From 3c291b8a95287fa1d9ee489341b917b6e8890f7e Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 12:15:07 -0400 Subject: [PATCH 01/24] feature(wip): Adds installer. --- .gitignore | 3 +- nixinfra/build.sh | 17 ----------- nixinfra/buildall.sh | 32 ------------------- nixinfra/commons.agent.nix | 7 ----- nixinfra/commons.nix | 4 +++ nixinfra/commons.server.nix | 7 ----- nixinfra/install-script.sh | 51 +++++++++++++++++++++++++++++++ nixinfra/install.sh | 15 +++++++++ nixinfra/kitteh-node-1/server.nix | 7 ----- nixinfra/upload.sh | 41 ------------------------- 10 files changed, 72 insertions(+), 112 deletions(-) delete mode 100755 nixinfra/build.sh delete mode 100755 nixinfra/buildall.sh create mode 100644 nixinfra/install-script.sh create mode 100755 nixinfra/install.sh delete mode 100755 nixinfra/upload.sh diff --git a/.gitignore b/.gitignore index 59d3f8e..0057595 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ out build.log secrets.nix -meta \ No newline at end of file +meta +hardware-configuration.nix \ No newline at end of file diff --git a/nixinfra/build.sh b/nixinfra/build.sh deleted file mode 100755 index 0e5a3da..0000000 --- a/nixinfra/build.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bash -set -e - -echo "Building '$1'..." -nix --extra-experimental-features nix-command run github:nix-community/nixos-generators -- --format proxmox --configuration "$1.nix" | tee build.log - -if [ ! -d "out/" ]; then - mkdir out/ -fi - -echo "Copying file to the output directory..." - -# Hacky! -mkdir -p out/$1 -rm -rf out/$1 out/$1.vma.zst -OUT_FILE="$(sed -n '$p' build.log)" -cp -r $OUT_FILE out/$1.vma.zst \ No newline at end of file diff --git a/nixinfra/buildall.sh b/nixinfra/buildall.sh deleted file mode 100755 index 3b4814f..0000000 --- a/nixinfra/buildall.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash -mkdir meta > /dev/null 2> /dev/null -touch meta/tagged_for_upload - -for FILE in kitteh-node-*/*; do - FILE_NO_EXTENSION="${FILE/".nix"/""}" - - # Hacky! - mkdir -p meta/$FILE - rm -rf meta/$FILE - - sha512sum $FILE > /tmp/kt-clusterbuild_sha512sum - - if [ ! -f "meta/$FILE.sha" ] || ! diff -q "/tmp/kt-clusterbuild_sha512sum" "meta/$FILE.sha" > /dev/null; then - ./build.sh $FILE_NO_EXTENSION - - if [ $? -ne 0 ]; then - echo "Failed to build, skipping..." - continue - fi - - if ! grep -q "out/$FILE_NO_EXTENSION.vma.zst" meta/tagged_for_upload; then - echo "out/$FILE_NO_EXTENSION.vma.zst" >> meta/tagged_for_upload - fi - else - echo "Not building '$FILE_NO_EXTENSION'." - fi - - mv "/tmp/kt-clusterbuild_sha512sum" "meta/$FILE.sha" -done - -echo "Done building." \ No newline at end of file diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index 207c8da..a829c9e 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -5,13 +5,6 @@ in { ./commons.nix ]; - # This is intentionally defined like this (not using braces) for updating. DO NOT CHANGE THIS. - # - greysoh - proxmox.qemuConf.memory = 8192; - proxmox.qemuConf.cores = 4; - proxmox.qemuConf.name = "k3s-agent"; - proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072"; - services.k3s = { enable = true; role = "agent"; diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix index ecad457..d57158f 100644 --- a/nixinfra/commons.nix +++ b/nixinfra/commons.nix @@ -4,6 +4,7 @@ let in { imports = [ ./secrets.nix + ./hardware-configuration.nix ]; swapDevices = [ @@ -13,6 +14,9 @@ in { } ]; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + systemd.services.kittehclean = { enable = true; description = "Cleans up this Kitteh node & runs init tasks"; diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index 31c86a4..9300b0a 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -5,13 +5,6 @@ in { ./commons.nix ]; - # This is intentionally defined like this (not using braces) for updating. DO NOT CHANGE THIS. - # - greysoh - proxmox.qemuConf.memory = 4096; - proxmox.qemuConf.cores = 1; - proxmox.qemuConf.name = "k3s-server"; - proxmox.qemuConf.diskSize = pkgs.lib.mkForce "32768"; - services.k3s = { enable = true; role = "server"; diff --git a/nixinfra/install-script.sh b/nixinfra/install-script.sh new file mode 100644 index 0000000..9f1fec8 --- /dev/null +++ b/nixinfra/install-script.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash +export TERM="xterm-256color" +clear + +echo "KittehCluster installer" +echo "Codename 'tundra'" +echo + +sed -e 's/\s*\([\+0-9a-zA-Z]*\).*/\1/' << EOF | sudo fdisk /dev/vda + o # dos disk label + n # new partition + p # primary partition + 1 # setup boot partition + 2048 # align first sector (performance reasons?) + +500M # boot partition size + n # new partition + p # primary partition + 2 # partion number 2 + # default, start immediately after preceding partition + # default, extend partition to end of disk + a # make a partition bootable + 1 # bootable partition is partition 1 -- /dev/vda1 + w # write the partition table + q # and we're done +EOF + +sudo mkfs.fat -F 32 /dev/vda1 +sudo fatlabel /dev/vda1 BOOT +sudo mkfs.ext4 /dev/vda2 -L ROOT + +sudo mount /dev/vda2 /mnt +sudo mkdir -p /mnt/boot +sudo mount /dev/vda1 /mnt/boot + +sudo nixos-generate-config --root /mnt + +sudo mv /mnt/etc/nixos/hardware-configuration.nix /tmp/hardware-configuration.nix + +sudo rm -rf /mnt/etc/nixos/* /mnt/etc/nixos/.* +sudo nix-shell -p git --command "git clone $GIT_REPO /mnt/etc/nixos" + +if [ ! -f "/mnt/etc/nixos/install-script.sh" ]; then + echo "DEBUG: checking out 'tundra' branch..." + sudo nix-shell -p git --command "cd /mnt/etc/nixos; git checkout tundra" +fi + +sudo mv /tmp/hardware-configuration.nix /mnt/etc/nixos/nixinfra/ +sudo nixos-install -I /mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH + +sudo umount /mnt/boot +sudo umount /mnt \ No newline at end of file diff --git a/nixinfra/install.sh b/nixinfra/install.sh new file mode 100755 index 0000000..46135eb --- /dev/null +++ b/nixinfra/install.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +if [ "$GIT_REPO" == "" ]; then + export GIT_REPO="https://git.hofers.cloud/greysoh/kittehcluster" +fi + +if [ "$NIX_INSTALL_PATH" == "" ]; then + echo "ERROR: the environment variable 'NIX_INSTALL_PATH' is not set!" + echo "This can be fixed by setting it to the path of the nix file, i.e:" + echo "$ NIX_INSTALL_PATH=kitteh-node-1/server.nix ./install.sh" + exit 1 +fi + +echo "Initializing..." +FILE_ENCODED="$(cat install-script.sh | base64)" +ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$1 bash -c "'echo -n $FILE_ENCODED | base64 -d > /tmp/install.sh; GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH bash /tmp/install.sh'" \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 0d40188..3187ea9 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -8,13 +8,6 @@ in { ../commons.nix ]; - # This is intentionally defined like this (not using braces) for updating. DO NOT CHANGE THIS. - # - greysoh - proxmox.qemuConf.memory = 4096; - proxmox.qemuConf.cores = 1; - proxmox.qemuConf.name = "k3s-server"; - proxmox.qemuConf.diskSize = pkgs.lib.mkForce "32768"; - networking.hostName = "kitteh-node-1-k3s-server"; services.k3s = { diff --git a/nixinfra/upload.sh b/nixinfra/upload.sh deleted file mode 100755 index bd84add..0000000 --- a/nixinfra/upload.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/env bash -if [ "$BASE_IP" = "" ]; then - BASE_IP=192.168.0.20 -fi - -IP_LAST_OCTET="${BASE_IP##*.}" -IP_MAIN_OCTET="${BASE_IP%.*}" - -IP_LAST_OCTET=$((IP_LAST_OCTET-1)) - -BASE_ID=100 - -cp meta/tagged_for_upload /tmp/upload_cache - -while IFS= read -r LINE; do - UPLOAD_PATH="/var/lib/vz/dump/vzdump-qemu-$(basename $LINE .vma.zst)-$(date +"%Y_%m_%d-%H_%M_%S").vma.zst" - echo "Uploading VM dump '$LINE'..." - - CURRENT_NODE="$(dirname $LINE)" - CURRENT_NODE="${CURRENT_NODE##*-}" - IP="$IP_MAIN_OCTET.$((IP_LAST_OCTET+CURRENT_NODE))" - - rsync --info=progress2 $LINE root@$IP:$UPLOAD_PATH - - if [[ "$@" == *"--install"* ]] || [[ "$@" == *"-i"* ]]; then - echo "Installing VM dump '$LINE'..." - - ssh -n root@$IP "qmrestore $UPLOAD_PATH $BASE_ID --force --unique" - BASE_ID=$((BASE_ID+1)) - fi - - if [[ "$@" == *"--delete"* ]] || [[ "$@" == *"-d"* ]]; then - echo "Deleting VM dump '$LINE'..." - ssh -n root@$IP "rm -rf $UPLOAD_PATH" - fi - - ESCAPED_LINE=$(printf '%s\n' "$LINE" | sed -e 's/[\/&]/\\&/g') - sed -i "/$ESCAPED_LINE/d" meta/tagged_for_upload -done < /tmp/upload_cache - -echo "Done." \ No newline at end of file From 72b9dd88e5e1a651af4cdce04c6f4ec3e5a81f42 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 13:57:30 -0400 Subject: [PATCH 02/24] chore: Finish up install scripts. --- nixinfra/commons.nix | 14 +++++--------- nixinfra/install-script.sh | 28 +++++++++++++++++++++++++--- nixinfra/install.sh | 24 ++++++++++++++++++++++-- nixinfra/kitteh-node-1/agent.nix | 1 + nixinfra/kitteh-node-1/server.nix | 1 + nixinfra/kitteh-node-2/agent.nix | 1 + nixinfra/kitteh-node-2/server.nix | 1 + nixinfra/update.sh | 16 ++++++++++++++++ 8 files changed, 72 insertions(+), 14 deletions(-) create mode 100644 nixinfra/update.sh diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix index d57158f..f58b4f4 100644 --- a/nixinfra/commons.nix +++ b/nixinfra/commons.nix @@ -1,6 +1,6 @@ let pkgs = import {}; - secret_data = builtins.readFile ./secrets.nix; + update_script = builtins.readFile ./update.sh; in { imports = [ ./secrets.nix @@ -29,14 +29,10 @@ in { chmod -R 644 /etc/rancher 2> /dev/null > /dev/null chmod -R 644 /var/lib/rancher 2> /dev/null > /dev/null - if [ ! -d "/etc/nixos/git" ]; then - echo "Waiting for true internet bringup..." - sleep 10 - echo "Downloading configuration files..." - ${pkgs.git}/bin/git clone https://git.hofers.cloud/greysoh/kittehcluster /etc/nixos/ - cp -r ${pkgs.writeText "secrets.nix" secret_data} /etc/nixos/nixinfra/secrets.nix - fi - + # Because I'm lazy (and this works), we use this method to write the file + rm -rf /home/clusteradm/update + ln -s ${pkgs.writeShellScript "update" update_script} /home/clusteradm/update + echo "Done." ''; }; diff --git a/nixinfra/install-script.sh b/nixinfra/install-script.sh index 9f1fec8..0f0087f 100644 --- a/nixinfra/install-script.sh +++ b/nixinfra/install-script.sh @@ -45,7 +45,29 @@ if [ ! -f "/mnt/etc/nixos/install-script.sh" ]; then fi sudo mv /tmp/hardware-configuration.nix /mnt/etc/nixos/nixinfra/ -sudo nixos-install -I /mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH +sudo mv $SECRETS_PATH /mnt/etc/nixos/nixinfra/secrets.nix -sudo umount /mnt/boot -sudo umount /mnt \ No newline at end of file +sudo bash -c "NIXOS_CONFIG=/mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH nixos-install" +RET=$? + +if [ $RET -ne 0 ]; then + echo "Failed to install! Attempting to spawn bash for debugging..." + echo "NOTE: You will not see a bash prompt (for some reason)" + bash + echo "Bash exited." +else + echo "Successfully installed! Finishing install..." + mkdir /mnt/home/clusteradm/.bin + echo "NIX_INSTALL_PATH=/etc/nixos/nixinfra/$NIX_INSTALL_PATH" > /mnt/home/clusteradm/.bin/.env + echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.bashrc + echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.zshrc + sleep 60 + echo "Rebooting" + sudo reboot + exit +fi + +echo "Unmounting filesystems..." +sudo umount -f /mnt/boot +sudo umount -f /mnt +echo "Done." \ No newline at end of file diff --git a/nixinfra/install.sh b/nixinfra/install.sh index 46135eb..86c1d06 100755 --- a/nixinfra/install.sh +++ b/nixinfra/install.sh @@ -1,4 +1,10 @@ #!/usr/bin/env bash +SSH_SERVER="$1" + +ssh-to-srv() { + ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$SSH_SERVER $@ +} + if [ "$GIT_REPO" == "" ]; then export GIT_REPO="https://git.hofers.cloud/greysoh/kittehcluster" fi @@ -10,6 +16,20 @@ if [ "$NIX_INSTALL_PATH" == "" ]; then exit 1 fi +if [ ! -f "secrets.nix" ]; then + echo "ERROR: secrets.nix doesn't exit! Copy that file, and setup your secrets, please." + exit 1 +fi + echo "Initializing..." -FILE_ENCODED="$(cat install-script.sh | base64)" -ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$1 bash -c "'echo -n $FILE_ENCODED | base64 -d > /tmp/install.sh; GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH bash /tmp/install.sh'" \ No newline at end of file + +# Ugh, gotta reimplement ssh-copy-id real quick... +# TODO: see if there's a way to specify custom arguments to ssh-copy-id's SSH process +for i in ~/.ssh/id_*.pub; do + echo "Copying public key '$i'..." + ssh-to-srv bash -c "'mkdir -p ~/.ssh; touch ~/.ssh/authorized_keys; echo -n $(cat $i | base64) | base64 -d > ~/.ssh/authorized_keys'" +done + +ssh-to-srv bash -c "'echo -n $(cat secrets.nix | base64) | base64 -d > /tmp/secrets.nix'" +ssh-to-srv bash -c "'echo -n $(cat install-script.sh | base64) | base64 -d > /tmp/install.sh'" +ssh-to-srv bash -c "'GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH SECRETS_PATH=/tmp/secrets.nix bash /tmp/install.sh'" \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/agent.nix b/nixinfra/kitteh-node-1/agent.nix index 6cf4ee6..a2e3692 100644 --- a/nixinfra/kitteh-node-1/agent.nix +++ b/nixinfra/kitteh-node-1/agent.nix @@ -6,4 +6,5 @@ in { ]; networking.hostName = "kitteh-node-1-k3s-agent"; + environment.variables.NIX_BUILD_ID = "kitteh-node-1/agent"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 3187ea9..6319891 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -9,6 +9,7 @@ in { ]; networking.hostName = "kitteh-node-1-k3s-server"; + environment.variables.NIX_BUILD_ID = "kitteh-node-1/server"; services.k3s = { enable = true; diff --git a/nixinfra/kitteh-node-2/agent.nix b/nixinfra/kitteh-node-2/agent.nix index f344e33..16002aa 100644 --- a/nixinfra/kitteh-node-2/agent.nix +++ b/nixinfra/kitteh-node-2/agent.nix @@ -6,4 +6,5 @@ in { ]; networking.hostName = "kitteh-node-2-k3s-agent"; + environment.variables.NIX_BUILD_ID = "kitteh-node-2/agent"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-2/server.nix b/nixinfra/kitteh-node-2/server.nix index 9b0a520..3f6a771 100644 --- a/nixinfra/kitteh-node-2/server.nix +++ b/nixinfra/kitteh-node-2/server.nix @@ -6,4 +6,5 @@ in { ]; networking.hostName = "kitteh-node-2-k3s-server"; + environment.variables.NIX_BUILD_ID = "kitteh-node-2/server"; } \ No newline at end of file diff --git a/nixinfra/update.sh b/nixinfra/update.sh new file mode 100644 index 0000000..44a377f --- /dev/null +++ b/nixinfra/update.