Follow DLS' breaking changes, init rename and unlock API

Chore following such addition.

.gitignore

@@ -3,5 +3,6 @@ cache
 data
 dist
 kubeconfig
+secrets
 config.yaml
 .dls_adm_token

kubeconfig

@@ -1,19 +0,0 @@
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://172.17.1.100:6443
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNNakNDQVpPZ0F3SUJBZ0lVZFM5bU5PenhscGJBdXVWcWYyQjIydy96MzdVd0NnWUlLb1pJemowRUF3UXcKTXpFUk1BOEdBMVVFQ2hNSWJtOTJhWFF1YVc4eEhqQWNCZ05WQkFNVEZVUnBjbVZyZEdsc0lFeHZZMkZzSUZObApjblpsY2pBZUZ3MHlNekExTVRneE1UQXpNREJhRncweU9EQTFNVFl4TVRBek1EQmFNRE14RVRBUEJnTlZCQW9UCkNHNXZkbWwwTG1sdk1SNHdIQVlEVlFRREV4VkVhWEpsYTNScGJDQk1iMk5oYkNCVFpYSjJaWEl3Z1pzd0VBWUgKS29aSXpqMENBUVlGSzRFRUFDTURnWVlBQkFBOXdac3h0U2l2RUhUQW50aUx4WFFkUmdxR05sempRMGYwelowQwpyc3hmSGF1K0xrQ1JZNDFoN29ZY21XdVArK09FUlNOL3BGUjhNL3lCZ1dRR0JBbDd2Z0JhZEtpZ01xcHMyalhXCmxUTmt1dnJJbzZhMitESWpjTWNITUhyUUpNUFpzSm8vWGRwOWIyaW5yM2U4dnBiUjFEeEwwRDJMcy9WaWFZL2EKWEE1akR0ZHp2YU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRApWUjBPQkJZRUZIdUpKVjVwN0EzdEhWWDkrb2dkQ1IxZkVFbFBNQW9HQ0NxR1NNNDlCQU1FQTRHTUFEQ0JpQUpDCkFQZHZlOU9nRjFmTjE5T2VjTXc0WEhSVFBGcmMvVHp6SFA0WmlRQVRKdUlLMS9hVEozK1k4QUd5b3ByNElXbmsKUWZZeWtVVmpFREJIVTFLN1JWU1h3YjdJQWtJQnd5K2FORVd6N0hxZE5QQTRKZXV2M3ZKUGFXdU9vRElERWxoMwora3o0ZjFpUkR5QVFKbXZta2dxRzA1M214RmRZU2VIU0NpQ2hhN242RG5kUTgveDYwODA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-  name: localconfig
-contexts:
-- context:
-    cluster: localconfig
-    namespace: kube-system
-    user: admin
-  name: localconfig
-current-context: localconfig
-kind: Config
-preferences: {}
-users:
-- name: admin
-  user:
-    token: DU3ITMWLQN2TVGVDTWIURJ42S4

scripts/.cleanup.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+stopdls() {
+  if docker ps | grep -q " $DLS_CTR_NAME$"; then
+    pinfo "Stopping Direktil Local Server..."
+    docker stop $DLS_CTR_NAME
+  fi
+}
+
+cleanuppaths() {
+  PATHS="data secrets kubeconfig cache dist"
+  cd $ctxdir
+  for path in $PATHS; do
+    if test -e $path; then
+      pinfo "Removing path $path ..."
+      rm -rf $path
+    fi
+  done
+}
+
+cleanupnetwork() {
+  if iptables -L -n |grep -q $QEMU_BR_NAME; then
+    pinfo "Cleaning iptables rules..."
+    iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP/$QEMU_BR_MASK \! -o $QEMU_BR_NAME
+    iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+    iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME
+  fi
+  if ip li show $QEMU_BR_NAME &>/dev/null; then
+    pinfo "Cleaning existing interfaces..."
+    ip li set $QEMU_BR_NAME down
+    ip li del $QEMU_BR_NAME
+  fi
+}
+
+source $(dirname $0)/.common
+check_root
+prereqs
+stopdls
+declare -A hosts
+get_hosts
+destroyvms
+cleanuppaths
+cleanupnetwork

scripts/.common

@@ -1,12 +1,9 @@
 #!/bin/bash
 
-## Vars
+source $(dirname $0)/vars
-
-tknfile=".dls_adm_token"
 
 ## Helper funcs
 
-
 pinfo() {
   echo -e "\e[32m$@\e[39m"
 }
@@ -16,6 +13,10 @@ perror() {
   exit 1
 }
 
+sshcmd() {
+  ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $*
+}
+
 dls() {
   path=$1
   shift
@@ -42,9 +43,10 @@ check_root() {
 }
 
 prereqs() {
-  set -ex
+  set -e
   cd "$(dirname $0)/.."
   ctxdir="$PWD"
+  source scripts/vars
 }
 
 check_conf() {
@@ -71,7 +73,7 @@ unlock_store() {
     pinfo "Direktil Local Server store already unlocked"
   else
     pinfo "Unlocking the DLS store ..."
-    DLS_ADM_TOKEN=$(dls /public/unlock-store -d "\"${DLS_UNLOCK_TOKEN}\""|tr -d \")
+    DLS_ADM_TOKEN=$(dls /public/unlock-store -d '{"Name": "novit", "Passphrase": "'$(echo -n ${DLS_UNLOCK_TOKEN}|base64 -w0)'"}'|tr -d \")
     pinfo "Admin access token is $DLS_ADM_TOKEN"
     echo $DLS_ADM_TOKEN > $tknfile
     chmod 444 $tknfile
@@ -80,27 +82,28 @@ unlock_store() {
 
 
 get_hosts() {
-  hosts_files=$(basename $ctxdir/hosts/*.yaml|sed 's/.yaml//')
+  cd $ctxdir/hosts
+  hosts_files=$(ls *.yaml|sed 's/.yaml//')
   for h in ${hosts_files}; do
     ip=$(grep ip: $ctxdir/hosts/${h}.yaml|awk '{print $2}')
     hosts[$h]="$ip"
   done
+  cd - &>/dev/null
 }
 
 get_parts() {
   for host in ${!hosts[*]}; do
     mkdir -p $ctxdir/data/$host
-    for part in kernel initrd-v2
+    for part in kernel initrd
     do
       partfile=$ctxdir/data/$host/$part
-      test -f $partfile || dls /hosts/$host/$part -o $partfile
+      test -f $partfile || { pinfo "Downloading $part for host $host" && dls /hosts/$host/$part -o $partfile; }
     done
     diskfile=$ctxdir/data/$host/disk
-    test -f $diskfile || truncate -s ${QEMU_DISK_SIZE:-30G} $diskfile
+    test -f $diskfile || { pinfo "Creating disk $diskfile" && truncate -s ${QEMU_DISK_SIZE:-30G} $diskfile; }
   done
 }
 
-
 create_kubeconfig() {
   if test -f $ctxdir/kubeconfig; then
     pinfo "kubeconfig file detected in config dir, won't overwrite... remove it for an update."
@@ -119,10 +122,18 @@ create_kubeconfig() {
   chmod 444 $ctxdir/kubeconfig
 }
 
-clean() {
+
-  set +e
+destroyvms() {
-  sudo iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP \! -o $QEMU_BR_NAME &>/dev/null
+  for host in ${!hosts[*]}; do
-  sudo iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &>/dev/null
+    if test -f $ctxdir/data/$host/pid ; then
-  sudo iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME &>/dev/null
+      pid=$(cat $ctxdir/data/$host/pid)
+      if ! test -d /proc/$pid ; then
+        pinfo "VM $host seems not running"
+      else
+        pinfo "Cleaning VM $host with PID $pid..."
+        kill $pid && sleep 1
+      fi
+    fi
+  done
 }
 

scripts/0.start_dls.sh

@@ -1,13 +1,5 @@
 #!/bin/bash
 #
-D2C_CTR_NAME=dir2config
-DLS_CTR_NAME=dls
-# Admin token to unlock the DLS store
-DLS_UNLOCK_TOKEN=changeme
-#
-#
-D2C_IMG=novit.tech/direktil/local-server:b6fa941
-DLS_IMG=novit.tech/direktil/local-server:b6fa941
 
 prereqs_dls() {
   command -v docker 1>/dev/null || perror "Docker is needed, please install it and run again."
@@ -24,7 +16,7 @@ dir2config() {
 }
 
