From 647443f8604208adfb2f0660146d0ed1690d2cbc Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Sun, 28 Aug 2022 19:07:27 +0300 Subject: [PATCH 1/5] added Rancher v2.6.7 with some improvements --- .gitignore | 2 + apps/rancher-v2.6.7-kamatera | 211 ++++++++++++++++++ ...aller-contrib-rancher-v2.6.7-kamatera.conf | 28 +++ 3 files changed, 241 insertions(+) create mode 100644 .gitignore create mode 100755 apps/rancher-v2.6.7-kamatera create mode 100644 installer-contrib-rancher-v2.6.7-kamatera.conf diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..a486395a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea +.workspace diff --git a/apps/rancher-v2.6.7-kamatera b/apps/rancher-v2.6.7-kamatera new file mode 100755 index 00000000..a18eb945 --- /dev/null +++ b/apps/rancher-v2.6.7-kamatera @@ -0,0 +1,211 @@ +#!/bin/bash + +if [ -f "include/startup.sh" ]; then + . include/startup.sh +elif [ -f "../include/startup.sh" ]; then + . ../include/startup.sh +fi + +checkTagExist docker-5.20.10-offirepo.success + +rootDir=$(rootDir) +engineInstallUrl=https://releases.rancher.com/install-docker/20.10.sh +kamateraDriverUrl=https://github.com/Kamatera/docker-machine-driver-kamatera/releases/download/v1.1.4/docker-machine-driver-kamatera_v1.1.4_linux_amd64.tar.gz + +RANCHER_VERSION=v2.6.7 +vlan=`cat ${CWM_CONFIGFILE} | grep ^vlan.*=lan-.* | cut -d'=' -f 2` + +cpuarr=("1B" "2B" "4B" "8B" "16B") +memarr=(2048 4096 8192 16384 32768) +dskarr=(30 50) +tmpltarr=("${cpuarr[0]} ${memarr[0]} ${dskarr[0]} Kamatera_Worker_${cpuarr[0]}/${memarr[0]}/${dskarr[0]}" + "${cpuarr[1]} ${memarr[1]} ${dskarr[0]} Kamatera_Worker_${cpuarr[1]}/${memarr[1]}/${dskarr[0]}" + "${cpuarr[2]} ${memarr[1]} ${dskarr[0]} Kamatera_Worker_${cpuarr[2]}/${memarr[1]}/${dskarr[0]}" + "${cpuarr[2]} ${memarr[2]} ${dskarr[1]} Kamatera_Worker_${cpuarr[2]}/${memarr[2]}/${dskarr[1]}" + "${cpuarr[3]} ${memarr[2]} ${dskarr[1]} Kamatera_Worker_${cpuarr[3]}/${memarr[2]}/${dskarr[1]}" + "${cpuarr[3]} ${memarr[3]} ${dskarr[1]} Kamatera_Worker_${cpuarr[3]}/${memarr[3]}/${dskarr[1]}" + "${cpuarr[4]} ${memarr[3]} ${dskarr[1]} Kamatera_Worker_${cpuarr[4]}/${memarr[3]}/${dskarr[1]}" + "${cpuarr[4]} ${memarr[4]} ${dskarr[1]} Kamatera_Worker_${cpuarr[4]}/${memarr[4]}/${dskarr[1]}") + +echo "Installing Jq" | log +installPackage jq +waitOrStop 0 "Failed apt install: jq" + +echo "Creating Rancher admin" | log +mkdir -p /var/lib/rancher +systemctl start docker.service +waitOrStop 0 "Start docker service failed" + +echo "Creating rancher_start script" | log +mkdir -p /etc/rancher +echo "rancher/rancher:${RANCHER_VERSION}" > /etc/rancher/image +echo "${CWM_DOMAIN}" > /etc/rancher/domain +echo '#!