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +if [[ "$NIX_BUILD_ID" == "" ]]; then + echo "ERROR: You have held a (potentially) broken install!" + echo "NIX_BUILD_ID is not set (should be set by default!)" + echo "Please set NIX_BUILD_ID manually. i.e:" + echo "NIX_BUILD_ID=kitteh-node-1/agent updater" + exit 1 +fi + +if [[ "$UID" != "0" ]]; then + sudo $0 $@ + exit $? +fi + +export NIX_PATH="$(printf $NIX_PATH | sed --expression="s#/etc/nixos/configuration.nix#/etc/nixos/nixinfra/$NIX_BUILD_ID.nix#g")" +nixos-rebuild switch --upgrade \ No newline at end of file From 1f42ab8c6e8c9fd0e018d60028a619f5ae877d4a Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:12:16 -0400 Subject: [PATCH 03/24] chore: Fix up README. --- README.md | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 15a4b77..d53f529 100644 --- a/README.md +++ b/README.md @@ -4,37 +4,34 @@ This is my (work in progress, deployed but nothing production running on it *yet Currently, I cannot recommend that you use this setup in production yet. I have to delete and recreate my VMs multiple times a day, until I fix everything. ## Prerequisites - An x86_64 computer with virtualization enabled, running NixOS -- A cluster of computers running Proxmox, with your SSH keys copied to them. These should (not required, but *highly* recommended) be connected together in Proxmox using the cluster feature. -- Cluster hypervisor's IPs next to eachother (ex. node 1's Proxmox is `192.168.0.20`, node 2's is `192.168.0.21`) +- A cluster of computers preferably running Proxmox. These should (not required, but *highly* recommended) be connected together in Proxmox using the cluster feature. - Patience (will take a while, and may test it) - `kubectl`, and `helm` installed on your local computer. ## Setup ### VM Setup 1. First, you'll need to fork this repository, and `git clone` it down. 2. Copy `secrets.example.nix` to `secrets.nix`. -3. Change `services.k3s.token` to be a unique token (i.e. using `uuidgen`, `head -c 500 /dev/random | sha1sum | cut -d " " -f 1`, etc) +3. Change `services.k3s.token` to be a unique token (i.e using `uuidgen`, `head -c 500 /dev/random | sha1sum | cut -d " " -f 1`, etc) 4. Change `users.users.clusteradm.openssh.authorizedKeys.keys` to have your SSH key(s) in there. -5. Then, run `./buildall.sh`, to build all the virtual machines. This may take a long time, depending on your hardware! On a 2015 MacBook Air, this took 30 minutes. Make some tea while you wait! -6. Finally, run `BASE_IP=your_base_ip_here ./upload.sh -i -d`, with `BASE_IP` being the first IP for your Proxmox cluster. -7. Set all VMs to auto-start, then turn them all on, starting with the first node's `k3s-server`. -8. You can now connect using your SSH key to any of the nodes with the user `clusteradm`. The default password is `1234`. Be sure to change this! +5. (Proxmox-specific, but you'll need to do a similar process on i.e ESXi, XenServer, etc.) Go to [the NixOS download page](https://nixos.org/download/), and copy the minimal ISO download. Go your ISO image volume (by default, this is `local`), click on ISO images, click download from URL, paste in the URL, click query URL, then download the file on all of your nodes. +6. Create VM(s) that use VirtIO hard drives (i.e drives with `/dev/vda`), and the ISO set to the NixOS installer. +7. Boot the installer, and set the password of the `nixos` user to something so you can SSH in to start the installer. +8. With the environment variable `NIX_INSTALL_PATH` set to the nix file you want to use for installation (i.e `kitteh-node-1/agent.nix`), run `./install.sh`. This will take about 20 minutes on my setup. You are highly encouraged to run multiple installations in parallel. ### Kubernetes setup -1. SSH into any of the nodes. (i.e. `ssh clusteradm@kitteh-node-2-k3s-server`) +1. SSH into any of the nodes. (i.e `ssh clusteradm@kitteh-node-2-k3s-server`) 2. As root, grab `/etc/rancher/k3s/k3s.yaml`, and copy it to wherever you store your k3s configurations (on macOS, this is `~/.kube/config`) -## Updating (TODO) -In NixOS, instead of `apt update; apt upgrade -y`, `pacman -Syu --noconfirm`, or other systems, you need to "rebuild" the system. - -There is a work in progress of this system (see `kittehclean`'s Git downloader), but it is not done yet. +## Updating +Connect to the node using SSH, and run `./update`. ## Customization ### Adding nodes -Copy `kitteh-node-2`, to `kitteh-node-X`, where `X` is the server number. Change the hostname to correspond to each clustered computer (ex. 3rd computer's k3s agent is `kitteh-node-3-k3s-agent`) +Copy `kitteh-node-2`, to `kitteh-node-X`, where `X` is the server number. Change the hostname to correspond to each clustered computer (i.e 3rd computer's k3s agent is `kitteh-node-3-k3s-agent`) ### Custom cluster setup / Forking This is a guide. You can change more stuff if you'd like, but this will get you started. 1. First, fork this Git repository if you haven't already. -2. If you want to change the folder names, rename the folders (i.e. kitteh-node-* to whatever-*), and change `buildall.sh`'s for loop to be `whatever-*/*`, for example. +2. If you want to change the folder names, rename the folders (i.e kitteh-node-* to whatever-*), and change `buildall.sh`'s for loop to be `whatever-*/*`, for example. 3. If you want to change the hostname, change them all. Be sure to change `commons.agent.nix` and `commons.server.nix` to correspond to the new `kitteh-node-1-k3s-server`'s name! -4. In `commons.nix`, either remove `kittehclean` (not recommended unless you're using a private Git repository), or change the git repository it pulls down from (i.e. change `https://git.hofers.cloud/greysoh/kittehcluster` to `https://github.com/contoso/k3s-cluster`). +4. In `commons.nix`, either remove `kittehclean` (not recommended unless you're using a private Git repository), or change the git repository it pulls down from (i.e change `https://git.hofers.cloud/greysoh/kittehcluster` to `https://github.com/contoso/k3s-cluster`). 5. (optional) Rename `kittehclean` and change the description. ## Troubleshooting - I can't login via SSH! From bfcbc9f79ad0c5afb786a5c9c3343d5d7e0d5a52 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:15:03 -0400 Subject: [PATCH 04/24] fix: Adds missing details in README. This adds the missing detail on how to connect to the VM. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d53f529..0f48b04 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Currently, I cannot recommend that you use this setup in production yet. I have 5. (Proxmox-specific, but you'll need to do a similar process on i.e ESXi, XenServer, etc.) Go to [the NixOS download page](https://nixos.org/download/), and copy the minimal ISO download. Go your ISO image volume (by default, this is `local`), click on ISO images, click download from URL, paste in the URL, click query URL, then download the file on all of your nodes. 6. Create VM(s) that use VirtIO hard drives (i.e drives with `/dev/vda`), and the ISO set to the NixOS installer. 7. Boot the installer, and set the password of the `nixos` user to something so you can SSH in to start the installer. -8. With the environment variable `NIX_INSTALL_PATH` set to the nix file you want to use for installation (i.e `kitteh-node-1/agent.nix`), run `./install.sh`. This will take about 20 minutes on my setup. You are highly encouraged to run multiple installations in parallel. +8. With the environment variable `NIX_INSTALL_PATH` set to the nix file you want to use for installation (i.e `kitteh-node-1/agent.nix`), run `./install.sh IP_ADDRESS_FOR_VM_HERE`. This will take about 20 minutes on my setup. You are highly encouraged to run multiple installations in parallel. ### Kubernetes setup 1. SSH into any of the nodes. (i.e `ssh clusteradm@kitteh-node-2-k3s-server`) 2. As root, grab `/etc/rancher/k3s/k3s.yaml`, and copy it to wherever you store your k3s configurations (on macOS, this is `~/.kube/config`) From f84a6f3754373a6ec61ba6bd80c9060f8549000d Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:16:41 -0400 Subject: [PATCH 05/24] fix: Adds postinstall connection information. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0f48b04..454a009 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ Currently, I cannot recommend that you use this setup in production yet. I have 6. Create VM(s) that use VirtIO hard drives (i.e drives with `/dev/vda`), and the ISO set to the NixOS installer. 7. Boot the installer, and set the password of the `nixos` user to something so you can SSH in to start the installer. 8. With the environment variable `NIX_INSTALL_PATH` set to the nix file you want to use for installation (i.e `kitteh-node-1/agent.nix`), run `./install.sh IP_ADDRESS_FOR_VM_HERE`. This will take about 20 minutes on my setup. You are highly encouraged to run multiple installations in parallel. +9. When the installation is done (it will autoreboot), you can now connect using your SSH key to any of the nodes with the user `clusteradm`. The default password is `1234`. Be sure to change this! ### Kubernetes setup 1. SSH into any of the nodes. (i.e `ssh clusteradm@kitteh-node-2-k3s-server`) 2. As root, grab `/etc/rancher/k3s/k3s.yaml`, and copy it to wherever you store your k3s configurations (on macOS, this is `~/.kube/config`) From 431e9fd706a70b470b6f027ea6f63fbdb403d648 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:17:36 -0400 Subject: [PATCH 06/24] fix: More nitpicking. me when the drive is sus!! I'm losing it --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 454a009..8489385 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Currently, I cannot recommend that you use this setup in production yet. I have 3. Change `services.k3s.token` to be a unique token (i.e using `uuidgen`, `head -c 500 /dev/random | sha1sum | cut -d " " -f 1`, etc) 4. Change `users.users.clusteradm.openssh.authorizedKeys.keys` to have your SSH key(s) in there. 5. (Proxmox-specific, but you'll need to do a similar process on i.e ESXi, XenServer, etc.) Go to [the NixOS download page](https://nixos.org/download/), and copy the minimal ISO download. Go your ISO image volume (by default, this is `local`), click on ISO images, click download from URL, paste in the URL, click query URL, then download the file on all of your nodes. -6. Create VM(s) that use VirtIO hard drives (i.e drives with `/dev/vda`), and the ISO set to the NixOS installer. +6. Create VM(s) that use VirtIO hard drives (i.e drives with `/dev/vdX`), and the ISO set to the NixOS installer. 7. Boot the installer, and set the password of the `nixos` user to something so you can SSH in to start the installer. 8. With the environment variable `NIX_INSTALL_PATH` set to the nix file you want to use for installation (i.e `kitteh-node-1/agent.nix`), run `./install.sh IP_ADDRESS_FOR_VM_HERE`. This will take about 20 minutes on my setup. You are highly encouraged to run multiple installations in parallel. 9. When the installation is done (it will autoreboot), you can now connect using your SSH key to any of the nodes with the user `clusteradm`. The default password is `1234`. Be sure to change this! From 254658dfca13c913f36ab013049f23b9fcd95eb5 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:21:48 -0400 Subject: [PATCH 07/24] chore: Finalize updating. --- nixinfra/commons.nix | 8 ++------ nixinfra/update.sh | 4 ++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix index f58b4f4..859dcd7 100644 --- a/nixinfra/commons.nix +++ b/nixinfra/commons.nix @@ -62,10 +62,6 @@ in { initialPassword = "1234"; isNormalUser = true; extraGroups = ["sudoer" "wheel" "docker"]; - - packages = with pkgs; [ - git - ]; }; environment.systemPackages = with pkgs; [ @@ -75,8 +71,8 @@ in { htop bottom - # For some reason, after seperation, this package isn't included anymore, but the services are - k3s + # Updating + git ]; system.stateVersion = "24.05"; diff --git a/nixinfra/update.sh b/nixinfra/update.sh index 44a377f..a01f9fd 100644 --- a/nixinfra/update.sh +++ b/nixinfra/update.sh @@ -12,5 +12,9 @@ if [[ "$UID" != "0" ]]; then exit $? fi +pushd /etc/nixos 2> /dev/null > /dev/null +git pull +popd 2> /dev/null > /dev/null + export NIX_PATH="$(printf $NIX_PATH | sed --expression="s#/etc/nixos/configuration.nix#/etc/nixos/nixinfra/$NIX_BUILD_ID.nix#g")" nixos-rebuild switch --upgrade \ No newline at end of file From bae947de74ce617aed829fc71c50c2472caefb43 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:29:50 -0400 Subject: [PATCH 08/24] fix: Fixes updater failing in certain cases. --- nixinfra/update.sh | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/nixinfra/update.sh b/nixinfra/update.sh index a01f9fd..0632209 100644 --- a/nixinfra/update.sh +++ b/nixinfra/update.sh @@ -1,15 +1,38 @@ -#!