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| EOF | |
| sysctl --system | |
| systemctl stop apparmor | |
| systemctl disable apparmor | |
| apt-get remove -y --purge apparmor | |
| apt-get update && apt-get dist-upgrade -y | |
| apt-get install -y curl gnupg2 | |
| echo "deb http://deb.debian.org/debian buster-backports main" | tee /etc/apt/sources.list.d/backports.list | |
| echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
| curl -sfL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key | apt-key add - | |
| apt-get update | |
| apt-get install -y -t buster-backports wireguard linux-headers-cloud-amd64 linux-image-cloud-amd64 | |
| apt-get install -y cri-o-${KUBE_VER} | |
| ls /var/lib/initramfs-tools | \ | |
| sudo xargs -n1 /usr/lib/dkms/dkms_autoinstaller start | |
| echo wireguard >> /etc/modules | |
| mkdir -p /etc/crio/crio.conf.d/ | |
| cat > /etc/crio/crio.conf.d/01-k3s.conf <<CRIO | |
| [crio.runtime] | |
| cgroup_manager = "cgroupfs" | |
| selinux = false | |
| CRIO | |
| systemctl enable crio | |
| systemctl start crio | |
| exit 0 | |
| # curl -sfL "https://gist.githubusercontent.com/amon-ra/995f5c6bf05c8c8d1a88194754cfea11/raw/k3s-server.sh" > /tmp/k3s-server.sh | |
| # . /tmp/k3s-server.sh | |
| # cp /root/manifests/0* /var/lib/rancher/k3s/server/manifests || true | |
| # cp /root/manifests/1* /var/lib/rancher/k3s/server/manifests || true | |
| # reboot | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment