direktil/config
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: direktil:main
Branches Tags
direktil:main
direktil:v1.26
..
compare: direktil:v1.26
Branches Tags
direktil:main
direktil:v1.26

No commits in common. "main" and "v1.26" have entirely different histories.
main ... v1.26

6 changed files with 75 additions and 90 deletions
Show Stats Expand all files Collapse all files

17
scripts/.cleanup.sh
View File

@ -1,12 +1,22 @@
#!/bin/bash #!/bin/bash
stopdls() { stopdls() {
if docker ps | grep -q " $DLS_CTR_NAME$"; then if docker ps &>/dev/null | grep -q " $DLS_CTR_NAME$"; then
pinfo "Stopping Direktil Local Server..." pinfo "Stopping Direktil Local Server..."
docker stop $DLS_CTR_NAME docker stop $DLS_CTR_NAME
fi fi
} }
destroyvms() {
for host in ${!hosts[*]}; do
if test -f $ctxdir/data/$host/pid ; then
pid=$(cat $ctxdir/data/$host/pid)
pinfo "Cleaning VM $host with PID $pid..."
kill $pid && sleep 1
fi
done
}
cleanuppaths() { cleanuppaths() {
PATHS="data secrets kubeconfig cache dist" PATHS="data secrets kubeconfig cache dist"
cd $ctxdir cd $ctxdir
@ -19,13 +29,13 @@ cleanuppaths() {
} }
cleanupnetwork() { cleanupnetwork() {
if iptables -L -n |grep -q $QEMU_BR_NAME; then if iptables -L |grep -q $QEMU_BR_NAME; then
pinfo "Cleaning iptables rules..." pinfo "Cleaning iptables rules..."
iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP/$QEMU_BR_MASK \! -o $QEMU_BR_NAME iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP/$QEMU_BR_MASK \! -o $QEMU_BR_NAME
iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME
fi fi
if ip li show $QEMU_BR_NAME &>/dev/null; then if ip li show $QEMU_BR_NAME ; then
pinfo "Cleaning existing interfaces..." pinfo "Cleaning existing interfaces..."
ip li set $QEMU_BR_NAME down ip li set $QEMU_BR_NAME down
ip li del $QEMU_BR_NAME ip li del $QEMU_BR_NAME
@ -40,4 +50,3 @@ declare -A hosts
get_hosts get_hosts
destroyvms destroyvms
cleanuppaths cleanuppaths
cleanupnetwork

63
scripts/.common
View File

@ -1,6 +1,24 @@
#!/bin/bash #!/bin/bash
source $(dirname $0)/vars ## Vars
# Docker container name for dir2config
D2C_CTR_NAME=dir2config
# Docker container name for direktil local server
DLS_CTR_NAME=dls
# QEMU local bridge name. If you specificy a custom name, you may have to configure qemu bridge helper to allow it
QEMU_BR_NAME=virbr0
# QEMU VM default disk size
QEMU_DISK_SIZE=30G
# Allocated CPUs to QEMU VMs
QEMU_VM_CPU=4
# Allocated Memory to QEMU VMs
QEMU_VM_MEM=8096
################
# Token file for dls
tknfile=".dls_adm_token"
## Helper funcs ## Helper funcs
@ -13,10 +31,6 @@ perror() {
exit 1 exit 1
} }
sshcmd() {
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $*
}
dls() { dls() {
path=$1 path=$1
shift shift
@ -43,10 +57,9 @@ check_root() {
} }
prereqs() { prereqs() {
set -e # set -ex
cd "$(dirname $0)/.." cd "$(dirname $0)/.."
ctxdir="$PWD" ctxdir="$PWD"
source scripts/vars
} }
check_conf() { check_conf() {
@ -73,7 +86,7 @@ unlock_store() {
pinfo "Direktil Local Server store already unlocked" pinfo "Direktil Local Server store already unlocked"
else else
pinfo "Unlocking the DLS store ..." pinfo "Unlocking the DLS store ..."
DLS_ADM_TOKEN=$(dls /public/unlock-store -d '{"Name": "novit", "Passphrase": "'$(echo -n ${DLS_UNLOCK_TOKEN}|base64 -w0)'"}'|tr -d \") DLS_ADM_TOKEN=$(dls /public/unlock-store -d "\"${DLS_UNLOCK_TOKEN}\""|tr -d \")
pinfo "Admin access token is $DLS_ADM_TOKEN" pinfo "Admin access token is $DLS_ADM_TOKEN"
echo $DLS_ADM_TOKEN > $tknfile echo $DLS_ADM_TOKEN > $tknfile
chmod 444 $tknfile chmod 444 $tknfile
@ -94,13 +107,23 @@ get_hosts() {
get_parts() { get_parts() {
for host in ${!hosts[*]}; do for host in ${!hosts[*]}; do
mkdir -p $ctxdir/data/$host mkdir -p $ctxdir/data/$host
for part in kernel initrd for part in kernel initrd-v2
do do
partfile=$ctxdir/data/$host/$part partfile=$ctxdir/data/$host/$part
test -f $partfile || { pinfo "Downloading $part for host $host" && dls /hosts/$host/$part -o $partfile; } test -f $partfile || dls /hosts/$host/$part -o $partfile
done done
diskfile=$ctxdir/data/$host/disk diskfile=$ctxdir/data/$host/disk
test -f $diskfile || { pinfo "Creating disk $diskfile" && truncate -s ${QEMU_DISK_SIZE:-30G} $diskfile; } test -f $diskfile || truncate -s ${QEMU_DISK_SIZE:-30G} $diskfile
done
}
destroyvms() {
for host in ${!hosts[*]}; do
host=$1
if test -f $ctxdir/data/$host/pid ; then
pinfo "Detected a pid file, killing process in case VM was already started"
kill $(cat $ctxdir/data/$host/pid) && sleep 1
fi
done done
} }
@ -122,18 +145,10 @@ create_kubeconfig() {
chmod 444 $ctxdir/kubeconfig chmod 444 $ctxdir/kubeconfig
} }
clean() {
destroyvms() { set +e
for host in ${!hosts[*]}; do sudo iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP \! -o $QEMU_BR_NAME &>/dev/null
if test -f $ctxdir/data/$host/pid ; then sudo iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &>/dev/null
pid=$(cat $ctxdir/data/$host/pid) sudo iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME &>/dev/null
if ! test -d /proc/$pid ; then
pinfo "VM $host seems not running"
else
pinfo "Cleaning VM $host with PID $pid..."
kill $pid && sleep 1
fi
fi
done
} }