/usr/bin/env bash -if [[ "$NIX_BUILD_ID" == "" ]]; then +nix_bld_unset_err() { echo "ERROR: You have held a (potentially) broken install!" echo "NIX_BUILD_ID is not set (should be set by default!)" echo "Please set NIX_BUILD_ID manually. i.e:" echo "NIX_BUILD_ID=kitteh-node-1/agent updater" exit 1 +} + +if [[ "$NIX_BUILD_ID" == "" ]]; then + if [[ ! -f "/tmp/nixbuildid" ]]; then + nix_bld_unset_err + fi + + source /tmp/nixbuildid + + if [[ "$NIX_BUILD_ID" == "" ]]; then + nix_bld_unset_err + fi fi if [[ "$UID" != "0" ]]; then + # Hacky workaround for failing to read NIX_BUILD_ID when called like: + # ./update + # but this works: + # sudo ./update + + echo "NIX_BUILD_ID=$NIX_BUILD_ID" > /tmp/nixbuildid + chmod +x /tmp/nixbuildid + sudo $0 $@ - exit $? + STATUS_CODE=$? + + rm -rf /tmp/nixbuildid + + exit $STATUS_CODE fi pushd /etc/nixos 2> /dev/null > /dev/null From 968d171699c096d304e181625123136c1f7d592e Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 14:31:07 -0400 Subject: [PATCH 09/24] chore: Cleanup comments. --- nixinfra/update.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixinfra/update.sh b/nixinfra/update.sh index 0632209..05abd6d 100644 --- a/nixinfra/update.sh +++ b/nixinfra/update.sh @@ -20,9 +20,10 @@ fi if [[ "$UID" != "0" ]]; then # Hacky workaround for failing to read NIX_BUILD_ID when called like: - # ./update + # - $: ./update # but this works: - # sudo ./update + # - $: sudo su + # - #: ./update echo "NIX_BUILD_ID=$NIX_BUILD_ID" > /tmp/nixbuildid chmod +x /tmp/nixbuildid From 714aef3b904d1e56de3cde5f8ffe53d9ca932cc0 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 16:19:50 -0400 Subject: [PATCH 10/24] fix(wip): Adds workaround for weird k3s issues. --- nixinfra/commons.agent.nix | 16 +++++++++++++--- nixinfra/commons.server.nix | 17 +++++++++++++---- nixinfra/kitteh-node-1/server.nix | 19 ++++++++++++++----- nixinfra/update.sh | 8 ++++---- 4 files changed, 44 insertions(+), 16 deletions(-) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index a829c9e..72bafa3 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -5,10 +5,20 @@ in { ./commons.nix ]; - services.k3s = { + systemd.services.k3s = { enable = true; - role = "agent"; - serverAddr = "https://kitteh-node-1-k3s-server:6443"; + description = "(manual) k3s service"; + + path = [ + pkgs.k3s + ]; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "k3s-hack" '' + k3s agent --token ${services.k3s.token} --server https://kitteh-node-1-k3s-server:6443 + ''; + }; }; virtualisation.docker.enable = true; diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index 9300b0a..1589e13 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -5,11 +5,20 @@ in { ./commons.nix ]; - services.k3s = { + systemd.services.k3s = { enable = true; - role = "server"; - serverAddr = "https://kitteh-node-1-k3s-server:6443"; - extraFlags = "--disable servicelb"; + description = "(manual) k3s service"; + + path = [ + pkgs.k3s + ]; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "k3s-hack" '' + k3s server --token ${services.k3s.token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb + ''; + }; }; # K3s settings diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 6319891..51ba7a8 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -10,12 +10,21 @@ in { networking.hostName = "kitteh-node-1-k3s-server"; environment.variables.NIX_BUILD_ID = "kitteh-node-1/server"; - - services.k3s = { + + systemd.services.k3s = { enable = true; - role = "server"; - clusterInit = true; - extraFlags = "--disable servicelb"; + description = "(manual) k3s service"; + + path = [ + pkgs.k3s + ]; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "k3s-hack" '' + k3s server --cluster-init --token ${services.k3s.token} --disable servicelb + ''; + }; }; # K3s settings diff --git a/nixinfra/update.sh b/nixinfra/update.sh index 05abd6d..21fde32 100644 --- a/nixinfra/update.sh +++ b/nixinfra/update.sh @@ -1,8 +1,7 @@ nix_bld_unset_err() { - echo "ERROR: You have held a (potentially) broken install!" - echo "NIX_BUILD_ID is not set (should be set by default!)" - echo "Please set NIX_BUILD_ID manually. i.e:" - echo "NIX_BUILD_ID=kitteh-node-1/agent updater" + echo "ERROR: NIX_BUILD_ID is not set (should be set by default!)" + echo " Please set NIX_BUILD_ID manually. i.e:" + echo " NIX_BUILD_ID=kitteh-node-1/agent updater" exit 1 } @@ -24,6 +23,7 @@ if [[ "$UID" != "0" ]]; then # but this works: # - $: sudo su # - #: ./update + # NOTE: Calling `$: sudo ./update` still doesn't work with this hack. Just use `./update`, man. echo "NIX_BUILD_ID=$NIX_BUILD_ID" > /tmp/nixbuildid chmod +x /tmp/nixbuildid From c5d8bbc7b024de6060f54d0d7b28c4df5abc59eb Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 16:27:59 -0400 Subject: [PATCH 11/24] fix: Attempts to fix reference errors. --- nixinfra/commons.agent.nix | 3 ++- nixinfra/commons.server.nix | 3 ++- nixinfra/kitteh-node-1/server.nix | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index 72bafa3..50049c4 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -1,5 +1,6 @@ let pkgs = import {}; + k3s_token = (import ./secrets.nix).services.k3s.token; in { imports = [ ./commons.nix @@ -16,7 +17,7 @@ in { serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - k3s agent --token ${services.k3s.token} --server https://kitteh-node-1-k3s-server:6443 + k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 ''; }; }; diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index 1589e13..367db0d 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -1,5 +1,6 @@ let pkgs = import {}; + k3s_token = (import ./secrets.nix).services.k3s.token; in { imports = [ ./commons.nix @@ -16,7 +17,7 @@ in { serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - k3s server --token ${services.k3s.token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb + k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb ''; }; }; diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 51ba7a8..77383d4 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -3,6 +3,7 @@ let pkgs = import {}; + k3s_token = (import ../secrets.nix).services.k3s.token; in { imports = [ ../commons.nix @@ -22,7 +23,7 @@ in { serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - k3s server --cluster-init --token ${services.k3s.token} --disable servicelb + k3s server --cluster-init --token ${k3s_token} --disable servicelb ''; }; }; From 9475570b186ce882a54086b1262249b22aa6d7cb Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 16:47:28 -0400 Subject: [PATCH 12/24] fix: FINALLY fix all the k3s issues! With a hack, of course. :3 --- nixinfra/commons.agent.nix | 24 ++++++++++++++++++------ nixinfra/commons.server.nix | 24 ++++++++++++++++++------ nixinfra/kitteh-node-1/server.nix | 24 ++++++++++++++++++------ 3 files changed, 54 insertions(+), 18 deletions(-) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index 50049c4..f3997c7 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -8,16 +8,28 @@ in { systemd.services.k3s = { enable = true; - description = "(manual) k3s service"; - - path = [ - pkgs.k3s - ]; + description = "KittehCluster's modified k3s service"; serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 + if [ ! -d "/tmp/k3shack" ]; then + # Manually recreate the symlinks. Don't @ me. + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/kubectl + fi + + export PATH=$PATH:/tmp/k3shack + ${pkgs.k3s}/bin/k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 ''; }; }; diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index 367db0d..b88d093 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -8,16 +8,28 @@ in { systemd.services.k3s = { enable = true; - description = "(manual) k3s service"; - - path = [ - pkgs.k3s - ]; + description = "KittehCluster's modified k3s service"; serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb + if [ ! -d "/tmp/k3shack" ]; then + # Manually recreate the symlinks. Don't @ me. + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/kubectl + fi + + export PATH=$PATH:/tmp/k3shack + ${pkgs.k3s}/bin/k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb ''; }; }; diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 77383d4..821d20b 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -14,16 +14,28 @@ in { systemd.services.k3s = { enable = true; - description = "(manual) k3s service"; - - path = [ - pkgs.k3s - ]; + description = "KittehCluster's modified k3s service"; serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - k3s server --cluster-init --token ${k3s_token} --disable servicelb + if [ ! -d "/tmp/k3shack" ]; then + # Manually recreate the symlinks. Don't @ me. + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/kubectl + fi + + export PATH=$PATH:/tmp/k3shack + ${pkgs.k3s}/bin/k3s server --cluster-init --token ${k3s_token} --disable servicelb ''; }; }; From c930278275f5f602724b37810b7afe06cacc2541 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 16:58:05 -0400 Subject: [PATCH 13/24] fix: Adds missing mkdir statement. I'm not dumb I swear. --- nixinfra/commons.agent.nix | 2 ++ nixinfra/commons.server.nix | 2 ++ nixinfra/kitteh-node-1/server.nix | 2 ++ 3 files changed, 6 insertions(+) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index f3997c7..d97518c 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -15,6 +15,8 @@ in { ExecStart = pkgs.writeShellScript "k3s-hack" '' if [ ! -d "/tmp/k3shack" ]; then # Manually recreate the symlinks. Don't @ me. + mkdir /tmp/k3shack + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index b88d093..24bd832 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -15,6 +15,8 @@ in { ExecStart = pkgs.writeShellScript "k3s-hack" '' if [ ! -d "/tmp/k3shack" ]; then # Manually recreate the symlinks. Don't @ me. + mkdir /tmp/k3shack + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 821d20b..c0563b6 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -21,6 +21,8 @@ in { ExecStart = pkgs.writeShellScript "k3s-hack" '' if [ ! -d "/tmp/k3shack" ]; then # Manually recreate the symlinks. Don't @ me. + mkdir /tmp/k3shack + ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr From 9e7eebbdd4c1885745f5d6780f343f1c6e32361c Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 17:01:57 -0400 Subject: [PATCH 14/24] feature: Readd command line tools. --- nixinfra/commons.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix index 859dcd7..9f559e9 100644 --- a/nixinfra/commons.nix +++ b/nixinfra/commons.nix @@ -73,6 +73,9 @@ in { # Updating git + + # K3s command line tools + k3s ]; system.stateVersion = "24.05"; From 2298aa0b6a00cfa84e96c3eed7d4a68e40e6979f Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 17:56:29 -0400 Subject: [PATCH 15/24] fix: The final fix. --- nixinfra/commons.agent.nix | 42 +++++++++++++++++++++---------- nixinfra/commons.nix | 2 ++ nixinfra/commons.server.nix | 42 +++++++++++++++++++++---------- nixinfra/kitteh-node-1/server.nix | 40 ++++++++++++++++++++--------- 4 files changed, 88 insertions(+), 38 deletions(-) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index d97518c..0d9e791 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -10,28 +10,44 @@ in { enable = true; description = "KittehCluster's modified k3s service"; + # From L324: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/builder.nix + path = with pkgs; [ + kmod + socat + iptables + iproute2 + ipset + bridge-utils + ethtool + util-linux + conntrack-tools + runc + bash + ]; + serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' if [ ! -d "/tmp/k3shack" ]; then # Manually recreate the symlinks. Don't @ me. mkdir /tmp/k3shack - - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/kubectl + + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s fi export PATH=$PATH:/tmp/k3shack - ${pkgs.k3s}/bin/k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 + k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 ''; }; }; diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix index 9f559e9..962fbd9 100644 --- a/nixinfra/commons.nix +++ b/nixinfra/commons.nix @@ -40,6 +40,8 @@ in { wantedBy = ["network-online.target"]; }; + + networking.networkmanager.enable = true; services.openssh = { diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index 24bd832..1ce7e5f 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -10,28 +10,44 @@ in { enable = true; description = "KittehCluster's modified k3s service"; + # From L324: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/builder.nix + path = with pkgs; [ + kmod + socat + iptables + iproute2 + ipset + bridge-utils + ethtool + util-linux + conntrack-tools + runc + bash + ]; + serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' if [ ! -d "/tmp/k3shack" ]; then # Manually recreate the symlinks. Don't @ me. mkdir /tmp/k3shack - - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/kubectl + + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s fi export PATH=$PATH:/tmp/k3shack - ${pkgs.k3s}/bin/k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb + k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb ''; }; }; diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index c0563b6..6140092 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -16,6 +16,21 @@ in { enable = true; description = "KittehCluster's modified k3s service"; + # From L324: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/builder.nix + path = with pkgs; [ + kmod + socat + iptables + iproute2 + ipset + bridge-utils + ethtool + util-linux + conntrack-tools + runc + bash + ]; + serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' @@ -23,21 +38,22 @@ in { # Manually recreate the symlinks. Don't @ me. mkdir /tmp/k3shack - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/k3s /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s fi export PATH=$PATH:/tmp/k3shack - ${pkgs.k3s}/bin/k3s server --cluster-init --token ${k3s_token} --disable servicelb + k3s server --cluster-init --token ${k3s_token} --disable servicelb ''; }; }; From 81fbcac656c9545432025a7b3063c11fe6bcf6b7 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 18:02:09 -0400 Subject: [PATCH 16/24] chore: Changes PATH priority. --- nixinfra/commons.agent.nix | 2 +- nixinfra/commons.server.nix | 2 +- nixinfra/kitteh-node-1/server.