diff --git a/BreezeManual-CN.md b/BreezeManual-CN.md index be00ba86..aa6e3a85 100644 --- a/BreezeManual-CN.md +++ b/BreezeManual-CN.md @@ -4,11 +4,7 @@ 适用操作系统: -RHEL/CentOS: 7.4/7.5/7.6/7.7/7.8/7.9 - -RHEL/CentOS/RockyLinux/AlmaLinux/OracleLinux: 8.4+ - -Ubuntu 18/20 LTS +麒麟V10 SP2 **所有社区用户请注意:** @@ -64,13 +60,13 @@ firewall-cmd --complete-reload (2)安装docker-compose命令 ``` -curl -L https://github.com/docker/compose/releases/download/v2.14.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose +curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose ``` 或从镜像站点下载: ``` -curl -L http://mirror.azure.cn/docker-toolbox/linux/compose/v2.14.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose +curl -L http://mirror.azure.cn/docker-toolbox/linux/compose/1.25.4/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose ``` 然后设置权限: @@ -90,17 +86,17 @@ systemctl enable docker (4) 下载用于部署某个Kubernetes版本的docker-compose文件并使部署程序运行起来,例如: ``` -curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17-docker/docker-compose.yml -o docker-compose.yml -curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17-docker/docker-compose-centos.yml -o docker-compose.yml -curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17-docker/docker-compose-ubuntu.yml -o docker-compose.yml +curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17/docker-compose.yml -o docker-compose.yml +curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17/docker-compose-centos.yml -o docker-compose.yml +curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17/docker-compose-ubuntu.yml -o docker-compose.yml ``` 国内用户可以使用阿里云镜像站点文件,部署所用的image将从阿里云拉取: ``` -curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17-docker/docker-compose-aliyun.yml -o docker-compose.yml -curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17-docker/docker-compose-centos-aliyun.yml -o docker-compose.yml -curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17-docker/docker-compose-ubuntu-aliyun.yml -o docker-compose.yml +curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17/docker-compose-aliyun.yml -o docker-compose.yml +curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17/docker-compose-centos-aliyun.yml -o docker-compose.yml +curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.23.17/docker-compose-ubuntu-aliyun.yml -o docker-compose.yml ``` 然后: diff --git a/Dockerfile b/Dockerfile index 91ffae1a..4ce50c79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ WORKDIR /workspace COPY callback_plugins /workspace/callback_plugins COPY docker-playbook /workspace/docker-playbook +COPY crio-playbook /workspace/crio-playbook COPY etcd-playbook /workspace/etcd-playbook COPY kubernetes-playbook /workspace/kubernetes-playbook COPY harbor-playbook /workspace/harbor-playbook diff --git a/README-CN.md b/README-CN.md index d0f0017b..f15446c1 100644 --- a/README-CN.md +++ b/README-CN.md @@ -1,7 +1,7 @@ # Breeze - 可用于生产环境的图形化Kubernetes集群部署工具 -[![pipeline status](https://gitlab.com/alanpeng/breeze/badges/master/pipeline.svg)](https://gitlab.com/alanpeng/breeze/-/commits/v1.21) +[![pipeline status](https://gitlab.com/alanpeng/breeze/badges/master/pipeline.svg)](https://gitlab.com/alanpeng/breeze/-/commits/v1.23) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/wise2c-devops/breeze/blob/master/LICENSE) [English](./README.md) | [中文](./README-CN.md) @@ -51,7 +51,7 @@ Breeze项目旨在提供一个可信的、安全的、稳定的Kubernetes集群 **部署机:** docker 1.13.1+ and docker-compose 1.12.0+ . -**Kubernetes集群节点:** 兼容RHEL/CentOS/OracleLinux 7.4+以及RHEL/CentOS/RockyLinux/AlmaLinux/OracleLinux 8.4+ 以及 Ubuntu 18/20 LTS 版本,Minimal安装模式是推荐的方式,为了确保部署的顺利进行,应尽可能保证系统的干净。 +**Kubernetes集群节点:** 兼容麒麟V10 SP2版本,Minimal安装模式是推荐的方式,为了确保部署的顺利进行,应尽可能保证系统的干净。 请阅读 **[部署指南](./BreezeManual-CN.md)** 获得更详细的Breeze使用操作指引。 diff --git a/README.md b/README.md index a17159b2..4802e2a7 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Breeze - Deploy a Production Ready Kubernetes Cluster with graphical interface -[![pipeline status](https://gitlab.com/alanpeng/breeze/badges/master/pipeline.svg)](https://gitlab.com/alanpeng/breeze/-/commits/v1.21) +[![pipeline status](https://gitlab.com/alanpeng/breeze/badges/master/pipeline.svg)](https://gitlab.com/alanpeng/breeze/-/commits/v1.23) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/wise2c-devops/breeze/blob/master/LICENSE) [English](./README.md) | [中文](./README-CN.md) @@ -52,7 +52,7 @@ Project Breeze is an open source trusted solution allow you to create Kubernetes **Deploy server:** docker 1.13.1+ and docker-compose 1.12.0+ . -**Kubernetes cluster server:** RHEL/CentOS/OracleLinux 7.4+ or RHEL/CentOS/RockyLinux/AlmaLinux/OracleLinux 8.4+ or Ubuntu 18/20 LTS is required and minimal installation mode is recommended. +**Kubernetes cluster server:** RHEL/CentOS/OracleLinux 7.4+ or RHEL/CentOS/RockyLinux/AlmaLinux/OracleLinux/Anolis 8.4+ or Ubuntu 18/20 LTS is required and minimal installation mode is recommended. Refer to **[User Guide](manual/BreezeManual.pdf)** for more details on how to use Breeze. diff --git a/callback_plugins/log_back.py b/callback_plugins/log_back.py index d702fc4a..bc66b6a5 100644 --- a/callback_plugins/log_back.py +++ b/callback_plugins/log_back.py @@ -23,7 +23,7 @@ import time import json import http.client -from collections import MutableMapping +from _collections_abc import MutableMapping from ansible.module_utils._text import to_bytes from ansible.plugins.callback import CallbackBase diff --git a/crio-playbook/version/ansible.cfg b/crio-playbook/version/ansible.cfg new file mode 100644 index 00000000..87f0107e --- /dev/null +++ b/crio-playbook/version/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +inventory=hosts +callback_plugins = ../../callback_plugins +callback_whitelist = log_back +retry_files_enabled = false \ No newline at end of file diff --git a/crio-playbook/version/crio.ansible b/crio-playbook/version/crio.ansible new file mode 100644 index 00000000..f33051c9 --- /dev/null +++ b/crio-playbook/version/crio.ansible @@ -0,0 +1,290 @@ + - name: set hostname + hostname: + name: '{{ hostname }}' + when: format_hostname + + - name: distribute wise2c apt source for Ubuntu 20 hosts + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/wise2c.list-ubuntu20.j2', dest: '/etc/apt/sources.list.d/wise2c.list' } + when: (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "20") + + - name: distribute wise2c apt source for Ubuntu 18 hosts + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/wise2c.list-ubuntu18.j2', dest: '/etc/apt/sources.list.d/wise2c.list' } + when: (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") + + - name: install python2 for Ubuntu + shell: | + mv /etc/apt/sources.list /etc/apt/sources.list.bak + curl -so /tmp/breeze.pub http://wise2c-seed:2008/debs/ubuntu18/breeze.pub + apt-key add /tmp/breeze.pub + rm -f /tmp/breeze.pub + apt-get update && export DEBIAN_FRONTEND=noninteractive + apt-get install -y python python-apt python3-docker python-chardet python3-requests + when: + - ansible_distribution == "Ubuntu" + + - name: disabled selinux + selinux: + state: disabled + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: start firewalld + systemd: + name: firewalld + enabled: true + state: started + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: config firewalld + shell: | + firewall-cmd --set-default-zone=trusted + firewall-cmd --complete-reload + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: distribute wise2c yum repo for CentOS 7 hosts + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/wise2c-centos7.repo.j2', dest: '/etc/yum.repos.d/wise2c.repo' } + when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == "7") + + - name: distribute wise2c yum repo for CentOS 8 hosts + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/wise2c-centos8.repo.j2', dest: '/etc/yum.repos.d/wise2c.repo' } + when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == "8") + + - name: distribute ipvs bootload file + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/ipvs.conf.j2', dest: '/etc/modules-load.d/ipvs.conf' } + + - name: modprobe overlay + community.general.modprobe: + name: overlay + state: present + + - name: modprobe br_netfilter + community.general.modprobe: + name: br_netfilter + state: present + + - name: clean yum cache + shell: | + yum clean all + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: yum install tools + yum: + disablerepo: '*' + enablerepo: wise2c-k8s + update_cache: true + state: present + name: '{{ item }}' + with_items: + - rsync + - jq + - chrony + - ipvsadm + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: yum install crio and podman + yum: + disablerepo: '*' + enablerepo: wise2c-crio + update_cache: true + state: present + name: '{{ item }}' + with_items: + - crio + - podman + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: apt install crio and podman and other components + apt: + update_cache: true + state: present + name: '{{ item }}' + with_items: + - docker-compose + - chrony + - jq + - ipvsadm + - graphviz + - nfs-common + - gnupg + - ipset + - cri-o + - cri-o-runc + - podman + when: ansible_distribution =="Ubuntu" + + - name: distribute chrony server config for Redhat/CentOS + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/chrony/redhat-centos/chrony-server.conf.j2', dest: '/etc/chrony.conf' } + when: + - inventory_hostname == ansible_play_batch[0] + - (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: distribute chrony server config for Ubuntu 20 + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/chrony/ubuntu20/chrony-server.conf.j2', dest: '/etc/chrony/chrony.conf' } + when: + - inventory_hostname == ansible_play_batch[0] + - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "20") + + - name: distribute chrony server config for Ubuntu 18 + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/chrony/ubuntu18/chrony-server.conf.j2', dest: '/etc/chrony/chrony.conf' } + when: + - inventory_hostname == ansible_play_batch[0] + - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") + + - name: distribute chrony client config for Redhat/CentOS + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/chrony/redhat-centos/chrony-client.conf.j2', dest: '/etc/chrony.conf' } + when: + - inventory_hostname != ansible_play_batch[0] + - (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: distribute chrony client config for Ubuntu 20 + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/chrony/ubuntu20/chrony-client.conf.j2', dest: '/etc/chrony/chrony.conf' } + when: + - inventory_hostname != ansible_play_batch[0] + - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "20") + + - name: distribute chrony client config for Ubuntu 18 + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/chrony/ubuntu18/chrony-client.conf.j2', dest: '/etc/chrony/chrony.conf' } + when: + - inventory_hostname != ansible_play_batch[0] + - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") + + - name: start chrony for Redhat/CentOS + systemd: + name: chronyd + daemon_reload: true + enabled: yes + state: restarted + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: start chrony for Ubuntu + systemd: + name: chrony + daemon_reload: true + enabled: yes + state: restarted + when: ansible_distribution == "Ubuntu" + + - name: clear crio and registry config files + copy: + content: '' + dest: '{{ item }}' + with_items: + - /etc/crio/crio.conf + - /etc/containers/registries.conf + + - name: fix the metacopy bug for Ubuntu18 + shell: | + sed -i 's/,metacopy=on//g' /etc/containers/storage.conf + when: (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") + + - name: init crio on Redhat/CentOS to create folder /etc/crio + systemd: + name: crio + daemon_reload: true + enabled: true + state: restarted + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: init crio on Ubuntu to create folder /etc/crio + systemd: + name: cri-o + daemon_reload: true + enabled: true + state: restarted + when: ansible_distribution == "Ubuntu" + + # crio service uses k8s.gcr.io/pause:3.5 as default + - name: update pause image in crio.conf + shell: | + echo '[crio.image]' > /etc/crio/crio.conf + echo 'pause_image = "{{ harbor }}/library/pause:3.2"' >> /etc/crio/crio.conf + + - name: distribute crio registry config + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/registries.conf.j2', dest: '/etc/containers/registries.conf' } + when: not harbor_https + + - name: distribute crio registry config for harbor with https + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + with_items: + - { src: 'template/registries.conf.https.j2', dest: '/etc/containers/registries.conf' } + when: harbor_https + + - name: reload & restart crio on Redhat/CentOS + systemd: + name: crio + daemon_reload: true + enabled: true + state: restarted + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: reload & restart crio on Ubuntu + systemd: + name: cri-o + daemon_reload: true + enabled: true + state: restarted + when: ansible_distribution == "Ubuntu" + + - name: set sysctl + sysctl: + name: '{{ item }}' + value: 1 + state: present + reload: true + with_items: + - net.ipv4.ip_forward + - net.bridge.bridge-nf-call-iptables + - net.bridge.bridge-nf-call-ip6tables + + - name: Fix the warning message "No swap limit support" with docker on Ubuntu + script: scripts/fix-ubuntu-docker-warning.sh + when: ansible_distribution == "Ubuntu" diff --git a/crio-playbook/version/file/README.md b/crio-playbook/version/file/README.md new file mode 100644 index 00000000..e69de29b diff --git a/crio-playbook/version/group_vars/README.md b/crio-playbook/version/group_vars/README.md new file mode 100644 index 00000000..e69de29b diff --git a/crio-playbook/version/inherent.yaml b/crio-playbook/version/inherent.yaml new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/crio-playbook/version/inherent.yaml @@ -0,0 +1 @@ + diff --git a/crio-playbook/version/install.ansible b/crio-playbook/version/install.ansible new file mode 100644 index 00000000..fcd49e1c --- /dev/null +++ b/crio-playbook/version/install.ansible @@ -0,0 +1,45 @@ +- name: init host + hosts: hosts + user: root + any_errors_fatal: true + vars: + path: /var/lib/wise2c/tmp/crio + tasks: + - name: check environment + script: scripts/check_environment.sh + register: check_env_output + environment: + BREEZE_LSB_ID: "{{ ansible_facts.distribution }}" + BREEZE_LSB_RELEASE: "{{ ansible_facts.distribution_version }}" + BREEZE_PYTHON_VERSION: "{{ ansible_facts.python_version }}" + + - name: exit + fail: + msg: "{{ check_env_output.stdout }}" + when: check_env_output.stdout != "true" + + - name: get seed ip + shell: + echo $SSH_CONNECTION | cut -d " " -f 1 + register: ip + + - name: add seed to /etc/hosts + blockinfile: + path: /etc/hosts + block: '{{ ip.stdout }} {{ wise2c_seed_host }}' + marker: '# {mark} WISE2C DEPLOY MANAGED BLOCK {{ wise2c_seed_host }}' + + - name: add to /etc/hosts + blockinfile: + path: /etc/hosts + block: '{{ item.key }} {{ item.value.hostname }}' + marker: "# {mark} WISE2C DEPLOY MANAGED BLOCK {{ item.key }}" + with_dict: "{{ hostvars }}" + + - name: check crio + script: scripts/check_crio.sh {{ harbor }} + register: check_output + + - name: setup crio on all nodes + include_tasks: crio.ansible + when: check_output.stdout != 'true' diff --git a/crio-playbook/version/properties.json b/crio-playbook/version/properties.json new file mode 100644 index 00000000..f6808571 --- /dev/null +++ b/crio-playbook/version/properties.json @@ -0,0 +1,10 @@ +[ + { + "variable": "format_hostname", + "label": "change host name", + "description": "Change all server host name to the name defined in UI", + "type": "bool", + "default": "false", + "required": true + } +] diff --git a/crio-playbook/version/reset.ansible b/crio-playbook/version/reset.ansible new file mode 100644 index 00000000..4958ca61 --- /dev/null +++ b/crio-playbook/version/reset.ansible @@ -0,0 +1,23 @@ +- name: clean crio + hosts: hosts + user: root + tasks: + - name: remove crio for Redhat/CentOS + yum: + disablerepo: '*' + enablerepo: wise2c-crio + state: absent + name: '{{ item }}' + with_items: + - crio + - podman + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") + + - name: remove crio for Ubuntu + apt: + state: absent + name: '{{ item }}' + with_items: + - cri-o + - podman + when: ansible_distribution =="Ubuntu" diff --git a/crio-playbook/version/scripts/check_crio.sh b/crio-playbook/version/scripts/check_crio.sh new file mode 100755 index 00000000..f1b98e3f --- /dev/null +++ b/crio-playbook/version/scripts/check_crio.sh @@ -0,0 +1,57 @@ +#! /bin/bash +if [ -e '/var/run/docker.sock' ]; then + docker_installed=`curl -sS --unix-socket /var/run/docker.sock http:/v1.24/info | jq -r '.RegistryConfig.IndexConfigs."'docker.io'".Name'` + if [ "${docker_installed}" == "docker.io" ]; then + echo -n true + else + # docker.sock is exists but docker service is not started + if [ -e '/etc/containers/registries.conf' ]; then + insecure_harbor=`cat /etc/containers/registries.conf |grep $1 |awk -F'=' '{print $2}' |awk -F'"' '{print $2}'` + if [ "${insecure_harbor}" == "$1" ]; then + if [ -e '/var/run/crio/crio.sock' ]; then + cgroup_manager=`curl -sS --unix-socket /var/run/crio/crio.sock http://localhost/config |grep cgroup_manager |awk -F '"' '{print $2}'` + if [ "${cgroup_manager}" == "systemd" ]; then + echo -n true + else + # crio.sock is exists but crio service is not started + echo -n false + fi + else + # crio.sock is not exists + echo -n false + fi + else + # crio is not installed with Breeze + echo -n false + fi + else + # crio is not installed + echo -n false + fi + fi +else + # docker is not installed + if [ -e '/etc/containers/registries.conf' ]; then + insecure_harbor=`cat /etc/containers/registries.conf |grep $1 |awk -F'=' '{print $2}' |awk -F'"' '{print $2}'` + if [ "${insecure_harbor}" == "$1" ]; then + if [ -e '/var/run/crio/crio.sock' ]; then + cgroup_manager=`curl -sS --unix-socket /var/run/crio/crio.sock http://localhost/config |grep cgroup_manager |awk -F '"' '{print $2}'` + if [ "${cgroup_manager}" == "systemd" ]; then + echo -n true + else + # crio.sock is exists but crio service is not started + echo -n false + fi + else + # crio.sock is not exists + echo -n false + fi + else + # crio is not installed with Breeze + echo -n false + fi + else + # crio is not installed + echo -n false + fi +fi diff --git a/crio-playbook/version/scripts/check_environment.sh b/crio-playbook/version/scripts/check_environment.sh new file mode 100755 index 00000000..6b1199d3 --- /dev/null +++ b/crio-playbook/version/scripts/check_environment.sh @@ -0,0 +1,58 @@ +#! /bin/bash + +set -e + +function version_gt() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" != "$1"; } + +: ' +function version_le() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" == "$1"; } +function version_lt() { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } +function version_ge() { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" == "$1"; } + +if version_gt $VERSION $VERSION2; then + echo "$VERSION is greater than $VERSION2" +fi + +if version_le $VERSION $VERSION2; then + echo "$VERSION is less than or equal to $VERSION2" +fi + +if version_lt $VERSION $VERSION2; then + echo "$VERSION is less than $VERSION2" +fi + +if version_ge $VERSION $VERSION2; then + echo "$VERSION is greater than or equal to $VERSION2" +fi +' + +[ ${BREEZE_LSB_ID} ] +[ ${BREEZE_LSB_RELEASE} ] +[ ${BREEZE_PYTHON_VERSION} ] + +if [[ "${BREEZE_LSB_ID}" != "RedHat" ]] && [[ "${BREEZE_LSB_ID}" != "CentOS" ]] && [[ "${BREEZE_LSB_ID}" != "OracleLinux" ]] && [[ "${BREEZE_LSB_ID}" != "Rocky" ]] && [[ "${BREEZE_LSB_ID}" != "AlmaLinux" ]] && [[ "${BREEZE_LSB_ID}" != "Anolis" ]] && [[ "${BREEZE_LSB_ID}" != "Ubuntu" ]]; then + echo "please use RHEL or CentOS or Ubuntu" + exit +fi + +if version_gt 7.4 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "RedHat" ]]; then + echo "please use RHEL 7.x (x>3) for Breeze" + exit +fi + +if version_gt 7.4 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "CentOS" ]]; then + echo "please use CentOS 7.x (x>3) for Breeze" + exit +fi + +if version_gt 18 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "Ubuntu" ]]; then + echo "please use Ubuntu 18/20 for Breeze" + exit +fi + +if version_gt 2.7 ${BREEZE_PYTHON_VERSION}; then + echo "please use python 2.7+" + exit +fi + +printf true diff --git a/crio-playbook/version/scripts/fix-ubuntu-docker-warning.sh b/crio-playbook/version/scripts/fix-ubuntu-docker-warning.sh new file mode 100755 index 00000000..24bfd40b --- /dev/null +++ b/crio-playbook/version/scripts/fix-ubuntu-docker-warning.sh @@ -0,0 +1,4 @@ +#!/bin/bash +sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#g' /etc/default/grub +update-grub +#reboot diff --git a/docker-playbook/version/template/chrony/ubuntu20/chrony-client.conf.j2 b/crio-playbook/version/template/chrony/redhat-centos/chrony-client.conf.j2 similarity index 100% rename from docker-playbook/version/template/chrony/ubuntu20/chrony-client.conf.j2 rename to crio-playbook/version/template/chrony/redhat-centos/chrony-client.conf.j2 diff --git a/crio-playbook/version/template/chrony/redhat-centos/chrony-server.conf.j2 b/crio-playbook/version/template/chrony/redhat-centos/chrony-server.conf.j2 new file mode 100644 index 00000000..19988a14 --- /dev/null +++ b/crio-playbook/version/template/chrony/redhat-centos/chrony-server.conf.j2 @@ -0,0 +1,21 @@ +# Use servers . +server {{ ansible_play_batch[0] }} iburst + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Allow NTP client access from local network. +allow + +# Serve time even if not synchronized to a time source. +local stratum 10 + +# Specify directory for log files. +logdir /var/log/chrony \ No newline at end of file diff --git a/crio-playbook/version/template/chrony/ubuntu18/chrony-client.conf.j2 b/crio-playbook/version/template/chrony/ubuntu18/chrony-client.conf.j2 new file mode 100644 index 00000000..a566fa8f --- /dev/null +++ b/crio-playbook/version/template/chrony/ubuntu18/chrony-client.conf.j2 @@ -0,0 +1,2 @@ +# Use servers . +server {{ ansible_play_batch[0] }} iburst \ No newline at end of file diff --git a/docker-playbook/version/template/chrony/ubuntu20/chrony-server.conf.j2 b/crio-playbook/version/template/chrony/ubuntu18/chrony-server.conf.j2 similarity index 100% rename from docker-playbook/version/template/chrony/ubuntu20/chrony-server.conf.j2 rename to crio-playbook/version/template/chrony/ubuntu18/chrony-server.conf.j2 diff --git