diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..6e12243 Binary files /dev/null and b/.DS_Store differ diff --git a/luncher.sh b/luncher.sh new file mode 100644 index 0000000..277a8b6 --- /dev/null +++ b/luncher.sh @@ -0,0 +1,56 @@ +#!/bin/sh +echo "87.107.132.77 master1" >> /etc/hosts; +echo "31.7.74.79 master2" >> /etc/hosts; +echo "87.107.132.78 worker1" >> /etc/hosts; +echo "31.7.74.118 worker2" >> /etc/hosts; +echo "31.7.74.96 worker3" >> /etc/hosts; + + + + +sudo apt update -y; +sudo apt install apt-transport-https ca-certificates curl software-properties-common -y; +sudo apt install -y docker.io; +sudo systemctl start docker; +sudo systemctl enable docker; + +# installing docker swarm + +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -; +sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"; +sudo apt update -y; +sudo apt install docker-ce -y; + +# create user dockerman +sudo useradd -m dockerman; +sudo usermod -aG docker dockerman; +# add to sudoers +sudo echo "dockerman ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers; + + +# Get active primary interface name +interface=$(ip route | awk '/^default/ { print $5 }'); +# Get IP address of active primary interface +ip=$(ip addr show $interface | awk '/inet / { sub("/.*", "", $2); print $2 }'); +export HOST_IP=$ip; +export INT_name=$interface; + +# remove ufw +sudo ufw disable; +# purge ufw +sudo apt-get purge ufw -y; + + +# disable swap +sudo swapoff -a; +sudo sed -i '/ swap / s/^/#/' /etc/fstab; + +# set initial iptables rules + + + +# open docker swarm ports in iptables + + + + diff --git a/playbooks/apt/autoremove.yml b/playbooks/apt/autoremove.yml new file mode 100644 index 0000000..e03c94d --- /dev/null +++ b/playbooks/apt/autoremove.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + become: true + become_user: root + tasks: + - name: autoremove + apt: + autoremove: yes diff --git a/playbooks/apt/update-and-reboot.yml b/playbooks/apt/update-and-reboot.yml new file mode 100644 index 0000000..08ad29a --- /dev/null +++ b/playbooks/apt/update-and-reboot.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + become: true + become_user: root + tasks: + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + - name: reboot + reboot: diff --git a/playbooks/apt/update.yml b/playbooks/apt/update.yml new file mode 100644 index 0000000..8d9f76f --- /dev/null +++ b/playbooks/apt/update.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + become: true + become_user: root + tasks: + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 diff --git a/playbooks/dns/begzar.yml b/playbooks/dns/begzar.yml new file mode 100644 index 0000000..ea6bb2b --- /dev/null +++ b/playbooks/dns/begzar.yml @@ -0,0 +1,10 @@ + - hosts: all + become: yes + tasks: + - name: set bgzar dns + copy: + src: resolv.begzar.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: u=rwx,g=rwx,o=rwx diff --git a/playbooks/dns/clearcache.yml b/playbooks/dns/clearcache.yml new file mode 100644 index 0000000..4df832c --- /dev/null +++ b/playbooks/dns/clearcache.yml @@ -0,0 +1,5 @@ +--- + - hosts: all + become: yes + tasks: + - shell: sudo systemd-resolve --flush-caches diff --git a/playbooks/dns/resolv.begzar.conf b/playbooks/dns/resolv.begzar.conf new file mode 100644 index 0000000..af5690e --- /dev/null +++ b/playbooks/dns/resolv.begzar.conf @@ -0,0 +1,4 @@ +nameserver 185.55.226.26 +nameserver 185.55.225.25 +nameserver 127.0.0.53 +options edns0 trust-ad diff --git a/playbooks/dns/resolv.conf b/playbooks/dns/resolv.conf new file mode 100644 index 0000000..650c172 --- /dev/null +++ b/playbooks/dns/resolv.conf @@ -0,0 +1,4 @@ +nameserver 178.22.122.100 +nameserver 185.51.200.2 +nameserver 127.0.0.53 +options edns0 trust-ad diff --git a/playbooks/dns/shecan.yml b/playbooks/dns/shecan.yml new file mode 100644 index 0000000..1694da1 --- /dev/null +++ b/playbooks/dns/shecan.yml @@ -0,0 +1,10 @@ + - hosts: all + become: yes + tasks: + - name: set shecan dns + copy: + src: resolv.