/bin/bash +if ! docker pull "$(cat /etc/rancher/image)"; then exit 1; fi +docker rm -f rancher +docker run -d --name rancher --restart unless-stopped \ + -p 80:80 -p 443:443 \ + -e CATTLE_BOOTSTRAP_PASSWORD=admin \ + -v /etc/letsencrypt/live/$(cat /etc/rancher/domain)/fullchain.pem:/etc/rancher/ssl/cert.pem \ + -v /etc/letsencrypt/live/$(cat /etc/rancher/domain)/privkey.pem:/etc/rancher/ssl/key.pem \ + -v /etc/letsencrypt/live/$(cat /etc/rancher/domain)/chain.pem:/etc/rancher/ssl/cacerts.pem \ + --privileged -v "/var/lib/rancher:/var/lib/rancher" "$(cat /etc/rancher/image)" +' > /usr/local/bin/rancher +chmod +x /usr/local/bin/rancher_start +rancher_start + +curlBaseParams=(--insecure --silent -S --retry-connrefused --retry 3 --retry-delay 2 -H 'content-type: application/json') + +echo "Waiting for Rancher to intialize" | log +HTTPD=`curl -s -o /dev/null -w ''%{http_code}'' https://${CWM_DOMAIN}:443 --insecure` +until [ "$HTTPD" == "200" ]; do + sleep 3 + HTTPD=`curl -s -o /dev/null -w ''%{http_code}'' https://${CWM_DOMAIN}:443 --insecure` +done +sleep 15 + +echo "Getting Rancher Login Token" | log +LOGINRESPONSE=`curl --url "https://${CWM_DOMAIN}/v3-public/localProviders/local?action=login" --data-binary '{"username":"admin","password":"admin"}' "${curlBaseParams[@]}"` +LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token` + +function rancherApiCurl() { + local token="${1}" + local url="${2}" + local res + if ! res="$(curl -w ''%{http_code}'' --url "${url}" "${@:3}" -H "Authorization: Bearer $token" "${curlBaseParams[@]}" 2>&1)"; then + echo "${res}" | log + return 1 + fi + local code="$(echo "${res}" | tail -n1)" + if [ "${code::1}" != "2" ]; then + echo "${res}" | log + return 1 + fi + echo "${res}" | head -n-1 + return 0 +} + +echo "Changing Web Interface Password" | log +if ! rancherApiCurl "${LOGINTOKEN}" "https://${CWM_DOMAIN}/v3/users?action=changepassword" '{"currentPassword":"admin","newPassword":"'${ADMINPASSWORD}'"}'; then + exit 1 +fi + +echo "Creating API key" | log +APIRESPONSE=`curl --url "https://${CWM_DOMAIN}/v3/token" --data-binary '{"type":"token","description":"automation"}' -H "Authorization: Bearer $LOGINTOKEN" "${curlBaseParams[@]}"` +echo "Getting API Token" | log +APITOKEN=`echo $APIRESPONSE | jq -r .token` + +echo "Listing available Node drivers" | log +if ! NODEDRIVERS_RES="$(rancherApiCurl "${APITOKEN}" "https://${CWM_DOMAIN}/v3/nodedrivers")"; then + exit 1 +fi +NODEDRIVERS="$(echo "${NODEDRIVERS_RES}" | jq -r .data[].actions.deactivate)" + +echo "Deactivating foreign drivers" | log +for url in ${NODEDRIVERS}; do + if [ "${url::1,4}" == "http" ]; then + if ! rancherApiCurl "${APITOKEN}" "${url}" -d '{}' -X POST; then + echo WARNING: failed to deactivate foreign driver url "${url}" | log + fi + else + echo WARNING: invalid foreign driver deactivate url "${url}" | log + fi +done + +echo "Adding Kamatera Docker Machine Driver" | log +if ! rancherApiCurl "${APITOKEN}" "https://${CWM_DOMAIN}/v3/nodedrivers" -d '{"active":true, "builtin":false, "url":"'${kamateraDriverUrl}'", "whitelistDomains":[]}' -X POST; then + exit 1 +fi + +echo "Listing available Kubernetes drivers" | log +if ! KONTAINERDRIVERS_RES="$(rancherApiCurl "${APITOKEN}" "https://${CWM_DOMAIN}/v3/kontainerdrivers")"; then + exit 1 +fi +KONTAINERDRIVERS="$(echo "${KONTAINERDRIVERS_RES}" | jq -r .data[].actions.deactivate)" + +echo "Deactivating foreign drivers" | log +for url in ${KONTAINERDRIVERS}; do + if [ "${url::1,4}" == "http" ]; then + if ! rancherApiCurl "${APITOKEN}" "${url}" -d '{}' -X POST; then + echo WARNING: failed to deactivate foreign driver url "${url}" + fi + else + echo WARNING: invalid kontainer driver deactivate url "${url}" | log + fi +done + +echo "Creating Kamatera templates on Rancher" | log +sleep 10 +# Kamatera Control Panel +PANEL_JSON_STRING='{ +"engineInsecureRegistry":[], +"engineInstallURL":"'"${engineInstallUrl}"'", +"engineRegistryMirror":[], +"engineStorageDriver":"overlay2", +"kamateraConfig":{ +"apiClientId":"'"${CWM_APICLIENTID}"'", +"apiSecret":"'"${CWM_APISECRET}"'", +"billing":"hourly", +"cpu":"2B", +"createServerCommandId":"0", +"datacenter":"'"${CWM_ZONE}"'", +"diskSize":"30", +"image":"ubuntu_server_20.04_64-bit_optimized", +"privateNetworkIp":"auto", +"privateNetworkName":"'"${vlan}"'", +"ram":"2048", +"type":"kamateraConfig" +}, +"name":"Kamatera Control Panel", +"useInternalIpAddress":true +}' +if ! rancherApiCurl "${APITOKEN}" "https://${CWM_DOMAIN}/v3/nodetemplates" -d "$(jsonize "$PANEL_JSON_STRING")" -X POST; then + echo WARNING: failed to add Kamatera Control Panel node template | log +fi + +#Kamatera Worker +for tmplt in "${tmpltarr[@]}"; do +arr=($tmplt) + +WORKER_JSON_STRING='{ +"engineInsecureRegistry":[], +"engineInstallURL":"'"${engineInstallUrl}"'", +"engineRegistryMirror":[], +"engineStorageDriver":"overlay2", +"kamateraConfig":{ +"apiClientId":"'"${CWM_APICLIENTID}"'", +"apiSecret":"'"${CWM_APISECRET}"'", +"billing":"hourly", +"cpu":"'"${arr[0]}"'", +"createServerCommandId":"0", +"datacenter":"'"${CWM_ZONE}"'", +"diskSize":"'"${arr[2]}"'", +"image":"ubuntu_server_18.04_64-bit_optimized", +"privateNetworkIp":"auto", +"privateNetworkName":"'"${vlan}"'", +"ram":"'"${arr[1]}"'", +"type":"kamateraConfig" +}, +"name":"'"${arr[3]}"'", +"useInternalIpAddress":true +}' +if ! rancherApiCurl "${APITOKEN}" "https://${CWM_DOMAIN}/v3/nodetemplates" -d "$(jsonize "$WORKER_JSON_STRING")" -X POST; then + echo WARNING: failed to add Kamatera Worker Node template +fi +done + +echo "Tweaking NetFilter conntrack_max" | log +sysctl net/netfilter/nf_conntrack_max=131072 +service docker restart +waitOrStop 0 "Restart docker failed" + +echo "Adding descriptions" | log +descriptionAppend "Rancher Web UI: https://${CWM_DOMAIN}" +descriptionAppend "Rancher Username: admin" +descriptionAppend "Rancher Password: ${ADMINPASSWORD}" +descriptionAppend "See https://github.com/Kamatera/rancher-kubernetes/blob/main/README.md for additional guides and documentation" +descriptionAppend " " + +tagScript success + +exit 0 diff --git a/installer-contrib-rancher-v2.6.7-kamatera.conf b/installer-contrib-rancher-v2.6.7-kamatera.conf new file mode 100644 index 00000000..58eee47c --- /dev/null +++ b/installer-contrib-rancher-v2.6.7-kamatera.conf @@ -0,0 +1,28 @@ +# +# This is the config file where we define what will be executed in the installer