Mercurial > code > home > repos > infra
comparison kube.py @ 12:15c5ce7c74b5
refactor, cleanup, split large deploys
| author | drewp@bigasterisk.com |
|---|---|
| date | Thu, 11 Nov 2021 23:31:21 -0800 |
| parents | 226f3c8419b2 |
| children | 0c1496e11b8f |
comparison
equal
deleted
inserted
replaced
| 11:82e46d7ff527 | 12:15c5ce7c74b5 |
|---|---|
| 1 from pyinfra import host | 1 from pyinfra import host |
| 2 from pyinfra.operations import server, files, apt, ssh, systemd | |
| 3 from pyinfra.facts.server import LinuxDistribution, Arch | |
| 4 from pyinfra.facts.files import FindInFile | 2 from pyinfra.facts.files import FindInFile |
| 3 from pyinfra.facts.server import Arch, LinuxDistribution | |
| 4 from pyinfra.operations import files, server, systemd | |
| 5 | 5 |
| 6 bang_is_old = True # remove after upgrade | 6 bang_is_old = True # remove after upgrade |
| 7 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] | 7 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] |
| 8 is_wifi_pi = host.name in ['frontdoor', 'living'] | 8 is_wifi_pi = host.name in ['frontdoor', 'living'] |
| 9 | 9 |
| 10 k3s_version = 'v1.21.2+k3s1' | 10 k3s_version = 'v1.21.2+k3s1' |
| 11 master_ip = "10.5.0.1" | 11 master_ip = "10.5.0.1" |
| 12 | 12 |
| 13 token = open('secrets/k3s_token', 'rt').read().strip() | |
| 14 | |
| 15 server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True) | 13 server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True) |
| 16 server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True) | 14 server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True) |
| 17 | 15 |
| 18 # - role: download | 16 tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' |
| 19 if host.get_fact(Arch) == 'x86_64': | 17 files.download(src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}', |
| 20 src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s' | 18 dest='/usr/local/bin/k3s', |
| 21 else: | 19 user='root', |
| 22 src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s-armhf' | 20 group='root', |
| 21 mode='755') | |
| 23 | 22 |
| 24 files.download(src=src, dest='/usr/local/bin/k3s', user='root', group='root', mode='755') | |
| 25 | |
| 26 # - role: raspbian | |
| 27 if is_pi: | 23 if is_pi: |
| 28 old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0] | 24 old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0] |
| 29 print(repr(old_cmdline)) | 25 print(repr(old_cmdline)) |
| 30 if 'cgroup' not in old_cmdline: | 26 if 'cgroup' not in old_cmdline: |
| 31 cmdline = old_cmdline + ' cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' | 27 cmdline = old_cmdline + ' cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' |
| 36 'update-alternatives --set iptables /usr/sbin/iptables-legacy', | 32 'update-alternatives --set iptables /usr/sbin/iptables-legacy', |
| 37 'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy', | 33 'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy', |
| 38 ]) | 34 ]) |
| 39 # needs reboot if this changed | 35 # needs reboot if this changed |
| 40 | 36 |
| 41 # - role: registries_fix | |
| 42 # See https://github.com/rancher/k3s/issues/1802 and https://rancher.com/docs/k3s/latest/en/installation/private-registry/ | 37 # See https://github.com/rancher/k3s/issues/1802 and https://rancher.com/docs/k3s/latest/en/installation/private-registry/ |
| 43 files.directory(path='/etc/rancher/k3s') | 38 files.directory(path='/etc/rancher/k3s') |
| 44 files.template(src='templates/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') | 39 files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') |
| 45 | 40 |
| 46 if host.name == 'bang': | 41 if host.name == 'bang': # master |
| 47 # - role: k3s/master | |
| 48 files.template( | 42 files.template( |
| 49 src='templates/k3s-server.service.j2', | 43 src='templates/kube/k3s-server.service.j2', |
| 50 dest='/etc/systemd/system/k3s.service', | 44 dest='/etc/systemd/system/k3s.service', |
| 51 master_ip=master_ip, | 45 master_ip=master_ip, |
| 52 ) | 46 ) |
| 53 systemd.service(service='k3s.service', daemon_reload=True, enabled=True, restarted=True) | 47 systemd.service(service='k3s.service', daemon_reload=True, enabled=True, restarted=True) |
| 54 # /var/lib/rancher/k3s/server/node-token will soon contain secrets/k3s_token | |
| 55 | 48 |
| 56 # one-time thing at cluster create time? not sure | 49 # one-time thing at cluster create time? not sure |
| 57 # - name: Replace https://localhost:6443 by https://master-ip:6443 | 50 # - name: Replace https://localhost:6443 by https://master-ip:6443 |
| 58 # command: >- | 51 # command: >- |
| 59 # k3s kubectl config set-cluster default | 52 # k3s kubectl config set-cluster default |
| 60 # --server=https://{{ master_ip }}:6443 | 53 # --server=https://{{ master_ip }}:6443 |
| 61 # --kubeconfig ~{{ ansible_user }}/.kube/config | 54 # --kubeconfig ~{{ ansible_user }}/.kube/config |
| 62 | 55 |
| 63 if host.name in ['slash', 'dash', 'frontbed', 'garage']: # nodes | 56 if host.name in ['slash', 'dash', 'frontbed', 'garage']: # nodes |
| 64 # - role: k3s/node | 57 # /var/lib/rancher/k3s/server/node-token is the source of the string in secrets/k3s_token |
| 58 token = open('secrets/k3s_token', 'rt').read().strip() | |
| 59 | |
| 65 files.template( | 60 files.template( |
| 66 src='templates/k3s-node.service.j2', | 61 src='templates/kube/k3s-node.service.j2', |
| 67 dest='/etc/systemd/system/k3s-node.service', | 62 dest='/etc/systemd/system/k3s-node.service', |
| 68 master_ip=master_ip, | 63 master_ip=master_ip, |
| 69 token=token, | 64 token=token, |
| 70 ) | 65 ) |
| 71 | 66 |
| 72 systemd.service(service='k3s-node.service', daemon_reload=True, enabled=True, restarted=True) | 67 systemd.service(service='k3s-node.service', daemon_reload=True, enabled=True, restarted=True) |
| 73 | 68 |
| 74 if host.name in ['bang', 'slash', 'dash']: # hosts to admin from | 69 if host.name in ['bang', 'slash', 'dash']: # hosts to admin from |
| 75 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s') | 70 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s') |
| 76 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp') | 71 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp') |
| 77 # files.template( | |
| 78 # src='templates/kube-config.j2', | |
| 79 # dest='/home/drewp/.kube/config', | |
| 80 # user='drewp', | |
| 81 # group='drewp', | |
| 82 # mode='600', | |
| 83 # master_ip=master_ip, | |
| 84 # token=token, | |
| 85 # ) | |
| 86 files.line(path="/home/drewp/.zshrc", line="KUBECONFIG", replace='export KUBECONFIG=/etc/rancher/k3s/k3s.yaml') | 72 files.line(path="/home/drewp/.zshrc", line="KUBECONFIG", replace='export KUBECONFIG=/etc/rancher/k3s/k3s.yaml') |
| 87 | 73 |
| 88 files.chown(target='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp') | 74 files.chown(target='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp') |
| 89 files.chmod(target='/etc/rancher/k3s/k3s.yaml', mode='640') | 75 files.chmod(target='/etc/rancher/k3s/k3s.yaml', mode='640') |