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index 0d9e791..f9f0aba 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -46,7 +46,7 @@ in { ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s fi - export PATH=$PATH:/tmp/k3shack + export PATH=/tmp/k3shack:$PATH k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 ''; }; diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index 1ce7e5f..f6fb964 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -46,7 +46,7 @@ in { ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s fi - export PATH=$PATH:/tmp/k3shack + export PATH=/tmp/k3shack:$PATH k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb ''; }; diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 6140092..38614b1 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -52,7 +52,7 @@ in { ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s fi - export PATH=$PATH:/tmp/k3shack + export PATH=/tmp/k3shack:$PATH k3s server --cluster-init --token ${k3s_token} --disable servicelb ''; }; From 3941e10c2f099248d62b6d11cea0f4a26d5af986 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 19 Jul 2024 18:14:44 -0400 Subject: [PATCH 17/24] fix: Shit on --- nixinfra/commons.agent.nix | 32 +++++++++++++++---------------- nixinfra/commons.server.nix | 32 +++++++++++++++---------------- nixinfra/kitteh-node-1/server.nix | 32 +++++++++++++++---------------- 3 files changed, 48 insertions(+), 48 deletions(-) diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix index f9f0aba..a5d9013 100644 --- a/nixinfra/commons.agent.nix +++ b/nixinfra/commons.agent.nix @@ -28,23 +28,23 @@ in { serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - if [ ! -d "/tmp/k3shack" ]; then - # Manually recreate the symlinks. Don't @ me. - mkdir /tmp/k3shack + rm -rf /tmp/k3shack - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s - fi + # Manually recreate the symlinks. Don't @ me. + mkdir /tmp/k3shack + + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s export PATH=/tmp/k3shack:$PATH k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix index f6fb964..33a46e8 100644 --- a/nixinfra/commons.server.nix +++ b/nixinfra/commons.server.nix @@ -28,23 +28,23 @@ in { serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - if [ ! -d "/tmp/k3shack" ]; then - # Manually recreate the symlinks. Don't @ me. - mkdir /tmp/k3shack + rm -rf /tmp/k3shack - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s - fi + # Manually recreate the symlinks. Don't @ me. + mkdir /tmp/k3shack + + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s export PATH=/tmp/k3shack:$PATH k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 38614b1..53b258b 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -34,23 +34,23 @@ in { serviceConfig = { Type = "simple"; ExecStart = pkgs.writeShellScript "k3s-hack" '' - if [ ! -d "/tmp/k3shack" ]; then - # Manually recreate the symlinks. Don't @ me. - mkdir /tmp/k3shack + rm -rf /tmp/k3shack - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s - fi + # Manually recreate the symlinks. Don't @ me. + mkdir /tmp/k3shack + + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl + ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s export PATH=/tmp/k3shack:$PATH k3s server --cluster-init --token ${k3s_token} --disable servicelb From eb1dc99389a1eceae8427cfac6a6de62fd22bc13 Mon Sep 17 00:00:00 2001 From: greysoh Date: Sat, 27 Jul 2024 12:57:02 -0400 Subject: [PATCH 18/24] feature: Rename serverinfra folder. --- {nixinfra => serverinfra}/commons.agent.nix | 0 {nixinfra => serverinfra}/commons.nix | 0 {nixinfra => serverinfra}/commons.server.nix | 0 {nixinfra => serverinfra}/install-script.sh | 0 {nixinfra => serverinfra}/install.sh | 0 {nixinfra => serverinfra}/kitteh-node-1/agent.nix | 0 {nixinfra => serverinfra}/kitteh-node-1/server.nix | 0 {nixinfra => serverinfra}/kitteh-node-2/agent.nix | 0 {nixinfra => serverinfra}/kitteh-node-2/server.nix | 0 {nixinfra => serverinfra}/secrets.example.nix | 0 {nixinfra => serverinfra}/update.sh | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename {nixinfra => serverinfra}/commons.agent.nix (100%) rename {nixinfra => serverinfra}/commons.nix (100%) rename {nixinfra => serverinfra}/commons.server.nix (100%) rename {nixinfra => serverinfra}/install-script.sh (100%) rename {nixinfra => serverinfra}/install.sh (100%) rename {nixinfra => serverinfra}/kitteh-node-1/agent.nix (100%) rename {nixinfra => serverinfra}/kitteh-node-1/server.nix (100%) rename {nixinfra => serverinfra}/kitteh-node-2/agent.nix (100%) rename {nixinfra => serverinfra}/kitteh-node-2/server.nix (100%) rename {nixinfra => serverinfra}/secrets.example.nix (100%) rename {nixinfra => serverinfra}/update.sh (100%) diff --git a/nixinfra/commons.agent.nix b/serverinfra/commons.agent.nix similarity index 100% rename from nixinfra/commons.agent.nix rename to serverinfra/commons.agent.nix diff --git a/nixinfra/commons.nix b/serverinfra/commons.nix similarity index 100% rename from nixinfra/commons.nix rename to serverinfra/commons.nix diff --git a/nixinfra/commons.server.nix b/serverinfra/commons.server.nix similarity index 100% rename from nixinfra/commons.server.nix rename to serverinfra/commons.server.nix diff --git a/nixinfra/install-script.sh b/serverinfra/install-script.sh similarity index 100% rename from nixinfra/install-script.sh rename to serverinfra/install-script.sh diff --git a/nixinfra/install.sh b/serverinfra/install.sh similarity index 100% rename from nixinfra/install.sh rename to serverinfra/install.sh diff --git a/nixinfra/kitteh-node-1/agent.nix b/serverinfra/kitteh-node-1/agent.nix similarity index 100% rename from nixinfra/kitteh-node-1/agent.nix rename to serverinfra/kitteh-node-1/agent.nix diff --git a/nixinfra/kitteh-node-1/server.nix b/serverinfra/kitteh-node-1/server.nix similarity index 100% rename from nixinfra/kitteh-node-1/server.nix rename to serverinfra/kitteh-node-1/server.nix diff --git a/nixinfra/kitteh-node-2/agent.nix b/serverinfra/kitteh-node-2/agent.nix similarity index 100% rename from nixinfra/kitteh-node-2/agent.nix rename to serverinfra/kitteh-node-2/agent.nix diff --git a/nixinfra/kitteh-node-2/server.nix b/serverinfra/kitteh-node-2/server.nix similarity index 100% rename from nixinfra/kitteh-node-2/server.nix rename to serverinfra/kitteh-node-2/server.nix diff --git a/nixinfra/secrets.example.nix b/serverinfra/secrets.example.nix similarity index 100% rename from nixinfra/secrets.example.nix rename to serverinfra/secrets.example.nix diff --git a/nixinfra/update.sh b/serverinfra/update.sh similarity index 100% rename from nixinfra/update.sh rename to serverinfra/update.sh From 61ccbf61d6bab495572f4fbdf563318ea3538fad Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 2 Aug 2024 08:13:51 -0400 Subject: [PATCH 19/24] feature: Gets Ubuntu autoinstall working. --- .gitignore | 13 ++- README.md | 32 +++---- serverinfra/base-scripts/role.agent.sh | 10 ++ serverinfra/base-scripts/role.server-init.sh | 9 ++ serverinfra/base-scripts/role.server.sh | 9 ++ serverinfra/commons.agent.nix | 84 ----------------- serverinfra/commons.nix | 84 ----------------- serverinfra/commons.server.nix | 69 -------------- serverinfra/config/.env.example | 5 + serverinfra/config/infrastructure.ini | 18 ++++ serverinfra/install-script.sh | 73 --------------- serverinfra/install.sh | 79 +++++++++++----- serverinfra/kitteh-node-1/agent.nix | 10 -- serverinfra/kitteh-node-1/server.nix | 75 --------------- serverinfra/kitteh-node-2/agent.nix | 10 -- serverinfra/kitteh-node-2/server.nix | 10 -- serverinfra/merge.py | 99 ++++++++++++++++++++ serverinfra/secrets.example.nix | 18 ---- serverinfra/serve.py | 29 ++++++ serverinfra/shell | 29 ++++++ serverinfra/shell.nix | 14 +++ serverinfra/ubuntu-install.yml | 57 +++++++++++ serverinfra/update.sh | 44 --------- 23 files changed, 357 insertions(+), 523 deletions(-) create mode 100755 serverinfra/base-scripts/role.agent.sh create mode 100755 serverinfra/base-scripts/role.server-init.sh create mode 100755 serverinfra/base-scripts/role.server.sh delete mode 100644 serverinfra/commons.agent.nix delete mode 100644 serverinfra/commons.nix delete mode 100644 serverinfra/commons.server.nix create mode 100644 serverinfra/config/.env.example create mode 100644 serverinfra/config/infrastructure.ini delete mode 100644 serverinfra/install-script.sh delete mode 100644 serverinfra/kitteh-node-1/agent.nix delete mode 100644 serverinfra/kitteh-node-1/server.nix delete mode 100644 serverinfra/kitteh-node-2/agent.nix delete mode 100644 serverinfra/kitteh-node-2/server.nix create mode 100755 serverinfra/merge.py delete mode 100644 serverinfra/secrets.example.nix create mode 100644 serverinfra/serve.py create mode 100755 serverinfra/shell create mode 100644 serverinfra/shell.nix create mode 100644 serverinfra/ubuntu-install.yml delete mode 100644 serverinfra/update.sh diff --git a/.gitignore b/.gitignore index 0057595..b067e8c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,10 @@ +# Python ignore +__pycache__ + +# serverinfra/ +.server-setup +.env out -build.log -secrets.nix -meta -hardware-configuration.nix \ No newline at end of file + +# kubernetes/ +meta \ No newline at end of file diff --git a/README.md b/README.md index 8489385..59b6af0 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,27 @@ # KittehCluster -This is my (work in progress, deployed but nothing production running on it *yet*) Kubernetes clustered computing setup, based on Proxmox VE and NixOS. +This is my (work in progress, deployed but nothing production running on it *yet*) Kubernetes clustered computing setup, based on Proxmox VE and Ubuntu Server. -Currently, I cannot recommend that you use this setup in production yet. I have to delete and recreate my VMs multiple times a day, until I fix everything. +Currently, I *really* cannot recommend that you use this setup in production yet. I have to delete and recreate my VMs multiple times a day, until I fix everything. ## Prerequisites -- An x86_64 computer with virtualization enabled, running NixOS +- A POSIX-compliant computer (preferably Unix of some sort, like macOS/Linux/*BSD, but Git Bash or Cygwin would probably work) with Python and Pyyaml - A cluster of computers preferably running Proxmox. These should (not required, but *highly* recommended) be connected together in Proxmox using the cluster feature. -- Patience (will take a while, and may test it) - `kubectl`, and `helm` installed on your local computer. ## Setup ### VM Setup 1. First, you'll need to fork this repository, and `git clone` it down. -2. Copy `secrets.example.nix` to `secrets.nix`. -3. Change `services.k3s.token` to be a unique token (i.e using `uuidgen`, `head -c 500 /dev/random | sha1sum | cut -d " " -f 1`, etc) -4. Change `users.users.clusteradm.openssh.authorizedKeys.keys` to have your SSH key(s) in there. -5. (Proxmox-specific, but you'll need to do a similar process on i.e ESXi, XenServer, etc.) Go to [the NixOS download page](https://nixos.org/download/), and copy the minimal ISO download. Go your ISO image volume (by default, this is `local`), click on ISO images, click download from URL, paste in the URL, click query URL, then download the file on all of your