a/crio-playbook/version/template/chrony/ubuntu20/chrony-client.conf.j2 b/crio-playbook/version/template/chrony/ubuntu20/chrony-client.conf.j2 new file mode 100644 index 00000000..a566fa8f --- /dev/null +++ b/crio-playbook/version/template/chrony/ubuntu20/chrony-client.conf.j2 @@ -0,0 +1,2 @@ +# Use servers . +server {{ ansible_play_batch[0] }} iburst \ No newline at end of file diff --git a/crio-playbook/version/template/chrony/ubuntu20/chrony-server.conf.j2 b/crio-playbook/version/template/chrony/ubuntu20/chrony-server.conf.j2 new file mode 100644 index 00000000..dc53ca67 --- /dev/null +++ b/crio-playbook/version/template/chrony/ubuntu20/chrony-server.conf.j2 @@ -0,0 +1,73 @@ +# Use servers . +server {{ ansible_play_batch[0] }} iburst + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Allow NTP client access from local network. +allow + +# Serve time even if not synchronized to a time source. +local stratum 10 + +# Specify directory for log files. +logdir /var/log/chrony + + + +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives. + +# This will use (up to): +# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled +# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well +# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) +# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only +# sources will be used. +# At the same time it retains some protection against one of the entries being +# down (compare to just using one of the lines). See (LP: #1754358) for the +# discussion. +# +# About using servers from the NTP Pool Project in general see (LP: #104525). +# Approved by Ubuntu Technical Board on 2011-02-08. +# See http://www.pool.ntp.org/join.html for more information. +#pool ntp.ubuntu.com iburst maxsources 4 +#pool 0.ubuntu.pool.ntp.org iburst maxsources 1 +#pool 1.ubuntu.pool.ntp.org iburst maxsources 1 +#pool 2.ubuntu.pool.ntp.org iburst maxsources 2 +pool {{ ansible_play_batch[0] }} iburst maxsources 1 + +#the iburst option is used to speed up the initial synchronisation. +#the maxsources refers the maximum number of NTP sources. + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can¡¯t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/crio-playbook/version/template/ipvs.conf.j2 b/crio-playbook/version/template/ipvs.conf.j2 new file mode 100644 index 00000000..39ed197f --- /dev/null +++ b/crio-playbook/version/template/ipvs.conf.j2 @@ -0,0 +1,7 @@ +# Load IPVS at boot +ip_vs +ip_vs_rr +ip_vs_wrr +ip_vs_sh +overlay +br_netfilter diff --git a/crio-playbook/version/template/registries.conf.https.j2 b/crio-playbook/version/template/registries.conf.https.j2 new file mode 100644 index 00000000..a7d706f9 --- /dev/null +++ b/crio-playbook/version/template/registries.conf.https.j2 @@ -0,0 +1 @@ +unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] diff --git a/crio-playbook/version/template/registries.conf.j2 b/crio-playbook/version/template/registries.conf.j2 new file mode 100644 index 00000000..b1a2f542 --- /dev/null +++ b/crio-playbook/version/template/registries.conf.j2 @@ -0,0 +1,4 @@ +unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] +[[registry]] +location="{{ harbor }}" +insecure=true diff --git a/docker-playbook/version/template/wise2c-centos7.repo.j2 b/crio-playbook/version/template/wise2c-centos7.repo.j2 similarity index 100% rename from docker-playbook/version/template/wise2c-centos7.repo.j2 rename to crio-playbook/version/template/wise2c-centos7.repo.j2 diff --git a/docker-playbook/version/template/wise2c-centos8.repo.j2 b/crio-playbook/version/template/wise2c-centos8.repo.j2 similarity index 100% rename from docker-playbook/version/template/wise2c-centos8.repo.j2 rename to crio-playbook/version/template/wise2c-centos8.repo.j2 diff --git a/crio-playbook/version/template/wise2c.list-ubuntu18.j2 b/crio-playbook/version/template/wise2c.list-ubuntu18.j2 new file mode 100644 index 00000000..4bb65ad9 --- /dev/null +++ b/crio-playbook/version/template/wise2c.list-ubuntu18.j2 @@ -0,0 +1 @@ +deb http://{{ wise2c_seed_host }}:2008/debs/ubuntu18 ./ diff --git a/docker-playbook/version/template/wise2c.list-ubuntu20.j2 b/crio-playbook/version/template/wise2c.list-ubuntu20.j2 similarity index 100% rename from docker-playbook/version/template/wise2c.list-ubuntu20.j2 rename to crio-playbook/version/template/wise2c.list-ubuntu20.j2 diff --git a/crio-playbook/version/yat/hosts.gotmpl b/crio-playbook/version/yat/hosts.gotmpl new file mode 100644 index 00000000..4c4465a0 --- /dev/null +++ b/crio-playbook/version/yat/hosts.gotmpl @@ -0,0 +1,4 @@ +[hosts] +{{ range $v := .AllHosts -}} +{{ $v.IP }} hostname={{ $v.HostName }} +{{ end }} \ No newline at end of file diff --git a/crio-playbook/version/yat/hosts.yml.gotmpl b/crio-playbook/version/yat/hosts.yml.gotmpl new file mode 100644 index 00000000..2b7775e0 --- /dev/null +++ b/crio-playbook/version/yat/hosts.yml.gotmpl @@ -0,0 +1,4 @@ +wise2c_seed_host: wise2c-seed +harbor: {{ .harbor.Inherent.endpoint }} +harbor_https: {{ .harbor.Inherent.https }} +format_hostname: {{ .crio.Property.format_hostname }} diff --git a/docker-compose-aliyun.yml b/docker-compose-aliyun.yml index 4295ea46..5dc73348 100644 --- a/docker-compose-aliyun.yml +++ b/docker-compose-aliyun.yml @@ -2,7 +2,7 @@ version: '2' services: deploy: container_name: deploy-main - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/pagoda:v1.4.0 + image: registry.cn-shenzhen.aliyuncs.com/breeze-project/pagoda:v1.3.1 restart: always entrypoint: sh command: @@ -18,26 +18,20 @@ services: - playbook ui: container_name: deploy-ui - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/deploy-ui:v1.9.1 + image: registry.cn-shenzhen.aliyuncs.com/breeze-project/deploy-ui:v1.9.2 restart: always network_mode: "service:deploy" playbook: container_name: deploy-playbook - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/playbook:v1.23.17-docker + image: registry.cn-shenzhen.aliyuncs.com/breeze-project/playbook:v1.23.17-kylin-v10-sp2-aarch64 volumes: - playbook:/workspace yum-repo: container_name: deploy-yumrepo - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/yum-repo:v1.23.17 + image: registry.cn-shenzhen.aliyuncs.com/breeze-project/yum-repo:v1.23-china-innovation-os ports: - 2009:2009 restart: always - apt-source: - container_name: deploy-aptsource - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/apt-source:v1.23.17 - ports: - - 2008:2008 - restart: always volumes: playbook: external: false diff --git a/docker-compose-centos-aliyun.yml b/docker-compose-centos-aliyun.yml deleted file mode 100644 index 6eb2fc68..00000000 --- a/docker-compose-centos-aliyun.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '2' -services: - deploy: - container_name: deploy-main - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/pagoda:v1.4.0 - restart: always - entrypoint: sh - command: - - -c - - "/root/pagoda -logtostderr -v 4 -w /workspace" - ports: - - 88:80 - - 8088:8080 - volumes: - - $HOME/.ssh:/root/.ssh - - $PWD/deploy:/deploy - volumes_from: - - playbook - ui: - container_name: deploy-ui - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/deploy-ui:v1.9.1 - restart: always - network_mode: "service:deploy" - playbook: - container_name: deploy-playbook - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/playbook:v1.23.17-docker - volumes: - - playbook:/workspace - yum-repo: - container_name: deploy-yumrepo - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/yum-repo:v1.23.17 - ports: - - 2009:2009 - restart: always -volumes: - playbook: - external: false diff --git a/docker-compose-centos.yml b/docker-compose-centos.yml deleted file mode 100644 index 539b2457..00000000 --- a/docker-compose-centos.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '2' -services: - deploy: - container_name: deploy-main - image: wise2c/pagoda:v1.4.0 - restart: always - entrypoint: sh - command: - - -c - - "/root/pagoda -logtostderr -v 4 -w /workspace" - ports: - - 88:80 - - 8088:8080 - volumes: - - $HOME/.ssh:/root/.ssh - - $PWD/deploy:/deploy - volumes_from: - - playbook - ui: - container_name: deploy-ui - image: wise2c/deploy-ui:v1.9.1 - restart: always - network_mode: "service:deploy" - playbook: - container_name: deploy-playbook - image: wise2c/playbook:v1.23.17-docker - volumes: - - playbook:/workspace - yum-repo: - container_name: deploy-yumrepo - image: wise2c/yum-repo:v1.23.17 - ports: - - 2009:2009 - restart: always -volumes: - playbook: - external: false diff --git a/docker-compose-ubuntu-aliyun.yml b/docker-compose-ubuntu-aliyun.yml deleted file mode 100644 index 205ef8ae..00000000 --- a/docker-compose-ubuntu-aliyun.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '2' -services: - deploy: - container_name: deploy-main - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/pagoda:v1.4.0 - restart: always - entrypoint: sh - command: - - -c - - "/root/pagoda -logtostderr -v 4 -w /workspace" - ports: - - 88:80 - - 8088:8080 - volumes: - - $HOME/.ssh:/root/.ssh - - $PWD/deploy:/deploy - volumes_from: - - playbook - ui: - container_name: deploy-ui - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/deploy-ui:v1.9.1 - restart: always - network_mode: "service:deploy" - playbook: - container_name: deploy-playbook - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/playbook:v1.23.17-docker - volumes: - - playbook:/workspace - apt-source: - container_name: deploy-aptsource - image: registry.cn-shenzhen.aliyuncs.com/breeze-project/apt-source:v1.23.17 - ports: - - 2008:2008 - restart: always -volumes: - playbook: - external: false diff --git a/docker-compose-ubuntu.yml b/docker-compose-ubuntu.yml deleted file mode 100644 index 5be4bf16..00000000 --- a/docker-compose-ubuntu.