script. +# +# installer will read variables and will execute them one by one. +# + +. installer-contrib-tweaks-preinstall.conf + +execute+=(include/checkLanConnectivity) +execute+=(include/installInProgressSSH) +execute+=(tweaks/ubuntu-ufw-enable) +execute+=(tweaks/ubuntu-ufw-allowhttp) +execute+=(tweaks/ubuntu-updateos) + +. installer-contrib-tweaks-optimize.conf + +execute+=(tweaks/certbot-20-osrepo) +execute+=(tweaks/enable-ssl) + +execute+=(services/docker-5.20.10-offirepo) +execute+=(apps/rancher-v2.6.7-kamatera) + +execute+=(tweaks/motd-header-tweak) +execute+=(tweaks/motd-description-append) +execute+=(tweaks/cwm-description-autoconfig) + +execute+=(include/installInProgressHttpd-remove) +execute+=(include/installInProgressSSH-remove) From dcbdb09e219d9a6c96575afdbf0d940149928ac9 Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Sun, 28 Aug 2022 19:18:03 +0300 Subject: [PATCH 2/5] minor fix to rancher_start script name --- apps/rancher-v2.6.7-kamatera | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/rancher-v2.6.7-kamatera b/apps/rancher-v2.6.7-kamatera index a18eb945..51a78905 100755 --- a/apps/rancher-v2.6.7-kamatera +++ b/apps/rancher-v2.6.7-kamatera @@ -50,7 +50,7 @@ docker run -d --name rancher --restart unless-stopped \ -v /etc/letsencrypt/live/$(cat /etc/rancher/domain)/privkey.pem:/etc/rancher/ssl/key.pem \ -v /etc/letsencrypt/live/$(cat /etc/rancher/domain)/chain.pem:/etc/rancher/ssl/cacerts.pem \ --privileged -v "/var/lib/rancher:/var/lib/rancher" "$(cat /etc/rancher/image)" -' > /usr/local/bin/rancher +' > /usr/local/bin/rancher_start chmod +x /usr/local/bin/rancher_start rancher_start From 9431d1d36d7c8221f73430500a02976d31f23401 Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Tue, 30 Aug 2022 10:10:13 +0300 Subject: [PATCH 3/5] rancher 2.6.7: add validation for vlan and adminpassword --- apps/rancher-v2.6.7-kamatera | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/apps/rancher-v2.6.7-kamatera b/apps/rancher-v2.6.7-kamatera index 51a78905..f444eeaf 100755 --- a/apps/rancher-v2.6.7-kamatera +++ b/apps/rancher-v2.6.7-kamatera @@ -15,6 +15,15 @@ kamateraDriverUrl=https://github.com/Kamatera/docker-machine-driver-kamatera/rel RANCHER_VERSION=v2.6.7 vlan=`cat ${CWM_CONFIGFILE} | grep ^vlan.*=lan-.* | cut -d'=' -f 2` +if [ -z "${vlan}" ]; then + echo ERROR: missing private lan + exit 1 +fi +if [ -z "${ADMINPASSWORD}" ]; then + echo ERROR: missing server assword, this is required as it is used for the Rancher admin password + exit 1 +fi + cpuarr=("1B" "2B" "4B" "8B" "16B") memarr=(2048 4096 8192 16384 32768) dskarr=(30 50) From 7766c9373036e62501a7caeef0c2d14bf39fae9b Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Tue, 30 Aug 2022 10:24:24 +0300 Subject: [PATCH 4/5] rancher 2.6.7 logging improvements --- apps/rancher-v2.6.7-kamatera | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/apps/rancher-v2.6.7-kamatera b/apps/rancher-v2.6.7-kamatera index f444eeaf..bbbdec7c 100755 --- a/apps/rancher-v2.6.7-kamatera +++ b/apps/rancher-v2.6.7-kamatera @@ -15,12 +15,8 @@ kamateraDriverUrl=https://github.com/Kamatera/docker-machine-driver-kamatera/rel RANCHER_VERSION=v2.6.7 vlan=`cat ${CWM_CONFIGFILE} | grep ^vlan.