 start_store() {
-  if docker ps|grep " $DLS_CTR_NAME$" ; then
+  if docker ps|grep " $DLS_CTR_NAME$" &>/dev/null; then
     pinfo "Container $DLS_CTR_NAME seems already running"
     return
   fi
@@ -35,14 +27,13 @@ start_store() {
       -e HTTPS_PROXY=$HTTPS_PROXY \
       -v .:/var/lib/direktil \
       $DLS_IMG &
-#      -auto-unlock 'N0v!T'
   sleep 2
 }
 
 source $(dirname $0)/.common
 check_root
-prereqs_dls
 prereqs
+prereqs_dls
 dir2config
 start_store
 unlock_store

scripts/1.qemu.sh

@@ -1,18 +1,9 @@
-#! /bin/sh
+#! /bin/bash
 #
 # This collection of scripts aims to install a NOVIT cluster easily, with help of QEMU
 #
 #
-# QEMU local bridge name. If you specificy a custom name, you may have to configure qemu bridge helper to allow it
-QEMU_BR_NAME=virbr0
 #
-# QEMU VM default disk size
-QEMU_DISK_SIZE=30G
-# Allocated CPUs to QEMU VMs
-QEMU_VM_CPU=4
-# Allocated Memory to QEMU VMs
-QEMU_VM_MEM=8096
-################
 
 
 ## QEMU functions
@@ -23,7 +14,7 @@ prereqs_qemu() {
   done
 }
 setup_network_qemu() {
-  if ! ip li show $QEMU_BR_NAME ; then
+  if ! ip li show $QEMU_BR_NAME &>/dev/null ; then
     ip li add name $QEMU_BR_NAME type bridge
     ip li set $QEMU_BR_NAME up
   fi
@@ -35,24 +26,27 @@ setup_network_qemu() {
   pinfo "Using detected gateway IP $QEMU_BR_IP for bridge $QEMU_BR_NAME"
   if ! ip a show dev $QEMU_BR_NAME | grep $QEMU_BR_IP ; then
     ip a add $QEMU_BR_IP/$QEMU_BR_MASK dev $QEMU_BR_NAME
-    sudo iptables -t nat -I POSTROUTING -j MASQUERADE -s $QEMU_BR_IP/$QEMU_BR_MASK \! -o $QEMU_BR_NAME
+    iptables -t nat -I POSTROUTING -j MASQUERADE -s $QEMU_BR_IP/$QEMU_BR_MASK \! -o $QEMU_BR_NAME
-    sudo iptables -I FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+    iptables -I FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-    sudo iptables -I FORWARD -j ACCEPT -i $QEMU_BR_NAME
+    iptables -I FORWARD -j ACCEPT -i $QEMU_BR_NAME
+  fi
+  if ! test -d /etc/qemu; then
+    mkdir -p /etc/qemu
+  fi
+  if ! grep -qs "allow $QEMU_BR_NAME" /etc/qemu/bridge.conf; then
+    echo "allow $QEMU_BR_NAME" >> /etc/qemu/bridge.conf
   fi
 }
+
 run_qemu() {
   id=1
   for host in ${!hosts[*]}; do
     ip route show |grep "${hosts[$host]} dev $QEMU_BR_NAME" ||\
         ip route add ${hosts[$host]} dev $QEMU_BR_NAME
-    if test -f $ctxdir/data/$host/pid ; then
-      pinfo "Detected a pid file, killing process in case VM was already started"
-      kill $(cat $ctxdir/data/$host/pid) && sleep 1
-    fi
     pinfo "Starting host $host with ip ${hosts[$host]}"
     qemu-system-x86_64 -enable-kvm -smp $QEMU_VM_CPU -m $QEMU_VM_MEM \
       -nic bridge,br=$QEMU_BR_NAME,mac=42:42:42:42:42:0${id} \
-      -kernel $ctxdir/data/$host/kernel -initrd $ctxdir/data/$host/initrd-v2 -vga qxl \
+      -kernel $ctxdir/data/$host/kernel -initrd $ctxdir/data/$host/initrd -vga qxl \
       -drive format=raw,file=$ctxdir/data/$host/disk &
     echo $! >$ctxdir/data/$host/pid
     ((++id))
@@ -61,6 +55,8 @@ run_qemu() {
 }
 # # # # # # # #
 
