Mercurial > code > home > repos > infra

changeset 204:ad6e997fd323

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
prepare for k8s server host and registry host to change
author drewp@bigasterisk.com
date Fri, 30 Jun 2023 22:40:27 -0700
parents 3fd439ae1380
children 826db3c40fa7
files kube.py system.py templates/kube/podman_registries.conf.j2 templates/kube/registries.yaml.j2 templates/webforward.service.j2
diffstat 5 files changed, 48 insertions(+), 37 deletions(-) [+]
line wrap: on
line diff
--- a/kube.py	Fri Jun 30 22:39:13 2023 -0700
+++ b/kube.py	Fri Jun 30 22:40:27 2023 -0700
@@ -7,19 +7,11 @@
 
 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
 
-server_ip = "10.5.0.1"
-server_node = 'bang'
-nodes = ['slash', 'dash', 'ditto']  #, 'frontbed', 'garage']
-admin_from = ['bang', 'slash', 'dash', 'ditto']
-# https://github.com/k3s-io/k3s/releases
-# 1.23.6 per https://github.com/cilium/cilium/issues/20331
-k3s_version = 'v1.24.3+k3s1'
-
 # https://github.com/GoogleContainerTools/skaffold/releases
 skaffold_version = 'v2.6.0'
 
 
-def download_k3s():
+def download_k3s(k3s_version):
     tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf'
     files.download(
         src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}',
@@ -64,9 +56,12 @@
     if is_pi:
         pi_cgroup_setup()
 
+# don't try to get aufs-dkms on rpi-- https://github.com/docker/for-linux/issues/709
+def podman_insecure_registry(reg):
+    files.template(src='templates/kube/podman_registries.conf.j2', dest='/etc/containers/registries.conf.d/bang.conf', reg=reg)
 
-def config_and_run_service():
-    download_k3s()
+def config_and_run_service(k3s_version, server_node, server_ip):
+    download_k3s(k3s_version)
     service_name = 'k3s.service' if host.name == server_node else 'k3s-node.service'
     role = 'server' if host.name == server_node else 'agent'
     which_conf = 'config-server.yaml.j2' if host.name == server_node else 'config-agent.yaml.j2'
@@ -95,27 +90,43 @@
     systemd.service(service=service_name, daemon_reload=True, enabled=True, restarted=True)
 
 
-if host.name in nodes + [server_node]:
-    host_prep()
-    files.directory(path='/etc/rancher/k3s')
+def make_cluster(
+        server_ip = "10.5.0.1",
+        server_node = 'bang',
+        nodes = ['slash', 'dash', 'ditto'],
+        admin_from = ['bang', 'slash', 'dash', 'ditto'],
+        # https://github.com/k3s-io/k3s/releases
+        # 1.23.6 per https://github.com/cilium/cilium/issues/20331
+        k3s_version = 'v1.24.3+k3s1',
+        ):
+    if not is_pi:
+        podman_insecure_registry(reg='bang5:5000')
 
-    # docs: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
-    # user confusions: https://github.com/rancher/k3s/issues/1802
-    files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml')
-    # also note that podman dropped the default `docker.io/` prefix on image names (see https://unix.stackexchange.com/a/701785/419418)
-    config_and_run_service()
+    if host.name in nodes + [server_node]:
+        host_prep()
+        files.directory(path='/etc/rancher/k3s')
 
-if host.name in admin_from:
-    files.directory(path='/etc/rancher/k3s')
-    install_skaffold()
-    files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s')
-    files.directory(path='/home/drewp/.kube', user='drewp', group='drewp')
+        # docs: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
+        # user confusions: https://github.com/rancher/k3s/issues/1802
+        files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml', reg='bang5:5000')
+        # also note that podman dropped the default `docker.io/` prefix on image names (see https://unix.stackexchange.com/a/701785/419418)
+        config_and_run_service(k3s_version, server_node, server_ip)
+
+    if host.name in admin_from:
+        files.directory(path='/etc/rancher/k3s')
+        install_skaffold()
+        files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s')
+        files.directory(path='/home/drewp/.kube', user='drewp', group='drewp')
 
-    # assumes our pyinfra process is running on server_node
-    files.put(
-        src='/etc/rancher/k3s/k3s.yaml',
-        dest='/etc/rancher/k3s/k3s.yaml',  #
-        user='root',
-        group='drewp',
-        mode='640')
-    server.shell(f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml")
+        # assumes our pyinfra process is running on server_node
+        files.put(
+            src='/etc/rancher/k3s/k3s.yaml',
+            dest='/etc/rancher/k3s/k3s.yaml',  #
+            user='root',
+            group='drewp',
+            mode='640')
+        server.shell(f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml")
+
+
+make_cluster( server_ip = "10.5.0.1", server_node = 'bang', nodes = ['slash', 'dash', 'ditto'], admin_from = ['bang', 'slash', 'dash', 'ditto'], k3s_version = 'v1.24.3+k3s1')
+#make_cluster( server_ip = "10.5.0.7", server_node = 'ditto', nodes = ['slash', 'dash', 'bang'], admin_from = ['bang', 'slash', 'dash', 'ditto'], k3s_version = 'v1.25.11+k3s1')
--- a/system.py	Fri Jun 30 22:39:13 2023 -0700
+++ b/system.py	Fri Jun 30 22:40:27 2023 -0700
@@ -45,7 +45,7 @@
 
 def web_forward():
     for port in [80, 443]:
-        files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port)
+        files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", pom_serv_host='bang', port=port)
         systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True)
 
 server.hostname(hostname=host.name)
--- a/templates/kube/podman_registries.conf.j2	Fri Jun 30 22:39:13 2023 -0700
+++ b/templates/kube/podman_registries.conf.j2	Fri Jun 30 22:40:27 2023 -0700
@@ -1,3 +1,3 @@
 [[registry]]
-location = "bang5:5000"
+location = "{{reg}}"
 insecure = true
--- a/templates/kube/registries.yaml.j2	Fri Jun 30 22:39:13 2023 -0700
+++ b/templates/kube/registries.yaml.j2	Fri Jun 30 22:40:27 2023 -0700
@@ -1,6 +1,6 @@
 # written by pyinfra
 
 mirrors:
-  "bang5:5000":
+  "{{reg}}":
     endpoint:
-      - "http://bang5:5000"
+      - "http://{{reg}}"
--- a/templates/webforward.service.j2	Fri Jun 30 22:39:13 2023 -0700
+++ b/templates/webforward.service.j2	Fri Jun 30 22:40:27 2023 -0700
@@ -10,7 +10,7 @@
 [Service]
 Type=simple
 
-ExecStart=/usr/bin/socat tcp-listen:{{ port }},fork,reuseaddr tcp:bang:{{ port }}
+ExecStart=/usr/bin/socat tcp-listen:{{ port }},fork,reuseaddr tcp:{{pom_serv_host}}:{{ port }}
 
 [Install]
 WantedBy=multi-user.target