nodes. -6. Create VM(s) that use VirtIO hard drives (i.e drives with `/dev/vdX`), and the ISO set to the NixOS installer. -7. Boot the installer, and set the password of the `nixos` user to something so you can SSH in to start the installer. -8. With the environment variable `NIX_INSTALL_PATH` set to the nix file you want to use for installation (i.e `kitteh-node-1/agent.nix`), run `./install.sh IP_ADDRESS_FOR_VM_HERE`. This will take about 20 minutes on my setup. You are highly encouraged to run multiple installations in parallel. -9. When the installation is done (it will autoreboot), you can now connect using your SSH key to any of the nodes with the user `clusteradm`. The default password is `1234`. Be sure to change this! +2. Run `nix-shell`. +3. (optional) Change `SETUP_USERNAME` to the username you want to use in `config/.env`. +4. (optional) Change `SETUP_PASSWORD` to the hashed password you want to use (genpasswd to generate this) +5. (Proxmox-specific, but you'll need to do a similar process on i.e ESXi, XenServer, etc.) Go to [the Ubuntu Server page](https://ubuntu.com/download/server), and copy the minimal ISO download. Go your ISO image volume (`local` by default), click on ISO images, click download from URL, paste in the URL, click query URL, then download the file on all of your nodes. +6. Create VM(s) that uses a VirtIO hard drive (i.e drives with `/dev/vdX`), and the ISO set to the Ubuntu Server installer. +7. On your main computer, run the command `./install.sh $PATH_TO_USE_FOR_INSTALL`, where `$PATH_TO_USE_FOR_INSTALL` is the infrastructure-defined server to use in `config/infrastructure.ini`. +8. When booting, press `e` to edit the configuration. When you see the line that says `linux` with `---` at the end of it, remove the `---` and put the command line arguments that correspond to your IP address in there. Press `F10` to boot. +9. Boot it, and let it install. ### Kubernetes setup 1. SSH into any of the nodes. (i.e `ssh clusteradm@kitteh-node-2-k3s-server`) 2. As root, grab `/etc/rancher/k3s/k3s.yaml`, and copy it to wherever you store your k3s configurations (on macOS, this is `~/.kube/config`) ## Updating -Connect to the node using SSH, and run `./update`. +Run `apt update` and `apt upgrade -y` for the base system. ## Customization ### Adding nodes Copy `kitteh-node-2`, to `kitteh-node-X`, where `X` is the server number. Change the hostname to correspond to each clustered computer (i.e 3rd computer's k3s agent is `kitteh-node-3-k3s-agent`) @@ -30,11 +29,8 @@ Copy `kitteh-node-2`, to `kitteh-node-X`, where `X` is the server number. Change This is a guide. You can change more stuff if you'd like, but this will get you started. 1. First, fork this Git repository if you haven't already. -2. If you want to change the folder names, rename the folders (i.e kitteh-node-* to whatever-*), and change `buildall.sh`'s for loop to be `whatever-*/*`, for example. -3. If you want to change the hostname, change them all. Be sure to change `commons.agent.nix` and `commons.server.nix` to correspond to the new `kitteh-node-1-k3s-server`'s name! -4. In `commons.nix`, either remove `kittehclean` (not recommended unless you're using a private Git repository), or change the git repository it pulls down from (i.e change `https://git.hofers.cloud/greysoh/kittehcluster` to `https://github.com/contoso/k3s-cluster`). -5. (optional) Rename `kittehclean` and change the description. +2. Modify `serverinfra/config/infrastructure.ini` to fit your needs. ## Troubleshooting - I can't login via SSH! - - Have you copied your SSH keys to the `clusteradm` user? Try copying your keys on another computer (or the VM console) if you got a new one, for example (in the `~/.ssh/authorized_keys` on each VM) + - Your SSH public keys are automatically copied over! If not, did you generate an SSH keyring before installing? - Additionally, password authentication is disabled! \ No newline at end of file diff --git a/serverinfra/base-scripts/role.agent.sh b/serverinfra/base-scripts/role.agent.sh new file mode 100755 index 0000000..5d90403 --- /dev/null +++ b/serverinfra/base-scripts/role.agent.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +sudo apt update +sudo apt install -y avahi-daemon curl + +ufw allow 6443/tcp +ufw allow from 10.42.0.0/16 to any +ufw allow from 10.43.0.0/16 to any + +curl "https://get.docker.com/" -L | bash +curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --server https://$UPSTREAM_HOSTNAME:6443 --token $K3S_TOKEN" sh -s - \ No newline at end of file diff --git a/serverinfra/base-scripts/role.server-init.sh b/serverinfra/base-scripts/role.server-init.sh new file mode 100755 index 0000000..0a5c6e5 --- /dev/null +++ b/serverinfra/base-scripts/role.server-init.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +sudo apt update +sudo apt install -y avahi-daemon curl + +ufw allow 6443/tcp +ufw allow from 10.42.0.0/16 to any +ufw allow from 10.43.0.0/16 to any + +curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --cluster-init --token $K3S_TOKEN --disable servicelb" sh -s - \ No newline at end of file diff --git a/serverinfra/base-scripts/role.server.sh b/serverinfra/base-scripts/role.server.sh new file mode 100755 index 0000000..05b735c --- /dev/null +++ b/serverinfra/base-scripts/role.server.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +sudo apt update +sudo apt install -y avahi-daemon curl + +ufw allow 6443/tcp +ufw allow from 10.42.0.0/16 to any +ufw allow from 10.43.0.0/16 to any + +curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --server https://$UPSTREAM_HOSTNAME:6443 --token $K3S_TOKEN --disable servicelb" sh -s - \ No newline at end of file diff --git a/serverinfra/commons.agent.nix b/serverinfra/commons.agent.nix deleted file mode 100644 index a5d9013..0000000 --- a/serverinfra/commons.agent.nix +++ /dev/null @@ -1,84 +0,0 @@ -let - pkgs = import {}; - k3s_token = (import ./secrets.nix).services.k3s.token; -in { - imports = [ - ./commons.nix - ]; - - systemd.services.k3s = { - enable = true; - description = "KittehCluster's modified k3s service"; - - # From L324: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/builder.nix - path = with pkgs; [ - kmod - socat - iptables - iproute2 - ipset - bridge-utils - ethtool - util-linux - conntrack-tools - runc - bash - ]; - - serviceConfig = { - Type = "simple"; - ExecStart = pkgs.writeShellScript "k3s-hack" '' - rm -rf /tmp/k3shack - - # Manually recreate the symlinks. Don't @ me. - mkdir /tmp/k3shack - - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s - - export PATH=/tmp/k3shack:$PATH - k3s agent --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 - ''; - }; - }; - - virtualisation.docker.enable = true; - - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - # HTTP(s) - 80 - 443 - - # Docker swarm - 2377 - 7946 - 4789 - - # K3s - 6443 - 2379 - 2380 - ]; - - allowedUDPPorts = [ - # Docker swarm - 7946 - - # K3s - 8472 - ]; - }; -} \ No newline at end of file diff --git a/serverinfra/commons.nix b/serverinfra/commons.nix deleted file mode 100644 index 962fbd9..0000000 --- a/serverinfra/commons.nix +++ /dev/null @@ -1,84 +0,0 @@ -let - pkgs = import {}; - update_script = builtins.readFile ./update.sh; -in { - imports = [ - ./secrets.nix - ./hardware-configuration.nix - ]; - - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 4 * 1024; - } - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; - - systemd.services.kittehclean = { - enable = true; - description = "Cleans up this Kitteh node & runs init tasks"; - - serviceConfig = { - Type = "simple"; - ExecStart = pkgs.writeShellScript "kittehclean" '' - echo "KittehCluster: Running cleanup tasks..." - - chmod -R 644 /etc/rancher 2> /dev/null > /dev/null - chmod -R 644 /var/lib/rancher 2> /dev/null > /dev/null - - # Because I'm lazy (and this works), we use this method to write the file - rm -rf /home/clusteradm/update - ln -s ${pkgs.writeShellScript "update" update_script} /home/clusteradm/update - - echo "Done." - ''; - }; - - wantedBy = ["network-online.target"]; - }; - - - - networking.networkmanager.enable = true; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - }; - - services.avahi.enable = true; - services.avahi.openFirewall = true; - - system.nssModules = pkgs.lib.optional true pkgs.nssmdns; - system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ - (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution - (pkgs.lib.mkAfter ["mdns4"]) # after dns - ]); - - users.users.clusteradm = { - initialPassword = "1234"; - isNormalUser = true; - extraGroups = ["sudoer" "wheel" "docker"]; - }; - - environment.systemPackages = with pkgs; [ - nano - vim - bash - htop - bottom - - # Updating - git - - # K3s command line tools - k3s - ]; - - system.stateVersion = "24.05"; -} \ No newline at end of file diff --git a/serverinfra/commons.server.nix b/serverinfra/commons.server.nix deleted file mode 100644 index 33a46e8..0000000 --- a/serverinfra/commons.server.nix +++ /dev/null @@ -1,69 +0,0 @@ -let - pkgs = import {}; - k3s_token = (import ./secrets.nix).services.k3s.token; -in { - imports = [ - ./commons.nix - ]; - - systemd.services.k3s = { - enable = true; - description = "KittehCluster's modified k3s service"; - - # From L324: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/builder.nix - path = with pkgs; [ - kmod - socat - iptables - iproute2 - ipset - bridge-utils - ethtool - util-linux - conntrack-tools - runc - bash - ]; - - serviceConfig = { - Type = "simple"; - ExecStart = pkgs.writeShellScript "k3s-hack" '' - rm -rf /tmp/k3shack - - # Manually recreate the symlinks. Don't @ me. - mkdir /tmp/k3shack - - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s - - export PATH=/tmp/k3shack:$PATH - k3s server --token ${k3s_token} --server https://kitteh-node-1-k3s-server:6443 --disable servicelb - ''; - }; - }; - - # K3s settings - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - 6443 - 2379 - 2380 - ]; - - allowedUDPPorts = [ - 8472 - ]; - }; -} \ No newline at end of file diff --git a/serverinfra/config/.env.example b/serverinfra/config/.env.example new file mode 100644 index 0000000..1d86bed --- /dev/null +++ b/serverinfra/config/.env.example @@ -0,0 +1,5 @@ +K3S_TOKEN="shared.secret.here" + +# NOTE: Password here is not strong! This password is '1234'. +SETUP_USERNAME="clusteradm" +SETUP_PASSWORD="\$y\$j9T\$zoVys9dfUO/jrysh2Dtim1\$ZQbbt9Qw5qXw0NNCQ7ckdOaVM.QY70sxU82/cQz.siB" diff --git a/serverinfra/config/infrastructure.ini b/serverinfra/config/infrastructure.ini new file mode 100644 index 0000000..4268c16 --- /dev/null +++ b/serverinfra/config/infrastructure.ini @@ -0,0 +1,18 @@ +[kitteh-node-1/server] +hostname = kitteh-node-1-k3s-server +role = server-init + +[kitteh-node-1/agent] +hostname = kitteh-node-1-k3s-agent +upstream = kitteh-node-1/server +role = agent + +[kitteh-node-2/server] +hostname = kitteh-node-2-k3s-server +upstream = kitteh-node-1/server +role = server + +[kitteh-node-2/agent] +hostname = kitteh-node-2-k3s-agent +upstream = kitteh-node-1/server +role = agent diff --git a/serverinfra/install-script.sh b/serverinfra/install-script.sh deleted file mode 100644 index 0f0087f..0000000 --- a/serverinfra/install-script.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env bash -export TERM="xterm-256color" -clear - -echo "KittehCluster installer" -echo "Codename 'tundra'" -echo - -sed -e 's/\s*\([\+0-9a-zA-Z]*\).*/\1/' << EOF | sudo fdisk /dev/vda - o # dos disk label - n # new partition - p # primary partition - 1 # setup boot partition - 2048 # align first sector (performance reasons?) - +500M # boot partition size - n # new partition - p # primary partition - 2 # partion number 2 - # default, start immediately after preceding partition - # default, extend partition to end of disk - a # make a partition bootable - 1 # bootable partition is partition 1 -- /dev/vda1 - w # write the partition table - q # and we're done -EOF - -sudo mkfs.fat -F 32 /dev/vda1 -sudo fatlabel /dev/vda1 BOOT -sudo mkfs.ext4 /dev/vda2 -L ROOT - -sudo mount /dev/vda2 /mnt -sudo mkdir -p /mnt/boot -sudo mount /dev/vda1 /mnt/boot - -sudo nixos-generate-config --root /mnt - -sudo mv /mnt/etc/nixos/hardware-configuration.nix /tmp/hardware-configuration.nix - -sudo rm -rf /mnt/etc/nixos/* /mnt/etc/nixos/.* -sudo nix-shell -p git --command "git clone $GIT_REPO /mnt/etc/nixos" - -if [ ! -f "/mnt/etc/nixos/install-script.sh" ]; then - echo "DEBUG: checking out 'tundra' branch..." - sudo nix-shell -p git --command "cd /mnt/etc/nixos; git checkout tundra" -fi - -sudo mv /tmp/hardware-configuration.nix /mnt/etc/nixos/nixinfra/ -sudo mv $SECRETS_PATH /mnt/etc/nixos/nixinfra/secrets.nix - -sudo bash -c "NIXOS_CONFIG=/mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH nixos-install" -RET=$? - -if [ $RET -ne 0 ]; then - echo "Failed to install! Attempting to spawn bash for debugging..." - echo "NOTE: You will not see a bash prompt (for some reason)" - bash - echo "Bash exited." -else - echo "Successfully installed! Finishing install..." - mkdir /mnt/home/clusteradm/.bin - echo "NIX_INSTALL_PATH=/etc/nixos/nixinfra/$NIX_INSTALL_PATH" > /mnt/home/clusteradm/.bin/.env - echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.bashrc - echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.zshrc - sleep 60 - echo "Rebooting" - sudo reboot - exit -fi - -echo "Unmounting filesystems..." -sudo umount -f /mnt/boot -sudo umount -f /mnt -echo "Done." \ No newline at end of file diff --git a/serverinfra/install.sh b/serverinfra/install.sh index 86c1d06..b269ed1 100755 --- a/serverinfra/install.sh +++ b/serverinfra/install.sh @@ -1,35 +1,66 @@ #!