+
+
 source $(dirname $0)/.common
 check_root
 prereqs
@@ -71,6 +67,6 @@ declare -A hosts
 setup_network_qemu
 get_hosts
 get_parts
+destroyvms
 run_qemu
-#clean
 

scripts/2.first_start_k8s.sh

@@ -21,13 +21,13 @@ checkup() {
     while :
     do
       pinfo "Checking availability of node $host..."
-      ssh root@${hosts[$host]} <<< true &>/dev/null
+      if true | sshcmd -q root@${hosts[$host]};
-      if [ $? == 0 ]; then
+      then
         pinfo "VM $host is up!"
         break
       else
         ((tries--))
-        if [ $tries < 1 ]; then
+        if [ "$tries" -lt "1" ]; then
           pinfo "Timeout waiting for node detection, please investigate why node $host is not up by now"
           break
         fi
@@ -39,7 +39,7 @@ checkup() {
 
 start_control_plane() {
   for host in ${!hosts[*]}; do
-    ssh root@${hosts[$host]} << EOF
+    sshcmd -q root@${hosts[$host]} << EOF
       if ls /etc/kubernetes/manifests.static/* &>/dev/null ; then
         mv /etc/kubernetes/manifests.static/* /var/lib/kubelet/manifests/
       fi
@@ -47,6 +47,23 @@ EOF
   done
 }
 
+wait_for_apiserver() {
+  vip=$(extract_var clusters public_vip)
+  vip_api_port=$(extract_var clusters api_port)
+
+  while :
+  do
+    pinfo "Waiting for apiserver availability ($vip:$vip_api_port). Images may still being pulled... "
+    if kctl get node &>/dev/null ; then
+      pinfo "API is up!"
+      break
+    else
+      sleep 20
+    fi
+  done
+
+}
+
 install_addons() {
   body='{"Kind":"cluster","Name":"'$cluster'","Assets":["addons"]}'
   download_id=$(dls /authorize-download -d "$body"|tr -d \")
@@ -55,20 +72,20 @@ install_addons() {
 }
 
 approve_kubelet_certificates() {
-  tries=5
+  tries=10
   nodes_num=$(kctl get node -oname|wc -l)
-  while [ "$nodes_num" != "${#hosts[*]}" ] ; do
+  while [ "$nodes_num" -lt "${#hosts[*]}" ] ; do
-    pinfo "Waiting for certificates requests to be created by Kubelet when it's ready... ($tries/5)"
+    pinfo "Waiting for certificates requests to be created by Kubelet when it's ready... ($tries tries out of 10)"
-    sleep 60s
+    sleep 20s
     csrs="$(kctl get csr|awk '/Pending/ {print $1}')"
     if [ "$csrs" != "" ]; then
       kctl certificate approve $csrs
     fi
     ((tries--))
-    if [ "$tries" < 1 ]; then
+    if [ "$tries" -lt "1" ]; then
-      pinfo "Timeout waiting for kubelet certificates creation, please investigate why all nodes are not up by now"
+      perror "Timeout waiting for kubelet certificates creation, please investigate why all nodes are not up by now"
-      break
     fi
+    nodes_num=$(kctl get node -oname|wc -l)
   done
   pinfo "All kubelets ($nodes_num) are up, enjoy !"
 }
@@ -83,6 +100,7 @@ declare -A hosts && get_hosts
 checkup
 start_control_plane
 create_kubeconfig
+wait_for_apiserver
 install_addons
 approve_kubelet_certificates # clients and serving certs
 

scripts/vars

@@ -0,0 +1,26 @@
+## Vars
+
+# Admin token to unlock the DLS store, replace it!
+DLS_UNLOCK_TOKEN=changeme
+
+# Docker container name for dir2config
+D2C_IMG=novit.tech/direktil/local-server:latest
+D2C_CTR_NAME=dir2config
+
+# Docker container name for direktil local server
+DLS_IMG=novit.tech/direktil/local-server:latest
+DLS_CTR_NAME=dls
+
+# QEMU local bridge name. If you specificy a custom name, you may have to configure qemu bridge helper to allow it
+QEMU_BR_NAME=virbr0
+# QEMU VM default disk size
+QEMU_DISK_SIZE=30G
+# Allocated CPUs to QEMU VMs
+QEMU_VM_CPU=4
+# Allocated Memory to QEMU VMs
+QEMU_VM_MEM=4096
+################
+
+# Token file for dls
+tknfile=".dls_adm_token"
+