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '2' -services: - deploy: - container_name: deploy-main - image: wise2c/pagoda:v1.4.0 - restart: always - entrypoint: sh - command: - - -c - - "/root/pagoda -logtostderr -v 4 -w /workspace" - ports: - - 88:80 - - 8088:8080 - volumes: - - $HOME/.ssh:/root/.ssh - - $PWD/deploy:/deploy - volumes_from: - - playbook - ui: - container_name: deploy-ui - image: wise2c/deploy-ui:v1.9.1 - restart: always - network_mode: "service:deploy" - playbook: - container_name: deploy-playbook - image: wise2c/playbook:v1.23.17-docker - volumes: - - playbook:/workspace - apt-source: - container_name: deploy-aptsource - image: wise2c/apt-source:v1.23.17 - ports: - - 2008:2008 - restart: always -volumes: - playbook: - external: false diff --git a/docker-compose.yml b/docker-compose.yml index 3f4a9561..ce98476e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: deploy: container_name: deploy-main - image: wise2c/pagoda:v1.4.0 + image: wise2c/pagoda:v1.3.1 restart: always entrypoint: sh command: @@ -18,26 +18,20 @@ services: - playbook ui: container_name: deploy-ui - image: wise2c/deploy-ui:v1.9.1 + image: wise2c/deploy-ui:v1.9.2 restart: always network_mode: "service:deploy" playbook: container_name: deploy-playbook - image: wise2c/playbook:v1.23.17-docker + image: wise2c/playbook:v1.23.17-kylin-v10sp2 volumes: - playbook:/workspace yum-repo: container_name: deploy-yumrepo - image: wise2c/yum-repo:v1.23.17 + image: wise2c/yum-repo:v1.23.17-kylin-v10sp2 ports: - 2009:2009 restart: always - apt-source: - container_name: deploy-aptsource - image: wise2c/apt-source:v1.23.17 - ports: - - 2008:2008 - restart: always volumes: playbook: external: false diff --git a/docker-playbook/version/ansible.cfg b/docker-playbook/version/ansible.cfg old mode 100644 new mode 100755 diff --git a/docker-playbook/version/docker.ansible b/docker-playbook/version/docker.ansible old mode 100644 new mode 100755 index af96ac14..6824ae90 --- a/docker-playbook/version/docker.ansible +++ b/docker-playbook/version/docker.ansible @@ -3,66 +3,27 @@ name: '{{ hostname }}' when: format_hostname - - name: distribute wise2c apt source for Ubuntu 20 hosts - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/wise2c.list-ubuntu20.j2', dest: '/etc/apt/sources.list.d/wise2c.list' } - when: (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "20") - - - name: distribute wise2c apt source for Ubuntu 18 hosts - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/wise2c.list-ubuntu18.j2', dest: '/etc/apt/sources.list.d/wise2c.list' } - when: (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") - - - name: install python2 for Ubuntu - shell: | - mv /etc/apt/sources.list /etc/apt/sources.list.bak - curl -so /tmp/breeze.pub http://wise2c-seed:2008/debs/ubuntu18/breeze.pub - apt-key add /tmp/breeze.pub - rm -f /tmp/breeze.pub - apt-get update && export DEBIAN_FRONTEND=noninteractive - apt-get install -y python python-apt python3-docker python-chardet python3-requests - when: - - ansible_distribution == "Ubuntu" - - name: disabled selinux selinux: state: disabled - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: start firewalld systemd: name: firewalld enabled: true state: started - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: config firewalld shell: | firewall-cmd --set-default-zone=trusted firewall-cmd --complete-reload - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: distribute wise2c yum repo for CentOS 7 hosts - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/wise2c-centos7.repo.j2', dest: '/etc/yum.repos.d/wise2c.repo' } - when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == "7") - - name: distribute wise2c yum repo for CentOS 8 hosts + - name: distribute wise2c yum repo template: src: '{{ item.src }}' dest: '{{ item.dest }}' with_items: - - { src: 'template/wise2c-centos8.repo.j2', dest: '/etc/yum.repos.d/wise2c.repo' } - when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == "8") + - { src: 'template/wise2c.repo.j2', dest: '/etc/yum.repos.d/wise2c.repo' } - name: distribute ipvs bootload file template: @@ -74,42 +35,6 @@ - name: clean yum cache shell: | yum clean all - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: yum install tools for CentOS7 - yum: - disablerepo: '*' - enablerepo: "wise2c-k8s,wise2c-crio" - update_cache: true - state: present - name: '{{ item }}' - with_items: - - rsync - - jq - - chrony - - ipvsadm - - docker-python - - python-chardet - - python-requests - when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == "7") - - - name: yum install tools for CentOS8 - yum: - disablerepo: '*' - enablerepo: "wise2c-k8s,wise2c-crio" - update_cache: true - state: present - name: '{{ item }}' - with_items: - - rsync - - jq - - chrony - - ipvsadm - - python3-docker - - python3-chardet - - python3-requests - - audit-libs-python3 - when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == "8") - name: yum install docker yum: @@ -119,25 +44,12 @@ state: present name: '{{ item }}' with_items: + - rsync + - jq - docker-ce - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: apt install docker and other components - apt: - update_cache: true - state: present - name: '{{ item }}' - with_items: - - docker-compose + - python3-docker - chrony - - jq - ipvsadm - - graphviz - - nfs-common - - gnupg - - ipset - - docker-ce - when: ansible_distribution =="Ubuntu" - name: distribute chrony server config for Redhat/CentOS template: @@ -147,27 +59,6 @@ - { src: 'template/chrony/redhat-centos/chrony-server.conf.j2', dest: '/etc/chrony.conf' } when: - inventory_hostname == ansible_play_batch[0] - - (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: distribute chrony server config for Ubuntu 20 - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/chrony/ubuntu20/chrony-server.conf.j2', dest: '/etc/chrony/chrony.conf' } - when: - - inventory_hostname == ansible_play_batch[0] - - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "20") - - - name: distribute chrony server config for Ubuntu 18 - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/chrony/ubuntu18/chrony-server.conf.j2', dest: '/etc/chrony/chrony.conf' } - when: - - inventory_hostname == ansible_play_batch[0] - - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") - name: distribute chrony client config for Redhat/CentOS template: @@ -177,27 +68,6 @@ - { src: 'template/chrony/redhat-centos/chrony-client.conf.j2', dest: '/etc/chrony.conf' } when: - inventory_hostname != ansible_play_batch[0] - - (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: distribute chrony client config for Ubuntu 20 - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/chrony/ubuntu20/chrony-client.conf.j2', dest: '/etc/chrony/chrony.conf' } - when: - - inventory_hostname != ansible_play_batch[0] - - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "20") - - - name: distribute chrony client config for Ubuntu 18 - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/chrony/ubuntu18/chrony-client.conf.j2', dest: '/etc/chrony/chrony.conf' } - when: - - inventory_hostname != ansible_play_batch[0] - - (ansible_distribution == "Ubuntu") and (ansible_distribution_major_version == "18") - name: start chrony for Redhat/CentOS systemd: @@ -205,15 +75,6 @@ daemon_reload: true enabled: yes state: restarted - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: start chrony for Ubuntu - systemd: - name: chrony - daemon_reload: true - enabled: yes - state: restarted - when: ansible_distribution == "Ubuntu" - name: clear docker config for Redhat/CentOS copy: @@ -224,7 +85,6 @@ - /etc/sysconfig/docker-storage - /etc/sysconfig/docker-storage-setup - /etc/sysconfig/docker-network - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: init docker to create folder /etc/docker systemd: @@ -266,7 +126,3 @@ - net.ipv4.ip_forward - net.bridge.bridge-nf-call-iptables - net.bridge.bridge-nf-call-ip6tables - - - name: Fix the warning message "No swap limit support" with docker on Ubuntu - script: scripts/fix-ubuntu-docker-warning.sh - when: ansible_distribution == "Ubuntu" diff --git a/docker-playbook/version/file/README.md b/docker-playbook/version/file/README.md old mode 100644 new mode 100755 diff --git a/docker-playbook/version/group_vars/README.md b/docker-playbook/version/group_vars/README.md old mode 100644 new mode 100755 diff --git a/docker-playbook/version/inherent.yaml b/docker-playbook/version/inherent.yaml old mode 100644 new mode 100755 diff --git a/docker-playbook/version/install.ansible b/docker-playbook/version/install.ansible old mode 100644 new mode 100755 index 356dced0..82f6dcbb --- a/docker-playbook/version/install.ansible +++ b/docker-playbook/version/install.ansible @@ -5,19 +5,6 @@ vars: path: /var/lib/wise2c/tmp/docker tasks: - - name: check environment - script: scripts/check_environment.sh - register: check_env_output - environment: - BREEZE_LSB_ID: "{{ ansible_facts.distribution }}" - BREEZE_LSB_RELEASE: "{{ ansible_facts.distribution_version }}" - BREEZE_PYTHON_VERSION: "{{ ansible_facts.python_version }}" - - - name: exit - fail: - msg: "{{ check_env_output.stdout }}" - when: check_env_output.stdout != "true" - - name: get seed ip shell: echo $SSH_CONNECTION | cut -d " " -f 1 diff --git a/docker-playbook/version/properties.json b/docker-playbook/version/properties.json old mode 100644 new mode 100755 diff --git a/docker-playbook/version/reset.ansible b/docker-playbook/version/reset.ansible old mode 100644 new mode 100755 index e2f321d1..64465f83 --- a/docker-playbook/version/reset.ansible +++ b/docker-playbook/version/reset.ansible @@ -5,12 +5,13 @@ - name: remove docker for Redhat/CentOS yum: disablerepo: '*' - enablerepo: "wise2c-k8s,wise2c-crio" + enablerepo: wise2c state: absent name: '{{ item }}' with_items: - docker-ce - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + - docker-compose + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") - name: remove docker for Ubuntu apt: @@ -18,4 +19,6 @@ name: '{{ item }}' with_items: - docker-ce + - docker-compose when: ansible_distribution =="Ubuntu" + diff --git a/docker-playbook/version/scripts/check_environment.sh b/docker-playbook/version/scripts/check_environment.sh index 5d736219..5115922b 100755 --- a/docker-playbook/version/scripts/check_environment.sh +++ b/docker-playbook/version/scripts/check_environment.sh @@ -8,15 +8,19 @@ function version_gt() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" function version_le() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" == "$1"; } function version_lt() { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } function version_ge() { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" == "$1"; } + if version_gt $VERSION $VERSION2; then echo "$VERSION is greater than $VERSION2" fi + if version_le $VERSION $VERSION2; then echo "$VERSION is less than or equal to $VERSION2" fi + if version_lt $VERSION $VERSION2; then echo "$VERSION is less than $VERSION2" fi + if version_ge $VERSION $VERSION2; then echo "$VERSION is greater than or equal to $VERSION2" fi @@ -26,23 +30,23 @@ fi [ ${BREEZE_LSB_RELEASE} ] [ ${BREEZE_PYTHON_VERSION} ] -if [[ "${BREEZE_LSB_ID}" != "RedHat" ]] && [[ "${BREEZE_LSB_ID}" != "CentOS" ]] && [[ "${BREEZE_LSB_ID}" != "OracleLinux" ]] && [[ "${BREEZE_LSB_ID}" != "Rocky" ]] && [[ "${BREEZE_LSB_ID}" != "AlmaLinux" ]] && [[ "${BREEZE_LSB_ID}" != "Anolis" ]] && [[ "${BREEZE_LSB_ID}" != "Ubuntu" ]]; then +if [[ "${BREEZE_LSB_ID}" != "RedHat" ]] && [[ "${BREEZE_LSB_ID}" != "CentOS" ]] && [[ "${BREEZE_LSB_ID}" != "Ubuntu" ]]; then echo "please use RHEL or CentOS or Ubuntu" exit fi -if version_gt 7.4 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "RedHat" ]]; then - echo "please use RHEL 7.x (x>3) for Breeze" +if version_gt 8.4 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "RedHat" ]]; then + echo "please use RHEL 8.x (x>3) for Breeze" exit fi -if version_gt 7.4 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "CentOS" ]]; then - echo "please use CentOS 7.x (x>3) for Breeze" +if version_gt 8.4 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "CentOS" ]]; then + echo "please use CentOS 8.x (x>3) for Breeze" exit fi -if version_gt 18 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "Ubuntu" ]]; then - echo "please use Ubuntu 18/20 for Breeze" +if version_gt 20 ${BREEZE_LSB_RELEASE} && [[ "${BREEZE_LSB_ID}" == "Ubuntu" ]]; then + echo "please use Ubuntu 20/22 for Breeze" exit fi diff --git a/docker-playbook/version/template/chrony/redhat-centos/chrony-client.conf.j2 b/docker-playbook/version/template/chrony/redhat-centos/chrony-client.conf.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/chrony/redhat-centos/chrony-server.conf.j2 b/docker-playbook/version/template/chrony/redhat-centos/chrony-server.conf.