/usr/bin/env bash -SSH_SERVER="$1" +SERVER_INSTALL_PATH="$1" -ssh-to-srv() { - ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$SSH_SERVER $@ -} +HTTP_PORT="$((1024 + $RANDOM % 65535))" +TMPDIR="/tmp/server_http_$HTTP_PORT" -if [ "$GIT_REPO" == "" ]; then - export GIT_REPO="https://git.hofers.cloud/greysoh/kittehcluster" -fi +BASE_IPS="$(ip a | grep "inet" | grep "brd" | cut -d "/" -f 1 | cut -d " " -f 6)" -if [ "$NIX_INSTALL_PATH" == "" ]; then - echo "ERROR: the environment variable 'NIX_INSTALL_PATH' is not set!" - echo "This can be fixed by setting it to the path of the nix file, i.e:" - echo "$ NIX_INSTALL_PATH=kitteh-node-1/server.nix ./install.sh" +EXT_10_DOT_IPS="$(echo "$BASE_IPS" | grep "10.")" +EXT_192168_IPS="$(echo "$BASE_IPS" | grep "192.168.")" +EXT_172_16_IPS="$(echo "$BASE_IPS" | grep "172.16.")" + +EXTERNAL_IP_FULL=$EXT_10_DOT_IPS$'\n'$EXT_192168_IPS$'\n'$EXT_172_16_IPS$'\n' + +if [ "$SERVER_INSTALL_PATH" = "" ]; then + echo "You didn't pass in all the arguments! Usage:" + echo " ./install.sh \$INSTALL_KEY" exit 1 fi -if [ ! -f "secrets.nix" ]; then - echo "ERROR: secrets.nix doesn't exit! Copy that file, and setup your secrets, please." - exit 1 +./merge.py "$SERVER_INSTALL_PATH" + +echo "[x] initializing..." +mkdir $TMPDIR + +echo "#cloud-config" > $TMPDIR/user-data +cat /tmp/script.yml >> $TMPDIR/user-data + +if [ "$(uname)" == "Linux" ]; then + echo "[x] stopping firewall (Linux)..." + sudo systemctl stop firewall fi -echo "Initializing..." +touch $TMPDIR/meta-data +touch $TMPDIR/vendor-data -# Ugh, gotta reimplement ssh-copy-id real quick... -# TODO: see if there's a way to specify custom arguments to ssh-copy-id's SSH process -for i in ~/.ssh/id_*.pub; do - echo "Copying public key '$i'..." - ssh-to-srv bash -c "'mkdir -p ~/.ssh; touch ~/.ssh/authorized_keys; echo -n $(cat $i | base64) | base64 -d > ~/.ssh/authorized_keys'" -done +echo "[x] starting HTTP server..." +echo " - Listening on port $HTTP_PORT." +echo " - Add one of these command line options for Ubuntu (guessed local IP):" -ssh-to-srv bash -c "'echo -n $(cat secrets.nix | base64) | base64 -d > /tmp/secrets.nix'" -ssh-to-srv bash -c "'echo -n $(cat install-script.sh | base64) | base64 -d > /tmp/install.sh'" -ssh-to-srv bash -c "'GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH SECRETS_PATH=/tmp/secrets.nix bash /tmp/install.sh'" \ No newline at end of file +while IFS= read -r IP; do + # I'm too lazy to do root causing of this shit. + + if [ "$IP" != "" ]; then + echo " - autoinstall \"ds=nocloud-net;s=http://$IP:$HTTP_PORT/\"" + fi +done <<< "$EXTERNAL_IP_FULL" + +echo " - Choose the right IP." +echo + +SERVE_SCRIPT="$PWD/serve.py" + +pushd $TMPDIR > /dev/null + +python3 $SERVE_SCRIPT $HTTP_PORT + +popd > /dev/null + +echo "[x] running cleanup tasks..." +rm -rf $TMPDIR + +if [ "$(uname)" == "Linux" ]; then + echo "[x] starting firewall (Linux)..." + sudo systemctl start firewall +fi \ No newline at end of file diff --git a/serverinfra/kitteh-node-1/agent.nix b/serverinfra/kitteh-node-1/agent.nix deleted file mode 100644 index a2e3692..0000000 --- a/serverinfra/kitteh-node-1/agent.nix +++ /dev/null @@ -1,10 +0,0 @@ -let - pkgs = import {}; -in { - imports = [ - ../commons.agent.nix - ]; - - networking.hostName = "kitteh-node-1-k3s-agent"; - environment.variables.NIX_BUILD_ID = "kitteh-node-1/agent"; -} \ No newline at end of file diff --git a/serverinfra/kitteh-node-1/server.nix b/serverinfra/kitteh-node-1/server.nix deleted file mode 100644 index 53b258b..0000000 --- a/serverinfra/kitteh-node-1/server.nix +++ /dev/null @@ -1,75 +0,0 @@ -# Because this behaves as cluster init, all the "commons.server.nix" seperation -# isn't in here. However, normal commons is. Just fyi. - -let - pkgs = import {}; - k3s_token = (import ../secrets.nix).services.k3s.token; -in { - imports = [ - ../commons.nix - ]; - - networking.hostName = "kitteh-node-1-k3s-server"; - environment.variables.NIX_BUILD_ID = "kitteh-node-1/server"; - - systemd.services.k3s = { - enable = true; - description = "KittehCluster's modified k3s service"; - - # From L324: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/builder.nix - path = with pkgs; [ - kmod - socat - iptables - iproute2 - ipset - bridge-utils - ethtool - util-linux - conntrack-tools - runc - bash - ]; - - serviceConfig = { - Type = "simple"; - ExecStart = pkgs.writeShellScript "k3s-hack" '' - rm -rf /tmp/k3shack - - # Manually recreate the symlinks. Don't @ me. - mkdir /tmp/k3shack - - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/containerd - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/crictl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/ctr - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-agent - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-certificate - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-completion - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-etcd-snapshot - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-secrets-encrypt - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-server - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s-token - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/kubectl - ln -s ${pkgs.k3s}/bin/.k3s-wrapped /tmp/k3shack/k3s - - export PATH=/tmp/k3shack:$PATH - k3s server --cluster-init --token ${k3s_token} --disable servicelb - ''; - }; - }; - - # K3s settings - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - 6443 - 2379 - 2380 - ]; - - allowedUDPPorts = [ - 8472 - ]; - }; -} \ No newline at end of file diff --git a/serverinfra/kitteh-node-2/agent.nix b/serverinfra/kitteh-node-2/agent.nix deleted file mode 100644 index 16002aa..0000000 --- a/serverinfra/kitteh-node-2/agent.nix +++ /dev/null @@ -1,10 +0,0 @@ -let - pkgs = import {}; -in { - imports = [ - ../commons.agent.nix - ]; - - networking.hostName = "kitteh-node-2-k3s-agent"; - environment.variables.NIX_BUILD_ID = "kitteh-node-2/agent"; -} \ No newline at end of file diff --git a/serverinfra/kitteh-node-2/server.nix b/serverinfra/kitteh-node-2/server.nix deleted file mode 100644 index 3f6a771..0000000 --- a/serverinfra/kitteh-node-2/server.nix +++ /dev/null @@ -1,10 +0,0 @@ -let - pkgs = import {}; -in { - imports = [ - ../commons.server.nix - ]; - - networking.hostName = "kitteh-node-2-k3s-server"; - environment.variables.NIX_BUILD_ID = "kitteh-node-2/server"; -} \ No newline at end of file diff --git a/serverinfra/merge.py b/serverinfra/merge.py new file mode 100755 index 0000000..c67c29f --- /dev/null +++ b/serverinfra/merge.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python3 +from os import environ, path, listdir +from sys import argv + +import configparser +import base64 +import yaml + +for item in ["K3S_TOKEN", "SETUP_USERNAME", "SETUP_PASSWORD"]: + if item not in environ: + print(f"ERROR: .env failed to load! (missing environment variable '{item}')") + exit(1) + +if len(argv) < 2: + print("ERROR: Missing the server name") + exit(1) + +server_name = argv[1] + +server_infra_contents = "" + +with open("config/infrastructure.ini", "r") as f: + server_infra_contents = f.read() + +infrastructure = configparser.ConfigParser() +infrastructure.read_string(server_infra_contents) + +if server_name not in infrastructure: + print("ERROR: Server not found in infrastructure document") + exit(1) + +infra_server = infrastructure[server_name] +ubuntu_install_contents = "" + +with open("ubuntu-install.yml", "r") as f: + ubuntu_install_contents = f.read() + +yaml_install_script = yaml.load(ubuntu_install_contents, Loader=yaml.CLoader) + +for item in ["hostname", "role"]: + if item not in infra_server: + print(f"ERROR: Missing {item} in {server_name}") + exit(1) + +custom_shell_script = "#!/usr/bin/env bash\n" +custom_shell_script += f"export K3S_TOKEN=\"{environ["K3S_TOKEN"]}\"\n" +custom_shell_script += f"export SERVER_NAME=\"{server_name}\"\n" +custom_shell_script += f"export SERVER_HOSTNAME=\"{infra_server["hostname"]}\"\n" + +if "upstream" in infra_server: + upstream_name = infra_server["upstream"] + + if upstream_name not in infrastructure: + print(f"ERROR: Could not find upstream server '{upstream_name}'") + exit(1) + + upstream_server = infrastructure[infra_server["upstream"]] + + if "hostname" not in upstream_server: + print(f"ERROR: Missing hostname in upstream '{upstream_name}'") + exit(1) + + custom_shell_script += f"export UPSTREAM_NAME=\"{upstream_name}\"\n" + custom_shell_script += f"export UPSTREAM_HOSTNAME=\"{upstream_server["hostname"]}\"\n" + +custom_shell_script += "\n" + +with open(f"base-scripts/role.{infra_server["role"]}.sh", "r") as base_script: + custom_shell_script += base_script.read() + +encoded_custom_shell_script = base64.b64encode(bytes(custom_shell_script, "utf-8")).decode("utf-8") + +yaml_install_script["autoinstall"]["late-commands"] = [] +yaml_install_script["autoinstall"]["late-commands"].append(f"bash -c \"echo \"{encoded_custom_shell_script}\" | base64 -d > /target/postinstall_script\"") +yaml_install_script["autoinstall"]["late-commands"].append("curtin in-target -- bash /postinstall_script") +yaml_install_script["autoinstall"]["late-commands"].append("rm -rf /target/postinstall_script") + +yaml_install_script["autoinstall"]["ssh"]["authorized-keys"] = [] + +ssh_directory_contents = [] + +try: + ssh_directory_contents = listdir(path.expanduser("~/.ssh/")) +except FileNotFoundError: + pass + +for file in ssh_directory_contents: + if file.endswith(".pub"): + with open(path.join(path.expanduser("~/.ssh/"), file), "r") as ssh_public_key: + yaml_install_script["autoinstall"]["ssh"]["authorized-keys"].append(ssh_public_key.read()) + +yaml_install_script["autoinstall"]["identity"]["hostname"] = infra_server["hostname"] +yaml_install_script["autoinstall"]["identity"]["username"] = environ["SETUP_USERNAME"] +yaml_install_script["autoinstall"]["identity"]["password"] = environ["SETUP_PASSWORD"] + +ubuntu_install_contents = yaml.dump(yaml_install_script, Dumper=yaml.CDumper) + +with open("/tmp/script.yml", "w") as new_install_script: + new_install_script.write(ubuntu_install_contents) diff --git a/serverinfra/secrets.example.nix b/serverinfra/secrets.example.nix deleted file mode 100644 index 1b9504e..0000000 --- a/serverinfra/secrets.example.nix +++ /dev/null @@ -1,18 +0,0 @@ -# Example secrets configuration -# There is a better way to do this, but this works. - -# To get started: -# 1. Copy this file to 'secrets.nix' -# 2. Run uuidgen (or some other algorithm) to generate a shared secret, and replace services.k3s.token's value with that -# 3. Copy your SSH key(s) into the authorized_keys section. -# 4. Profit! - -let - pkgs = import {}; -in { - services.k3s.token = "shared.secret.here"; - - users.users.clusteradm.openssh.authorizedKeys.keys = [ - - ]; -} \ No newline at end of file diff --git a/serverinfra/serve.py b/serverinfra/serve.py new file mode 100644 index 0000000..06ed603 --- /dev/null +++ b/serverinfra/serve.py @@ -0,0 +1,29 @@ +# TODO: +# Install logging over HTTP *could* be implemented (see autoinstall documentation), however +# it is not implemented here. + +import socketserver +import http.server +import socket +import sys + +requests = set() + +class HTTPHandler(http.server.SimpleHTTPRequestHandler): + def do_GET(self): + http.server.SimpleHTTPRequestHandler.do_GET(self) + requests.add(self.path) + + found_meta_data = "/meta-data" in requests + found_user_data = "/user-data" in requests + found_vendor_data = "/vendor-data" in requests + + if found_meta_data and found_user_data and found_vendor_data: + print("[x] sent all our data, exiting...") + sys.exit(0) + +server = socketserver.TCPServer(("", int(sys.argv[1])), HTTPHandler) +server.