9
scripts/0.start_dls.sh
View File

@ -1,5 +1,11 @@
#!/bin/bash #!/bin/bash
# #
# Admin token to unlock the DLS store
DLS_UNLOCK_TOKEN=changeme
#
#
D2C_IMG=novit.tech/direktil/local-server:b6fa941
DLS_IMG=novit.tech/direktil/local-server:b6fa941
prereqs_dls() { prereqs_dls() {
command -v docker 1>/dev/null || perror "Docker is needed, please install it and run again." command -v docker 1>/dev/null || perror "Docker is needed, please install it and run again."
@ -27,13 +33,14 @@ start_store() {
-e HTTPS_PROXY=$HTTPS_PROXY \ -e HTTPS_PROXY=$HTTPS_PROXY \
-v .:/var/lib/direktil \ -v .:/var/lib/direktil \
$DLS_IMG & $DLS_IMG &
# -auto-unlock 'N0v!T'
sleep 2 sleep 2
} }
source $(dirname $0)/.common source $(dirname $0)/.common
check_root check_root
prereqs
prereqs_dls prereqs_dls
prereqs
dir2config dir2config
start_store start_store
unlock_store unlock_store

10
scripts/1.qemu.sh
View File

@ -14,7 +14,7 @@ prereqs_qemu() {
done done
} }
setup_network_qemu() { setup_network_qemu() {
if ! ip li show $QEMU_BR_NAME &>/dev/null ; then if ! ip li show $QEMU_BR_NAME ; then
ip li add name $QEMU_BR_NAME type bridge ip li add name $QEMU_BR_NAME type bridge
ip li set $QEMU_BR_NAME up ip li set $QEMU_BR_NAME up
fi fi
@ -33,11 +33,10 @@ setup_network_qemu() {
if ! test -d /etc/qemu; then if ! test -d /etc/qemu; then
mkdir -p /etc/qemu mkdir -p /etc/qemu
fi fi
if ! grep -qs "allow $QEMU_BR_NAME" /etc/qemu/bridge.conf; then if ! grep -q "allow $QEMU_BR_NAME" /etc/qemu/bridge.conf; then
echo "allow $QEMU_BR_NAME" >> /etc/qemu/bridge.conf echo "allow $QEMU_BR_NAME" >> /etc/qemu/bridge.conf
fi fi
} }
run_qemu() { run_qemu() {
id=1 id=1
for host in ${!hosts[*]}; do for host in ${!hosts[*]}; do
@ -46,7 +45,7 @@ run_qemu() {
pinfo "Starting host $host with ip ${hosts[$host]}" pinfo "Starting host $host with ip ${hosts[$host]}"
qemu-system-x86_64 -enable-kvm -smp $QEMU_VM_CPU -m $QEMU_VM_MEM \ qemu-system-x86_64 -enable-kvm -smp $QEMU_VM_CPU -m $QEMU_VM_MEM \
-nic bridge,br=$QEMU_BR_NAME,mac=42:42:42:42:42:0${id} \ -nic bridge,br=$QEMU_BR_NAME,mac=42:42:42:42:42:0${id} \
-kernel $ctxdir/data/$host/kernel -initrd $ctxdir/data/$host/initrd -vga qxl \ -kernel $ctxdir/data/$host/kernel -initrd $ctxdir/data/$host/initrd-v2 -vga qxl \
-drive format=raw,file=$ctxdir/data/$host/disk & -drive format=raw,file=$ctxdir/data/$host/disk &
echo $! >$ctxdir/data/$host/pid echo $! >$ctxdir/data/$host/pid
((++id)) ((++id))
@ -55,8 +54,6 @@ run_qemu() {
} }
# # # # # # # # # # # # # # # #
source $(dirname $0)/.common source $(dirname $0)/.common
check_root check_root
prereqs prereqs
@ -69,4 +66,5 @@ get_hosts
get_parts get_parts
destroyvms destroyvms
run_qemu run_qemu
#clean