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/chrony/ubuntu16/chrony-client.conf.j2 b/docker-playbook/version/template/chrony/ubuntu16/chrony-client.conf.j2 new file mode 100755 index 00000000..a566fa8f --- /dev/null +++ b/docker-playbook/version/template/chrony/ubuntu16/chrony-client.conf.j2 @@ -0,0 +1,2 @@ +# Use servers . +server {{ ansible_play_batch[0] }} iburst \ No newline at end of file diff --git a/docker-playbook/version/template/chrony/ubuntu16/chrony-server.conf.j2 b/docker-playbook/version/template/chrony/ubuntu16/chrony-server.conf.j2 new file mode 100755 index 00000000..51b08616 --- /dev/null +++ b/docker-playbook/version/template/chrony/ubuntu16/chrony-server.conf.j2 @@ -0,0 +1,87 @@ +# This the default chrony.conf file for the Debian chrony package. After +# editing this file use the command 'invoke-rc.d chrony restart' to make +# your changes take effect. John Hasler 1998-2008 + +# See www.pool.ntp.org for an explanation of these servers. Please +# consider joining the project if possible. If you can't or don't want to +# use these servers I suggest that you try your ISP's nameservers. We mark +# the servers 'offline' so that chronyd won't try to connect when the link +# is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc +# commands to switch it on when a dialup link comes up and off when it goes +# down. Code in /etc/init.d/chrony attempts to determine whether or not +# the link is up at boot time and set the online status accordingly. If +# you have an always-on connection such as cable omit the 'offline' +# directive and chronyd will default to online. +# +# Note that if Chrony tries to go "online" and dns lookup of the servers +# fails they will be discarded. Thus under some circumstances it is +# better to use IP numbers than host names. + +pool {{ ansible_play_batch[0] }} offline iburst + +# Look here for the admin password needed for chronyc. The initial +# password is generated by a random process at install time. You may +# change it if you wish. + +keyfile /etc/chrony/chrony.keys + +# This directive sets the key ID used for authenticating user commands via the +# 'chronyc' program at run time. + +commandkey 1 + +# I moved the driftfile to /var/lib/chrony to comply with the Debian +# filesystem standard. + +driftfile /var/lib/chrony/chrony.drift + +# Comment this line out to turn off logging. + +log tracking measurements statistics +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. + +maxupdateskew 100.0 + +# Dump measurements when daemon exits. + +dumponexit + +# Specify directory for dumping measurements. + +dumpdir /var/lib/chrony + +# This directive lets 'chronyd' to serve time even if unsynchronised to any +# NTP server. + +#local stratum 10 + +# This directive designates subnets (or nodes) from which NTP clients are allowed +# to access to 'chronyd'. + +#allow foo.example.net +#allow 10/8 +#allow 0/0 (allow access by any IPv4 node) +#allow ::/0 (allow access by any IPv6 node) + +# This directive forces `chronyd' to send a message to syslog if it +# makes a system clock adjustment larger than a threshold value in seconds. + +logchange 0.5 + +# This directive defines an email address to which mail should be sent +# if chronyd applies a correction exceeding a particular threshold to the +# system clock. + +# mailonchange root@localhost 0.5 + +# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the +# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive. + +hwclockfile /etc/adjtime + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. + +rtcsync diff --git a/docker-playbook/version/template/chrony/ubuntu18/chrony-client.conf.j2 b/docker-playbook/version/template/chrony/ubuntu18/chrony-client.conf.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/chrony/ubuntu18/chrony-server.conf.j2 b/docker-playbook/version/template/chrony/ubuntu18/chrony-server.conf.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/daemon.json.https.j2 b/docker-playbook/version/template/daemon.json.https.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/daemon.json.j2 b/docker-playbook/version/template/daemon.json.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/ipvs.conf.j2 b/docker-playbook/version/template/ipvs.conf.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/wise2c.list-ubuntu16.j2 b/docker-playbook/version/template/wise2c.list-ubuntu16.j2 new file mode 100755 index 00000000..331b4edd --- /dev/null +++ b/docker-playbook/version/template/wise2c.list-ubuntu16.j2 @@ -0,0 +1 @@ +deb http://{{ wise2c_seed_host }}:2008/debs/ubuntu16 ./ diff --git a/docker-playbook/version/template/wise2c.list-ubuntu18.j2 b/docker-playbook/version/template/wise2c.list-ubuntu18.j2 old mode 100644 new mode 100755 diff --git a/docker-playbook/version/template/wise2c.repo.j2 b/docker-playbook/version/template/wise2c.repo.j2 new file mode 100755 index 00000000..466b6e9e --- /dev/null +++ b/docker-playbook/version/template/wise2c.repo.j2 @@ -0,0 +1,13 @@ +[wise2c-k8s] +name=wise2c-k8s +baseurl=http://{{ wise2c_seed_host }}:2009/rpms/k8s/centos8 +enabled=1 +gpgcheck=0 +module_hotfixes=1 + +[wise2c-crio] +name=wise2c-crio +baseurl=http://{{ wise2c_seed_host }}:2009/rpms/crio/centos8 +enabled=1 +gpgcheck=0 +module_hotfixes=1 diff --git a/docker-playbook/version/yat/hosts.gotmpl b/docker-playbook/version/yat/hosts.gotmpl old mode 100644 new mode 100755 diff --git a/docker-playbook/version/yat/hosts.yml.gotmpl b/docker-playbook/version/yat/hosts.yml.gotmpl old mode 100644 new mode 100755 diff --git a/elasticcloud-playbook/version/file/remove.sh b/elasticcloud-playbook/version/file/remove.sh index 92bc52c3..fb2654ae 100755 --- a/elasticcloud-playbook/version/file/remove.sh +++ b/elasticcloud-playbook/version/file/remove.sh @@ -1,5 +1,5 @@ #!/bin/bash -kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/filebeat.yml +kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/fluentd.yml kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/kibana-service.yml kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/elasticsearch-service.yml kubectl delete kibana quickstart @@ -7,4 +7,3 @@ kubectl delete elasticsearch quickstart kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/kibana.yml kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/elasticsearch.yml kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/eck.yml -kubectl delete -f /var/lib/wise2c/tmp/elasticcloud/crds.yml diff --git a/etcd-playbook/version-by-kubeadm/group_vars/etcd.yml b/etcd-playbook/version-by-kubeadm/group_vars/etcd.yml index 10a0304b..86d353c7 100644 --- a/etcd-playbook/version-by-kubeadm/group_vars/etcd.yml +++ b/etcd-playbook/version-by-kubeadm/group_vars/etcd.yml @@ -1,19 +1,14 @@ command: - etcd -- | - {% for host in ansible_play_batch -%} - {% if host == inventory_hostname -%} - --name etcd{{ loop.index0 }} - {% endif -%} - {% endfor -%} -- --data-dir /var/lib/etcd -- --advertise-client-urls https://{{ inventory_hostname }}:2379 -- --listen-client-urls https://{{ inventory_hostname }}:2379 -- --listen-peer-urls https://{{ inventory_hostname }}:2380 -- --initial-cluster-token etcd-cluster -- --initial-advertise-peer-urls https://{{ inventory_hostname }}:2380 -- --initial-cluster {% for host in play_hosts %}etcd{{ loop.index0 }}=https://{{ host }}:2380{% if not loop.last %},{% endif %}{% endfor %} -- --initial-cluster-state new +- --name={% for host in ansible_play_batch -%}{% if host == inventory_hostname -%}etcd{{ loop.index0 }}{% endif -%}{% endfor -%} +- --data-dir=/var/lib/etcd +- --advertise-client-urls=https://{{ inventory_hostname }}:2379 +- --listen-client-urls=https://{{ inventory_hostname }}:2379 +- --listen-peer-urls=https://{{ inventory_hostname }}:2380 +- --initial-cluster-token=etcd-cluster +- --initial-advertise-peer-urls=https://{{ inventory_hostname }}:2380 +- --initial-cluster={% for host in play_hosts %}etcd{{ loop.index0 }}=https://{{ host }}:2380{% if not loop.last %},{% endif %}{% endfor %} +- --initial-cluster-state=new - --client-cert-auth - --trusted-ca-file=/etcd-cert/ca.pem - --cert-file=/etcd-cert/etcd.pem diff --git a/etcd-playbook/version-by-kubeadm/init.sh b/etcd-playbook/version-by-kubeadm/init.sh index 77481057..47021bc7 100755 --- a/etcd-playbook/version-by-kubeadm/init.sh +++ b/etcd-playbook/version-by-kubeadm/init.sh @@ -14,11 +14,14 @@ docker pull ${image} docker save ${image} > ${path}/file/etcd.tar bzip2 -z --best ${path}/file/etcd.tar +export CPUArch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64") print "arm64"; else print $1 }') + echo "=== download cfssl tools ===" -export CFSSL_URL=https://pkg.cfssl.org/R1.2 -curl -L -o cfssl ${CFSSL_URL}/cfssl_linux-amd64 -curl -L -o cfssljson ${CFSSL_URL}/cfssljson_linux-amd64 -curl -L -o cfssl-certinfo ${CFSSL_URL}/cfssl-certinfo_linux-amd64 +export CFSSL_VERSION=1.6.4 +export CFSSL_URL=https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VERSION} +curl -L -o cfssl ${CFSSL_URL}/cfssl_${CFSSL_VERSION}_linux_${CPUArch} +curl -L -o cfssljson ${CFSSL_URL}/cfssljson_${CFSSL_VERSION}_linux_${CPUArch} +curl -L -o cfssl-certinfo ${CFSSL_URL}/cfssl-certinfo_${CFSSL_VERSION}_linux_${CPUArch} chmod +x cfssl cfssljson cfssl-certinfo tar zcvf ${path}/file/cfssl-tools.tar.gz cfssl cfssl-certinfo cfssljson echo "=== cfssl tools is download successfully ===" diff --git a/etcd-playbook/version-by-kubeadm/install.ansible b/etcd-playbook/version-by-kubeadm/install.ansible index d6434499..7052aeb5 100644 --- a/etcd-playbook/version-by-kubeadm/install.ansible +++ b/etcd-playbook/version-by-kubeadm/install.ansible @@ -91,7 +91,7 @@ path: '/etc/etcd/pki' state: directory mode: 0755 - + - name: unarchive cfssl tool unarchive: src: file/cfssl-tools.tar.gz @@ -133,7 +133,7 @@ - { src: '/etc/etcd/pki/etcd.pem', dest: '../etcd.pem' } - { src: '/etc/etcd/pki/etcd-key.pem', dest: '../etcd-key.pem' } run_once: true - + - name: copy certificates copy: src: '{{ item.src }}' diff --git a/etcd-playbook/version-by-kubeadm/reset.ansible b/etcd-playbook/version-by-kubeadm/reset.ansible index cd9956c6..364b46cd 100644 --- a/etcd-playbook/version-by-kubeadm/reset.ansible +++ b/etcd-playbook/version-by-kubeadm/reset.ansible @@ -6,7 +6,7 @@ docker_container: name: etcd state: absent - + - name: clean etcd directory file: path: '{{ item }}' diff --git a/harbor-playbook/version/file/install-harbor.sh b/harbor-playbook/version/file/install-harbor.sh index fd4b8c8f..70b71be4 100755 --- a/harbor-playbook/version/file/install-harbor.sh +++ b/harbor-playbook/version/file/install-harbor.sh @@ -4,8 +4,4 @@ sed -i 's,port: 443,# port: 443,g' harbor.yml sed -i 's,certificate:,# certificate:,g' harbor.yml sed -i 's,private_key:,# private_key:,g' harbor.yml -set +e -docker network create harbor_harbor -set -e - ./install.sh --with-chartmuseum diff --git a/harbor-playbook/version/init.sh b/harbor-playbook/version/init.sh index d02ccf1f..b402bea3 100755 --- a/harbor-playbook/version/init.sh +++ b/harbor-playbook/version/init.sh @@ -9,9 +9,9 @@ version=`cat ${path}/components-version.txt |grep "Harbor" |awk '{print $3}'` echo "" >> ${path}/yat/harbor.yml.gotmpl echo "version: v${version}" >> ${path}/yat/harbor.yml.gotmpl -curl -L https://github.com/docker/compose/releases/download/v2.6.1/docker-compose-$(uname -s)-$(uname -m) -o ${path}/file/docker-compose +curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m) -o ${path}/file/docker-compose -curl -L https://storage.googleapis.com/harbor-releases/release-${version%.