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + +print("[x] started HTTP server.") +server.serve_forever() \ No newline at end of file diff --git a/serverinfra/shell b/serverinfra/shell new file mode 100755 index 0000000..99008a6 --- /dev/null +++ b/serverinfra/shell @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +if [ ! -f "conifg/.env" ]; then + echo "# NOTE: The UUID should be automatically generated, when running nix-shell. However, if it isn't, then" > .env + echo "# run uuidgen and change the below value." >> .env + cat config/.env.example >> config/.env + + # Apple moment + sed "s/K3S_TOKEN=\"shared.secret.here\"/K3S_TOKEN=\"$(uuidgen)\"/g" config/.env > config/.env.2 + mv config/.env.2 config/.env + + echo "INFO: Before running any installation scripts, you should look over the contents of the file '.env'," + echo "and modify the contents as needed." + echo +fi + +echo "Installation usage:" +echo " - ./install.sh \$IP:" +echo " Installs Ubuntu Server on \$IP. You will find the correct password in Help > Help on SSH access" +echo +echo "Have fun!" + +set -a +source config/.env +set +a + +bash +EXIT_CODE=$? + +exit $EXIT_CODE diff --git a/serverinfra/shell.nix b/serverinfra/shell.nix new file mode 100644 index 0000000..2fdc0e2 --- /dev/null +++ b/serverinfra/shell.nix @@ -0,0 +1,14 @@ +{ + pkgs ? import { }, +}: pkgs.mkShell { + buildInputs = with pkgs; [ + python312 + + # Packages + python312Packages.pyyaml + ]; + + shellHook = '' + ./shell + ''; +} diff --git a/serverinfra/ubuntu-install.yml b/serverinfra/ubuntu-install.yml new file mode 100644 index 0000000..3fd363c --- /dev/null +++ b/serverinfra/ubuntu-install.yml @@ -0,0 +1,57 @@ +#cloud-config +# See the autoinstall documentation at: +# https://canonical-subiquity.readthedocs-hosted.com/en/latest/reference/autoinstall-reference.html +autoinstall: + apt: + disable_components: [] + fallback: offline-install + geoip: true + mirror-selection: + primary: + - country-mirror + - arches: &id001 + - amd64 + - i386 + uri: http://archive.ubuntu.com/ubuntu/ + - arches: &id002 + - s390x + - arm64 + - armhf + - powerpc + - ppc64el + - riscv64 + uri: http://ports.ubuntu.com/ubuntu-ports + preserve_sources_list: false + security: + - arches: *id001 + uri: http://security.ubuntu.com/ubuntu/ + - arches: *id002 + uri: http://ports.ubuntu.com/ubuntu-ports + codecs: + install: false + drivers: + install: false + kernel: + package: linux-generic + keyboard: + layout: us + toggle: null + variant: "" + locale: en_US.UTF-8 + oem: + install: auto + source: + id: ubuntu-server-minimal + search_drivers: false + identity: + realname: Cluster Administrator + ssh: + allow-pw: false + install-server: true + storage: + layout: + name: lvm + match: + path: /dev/vda + updates: security + version: 1 diff --git a/serverinfra/update.sh b/serverinfra/update.sh deleted file mode 100644 index 21fde32..0000000 --- a/serverinfra/update.sh +++ /dev/null @@ -1,44 +0,0 @@ -nix_bld_unset_err() { - echo "ERROR: NIX_BUILD_ID is not set (should be set by default!)" - echo " Please set NIX_BUILD_ID manually. i.e:" - echo " NIX_BUILD_ID=kitteh-node-1/agent updater" - exit 1 -} - -if [[ "$NIX_BUILD_ID" == "" ]]; then - if [[ ! -f "/tmp/nixbuildid" ]]; then - nix_bld_unset_err - fi - - source /tmp/nixbuildid - - if [[ "$NIX_BUILD_ID" == "" ]]; then - nix_bld_unset_err - fi -fi - -if [[ "$UID" != "0" ]]; then - # Hacky workaround for failing to read NIX_BUILD_ID when called like: - # - $: ./update - # but this works: - # - $: sudo su - # - #: ./update - # NOTE: Calling `$: sudo ./update` still doesn't work with this hack. Just use `./update`, man. - - echo "NIX_BUILD_ID=$NIX_BUILD_ID" > /tmp/nixbuildid - chmod +x /tmp/nixbuildid - - sudo $0 $@ - STATUS_CODE=$? - - rm -rf /tmp/nixbuildid - - exit $STATUS_CODE -fi - -pushd /etc/nixos 2> /dev/null > /dev/null -git pull -popd 2> /dev/null > /dev/null - -export NIX_PATH="$(printf $NIX_PATH | sed --expression="s#/etc/nixos/configuration.nix#/etc/nixos/nixinfra/$NIX_BUILD_ID.nix#g")" -nixos-rebuild switch --upgrade \ No newline at end of file From 9006a8e002a43bf66e677ef77e3a4186242866e1 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 2 Aug 2024 11:47:00 -0400 Subject: [PATCH 20/24] chore: Finalize install scripts. --- serverinfra/install.sh | 49 ++++++----- serverinfra/k3s.yaml | 19 +++++ serverinfra/merge.py | 7 +- serverinfra/serve.py | 146 +++++++++++++++++++++++++++++---- serverinfra/shell | 5 +- serverinfra/shell.nix | 1 + serverinfra/ubuntu-install.yml | 3 + 7 files changed, 191 insertions(+), 39 deletions(-) create mode 100644 serverinfra/k3s.yaml diff --git a/serverinfra/install.sh b/serverinfra/install.sh index b269ed1..3f5dcb3 100755 --- a/serverinfra/install.sh +++ b/serverinfra/install.sh @@ -1,24 +1,37 @@ #!/usr/bin/env bash SERVER_INSTALL_PATH="$1" +EXTERN_IP="$2" HTTP_PORT="$((1024 + $RANDOM % 65535))" TMPDIR="/tmp/server_http_$HTTP_PORT" -BASE_IPS="$(ip a | grep "inet" | grep "brd" | cut -d "/" -f 1 | cut -d " " -f 6)" - -EXT_10_DOT_IPS="$(echo "$BASE_IPS" | grep "10.")" -EXT_192168_IPS="$(echo "$BASE_IPS" | grep "192.168.")" -EXT_172_16_IPS="$(echo "$BASE_IPS" | grep "172.16.")" - -EXTERNAL_IP_FULL=$EXT_10_DOT_IPS$'\n'$EXT_192168_IPS$'\n'$EXT_172_16_IPS$'\n' - -if [ "$SERVER_INSTALL_PATH" = "" ]; then +if [ "$SERVER_INSTALL_PATH" == "" ]; then echo "You didn't pass in all the arguments! Usage:" echo " ./install.sh \$INSTALL_KEY" exit 1 fi -./merge.py "$SERVER_INSTALL_PATH" +if [ "$EXTERN_IP" == "" ]; then + BASE_IPS="$(ip a | grep "inet" | grep "brd" | cut -d "/" -f 1 | cut -d " " -f 6)" + + EXT_10_DOT_IP="$(echo "$BASE_IPS" | grep "10." | cut -d $'\n' -f 1)" + EXT_172_16_IP="$(echo "$BASE_IPS" | grep "172.16." | cut -d $'\n' -f 1)" + EXT_192168_IP="$(echo "$BASE_IPS" | grep "192.168." | cut -d $'\n' -f 1)" + + if [ "$EXT_10_DOT_IP" != "" ]; then + EXTERN_IP="$EXT_10_DOT_IP" + fi + + if [ "$EXT_172_16_IP" != "" ]; then + EXTERN_IP="$EXT_172_16_IP" + fi + + if [ "$EXT_192168_IP" != "" ]; then + EXTERN_IP="$EXT_192168_IP" + fi +fi + +./merge.py "$SERVER_INSTALL_PATH" "http://$EXTERN_IP:$HTTP_PORT/api/installer_update_webhook" echo "[x] initializing..." mkdir $TMPDIR @@ -35,18 +48,12 @@ touch $TMPDIR/meta-data touch $TMPDIR/vendor-data echo "[x] starting HTTP server..." -echo " - Listening on port $HTTP_PORT." -echo " - Add one of these command line options for Ubuntu (guessed local IP):" +echo " - Going to listen on port $HTTP_PORT." +echo " - Unless you believe the install has gone wrong, do NOT manually kill the HTTP server," +echo " - as it will close on its own." +echo " - Add these command line options to Ubuntu:" +echo " - autoinstall \"ds=nocloud-net;s=http://$EXTERN_IP:$HTTP_PORT/\"" -while IFS= read -r IP; do - # I'm too lazy to do root causing of this shit. - - if [ "$IP" != "" ]; then - echo " - autoinstall \"ds=nocloud-net;s=http://$IP:$HTTP_PORT/\"" - fi -done <<< "$EXTERNAL_IP_FULL" - -echo " - Choose the right IP." echo SERVE_SCRIPT="$PWD/serve.py" diff --git a/serverinfra/k3s.yaml b/serverinfra/k3s.yaml new file mode 100644 index 0000000..10858b3 --- /dev/null +++ b/serverinfra/k3s.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpJMk1USXpOelV3SGhjTk1qUXdPREF5TVRVeU5qRTFXaGNOTXpRd056TXhNVFV5TmpFMQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpJMk1USXpOelV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTcGhGejc1VUVxdHFlb3RKSUhWN0U4TkRuMVJXTHlrUXQ5UHdKTkdNT2kKS2h3WHRkbkM3aHRpRHFXcDJneEI5OStJSHlvdlc4VlJDcFkxdnpPcEtKdERvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXdlNzhWbk5hRkpVeENVQlZKa0xOCkhRLzd3Tm93Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnWndmbjBYSWFoQ3VIa1JuVTMwMmVkd3ZxU1BiL2ZKR24KM0t4QXdVb0p4cG9DSUExZlRjMU1VbkFHdHVxd0RDR3FGdndndmVqOXNBUnJZekVtcitZelRzelMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + server: https://127.0.0.1:6443 + name: default +contexts: +- context: + cluster: default + user: default + name: default +current-context: default +kind: Config +preferences: {} +users: +- name: default + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJQlpxNlZMVm91R0l3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekl5TmpFeU16YzFNQjRYRFRJME1EZ3dNakUxTWpZeE5Wb1hEVEkxTURndwpNakUxTWpZeE5Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFS25jd2Jmc3NYdGxXVFMKb05LYTcyOHpFSDRZTkVoVUIzU0hRNXhzb2lMYzdEVmVpRjNpd0hER1FxNlpuWnFyRXI4U1c3Q1ZzZ2N1di83TwpLSUcrRWVhalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUTMrRmM5TVFXTnA5TXN2czNIUDdoa1phVXJLVEFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlBWGtiYVVLQnBNdkM2S1ZTVDJsYlFjcTJ2WmRSMU44SWIyL05SMWZHdUFRZ0loQUtsNkczci9pbDU1dW00UQphcjEvNThWd0Nac3lVUDBBVlZZZFlBSjhxbmRxCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTWpJMk1USXpOelV3SGhjTk1qUXdPREF5TVRVeU5qRTFXaGNOTXpRd056TXhNVFV5TmpFMQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTWpJMk1USXpOelV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUOE45RFRodkZmazl2QU83WlMxWW1MVVUxYWhGVzJHcTUwZFZIOXlFNHcKc3hrbGZxemdmWXprc2dES2dmZVlLOFZIak5jaHA2VTh6cERFNm9wczRNaTdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVU4vaFhQVEVGamFmVExMN054eis0ClpHV2xLeWt3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnUWQ1bVI3QzFZazdpaUpIYS9vUlQ4Q0R4MGpQZ2NITEkKaVBCZU9GL1RKTDBDSVFDdW5ic1B5dS9KWUNJQlhVMy9mdXhRcjg5MDJoeXBUT0NocDJvVENqU291Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxIcnA5Rmh2a2ZJM2VJQTJiOVIxbTk4THh0RTBhaXRRcSt4REVVODhWRWJvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUXFkekJ0K3l4ZTJWWk5LZzBwcnZiek1RZmhnMFNGUUhkSWREbkd5aUl0enNOVjZJWGVMQQpjTVpDcnBtZG1xc1N2eEpic0pXeUJ5Ni8vczRvZ2I0UjVnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= diff --git a/serverinfra/merge.py b/serverinfra/merge.py index c67c29f..61192fa 100755 --- a/serverinfra/merge.py +++ b/serverinfra/merge.py @@ -11,11 +11,12 @@ for item in ["K3S_TOKEN", "SETUP_USERNAME", "SETUP_PASSWORD"]: print(f"ERROR: .env failed to load! (missing environment variable '{item}')") exit(1) -if len(argv) < 2: - print("ERROR: Missing the server name") +if len(argv) < 3: + print("ERROR: Missing the server name or the webhook URL") exit(1) server_name = argv[1] +server_webhook_url = argv[2] server_infra_contents = "" @@ -93,6 +94,8 @@ yaml_install_script["autoinstall"]["identity"]["hostname"] = infra_server["hostn yaml_install_script["autoinstall"]["identity"]["username"] = environ["SETUP_USERNAME"] yaml_install_script["autoinstall"]["identity"]["password"] = environ["SETUP_PASSWORD"] +yaml_install_script["autoinstall"]["reporting"]["hook"]["endpoint"] = server_webhook_url + ubuntu_install_contents = yaml.dump(yaml_install_script, Dumper=yaml.CDumper) with open("/tmp/script.yml", "w") as new_install_script: diff --git a/serverinfra/serve.py b/serverinfra/serve.py index 06ed603..fc75333 100644 --- a/serverinfra/serve.py +++ b/serverinfra/serve.py @@ -1,28 +1,146 @@ -# TODO: -# Install logging over HTTP *could* be implemented (see autoinstall documentation), however -# it is not implemented here. +from termcolor import colored +from datetime import datetime, timezone +from os import getcwd, environ +from pathlib import Path import socketserver import http.server import socket +import json import sys -requests = set() +def json_to_bytes(str: str) -> bytearray: + return bytearray(json.dumps(str), "utf-8") -class HTTPHandler(http.server.SimpleHTTPRequestHandler): +# Who needs Flask, anyways? +class HTTPHandler(http.server.BaseHTTPRequestHandler): + def send_headers(self): + self.send_header("Content-Type", "application/json") + self.end_headers() + + def do_POST(self): + if self.path == "/api/installer_update_webhook": + content_length = 0 + + try: + content_length = int(self.headers.get('Content-Length')) + except ValueError: + self.send_response(400) + self.send_headers() + + self.wfile.write(json_to_bytes({ + "success": False, + "error": "Failed to decode Content-Length to read body", + })) + + return + + resp_data = self.rfile.read(content_length).decode("utf-8") + resp_decoded_data: dict = {} + + try: + resp_decoded_data = json.loads(resp_data) + + if type(resp_decoded_data) is not dict: + self.send_response(400) + self.send_headers() + + self.wfile.write(json_to_bytes({ + "success": False, + "error": "Recieved invalid type for JSON", + })) + + return + except json.JSONDecodeError: + self.send_response(400) + self.send_headers() + + self.wfile.write(json_to_bytes({ + "success": False, + "error": "Failed to decode JSON", + })) + + return + + date_time = datetime.fromtimestamp(resp_decoded_data["timestamp"], timezone.utc) + str_formatted_time = date_time.strftime("%H:%M:%S") + + result_is_safe = resp_decoded_data["result"] == "SUCCESS" if "result" in resp_decoded_data else True + output_file = sys.stdout if result_is_safe else sys.stderr + + output_coloring = "light_blue" + + if "result" in resp_decoded_data: + res = resp_decoded_data["result"] + + if res == "SUCCESS": + output_coloring = "light_green" + elif res == "WARN": + output_coloring = "light_yellow" + elif res == "FAIL": + output_coloring = "light_red" + + result_text_component = f" {resp_decoded_data["result"]} " if "result" in resp_decoded_data else " " + final_output_text = f"{str_formatted_time} {resp_decoded_data["event_type"].upper()} {resp_decoded_data["level"]}:{result_text_component}{resp_decoded_data["name"]} ({resp_decoded_data["description"]})" + + print(colored(final_output_text, output_coloring), file=output_file) + + self.send_response(200) + self.send_headers() + + self.wfile.write(json_to_bytes({ + "success": True, + })) + + if resp_decoded_data["event_type"] == "finish" and resp_decoded_data["name"] == "subiquity/Shutdown/shutdown": + print("\nSuccessfully finished installing!") + exit(0) + else: + self.send_response(404) + self.send_headers() + + self.wfile.write(json_to_bytes({ + "success": False, + "error": "Unknown route" + })) + def do_GET(self): - http.server.SimpleHTTPRequestHandler.do_GET(self) - requests.add(self.path) + resolved_path = str(Path(self.path).resolve()) + file_path = getcwd() + resolved_path - found_meta_data = "/meta-data" in requests - found_user_data = "/user-data" in requests - found_vendor_data = "/vendor-data" in requests + try: + self.send_response(200) + self.end_headers() + + with open(file_path, "rb") as file: + self.wfile.write(file.read()) + except (FileNotFoundError, IsADirectoryError): + self.send_response(404) + self.send_headers() + + self.wfile.write(json_to_bytes({ + "success": False, + "error": "file not found" + })) + except () as exception: + exception.print_exception() + + def log_message(self, format: str, *args): + status_code = 0 + + try: + status_code = int(args[1]) + except ValueError: + pass + + # Disable logging for the /api/ endpoint for POST requests unless the error code > 400 + if len(args) >= 1 and args[0].startswith("POST") and self.path.startswith("/api/") and status_code < 400: + return - if found_meta_data and found_user_data and found_vendor_data: - print("[x] sent all our data, exiting...") - sys.exit(0) + super().log_message(format, *args) -server = socketserver.TCPServer(("", int(sys.argv[1])), HTTPHandler) +port = int(sys.argv[1]) if "SERVE_DEVELOP" not in environ else 10240 +server = socketserver.TCPServer(("", port), HTTPHandler) server.