40
scripts/2.first_start_k8s.sh
View File

@ -21,13 +21,13 @@ checkup() {
while : while :
do do
pinfo "Checking availability of node $host..." pinfo "Checking availability of node $host..."
if true | sshcmd -q root@${hosts[$host]}; ssh root@${hosts[$host]} <<< true &>/dev/null
then if [ $? == 0 ]; then
pinfo "VM $host is up!" pinfo "VM $host is up!"
break break
else else
((tries--)) ((tries--))
if [ "$tries" -lt "1" ]; then if [ $tries < 1 ]; then
pinfo "Timeout waiting for node detection, please investigate why node $host is not up by now" pinfo "Timeout waiting for node detection, please investigate why node $host is not up by now"
break break
fi fi
@ -39,7 +39,7 @@ checkup() {
start_control_plane() { start_control_plane() {
for host in ${!hosts[*]}; do for host in ${!hosts[*]}; do
sshcmd -q root@${hosts[$host]} << EOF ssh root@${hosts[$host]} << EOF
if ls /etc/kubernetes/manifests.static/* &>/dev/null ; then if ls /etc/kubernetes/manifests.static/* &>/dev/null ; then
mv /etc/kubernetes/manifests.static/* /var/lib/kubelet/manifests/ mv /etc/kubernetes/manifests.static/* /var/lib/kubelet/manifests/
fi fi
@ -47,23 +47,6 @@ EOF
done done
} }
wait_for_apiserver() {
vip=$(extract_var clusters public_vip)
vip_api_port=$(extract_var clusters api_port)
while :
do
pinfo "Waiting for apiserver availability ($vip:$vip_api_port). Images may still being pulled... "
if kctl get node &>/dev/null ; then
pinfo "API is up!"
break
else
sleep 20
fi
done
}
install_addons() { install_addons() {
body='{"Kind":"cluster","Name":"'$cluster'","Assets":["addons"]}' body='{"Kind":"cluster","Name":"'$cluster'","Assets":["addons"]}'
download_id=$(dls /authorize-download -d "$body"|tr -d \") download_id=$(dls /authorize-download -d "$body"|tr -d \")
@ -72,20 +55,20 @@ install_addons() {
} }
approve_kubelet_certificates() { approve_kubelet_certificates() {
tries=10 tries=5
nodes_num=$(kctl get node -oname|wc -l) nodes_num=$(kctl get node -oname|wc -l)
while [ "$nodes_num" -lt "${#hosts[*]}" ] ; do while [ "$nodes_num" != "${#hosts[*]}" ] ; do
pinfo "Waiting for certificates requests to be created by Kubelet when it's ready... ($tries tries out of 10)" pinfo "Waiting for certificates requests to be created by Kubelet when it's ready... ($tries/5)"
sleep 20s sleep 60s
csrs="$(kctl get csr|awk '/Pending/ {print $1}')" csrs="$(kctl get csr|awk '/Pending/ {print $1}')"
if [ "$csrs" != "" ]; then if [ "$csrs" != "" ]; then
kctl certificate approve $csrs kctl certificate approve $csrs
fi fi
((tries--)) ((tries--))
if [ "$tries" -lt "1" ]; then if [ "$tries" < 1 ]; then
perror "Timeout waiting for kubelet certificates creation, please investigate why all nodes are not up by now" pinfo "Timeout waiting for kubelet certificates creation, please investigate why all nodes are not up by now"
break
fi fi
nodes_num=$(kctl get node -oname|wc -l)
done done
pinfo "All kubelets ($nodes_num) are up, enjoy !" pinfo "All kubelets ($nodes_num) are up, enjoy !"
} }
@ -100,7 +83,6 @@ declare -A hosts && get_hosts
checkup checkup
start_control_plane start_control_plane
create_kubeconfig create_kubeconfig
wait_for_apiserver
install_addons install_addons
approve_kubelet_certificates # clients and serving certs approve_kubelet_certificates # clients and serving certs

26
scripts/vars
View File

@ -1,26 +0,0 @@
## Vars
# Admin token to unlock the DLS store, replace it!
DLS_UNLOCK_TOKEN=changeme
# Docker container name for dir2config
D2C_IMG=novit.tech/direktil/local-server:latest
D2C_CTR_NAME=dir2config
# Docker container name for direktil local server
DLS_IMG=novit.tech/direktil/local-server:latest
DLS_CTR_NAME=dls
# QEMU local bridge name. If you specificy a custom name, you may have to configure qemu bridge helper to allow it
QEMU_BR_NAME=virbr0
# QEMU VM default disk size
QEMU_DISK_SIZE=30G
# Allocated CPUs to QEMU VMs
QEMU_VM_CPU=4
# Allocated Memory to QEMU VMs
QEMU_VM_MEM=4096
################
# Token file for dls
tknfile=".dls_adm_token"