*}.0/harbor-offline-installer-v${version}.tgz \ +curl -L https://github.com/wise2c-devops/build-harbor-aarch64/releases/download/v${version}/harbor-offline-installer-aarch64-v${version}.tgz \ -o ${path}/file/harbor-offline-installer-v${version}.tgz curl -sSL https://raw.githubusercontent.com/vmware/harbor/v${version}/make/harbor.yml.tmpl \ diff --git a/harbor-playbook/version/install.ansible b/harbor-playbook/version/install.ansible index 02e69184..99a9063a 100644 --- a/harbor-playbook/version/install.ansible +++ b/harbor-playbook/version/install.ansible @@ -4,20 +4,19 @@ vars: path: /var/lib/wise2c/tmp/harbor tasks: - - name: yum install docker on Redhat/CentOS/Rocky/Alma/Oracle 8.x + - name: yum remove crio and podman yum: - disablerepo: '*' - enablerepo: wise2c-k8s - allowerasing: true - update_cache: true - state: present + state: absent name: '{{ item }}' with_items: - - docker-ce - - docker-ce-cli - when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == '8') + - containernetworking-plugins + - container-selinux + - containers-common + - crio + - podman + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - name: yum install docker on Redhat/CentOS/Oracle 7.x + - name: yum install docker yum: disablerepo: '*' enablerepo: wise2c-k8s @@ -27,7 +26,19 @@ with_items: - docker-ce - docker-ce-cli - when: ((ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis")) and (ansible_distribution_major_version == '7') + when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") + + - name: apt remove crio and podman + apt: + state: absent + name: '{{ item }}' + with_items: + - containernetworking-plugins + - container-selinux + - containers-common + - cri-o + - podman + when: ansible_distribution =="Ubuntu" - name: apt install docker apt: diff --git a/init.sh b/init.sh index edcc0b1b..219aa247 100755 --- a/init.sh +++ b/init.sh @@ -5,19 +5,20 @@ set -e path=`dirname $0` kubernetes_version=1.23.17 -harbor_version=2.7.1 -docker_version=23.0.1 +harbor_version=2.10.0 +docker_version=24.0.6 +crio_version=1.23.5 haproxy_version=2.0.0 keepalived_version=1.3.5 loadbalancer_version=HAProxy-${haproxy_version}_Keepalived-${keepalived_version} prometheus_version=2.41.0 prometheus_operator_version=0.62.0 kube_prometheus_version=0.12.0 -metrics_server_version=0.6.2 +metrics_server_version=0.6.4 dashboard_version=2.5.1 metrics_scraper_version=1.0.7 -flannel_version=0.21.2 -flannel_cni_plugin_version=1.1.2 +flannel_version=0.22.3 +flannel_cni_plugin_version=1.2.0 calico_version=3.25.0 helm_version=3.11.1 istio_version=1.17.1 @@ -29,6 +30,7 @@ elastic_stack_version=8.6.2 mv ${path}/kubernetes-playbook/version ${path}/kubernetes-playbook/v${kubernetes_version} mv ${path}/harbor-playbook/version ${path}/harbor-playbook/v${harbor_version} mv ${path}/docker-playbook/version ${path}/docker-playbook/${docker_version}-CE +mv ${path}/crio-playbook/version ${path}/crio-playbook/${crio_version} mv ${path}/loadbalancer-playbook/version ${path}/loadbalancer-playbook/${loadbalancer_version} mv ${path}/prometheus-playbook/version ${path}/prometheus-playbook/Kube-Prometheus-v${kube_prometheus_version} mv ${path}/istio-playbook/version ${path}/istio-playbook/v${istio_version} @@ -43,6 +45,7 @@ echo "ETCD Version: ${etcd_version}" > ${path}/components-version.txt echo "Kubernetes Version: ${kubernetes_version}" >> ${path}/components-version.txt echo "Harbor Version: ${harbor_version}" >> ${path}/components-version.txt echo "Docker Version: ${docker_version}" >> ${path}/components-version.txt +echo "CRIO Version: ${crio_version}" >> ${path}/components-version.txt echo "HAProxy Version: ${haproxy_version}" >> ${path}/components-version.txt echo "Keepalived Version: ${keepalived_version}" >> ${path}/components-version.txt echo "Prometheus Version: ${prometheus_version}" >> ${path}/components-version.txt diff --git a/istio-playbook/version/file/deploy.sh b/istio-playbook/version/file/deploy.sh index 6fad50ce..f4af50f8 100755 --- a/istio-playbook/version/file/deploy.sh +++ b/istio-playbook/version/file/deploy.sh @@ -2,9 +2,9 @@ set -e #It seems that there is a bug on Ubuntu host to load the images. If no wait, it will return an error message: "Error response from daemon: No such image" -if [ ! -f /etc/redhat-release ]; then - sleep 60 -fi +#if [ ! -f /etc/redhat-release ]; then +# sleep 60 +#fi MyImageRepositoryIP=`cat harbor-address.txt` MyImageRepositoryProject=library diff --git a/istio-playbook/version/init.sh b/istio-playbook/version/init.sh index 123f9b79..2178d968 100755 --- a/istio-playbook/version/init.sh +++ b/istio-playbook/version/init.sh @@ -9,7 +9,8 @@ IstioVersion=`cat ${path}/components-version.txt |grep "Istio" |awk '{print $3}' echo "" >> ${path}/group_vars/istio.yml echo "istio_version: ${IstioVersion}" >> ${path}/group_vars/istio.yml -curl -L -o ${path}/file/istio-$IstioVersion-origin.tar.gz https://github.com/istio/istio/releases/download/$IstioVersion/istio-$IstioVersion-linux-amd64.tar.gz +export CPUArch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64") print "arm64"; else print $1 }') +curl -L -o ${path}/file/istio-$IstioVersion-origin.tar.gz https://github.com/istio/istio/releases/download/$IstioVersion/istio-$IstioVersion-linux-${CPUArch}.tar.gz cd ${path}/file/ tar zxf istio-$IstioVersion-origin.tar.gz diff --git a/kubernetes-playbook/version/both.ansible b/kubernetes-playbook/version/both.ansible index 1617c92c..19db1bb0 100644 --- a/kubernetes-playbook/version/both.ansible +++ b/kubernetes-playbook/version/both.ansible @@ -34,12 +34,10 @@ - name: clean yum cache shell: | yum clean all - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: install kubernetes-cni for Redhat/CentOS shell: | yum install --disablerepo=* --enablerepo=wise2c-k8s -y kubernetes-cni - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: install kubernetes components for Redhat/CentOS yum: @@ -52,19 +50,6 @@ - kubectl-{{ kubernetes_version[1:] }} - kubelet-{{ kubernetes_version[1:] }} - kubeadm-{{ kubernetes_version[1:] }} - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: install kubernetes components for Ubuntu - apt: - update_cache: true - state: present - name: '{{ item }}' - with_items: - - kubernetes-cni - - kubectl - - kubelet - - kubeadm - when: ansible_distribution =="Ubuntu" - name: unarchive cfssl tool unarchive: @@ -78,9 +63,7 @@ mode: 0755 with_items: - { src: 'file/prometheus-fix-master-nodes.sh', dest: '/var/lib/wise2c/tmp/kubernetes/' } - - { src: 'file/prometheus-fix-master-nodes-ubuntu.sh', dest: '/var/lib/wise2c/tmp/kubernetes/' } - { src: 'file/prometheus-fix-worker-nodes.sh', dest: '/var/lib/wise2c/tmp/kubernetes/' } - - { src: 'file/prometheus-fix-worker-nodes-ubuntu.sh', dest: '/var/lib/wise2c/tmp/kubernetes/' } - name: distribute kubelet config for Redhat/CentOS template: @@ -88,15 +71,6 @@ dest: '{{ item.dest }}' with_items: - { src: 'template/kubelet.conf.j2', dest: '/etc/sysconfig/kubelet' } - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - - name: distribute kubelet config for Ubuntu - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - { src: 'template/kubelet.conf.j2', dest: '/etc/default/kubelet' } - when: ansible_distribution =="Ubuntu" - name: reload & enable kubelet systemd: diff --git a/kubernetes-playbook/version/copy-upgrade-scripts.ansible b/kubernetes-playbook/version/copy-upgrade-scripts.ansible index d58d7c50..7a8c0008 100755 --- a/kubernetes-playbook/version/copy-upgrade-scripts.ansible +++ b/kubernetes-playbook/version/copy-upgrade-scripts.ansible @@ -7,15 +7,3 @@ - { src: 'template/upgrade/redhat-centos/upgrade_first_master_node.sh.j2', dest: '{{ path }}/upgrade_first_master_node.sh' } - { src: 'template/upgrade/redhat-centos/upgrade_other_master_nodes.sh.j2', dest: '{{ path }}/upgrade_other_master_nodes.sh' } - { src: 'template/upgrade/redhat-centos/upgrade_worker_nodes.sh.j2', dest: '{{ path }}/upgrade_worker_nodes.sh' } - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - -- name: copy upgrade scripts for Ubuntu - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: 0755 - with_items: - - { src: 'template/upgrade/ubuntu/upgrade_first_master_node.sh.j2', dest: '{{ path }}/upgrade_first_master_node.sh' } - - { src: 'template/upgrade/ubuntu/upgrade_other_master_nodes.sh.j2', dest: '{{ path }}/upgrade_other_master_nodes.sh' } - - { src: 'template/upgrade/ubuntu/upgrade_worker_nodes.sh.j2', dest: '{{ path }}/upgrade_worker_nodes.sh' } - when: ansible_distribution =="Ubuntu" diff --git a/kubernetes-playbook/version/file/patch-kubeconfig.sh b/kubernetes-playbook/version/file/patch-kubeconfig.sh index 755b4870..b9143be6 100644 --- a/kubernetes-playbook/version/file/patch-kubeconfig.sh +++ b/kubernetes-playbook/version/file/patch-kubeconfig.sh @@ -8,5 +8,5 @@ kubectl config set-credentials system:kube-controller-manager --client-certifica kubectl config set-credentials system:kube-scheduler --client-certificate=/etc/kubernetes/pki/scheduler.pem --client-key=/etc/kubernetes/pki/scheduler-key.pem --embed-certs=true --kubeconfig=scheduler.conf #restart controller-manager and scheduler -#docker ps|grep kube-controller-manager|awk '{print $1}'|xargs docker stop -#docker ps|grep kube-scheduler|awk '{print $1}'|xargs docker stop +#podman ps|grep kube-controller-manager|awk '{print $1}'|xargs podman stop +#podman ps|grep kube-scheduler|awk '{print $1}'|xargs podman stop diff --git a/kubernetes-playbook/version/init.sh b/kubernetes-playbook/version/init.sh index 6cbd3bd9..a23a9348 100755 --- a/kubernetes-playbook/version/init.sh +++ b/kubernetes-playbook/version/init.sh @@ -43,12 +43,12 @@ echo "flannel_repo: ${flannel_repo}" >> ${path}/yat/all.yml.gotmpl echo "flannel_version: ${flannel_version}" >> ${path}/yat/all.yml.gotmpl echo "flannel_cni_plugin_version: ${flannel_cni_plugin_version}" >> ${path}/yat/all.yml.gotmpl -#curl -sSL https://raw.githubusercontent.com/coreos/flannel/${flannel_version}/Documentation/kube-flannel.yml \ -# | sed -e "s,docker.io/flannel/,{{ registry_endpoint }}/{{ registry_project }}/,g" > ${path}/template/kube-flannel.yml.j2 - -curl -sSL https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml \ +curl -sSL https://raw.githubusercontent.com/coreos/flannel/${flannel_version}/Documentation/kube-flannel.yml \ | sed -e "s,docker.io/flannel/,{{ registry_endpoint }}/{{ registry_project }}/,g" > ${path}/template/kube-flannel.yml.j2 +#curl -sSL https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml \ +# | sed -e "s,docker.io/flannel/,{{ registry_endpoint }}/{{ registry_project }}/,g" > ${path}/template/kube-flannel.yml.j2 + echo "=== pulling flannel image ===" docker pull ${flannel_repo}/flannel:${flannel_version} docker pull ${flannel_repo}/flannel-cni-plugin:${flannel_cni_plugin_version} @@ -62,6 +62,8 @@ rm ${path}/file/flannel.tar.bz2 -f bzip2 -z --best ${path}/file/flannel.tar echo "=== flannel image is saved successfully ===" +export CPUArch=$(uname -m | awk '{ if ($1 == "x86_64") print ""; else if ($1 == "aarch64") print "-arm64"; else print $1 }') + calico_version=v`cat ${path}/components-version.txt |grep "Calico" |awk '{print $3}'` echo "calico_version: ${calico_version}" >> ${path}/yat/all.yml.gotmpl echo "=== downloading calico release package ===" @@ -71,17 +73,40 @@ tar zxf ${path}/file/calico-${calico_version}.tgz -C ${path}/file/ rm -f ${path}/file/calico-${calico_version}.tgz mv ${path}/file/release-${calico_version} ${path}/file/calico rm -rf ${path}/file/calico/bin -docker pull calico/pod2daemon-flexvol:${calico_version} -docker save calico/pod2daemon-flexvol:${calico_version} -o ${path}/file/calico/images/calico-pod2daemon-flexvol.tar -docker pull calico/ctl:${calico_version} +rm -rf ${path}/file/calico/images/* +docker pull calico/cni:${calico_version}${CPUArch} +docker tag calico/cni:${calico_version}${CPUArch} calico/cni:${calico_version} +docker save calico/cni:${calico_version} -o ${path}/file/calico/images/calico-cni.tar +docker pull calico/ctl:${calico_version}${CPUArch} +docker tag calico/ctl:${calico_version}${CPUArch} calico/ctl:${calico_version} docker save calico/ctl:${calico_version} -o ${path}/file/calico/images/calico-ctl.tar +docker pull calico/node:${calico_version}${CPUArch} +docker tag calico/node:${calico_version}${CPUArch} calico/node:${calico_version} +docker save calico/node:${calico_version} -o ${path}/file/calico/images/calico-node.tar +docker pull calico/typha:${calico_version}${CPUArch} +docker tag calico/typha:${calico_version}${CPUArch} calico/typha:${calico_version} +docker save calico/typha:${calico_version} -o ${path}/file/calico/images/calico-typha.tar +docker pull calico/dikastes:${calico_version}${CPUArch} +docker tag calico/dikastes:${calico_version}${CPUArch} calico/dikastes:${calico_version} +docker save calico/dikastes:${calico_version} -o ${path}/file/calico/images/calico-dikastes.tar +docker pull calico/kube-controllers:${calico_version}${CPUArch} +docker tag calico/kube-controllers:${calico_version}${CPUArch} calico/kube-controllers:${calico_version} +docker save calico/kube-controllers:${calico_version} -o ${path}/file/calico/images/calico-kube-controllers.tar +docker pull calico/pod2daemon-flexvol:${calico_version}${CPUArch} +docker tag calico/pod2daemon-flexvol:${calico_version}${CPUArch} calico/pod2daemon-flexvol:${calico_version} +docker save calico/pod2daemon-flexvol:${calico_version} -o ${path}/file/calico/images/calico-pod2daemon-flexvol.tar +docker pull calico/flannel-migration-controller:${calico_version}${CPUArch} +docker tag calico/flannel-migration-controller:${calico_version}${CPUArch} calico/flannel-migration-controller:${calico_version} +docker save calico/flannel-migration-controller:${calico_version} -o ${path}/file/calico/images/calico-flannel-migration-controller.tar echo "=== Compressing calico images ===" bzip2 -z --best ${path}/file/calico/images/calico-cni.tar -bzip2 -z --best ${path}/file/calico/images/calico-kube-controllers.tar +bzip2 -z --best ${path}/file/calico/images/calico-ctl.tar bzip2 -z --best ${path}/file/calico/images/calico-node.tar -bzip2 -z --best ${path}/file/calico/images/calico-pod2daemon-flexvol.tar bzip2 -z --best ${path}/file/calico/images/calico-typha.tar -bzip2 -z --best ${path}/file/calico/images/calico-ctl.tar +bzip2 -z --best ${path}/file/calico/images/calico-dikastes.tar +bzip2 -z --best ${path}/file/calico/images/calico-kube-controllers.tar +bzip2 -z --best ${path}/file/calico/images/calico-pod2daemon-flexvol.tar +bzip2 -z --best ${path}/file/calico/images/calico-flannel-migration-controller.tar echo "=== Calico images are compressed as bzip format successfully ===" dashboard_repo=kubernetesui @@ -101,9 +126,6 @@ echo "metrics_server_version: ${metrics_server_version}" >> ${path}/yat/all.yml. curl -sS https://raw.githubusercontent.com/kubernetes/dashboard/${dashboard_version}/aio/deploy/recommended.yaml \ | sed -e "s,kubernetesui,{{ registry_endpoint }}/{{ registry_project }},g" > ${path}/template/kubernetes-dashboard.yml.j2 -curl -sSL https://github.com/kubernetes-sigs/metrics-server/releases/download/${metrics_server_version}/components.yaml \ - | sed -e "s,k8s.gcr.io/metrics-server/,{{ registry_endpoint }}/{{ registry_project }}/,g" > ${path}/template/metrics-server-deployment.yaml.j2 - echo "=== pulling kubernetes dashboard and metrics-server images ===" docker pull ${dashboard_repo}/dashboard:${dashboard_version} docker pull ${dashboard_repo}/metrics-scraper:${metrics_scraper_version} @@ -151,12 +173,13 @@ echo "=== pulling contour and envoyproxy images ===" docker pull ${contour_repo}/contour:${contour_version} docker pull ${contour_envoyproxy_repo}/envoy:${contour_envoyproxy_version} docker pull ${contour_demo_repo}/kuard-amd64:1 +docker pull ${contour_demo_repo}/kuard-arm64:1 echo "=== contour and envoyproxy images are pulled successfully ===" echo "=== saving contour and envoyproxy images ===" docker save ${contour_repo}/contour:${contour_version} -o ${path}/file/contour.tar docker save ${contour_envoyproxy_repo}/envoy:${contour_envoyproxy_version} -o ${path}/file/contour-envoyproxy.tar -docker save ${contour_demo_repo}/kuard-amd64:1 -o ${path}/file/contour-demo.tar +docker save ${contour_demo_repo}/kuard-amd64:1 ${contour_demo_repo}/kuard-arm64:1 -o ${path}/file/contour-demo.tar rm -f ${path}/file/contour.tar.bz2 rm -f ${path}/file/contour-envoyproxy.tar.bz2 rm -f ${path}/file/contour-demo.tar.bz2 @@ -166,11 +189,14 @@ bzip2 -z --best ${path}/file/contour-demo.tar echo "=== contour and envoyproxy images are saved successfully ===" +export CPUArch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64") print "arm64"; else print $1 }') + echo "=== download cfssl tools ===" -export CFSSL_URL=https://pkg.cfssl.org/R1.2 -curl -L -o cfssl ${CFSSL_URL}/cfssl_linux-amd64 -curl -L -o cfssljson ${CFSSL_URL}/cfssljson_linux-amd64 -curl -L -o cfssl-certinfo ${CFSSL_URL}/cfssl-certinfo_linux-amd64 +export CFSSL_VERSION=1.6.4 +export CFSSL_URL=https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VERSION} +curl -L -o cfssl ${CFSSL_URL}/cfssl_${CFSSL_VERSION}_linux_${CPUArch} +curl -L -o cfssljson ${CFSSL_URL}/cfssljson_${CFSSL_VERSION}_linux_${CPUArch} +curl -L -o cfssl-certinfo ${CFSSL_URL}/cfssl-certinfo_${CFSSL_VERSION}_linux_${CPUArch} chmod +x cfssl cfssljson cfssl-certinfo tar zcvf ${path}/file/cfssl-tools.tar.gz cfssl cfssl-certinfo cfssljson echo "=== cfssl tools is download successfully ===" @@ -178,6 +204,6 @@ echo "=== cfssl tools is download successfully ===" helm_version=v`cat ${path}/components-version.txt |grep "Helm" |awk '{print $3}'` echo "=== download helm binary package ===" -rm ${path}/file/helm-linux-amd64.tar.gz -f -curl -o ${path}/file/helm-linux-amd64.tar.gz https://get.helm.sh/helm-${helm_version}-linux-amd64.tar.gz +rm ${path}/file/helm-linux-${CPUArch}.tar.gz -f +curl -o ${path}/file/helm-linux.tar.gz https://get.helm.sh/helm-${helm_version}-linux-${CPUArch}.tar.gz echo "=== helm binary package is saved successfully ===" diff --git a/kubernetes-playbook/version/master-node.ansible b/kubernetes-playbook/version/master-node.ansible index 14e0cc1c..cbd833af 100644 --- a/kubernetes-playbook/version/master-node.ansible +++ b/kubernetes-playbook/version/master-node.ansible @@ -114,6 +114,7 @@ - { repo: '{{ contour_repo }}', name: 'contour', tag: '{{ contour_version }}' } - { repo: '{{ contour_envoyproxy_repo }}', name: 'envoy', tag: '{{ contour_envoyproxy_version }}' } - { repo: '{{ contour_demo_repo }}', name: 'kuard-amd64', tag: '1' } + - { repo: '{{ contour_demo_repo }}', name: 'kuard-arm64', tag: '1' } run_once: true - name: Remove registry.k8s.io and original images tag @@ -127,7 +128,7 @@ - { repo: '{{ kubernetes_repo }}', name: 'kube-scheduler', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'kube-proxy', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'pause', tag: '{{ pause_version }}' } - - { repo: '{{ kubernetes_repo }}', name: 'coredns/coredns', tag: '{{ dns_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'coredns', tag: '{{ dns_version }}' } - { repo: '{{ metrics_server_repo }}/metrics-server', name: 'metrics-server', tag: '{{ metrics_server_version }}' } - { repo: '{{ flannel_repo }}', name: 'flannel', tag: '{{ flannel_version }}' } - { repo: '{{ flannel_repo }}', name: 'flannel-cni-plugin', tag: '{{ flannel_cni_plugin_version }}' } @@ -142,18 +143,18 @@ - { repo: '{{ contour_repo }}', name: 'contour', tag: '{{ contour_version }}' } - { repo: '{{ contour_envoyproxy_repo }}', name: 'envoy', tag: '{{ contour_envoyproxy_version }}' } - { repo: '{{ contour_demo_repo }}', name: 'kuard-amd64', tag: '1' } + - { repo: '{{ contour_demo_repo }}', name: 'kuard-arm64', tag: '1' } run_once: true -- name: install git command for helm-push and perl library for ipcalc - yum: - disablerepo: '*' - enablerepo: wise2c-k8s - update_cache: true - state: present - name: '{{ item }}' - with_items: - - git - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") +#- name: install git command for helm-push and perl library for ipcalc +# yum: +# disablerepo: '*' +# enablerepo: wise2c-k8s +# update_cache: true +# state: present +# name: '{{ item }}' +# with_items: +# - git - name: generate kubeadm config and other yaml files template: @@ -467,15 +468,6 @@ run_once: true when: cni == 'Canal' -- name: add kubelet-insecure-tls for metrics server - replace: - dest: "{{ item.filename }}" - regexp: "- --kubelet-use-node-status-port" - replace: "- --kubelet-use-node-status-port\n - --kubelet-insecure-tls" - with_items: - - { filename: '{{ path }}/metrics-server/metrics-server-deployment.yaml' } - run_once: true - - name: apply addons shell: | kubectl apply -f {{ path }}/kubernetes-dashboard.yml @@ -513,7 +505,6 @@ shell: ./prometheus-fix-master-nodes.sh args: chdir: '{{ path }}' - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: execute prometheus-fix-master-nodes script for Ubuntu shell: ./prometheus-fix-master-nodes-ubuntu.sh @@ -526,17 +517,17 @@ src: '{{ item.src }}' dest: '{{ item.dest }}' with_items: - - { src: 'file/helm-linux-amd64.tar.gz', dest: '{{ path }}' } + - { src: 'file/helm-linux.tar.gz', dest: '{{ path }}' } - name: install helm binary shell: | - tar zxvf {{ path }}/helm-linux-amd64.tar.gz --strip-components=1 -C /tmp/ + tar zxvf {{ path }}/helm-linux.tar.gz --strip-components=1 -C /tmp/ mv /tmp/helm /usr/local/bin/helm -- name: upgrade helm repo - shell: | - helm repo add --username={{ registry_user }} --password={{ registry_password }} {{ registry_project }} http://{{ registry_endpoint }}/chartrepo/{{ registry_project }} - when: not registry_https +#- name: upgrade helm repo +# shell: | +# helm repo add --username={{ registry_user }} --password={{ registry_password }} {{ registry_project }} http://{{ registry_endpoint }}/chartrepo/{{ registry_project }} +# when: not registry_https - name: scale calico-typha replicas shell: | diff --git a/kubernetes-playbook/version/push-images.ansible b/kubernetes-playbook/version/push-images.ansible index 3735ddd1..54bb15c2 100644 --- a/kubernetes-playbook/version/push-images.ansible +++ b/kubernetes-playbook/version/push-images.ansible @@ -29,47 +29,40 @@ reauthorize: true run_once: true -- name: tag coredns image +- name: tag images shell: | - docker tag {{ kubernetes_repo }}/coredns/coredns:{{ dns_version }} {{ registry_endpoint }}/{{ registry_project }}/coredns:{{ dns_version }} - run_once: true - -- name: push coredns image - shell: | - docker push {{ registry_endpoint }}/{{ registry_project }}/coredns:{{ dns_version }} + docker tag {{ item.repo }}/{{ item.name }}:{{ item.tag }} {{ registry_endpoint }}/{{ registry_project }}/{{ item.name }}:{{ item.tag }} + with_items: + - { repo: '{{ kubernetes_repo }}', name: 'kube-controller-manager', tag: '{{ kubernetes_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'kube-apiserver', tag: '{{ kubernetes_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'kube-scheduler', tag: '{{ kubernetes_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'kube-proxy', tag: '{{ kubernetes_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'pause', tag: '{{ pause_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'coredns', tag: '{{ dns_version }}' } + - { repo: '{{ metrics_server_repo }}/metrics-server', name: 'metrics-server', tag: '{{ metrics_server_version }}' } + - { repo: '{{ flannel_repo }}', name: 'flannel', tag: '{{ flannel_version }}' } + - { repo: '{{ dashboard_repo }}', name: 'dashboard', tag: '{{ dashboard_version }}' } run_once: true -- name: Tag and push to Harbor +- name: push images docker_image: - name: '{{ item.repo }}/{{ item.name }}' - repository: '{{ registry_endpoint }}/{{ registry_project }}/{{ item.name }}' + name: '{{ registry_endpoint }}/{{ registry_project }}/{{ item.name }}' tag: '{{ item.tag }}' - push: yes - source: local + push: true + state: present with_items: - { repo: '{{ kubernetes_repo }}', name: 'kube-controller-manager', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'kube-apiserver', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'kube-scheduler', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'kube-proxy', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'pause', tag: '{{ pause_version }}' } - - { repo: '{{ kubernetes_repo }}', name: 'coredns/coredns', tag: '{{ dns_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'coredns', tag: '{{ dns_version }}' } - { repo: '{{ metrics_server_repo }}/metrics-server', name: 'metrics-server', tag: '{{ metrics_server_version }}' } - - { repo: '{{ flannel_repo }}', name: 'mirrored-flannelcni-flannel', tag: '{{ flannel_version }}' } - - { repo: '{{ flannel_repo }}', name: 'mirrored-flannelcni-flannel-cni-plugin', tag: '{{ flannel_cni_plugin_version }}' } - - { repo: 'calico', name: 'cni', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'kube-controllers', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'node', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'typha', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'pod2daemon-flexvol', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'ctl', tag: '{{ calico_version }}' } + - { repo: '{{ flannel_repo }}', name: 'flannel', tag: '{{ flannel_version }}' } - { repo: '{{ dashboard_repo }}', name: 'dashboard', tag: '{{ dashboard_version }}' } - - { repo: '{{ dashboard_repo }}', name: 'metrics-scraper', tag: '{{ metrics_scraper_version }}' } - - { repo: '{{ contour_repo }}', name: 'contour', tag: '{{ contour_version }}' } - - { repo: '{{ contour_envoyproxy_repo }}', name: 'envoy', tag: '{{ contour_envoyproxy_version }}' } - - { repo: '{{ contour_demo_repo }}', name: 'kuard-amd64', tag: '1' } run_once: true -- name: Remove registry.k8s.io and original images tag +- name: Remove k8s.gcr.io images tag docker_image: state: absent name: '{{ item.repo }}/{{ item.name }}' @@ -80,19 +73,8 @@ - { repo: '{{ kubernetes_repo }}', name: 'kube-scheduler', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'kube-proxy', tag: '{{ kubernetes_version }}' } - { repo: '{{ kubernetes_repo }}', name: 'pause', tag: '{{ pause_version }}' } - - { repo: '{{ kubernetes_repo }}', name: 'coredns/coredns', tag: '{{ dns_version }}' } + - { repo: '{{ kubernetes_repo }}', name: 'coredns', tag: '{{ dns_version }}' } - { repo: '{{ metrics_server_repo }}/metrics-server', name: 'metrics-server', tag: '{{ metrics_server_version }}' } - - { repo: '{{ flannel_repo }}', name: 'mirrored-flannelcni-flannel', tag: '{{ flannel_version }}' } - - { repo: '{{ flannel_repo }}', name: 'mirrored-flannelcni-flannel-cni-plugin', tag: '{{ flannel_cni_plugin_version }}' } - - { repo: 'calico', name: 'cni', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'kube-controllers', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'node', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'typha', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'pod2daemon-flexvol', tag: '{{ calico_version }}' } - - { repo: 'calico', name: 'ctl', tag: '{{ calico_version }}' } + - { repo: '{{ flannel_repo }}', name: 'flannel', tag: '{{ flannel_version }}' } - { repo: '{{ dashboard_repo }}', name: 'dashboard', tag: '{{ dashboard_version }}' } - - { repo: '{{ dashboard_repo }}', name: 'metrics-scraper', tag: '{{ metrics_scraper_version }}' } - - { repo: '{{ contour_repo }}', name: 'contour', tag: '{{ contour_version }}' } - - { repo: '{{ contour_envoyproxy_repo }}', name: 'envoy', tag: '{{ contour_envoyproxy_version }}' } - - { repo: '{{ contour_demo_repo }}', name: 'kuard-amd64', tag: '1' } run_once: true diff --git a/kubernetes-playbook/version/reset.ansible b/kubernetes-playbook/version/reset.ansible index 91d1ae61..4cda3319 100644 --- a/kubernetes-playbook/version/reset.ansible +++ b/kubernetes-playbook/version/reset.ansible @@ -9,7 +9,6 @@ - name: iptables reset shell: | firewall-cmd --complete-reload - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - name: ipvs reset shell: | @@ -26,19 +25,7 @@ - kubectl-{{ kubernetes_version[1:] }} - kubelet-{{ kubernetes_version[1:] }} - kubeadm-{{ kubernetes_version[1:] }} - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - - name: remove kubernetes components for Ubuntu - apt: - state: absent - name: '{{ item }}' - with_items: - - kubernetes-cni - - kubectl-{{ kubernetes_version[1:] }} - - kubelet-{{ kubernetes_version[1:] }} - - kubeadm-{{ kubernetes_version[1:] }} - when: ansible_distribution =="Ubuntu" - - name: clean flannel link shell: | ip link delete cni0 diff --git a/kubernetes-playbook/version/template/metrics-server-deployment.yaml.j2 b/kubernetes-playbook/version/template/metrics-server-deployment.yaml.j2 index 990488ae..12b07a06 100644 --- a/kubernetes-playbook/version/template/metrics-server-deployment.yaml.j2 +++ b/kubernetes-playbook/version/template/metrics-server-deployment.yaml.j2 @@ -33,14 +33,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/stats - - namespaces - - configmaps verbs: - get - list @@ -130,7 +133,7 @@ spec: containers: - args: - --cert-dir=/tmp - - --secure-port=443 + - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s @@ -146,7 +149,7 @@ spec: periodSeconds: 10 name: metrics-server ports: - - containerPort: 443 + - containerPort: 4443 name: https protocol: TCP readinessProbe: @@ -162,6 +165,7 @@ spec: cpu: 100m memory: 200Mi securityContext: + allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 @@ -170,6 +174,7 @@ spec: name: tmp-dir nodeSelector: kubernetes.io/os: linux + hostNetwork: true priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: diff --git a/kubernetes-playbook/version/worker-node.ansible b/kubernetes-playbook/version/worker-node.ansible index 1067b6b2..ea34a51e 100644 --- a/kubernetes-playbook/version/worker-node.ansible +++ b/kubernetes-playbook/version/worker-node.ansible @@ -30,10 +30,3 @@ shell: ./prometheus-fix-worker-nodes.sh args: chdir: '/var/lib/wise2c/tmp/kubernetes/' - when: (ansible_distribution == "RedHat") or (ansible_distribution == "CentOS") or (ansible_distribution == "Rocky") or (ansible_distribution == "AlmaLinux") or (ansible_distribution == "OracleLinux") or (ansible_distribution == "Anolis") - -- name: execute prometheus-fix-worker-nodes script for Ubuntu - shell: ./prometheus-fix-worker-nodes-ubuntu.sh - args: - chdir: '/var/lib/wise2c/tmp/kubernetes/' - when: ansible_distribution =="Ubuntu" diff --git a/loadbalancer-playbook/version/install.ansible b/loadbalancer-playbook/version/install.ansible index 9903f0c4..07c9a45a 100644 --- a/loadbalancer-playbook/version/install.ansible +++ b/loadbalancer-playbook/version/install.ansible @@ -37,7 +37,7 @@ dest: '{{ item.dest }}' with_items: - { src: 'file/keepalived.sh', dest: '{{ cpath }}' } - + - name: load lb image shell: | docker load -i '{{ path }}/{{ item }}' @@ -78,6 +78,16 @@ - { repo: 'wise2c', name: 'k8s-keepalived', tag: '{{ keepalived_version }}' } run_once: true + - name: remove original images tag + docker_image: + state: absent + name: '{{ item.repo }}/{{ item.name }}' + tag: '{{ item.tag }}' + with_items: + - { repo: 'wise2c', name: 'k8s-haproxy', tag: '{{ haproxy_version }}' } + - { repo: 'wise2c', name: 'k8s-keepalived', tag: '{{ keepalived_version }}' } + run_once: true + - name: get port set_fact: ports: | @@ -91,6 +101,7 @@ docker_container: name: haproxy restart_policy: always + network_mode: host image: "{{ registry_endpoint }}/{{ registry_project }}/k8s-haproxy:{{ haproxy_version }}" ports: '{{ ports | d([], true) | list }}' volumes: diff --git a/loadbalancer-playbook/version/keepalived/Dockerfile.aarch64 b/loadbalancer-playbook/version/keepalived/Dockerfile.aarch64 index 85a5cf14..b14ef0e7 100644 --- a/loadbalancer-playbook/version/keepalived/Dockerfile.aarch64 +++ b/loadbalancer-playbook/version/keepalived/Dockerfile.aarch64 @@ -1,5 +1,5 @@ -FROM oraclelinux:8 -RUN yum install -y keepalived nc +FROM centos:7.9.2009 +RUN yum install -y keepalived nc sysvinit-tools COPY keepalived.sh /usr/bin/keepalived.sh COPY keepalived.conf /etc/keepalived/keepalived.conf RUN chmod +x /usr/bin/keepalived.sh diff --git a/loadbalancer-playbook/version/keepalived/Dockerfile.amd64 b/loadbalancer-playbook/version/keepalived/Dockerfile.amd64 index 4cc70164..9a9c422f 100644 --- a/loadbalancer-playbook/version/keepalived/Dockerfile.amd64 +++ b/loadbalancer-playbook/version/keepalived/Dockerfile.amd64 @@ -1,4 +1,4 @@ -FROM centos:7.6.1810 +FROM centos:7.9.2009 RUN yum install -y keepalived sysvinit-tools nc COPY keepalived.sh /usr/bin/keepalived.sh COPY keepalived.conf /etc/keepalived/keepalived.conf diff --git a/loadbalancer-playbook/version/template/keepalive.cfg.j2 b/loadbalancer-playbook/version/template/keepalive.cfg.j2 index 9bdbea8f..751fa2a3 100644 --- a/loadbalancer-playbook/version/template/keepalive.cfg.j2 +++ b/loadbalancer-playbook/version/template/keepalive.cfg.j2 @@ -3,6 +3,7 @@ vrrp_version 2 vrrp_garp_master_delay 1 vrrp_garp_master_refresh 1 + vrrp_mcast_group4 224.0.0.200 script_user root enable_script_security } diff --git a/prometheus-playbook/version/file/deploy.sh b/prometheus-playbook/version/file/deploy.sh index 7ba6247c..d19458d6 100755 --- a/prometheus-playbook/version/file/deploy.sh +++ b/prometheus-playbook/version/file/deploy.sh @@ -2,9 +2,9 @@ set -e #If seems that there is a bug on Ubuntu host to load the images. If no wait, it will return an error message: "Error response from daemon: No such image" -if [ ! -f /etc/redhat-release ]; then - sleep 60 -fi +#if [ ! -f /etc/redhat-release ]; then +# sleep 60 +#fi MyImageRepositoryIP=`cat harbor-address.txt` MyImageRepositoryProject=library