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) print("[x] started HTTP server.") diff --git a/serverinfra/shell b/serverinfra/shell index 99008a6..5bf26a0 100755 --- a/serverinfra/shell +++ b/serverinfra/shell @@ -14,8 +14,9 @@ if [ ! -f "conifg/.env" ]; then fi echo "Installation usage:" -echo " - ./install.sh \$IP:" -echo " Installs Ubuntu Server on \$IP. You will find the correct password in Help > Help on SSH access" +echo " - ./install.sh \$CONFIG \$OPTIONAL_IP:" +echo " Installs Ubuntu Server using configuration \$CONFIG." +echo " \$OPTIONAL_IP is the optional IP address of your computer, if it guesses your IP address wrong." echo echo "Have fun!" diff --git a/serverinfra/shell.nix b/serverinfra/shell.nix index 2fdc0e2..6c6ca5e 100644 --- a/serverinfra/shell.nix +++ b/serverinfra/shell.nix @@ -6,6 +6,7 @@ # Packages python312Packages.pyyaml + python312Packages.termcolor ]; shellHook = '' diff --git a/serverinfra/ubuntu-install.yml b/serverinfra/ubuntu-install.yml index 3fd363c..62aa257 100644 --- a/serverinfra/ubuntu-install.yml +++ b/serverinfra/ubuntu-install.yml @@ -31,6 +31,9 @@ autoinstall: install: false drivers: install: false + reporting: + hook: + type: webhook kernel: package: linux-generic keyboard: From da2b217fcae394c00950c31354119746b5ce8350 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 2 Aug 2024 15:53:11 -0400 Subject: [PATCH 21/24] fix: Fixes hostnames not being recognized correctly in K3s. --- serverinfra/base-scripts/role.agent.sh | 2 +- serverinfra/base-scripts/role.server-init.sh | 2 +- serverinfra/base-scripts/role.server.sh | 2 +- serverinfra/config/infrastructure.ini | 1 + serverinfra/k3s.yaml | 19 ------------------- serverinfra/merge.py | 7 ++++++- serverinfra/ubuntu-install.yml | 2 +- 7 files changed, 11 insertions(+), 24 deletions(-) delete mode 100644 serverinfra/k3s.yaml diff --git a/serverinfra/base-scripts/role.agent.sh b/serverinfra/base-scripts/role.agent.sh index 5d90403..9069e99 100755 --- a/serverinfra/base-scripts/role.agent.sh +++ b/serverinfra/base-scripts/role.agent.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash sudo apt update -sudo apt install -y avahi-daemon curl +sudo apt install -y curl ufw allow 6443/tcp ufw allow from 10.42.0.0/16 to any diff --git a/serverinfra/base-scripts/role.server-init.sh b/serverinfra/base-scripts/role.server-init.sh index 0a5c6e5..ea1eda4 100755 --- a/serverinfra/base-scripts/role.server-init.sh +++ b/serverinfra/base-scripts/role.server-init.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash sudo apt update -sudo apt install -y avahi-daemon curl +sudo apt install -y curl ufw allow 6443/tcp ufw allow from 10.42.0.0/16 to any diff --git a/serverinfra/base-scripts/role.server.sh b/serverinfra/base-scripts/role.server.sh index 05b735c..ce8a600 100755 --- a/serverinfra/base-scripts/role.server.sh +++ b/serverinfra/base-scripts/role.server.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash sudo apt update -sudo apt install -y avahi-daemon curl +sudo apt install -y curl ufw allow 6443/tcp ufw allow from 10.42.0.0/16 to any diff --git a/serverinfra/config/infrastructure.ini b/serverinfra/config/infrastructure.ini index 4268c16..37f0c96 100644 --- a/serverinfra/config/infrastructure.ini +++ b/serverinfra/config/infrastructure.ini @@ -1,4 +1,5 @@ [kitteh-node-1/server] +alt_hostname_definition = 192.168.2.2 hostname = kitteh-node-1-k3s-server role = server-init diff --git a/serverinfra/k3s.yaml b/serverinfra/k3s.yaml deleted file mode 100644 index 10858b3..0000000 --- a/serverinfra/k3s.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -clusters: -- cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpJMk1USXpOelV3SGhjTk1qUXdPREF5TVRVeU5qRTFXaGNOTXpRd056TXhNVFV5TmpFMQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpJMk1USXpOelV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTcGhGejc1VUVxdHFlb3RKSUhWN0U4TkRuMVJXTHlrUXQ5UHdKTkdNT2kKS2h3WHRkbkM3aHRpRHFXcDJneEI5OStJSHlvdlc4VlJDcFkxdnpPcEtKdERvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXdlNzhWbk5hRkpVeENVQlZKa0xOCkhRLzd3Tm93Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnWndmbjBYSWFoQ3VIa1JuVTMwMmVkd3ZxU1BiL2ZKR24KM0t4QXdVb0p4cG9DSUExZlRjMU1VbkFHdHVxd0RDR3FGdndndmVqOXNBUnJZekVtcitZelRzelMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - server: https://127.0.0.1:6443 - name: default -contexts: -- context: - cluster: default - user: default - name: default -current-context: default -kind: Config -preferences: {} -users: -- name: default - user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJQlpxNlZMVm91R0l3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekl5TmpFeU16YzFNQjRYRFRJME1EZ3dNakUxTWpZeE5Wb1hEVEkxTURndwpNakUxTWpZeE5Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFS25jd2Jmc3NYdGxXVFMKb05LYTcyOHpFSDRZTkVoVUIzU0hRNXhzb2lMYzdEVmVpRjNpd0hER1FxNlpuWnFyRXI4U1c3Q1ZzZ2N1di83TwpLSUcrRWVhalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUTMrRmM5TVFXTnA5TXN2czNIUDdoa1phVXJLVEFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlBWGtiYVVLQnBNdkM2S1ZTVDJsYlFjcTJ2WmRSMU44SWIyL05SMWZHdUFRZ0loQUtsNkczci9pbDU1dW00UQphcjEvNThWd0Nac3lVUDBBVlZZZFlBSjhxbmRxCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTWpJMk1USXpOelV3SGhjTk1qUXdPREF5TVRVeU5qRTFXaGNOTXpRd056TXhNVFV5TmpFMQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTWpJMk1USXpOelV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUOE45RFRodkZmazl2QU83WlMxWW1MVVUxYWhGVzJHcTUwZFZIOXlFNHcKc3hrbGZxemdmWXprc2dES2dmZVlLOFZIak5jaHA2VTh6cERFNm9wczRNaTdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVU4vaFhQVEVGamFmVExMN054eis0ClpHV2xLeWt3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnUWQ1bVI3QzFZazdpaUpIYS9vUlQ4Q0R4MGpQZ2NITEkKaVBCZU9GL1RKTDBDSVFDdW5ic1B5dS9KWUNJQlhVMy9mdXhRcjg5MDJoeXBUT0NocDJvVENqU291Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxIcnA5Rmh2a2ZJM2VJQTJiOVIxbTk4THh0RTBhaXRRcSt4REVVODhWRWJvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUXFkekJ0K3l4ZTJWWk5LZzBwcnZiek1RZmhnMFNGUUhkSWREbkd5aUl0enNOVjZJWGVMQQpjTVpDcnBtZG1xc1N2eEpic0pXeUJ5Ni8vczRvZ2I0UjVnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= diff --git a/serverinfra/merge.py b/serverinfra/merge.py index 61192fa..516de53 100755 --- a/serverinfra/merge.py +++ b/serverinfra/merge.py @@ -61,8 +61,13 @@ if "upstream" in infra_server: print(f"ERROR: Missing hostname in upstream '{upstream_name}'") exit(1) + upstream_hostname = upstream_server["hostname"] + + if "alt_hostname_definition" in upstream_server: + upstream_hostname = upstream_server["alt_hostname_definition"] + custom_shell_script += f"export UPSTREAM_NAME=\"{upstream_name}\"\n" - custom_shell_script += f"export UPSTREAM_HOSTNAME=\"{upstream_server["hostname"]}\"\n" + custom_shell_script += f"export UPSTREAM_HOSTNAME=\"{upstream_hostname}\"\n" custom_shell_script += "\n" diff --git a/serverinfra/ubuntu-install.yml b/serverinfra/ubuntu-install.yml index 62aa257..cfa74fd 100644 --- a/serverinfra/ubuntu-install.yml +++ b/serverinfra/ubuntu-install.yml @@ -44,7 +44,7 @@ autoinstall: oem: install: auto source: - id: ubuntu-server-minimal + id: ubuntu-server search_drivers: false identity: realname: Cluster Administrator From 580095b322a04d0f0a4e7587f46fa6108617981c Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 2 Aug 2024 16:18:32 -0400 Subject: [PATCH 22/24] fix: Fixes a mispelling of config. FUCK --- serverinfra/shell | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/serverinfra/shell b/serverinfra/shell index 5bf26a0..e24f124 100755 --- a/serverinfra/shell +++ b/serverinfra/shell @@ -1,5 +1,5 @@ #!/usr/bin/env bash -if [ ! -f "conifg/.env" ]; then +if [ ! -f "config/.env" ]; then echo "# NOTE: The UUID should be automatically generated, when running nix-shell. However, if it isn't, then" > .env echo "# run uuidgen and change the below value." >> .env cat config/.env.example >> config/.env From bad8c05da88dc7aced38eb75d067d063ae0048d2 Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 2 Aug 2024 17:21:29 -0400 Subject: [PATCH 23/24] fix: Gets all install scripts working. --- serverinfra/base-scripts/role.agent.sh | 2 +- serverinfra/base-scripts/role.server-init.sh | 2 +- serverinfra/base-scripts/role.server.sh | 2 +- serverinfra/config/.env.example | 3 +++ serverinfra/install.sh | 3 +-- serverinfra/shell.nix | 1 + 6 files changed, 8 insertions(+), 5 deletions(-) diff --git a/serverinfra/base-scripts/role.agent.sh b/serverinfra/base-scripts/role.agent.sh index 9069e99..a7bc010 100755 --- a/serverinfra/base-scripts/role.agent.sh +++ b/serverinfra/base-scripts/role.agent.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash sudo apt update -sudo apt install -y curl +sudo apt install -y curl avahi-daemon ufw allow 6443/tcp ufw allow from 10.42.0.0/16 to any diff --git a/serverinfra/base-scripts/role.server-init.sh b/serverinfra/base-scripts/role.server-init.sh index ea1eda4..b397f00 100755 --- a/serverinfra/base-scripts/role.server-init.sh +++ b/serverinfra/base-scripts/role.server-init.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash sudo apt update -sudo apt install -y curl +sudo apt install -y curl avahi-daemon ufw allow 6443/tcp ufw allow from 10.42.0.0/16 to any diff --git a/serverinfra/base-scripts/role.server.sh b/serverinfra/base-scripts/role.server.sh index ce8a600..c5157ef 100755 --- a/serverinfra/base-scripts/role.server.sh +++ b/serverinfra/base-scripts/role.server.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash sudo apt update -sudo apt install -y curl +sudo apt install -y curl avahi-daemon ufw allow 6443/tcp ufw allow from 10.42.0.0/16 to any diff --git a/serverinfra/config/.env.example b/serverinfra/config/.env.example index 1d86bed..d605439 100644 --- a/serverinfra/config/.env.example +++ b/serverinfra/config/.env.example @@ -1,5 +1,8 @@ K3S_TOKEN="shared.secret.here" # NOTE: Password here is not strong! This password is '1234'. +# When changing the password, remember to escape the dollar signs! +# Example: "Hello\$world" + SETUP_USERNAME="clusteradm" SETUP_PASSWORD="\$y\$j9T\$zoVys9dfUO/jrysh2Dtim1\$ZQbbt9Qw5qXw0NNCQ7ckdOaVM.QY70sxU82/cQz.siB" diff --git a/serverinfra/install.sh b/serverinfra/install.sh index 3f5dcb3..d6d554b 100755 --- a/serverinfra/install.sh +++ b/serverinfra/install.sh @@ -31,9 +31,8 @@ if [ "$EXTERN_IP" == "" ]; then fi fi -./merge.py "$SERVER_INSTALL_PATH" "http://$EXTERN_IP:$HTTP_PORT/api/installer_update_webhook" - echo "[x] initializing..." +./merge.py "$SERVER_INSTALL_PATH" "http://$EXTERN_IP:$HTTP_PORT/api/installer_update_webhook" mkdir $TMPDIR echo "#cloud-config" > $TMPDIR/user-data diff --git a/serverinfra/shell.nix b/serverinfra/shell.nix index 6c6ca5e..d5d1b2b 100644 --- a/serverinfra/shell.nix +++ b/serverinfra/shell.nix @@ -11,5 +11,6 @@ shellHook = '' ./shell + exit $? ''; } From 4ef383890a31d0c1251b1b69fb2fc9ac93e661ba Mon Sep 17 00:00:00 2001 From: greysoh Date: Fri, 2 Aug 2024 17:24:21 -0400 Subject: [PATCH 24/24] fix: Fixes up install script documentation. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 59b6af0..18131d1 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,10 @@ Currently, I *really* cannot recommend that you use this setup in production yet 1. SSH into any of the nodes. (i.e `ssh clusteradm@kitteh-node-2-k3s-server`) 2. As root, grab `/etc/rancher/k3s/k3s.yaml`, and copy it to wherever you store your k3s configurations (on macOS, this is `~/.kube/config`) ## Updating -Run `apt update` and `apt upgrade -y` for the base system. +Run `apt update` and `apt upgrade -y` for the base system. TODO for Kubernetes. ## Customization ### Adding nodes -Copy `kitteh-node-2`, to `kitteh-node-X`, where `X` is the server number. Change the hostname to correspond to each clustered computer (i.e 3rd computer's k3s agent is `kitteh-node-3-k3s-agent`) +In `serverinfra/infrastructure.ini`, copy the role(s) from kitteh-node-2 to a new node (ex. `kitteh-node-2/server` -> `kitteh-node-3/server`, etc), and run the install script again. ### Custom cluster setup / Forking This is a guide. You can change more stuff if you'd like, but this will get you started.