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: u=rwx,g=rwx,o=rwx diff --git a/playbooks/docker/install-docker.yml b/playbooks/docker/install-docker.yml new file mode 100644 index 0000000..e9a0907 --- /dev/null +++ b/playbooks/docker/install-docker.yml @@ -0,0 +1,55 @@ +--- +- hosts: all + become: true + tasks: + - name: installa dipendenze + apt: + name: "{{item}}" + state: present + update_cache: yes + loop: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + - name: aggiungi chiave GPG + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + - name: aggiungi repository docker + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu bionic stable + state: present + - name: installa docker + apt: + name: "{{item}}" + state: latest + update_cache: yes + loop: + - docker-ce + - docker-ce-cli + - containerd.io + - name: assicurati che docker sia attivo + service: + name: docker + state: started + enabled: yes + + - name: Create "docker" group + group: + name: docker + state: present + + + - name: Add remote "ubuntu" user to "docker" group + user: + name: ubuntu + groups: docker + append: yes + + handlers: + - name: restart docker + service: + name: docker + state: restarted diff --git a/playbooks/docker/purge-install.yml b/playbooks/docker/purge-install.yml new file mode 100644 index 0000000..b1f49c4 --- /dev/null +++ b/playbooks/docker/purge-install.yml @@ -0,0 +1,23 @@ +--- + - hosts: all + become: yes + tasks: + - shell: | + sudo apt update -y + sudo apt purge docker docker-engine docker.io containerd runc -y + sudo apt autoremove -y + - shell: | + sudo apt install docker.io -y + + - service: + name: docker + state: start + - service: + name: docker + enable: yes + - name: print version of docker + command: docker --version + register: dockerversion + + - debug: + msg: "{{ dockerversion.stdout }}" diff --git a/playbooks/firewall/disable.yml b/playbooks/firewall/disable.yml new file mode 100644 index 0000000..c588175 --- /dev/null +++ b/playbooks/firewall/disable.yml @@ -0,0 +1,9 @@ +--- +- name: ufw + become: yes + hosts: all + tasks: + - name: disable ufw service + apt: + name: ufw + state: absent diff --git a/playbooks/host/hosts b/playbooks/host/hosts new file mode 100644 index 0000000..78cb739 --- /dev/null +++ b/playbooks/host/hosts @@ -0,0 +1,12 @@ +127.0.0.1 localhost +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +31.7.74.79 master1 +31.7.74.96 worker1 +31.7.74.118 worker2 diff --git a/playbooks/host/setHosts.yml b/playbooks/host/setHosts.yml new file mode 100644 index 0000000..a1bd6d0 --- /dev/null +++ b/playbooks/host/setHosts.yml @@ -0,0 +1,12 @@ +--- + - name: set ip and hosts to hosts file + hosts: all + become: yes + tasks: + - name: ensure ip and hosts setted + copy: + src: hosts + dest: /etc/hosts + owner: root + group: root + mode: u=rw,g=r,o=r diff --git a/playbooks/initialServer/build.yml b/playbooks/initialServer/build.yml new file mode 100644 index 0000000..c901ad8 --- /dev/null +++ b/playbooks/initialServer/build.yml @@ -0,0 +1,178 @@ +--- +- name: server initial command + hosts: 'all' + become: yes + become_method: sudo + become_user: root + vars_files: + - var/registry.yml + tasks: + - name: set hosts file + copy: + src: hosts + dest: /etc/hosts + mode: '0644' + + - name: disable ufw + shell: ufw disable + + - name: disable swap + shell: swapoff -a + + +### sudo ufw allow 2376/tcp && sudo ufw allow 7946/udp && sudo ufw allow 7946/tcp && sudo ufw allow 80/tcp && sudo ufw allow 2377/tcp && sudo ufw allow 4789/udp + + - name: flush iptables + shell: | + iptables -P INPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -P OUTPUT ACCEPT + iptables -t nat -F + iptables -t mangle -F + iptables -F + iptables -X + + - name: iptables for masters + when: inventory_hostname in groups['masters'] + shell: | + iptables -I INPUT -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -p tcp --dport 22 -j ACCEPT + iptables -I INPUT -p tcp --dport 53 -j ACCEPT + iptables -I INPUT -p tcp --dport 2376 -j ACCEPT + iptables -I INPUT -p tcp --dport 7946 -j ACCEPT + iptables -I INPUT -p udp --dport 7946 -j ACCEPT + iptables -I INPUT -p tcp --dport 2377 -j ACCEPT + iptables -I INPUT -p udp --dport 4789 -j ACCEPT + iptables -I INPUT -p tcp --dport 25196 -j ACCEPT + iptables-save >> /etc/iptables.rules.v4 + + - name: iptables for workers + when: inventory_hostname in groups['workers'] + shell: | + iptables -I INPUT -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -p tcp --dport 25196 -j ACCEPT + iptables-save >> /etc/iptables.rules.v4 + + + - name: sid swap off in fstab + shell: sed -i '/swap/d' /etc/fstab + + - name: set timezone + shell: timedatectl set-timezone Asia/Tehran + + - name: apt-get update + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + + + - name: installing docker dependencies + apt: + name: "{{item}}" + state: present + update_cache: yes + with_items: + - ca-certificates + - curl + - gnupg + - lsb-release + + + - name: add docker key and add docker repo + shell: | + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" + + + - name: installing docker-ce and docker-ce-cli and + apt: + name: "{{item}}" + state: present + update_cache: yes + with_items: + - docker-ce + - docker-ce-cli + - containerd.io + + + - name: start and enable docker and containerd + service: + name: "{{item}}" + state: started + enabled: yes + with_items: + - docker + - containerd + + + + - name: create the docker user account + user: name=dockerman append=yes state=present createhome=yes shell=/bin/bash + + - name: allow 'dockerman' to use sudo without needing a password + lineinfile: + dest: /etc/sudoers + line: 'dockerman ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' + + - name: add user to docker group + user: + name: dockerman + groups: docker + state: present + + - name: reset and enable docker + shell: | + systemctl daemon-reload + systemctl restart docker + systemctl enable docker + + - name: Get active primary interface name + shell: ip route | awk '/default/ { print $5 }' + register: interface + + - name: Get active primary interface IP + shell: ip -o -4 addr show dev {{ interface.stdout_lines[0] }} | awk '{print $4}' | cut -d/ -f1 + register: ip_address + + # add docker home to enviroment variable + - name: add docker home to enviroment variable + shell: echo "export HOST_IP={{ ip_address.stdout_lines[0] }}" >> /home/dockerman/.bashrc + + - name: add docker home to enviroment variable + shell: echo "export INT_NAME={{ interface.stdout_lines[0] }}" >> /home/dockerman/.bashrc + + - name: nfs common + when: inventory_hostname in groups['workers'] + apt: + name: nfs-common + state: present + update_cache: yes + + - name: login docker + become: dockerman + shell: docker login -u {{ registry_user }} -p {{ registry_password }} {{ registry_url }} + + - name: reboot + shell: reboot + ignore_errors: yes + + + + + + + + + + + + + + + + + + + + + diff --git a/playbooks/initialServer/hosts b/playbooks/initialServer/hosts new file mode 100644 index 0000000..43bd6bc --- /dev/null +++ b/playbooks/initialServer/hosts @@ -0,0 +1,19 @@ +127.0.0.1 localhost +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +87.107.132.77 masterold +87.107.132.78 workerold + +192.168.1.6 master1local +192.168.1.73 worker1local +192.168.1.254 worker2local + +31.7.74.79 master1 +31.7.74.118 worker1 +31.7.74.96 worker2 diff --git a/playbooks/initialServer/letsencrypt.yml b/playbooks/initialServer/letsencrypt.yml new file mode 100644 index 0000000..d72ced2 --- /dev/null +++ b/playbooks/initialServer/letsencrypt.yml @@ -0,0 +1,15 @@ +--- +- name: installing lets encrypt for masters + hosts: masters + become: yes + tasks: + - name: installing lets encrypt + apt: + name: "{{item}}" + state: latest + update_cache: yes + with_items: + - letsencrypt + - python3-certbot-nginx + + diff --git a/playbooks/initialServer/masters.yml b/playbooks/initialServer/masters.yml new file mode 100644 index 0000000..0a7ca09 --- /dev/null +++ b/playbooks/initialServer/masters.yml @@ -0,0 +1,11 @@ +--- +- name: configure master for docker swarm + become: yes + become_user: dockerman + hosts: masters + # add var file + vars_files: + - "var/swarm.yml" + tasks: + - name: join master in swarm as manager + shell: docker swarm join --token {{ manager_token }} {{ master_ip }}:2377 \ No newline at end of file diff --git a/playbooks/initialServer/reboot.yml b/playbooks/initialServer/reboot.yml new file mode 100644 index 0000000..2e172d7 --- /dev/null +++ b/playbooks/initialServer/reboot.yml @@ -0,0 +1,6 @@ +--- +- name: reboot all servers + hosts: all + become: yes + tasks: + - shell: reboot \ No newline at end of file diff --git a/playbooks/initialServer/supermaster.yml b/playbooks/initialServer/supermaster.yml new file mode 100644 index 0000000..172a8fe --- /dev/null +++ b/playbooks/initialServer/supermaster.yml @@ -0,0 +1,68 @@ +--- +- name: configure supermaster for docker swarm + become: yes + hosts: supermaster + vars_files: + - "var/hosts.yml" + tasks: + + - name: installing lets encrypt + apt: + name: "{{item}}" + state: latest + update_cache: yes + with_items: + - letsencrypt + - python3-certbot-nginx + + - name: init swarm + become: dockerman + shell: docker swarm init --advertise-addr {{ item.local }}:2377 + with_items: + - "{{ supermaster }}" + register: swarm_init + ignore_errors: yes + + + - name: install nfs server + apt: name=nfs-kernel-server state=present update_cache=yes + + - name: create nfs directory + file: path=/volume state=directory mode=0777 owner=root group=root + + - name: create multiple directories + shell: | + mkdir -p /volume/mongo + mkdir -p /volume/pg + mkdir -p /volume/rabbit + mkdir -p /volume/redis + mkdir -p /volume/ig/ls/wwwroot + mkdir -p /volume/ig/api/storage + mkdir -p /volume/dns + mkdir -p /volume/nginx + mkdir -p /volume/portainer + + - name: create nfs export + shell: | + echo "/volume {{item.local}}/32(rw,sync,no_subtree_check,no_root_squash)" >> /etc/exports + with_items: + - "{{ clients }}" + + - name: exportfs + shell: exportfs -a + + - name: set iptables for clients ip for nfs + shell: | + iptables -A INPUT -s "{{ item.local }}"/32 -p tcp -m tcp --dport 2049 -j ACCEPT + with_items: + - "{{ clients }}" + + - name: create overlay network + shell: | + docker network create --driver=overlay --attachable mother + ignore_errors: yes + + + + + \ No newline at end of file diff --git a/playbooks/initialServer/sync-stacks.yml