*=lan-.* | cut -d'=' -f 2` -if [ -z "${vlan}" ]; then - echo ERROR: missing private lan - exit 1 -fi if [ -z "${ADMINPASSWORD}" ]; then - echo ERROR: missing server assword, this is required as it is used for the Rancher admin password + echo ERROR: missing server assword, this is required as it is used for the Rancher admin password | log 1 exit 1 fi @@ -61,7 +57,9 @@ docker run -d --name rancher --restart unless-stopped \ --privileged -v "/var/lib/rancher:/var/lib/rancher" "$(cat /etc/rancher/image)" ' > /usr/local/bin/rancher_start chmod +x /usr/local/bin/rancher_start -rancher_start + +echo "Starting rancher container" | log +rancher_start | log curlBaseParams=(--insecure --silent -S --retry-connrefused --retry 3 --retry-delay 2 -H 'content-type: application/json') @@ -82,12 +80,12 @@ function rancherApiCurl() { local url="${2}" local res if ! res="$(curl -w ''%{http_code}'' --url "${url}" "${@:3}" -H "Authorization: Bearer $token" "${curlBaseParams[@]}" 2>&1)"; then - echo "${res}" | log + echo "${res}" | log 1 return 1 fi local code="$(echo "${res}" | tail -n1)" if [ "${code::1}" != "2" ]; then - echo "${res}" | log + echo "${res}" | log 1 return 1 fi echo "${res}" | head -n-1 @@ -136,7 +134,7 @@ echo "Deactivating foreign drivers" | log for url in ${KONTAINERDRIVERS}; do if [ "${url::1,4}" == "http" ]; then if ! rancherApiCurl "${APITOKEN}" "${url}" -d '{}' -X POST; then - echo WARNING: failed to deactivate foreign driver url "${url}" + echo WARNING: failed to deactivate foreign driver url "${url}" | log fi else echo WARNING: invalid kontainer driver deactivate url "${url}" | log @@ -199,7 +197,7 @@ WORKER_JSON_STRING='{ "useInternalIpAddress":true }' if ! rancherApiCurl "${APITOKEN}" "https://${CWM_DOMAIN}/v3/nodetemplates" -d "$(jsonize "$WORKER_JSON_STRING")" -X POST; then - echo WARNING: failed to add Kamatera Worker Node template + echo WARNING: failed to add Kamatera Worker Node template | log fi done From 8fcf09f7d29b010d50f8665ff97c2a3a95cbdef7 Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Tue, 30 Aug 2022 10:31:06 +0300 Subject: [PATCH 5/5] rancher 2.6.7 fix change web interface rancher api curl call --- apps/rancher-v2.6.7-kamatera | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/rancher-v2.6.7-kamatera b/apps/rancher-v2.6.7-kamatera index bbbdec7c..cbc4b58b 100755 --- a/apps/rancher-v2.6.7-kamatera +++ b/apps/rancher-v2.6.7-kamatera @@ -93,7 +93,7 @@ function rancherApiCurl() { } echo "Changing Web Interface Password" | log -if ! rancherApiCurl "${LOGINTOKEN}" "https://${CWM_DOMAIN}/v3/users?action=changepassword" '{"currentPassword":"admin","newPassword":"'${ADMINPASSWORD}'"}'; then +if ! rancherApiCurl "${LOGINTOKEN}" "https://${CWM_DOMAIN}/v3/users?action=changepassword" --data-binary '{"currentPassword":"admin","newPassword":"'${ADMINPASSWORD}'"}'; then exit 1 fi