b/playbooks/initialServer/sync-stacks.yml new file mode 100644 index 0000000..18982de --- /dev/null +++ b/playbooks/initialServer/sync-stacks.yml @@ -0,0 +1,13 @@ +--- +- name: sync stacks with master + become: yes + become_user: dockerman + hosts: supermaster + tasks: + - name: copy stack files + copy: + src: ../../stacks + dest: /home/dockerman/ + owner: dockerman + group: dockerman + mode: '0700' \ No newline at end of file diff --git a/playbooks/initialServer/var/hosts.yml b/playbooks/initialServer/var/hosts.yml new file mode 100644 index 0000000..c43c8a0 --- /dev/null +++ b/playbooks/initialServer/var/hosts.yml @@ -0,0 +1,19 @@ +--- +clients: + - name: "worker-1" + local: 192.168.1.73 + global: 31.7.74.96 + + - name: "worker-2" + local: 192.168.1.254 + global: 31.7.74.118 + +masters: + - name: "master-1" + local: 192.168.1.6 + master: 31.7.74.79 + +supermaster: + - name: "master-1" + local: 192.168.1.6 + master: 31.7.74.79 \ No newline at end of file diff --git a/playbooks/initialServer/var/registry.yml b/playbooks/initialServer/var/registry.yml new file mode 100644 index 0000000..5fe488d --- /dev/null +++ b/playbooks/initialServer/var/registry.yml @@ -0,0 +1,4 @@ +--- +registry_user: Runner +registry_password: 22102210aA +registry_url: registry.vnfco.ir \ No newline at end of file diff --git a/playbooks/initialServer/var/swarm.yml b/playbooks/initialServer/var/swarm.yml new file mode 100644 index 0000000..cc88fc3 --- /dev/null +++ b/playbooks/initialServer/var/swarm.yml @@ -0,0 +1,3 @@ +--- +manager_token: SWMTKN-1-2qwry99zn95r9ehs30mnyu6b526ccdwlk21ciwri15zjrwbmoj-8z1x15gas5ujyk860zvdbmdnk +worker_token: SWMTKN-1-2qwry99zn95r9ehs30mnyu6b526ccdwlk21ciwri15zjrwbmoj-b0sesv6f6kntbfekxq0vf44os diff --git a/playbooks/initialServer/workers.yml b/playbooks/initialServer/workers.yml new file mode 100644 index 0000000..425ce32 --- /dev/null +++ b/playbooks/initialServer/workers.yml @@ -0,0 +1,29 @@ +--- +- name: configure worker for docker swarm + become: yes + hosts: workers + # add var file + vars_files: + - "var/swarm.yml" + - "var/hosts.yml" + tasks: + - name: join node in swarm as worker + shell: docker swarm join --token {{ worker_token }} {{ item.local }}:2377 + with_items: + - "{{ supermaster }}" + ignore_errors: yes + + - name: create /volume + shell: mkdir -p /volume + + - name: mount nfs + shell: mount {{ item.local }}:/volume /volume + with_items: + - "{{ masters }}" + + + - name: mount nfs /etc/fstab + shell: echo "{{ item.local }}:/volume /volume nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >> /etc/fstab + with_items: + - "{{ masters }}" + diff --git a/playbooks/k8s/install-k8s-only.yml b/playbooks/k8s/install-k8s-only.yml new file mode 100644 index 0000000..e04c6fb --- /dev/null +++ b/playbooks/k8s/install-k8s-only.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + become: true + gather_facts: yes + tasks: + - name: install kubernetes + shell: | + sudo apt-get update + sudo apt-get install -y kubelet=1.20.14 kubeadm=1.20.14 kubectl=1.20.14 + sudo apt-mark hold kubelet kubeadm kubectl diff --git a/playbooks/k8s/install-k8s.yml b/playbooks/k8s/install-k8s.yml new file mode 100644 index 0000000..c890937 --- /dev/null +++ b/playbooks/k8s/install-k8s.yml @@ -0,0 +1,77 @@ +--- +- hosts: "masters, workers" + remote_user: ubuntu + become: yes + become_method: sudo + become_user: root + gather_facts: yes + connection: ssh + + tasks: + - name: Create containerd config file + file: + path: "/etc/modules-load.d/containerd.conf" + state: "touch" + + - name: Add conf for containerd + blockinfile: + path: "/etc/modules-load.d/containerd.conf" + block: | + overlay + br_netfilter + + - name: modprobe + shell: | + sudo modprobe overlay + sudo modprobe br_netfilter + + + - name: Set system configurations for Kubernetes networking + file: + path: "/etc/sysctl.d/99-kubernetes-cri.conf" + state: "touch" + + - name: Add conf for containerd + blockinfile: + path: "/etc/sysctl.d/99-kubernetes-cri.conf" + block: | + net.bridge.bridge-nf-call-iptables = 1 + net.ipv4.ip_forward = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + + - name: Apply new settings + command: sudo sysctl --system + + - name: install containerd + shell: | + sudo apt-get update && sudo apt-get install -y containerd + sudo mkdir -p /etc/containerd + sudo containerd config default | sudo tee /etc/containerd/config.toml + sudo systemctl restart containerd + + - name: disable swap + shell: | + sudo swapoff -a + sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab + + - name: install and configure dependencies + shell: | + sudo apt-get update && sudo apt-get install -y apt-transport-https curl + curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - + + - name: Create kubernetes repo file + file: + path: "/etc/apt/sources.list.d/kubernetes.list" + state: "touch" + + - name: Add K8s Source + blockinfile: + path: "/etc/apt/sources.list.d/kubernetes.list" + block: | + deb https://apt.kubernetes.io/ kubernetes-xenial main + + - name: install kubernetes + shell: | + sudo apt-get update + sudo apt-get install -y kubelet=1.20.1-00 kubeadm=1.20.1-00 kubectl=1.20.1-00 + sudo apt-mark hold kubelet kubeadm kubectl diff --git a/playbooks/k8s/master.yml b/playbooks/k8s/master.yml new file mode 100644 index 0000000..ad84fb4 --- /dev/null +++ b/playbooks/k8s/master.yml @@ -0,0 +1,43 @@ +- hosts: masters + become: yes + tasks: + - name: initialize the cluster + shell: kubeadm init --pod-network-cidr=10.244.0.0/16 + args: + chdir: $HOME + creates: cluster_initialized.txt + + - name: create .kube directory + become: yes + become_user: kube + file: + path: $HOME/.kube + state: directory + mode: 0755 + + - name: copies admin.conf to user's kube config + copy: + src: /etc/kubernetes/admin.conf + dest: /home/kube/.kube/config + remote_src: yes + owner: kube + + - name: install Pod network + become: yes + become_user: kube + shell: kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml + args: + chdir: $HOME + + - name: Get the token for joining the worker nodes + become: yes + become_user: kube + shell: kubeadm token create --print-join-command + register: kubernetes_join_command + + - debug: + msg: "{{ kubernetes_join_command.stdout }}" + + - name: Copy join command to local file. + become: yes + local_action: copy content="{{ kubernetes_join_command.stdout_lines[0] }}" dest="/tmp/kubernetes_join_command" mode=0777 diff --git a/playbooks/k8s/purge-k8s.yml b/playbooks/k8s/purge-k8s.yml new file mode 100644 index 0000000..aa51da5 --- /dev/null +++ b/playbooks/k8s/purge-k8s.yml @@ -0,0 +1,16 @@ +--- + - hosts: all + become: yes + tasks: + - shell: | + kubeadm reset -f + sudo apt-mark unhold kube* + sudo apt-get purge kubeadm kubectl kubelet kubernetes-cni kube* -y + sudo apt-get autoremove -y + sudo rm -rf ~/.kube + - shell: systemctl daemon-reload + changed_when: False + - name: restart docker + service: + name: docker + state: restarted diff --git a/playbooks/k8s/users.yml b/playbooks/k8s/users.yml new file mode 100644 index 0000000..d488f48 --- /dev/null +++ b/playbooks/k8s/users.yml @@ -0,0 +1,18 @@ +--- +- hosts: 'workers, masters' + become: yes + + tasks: + - name: create the kube user account + user: name=kube append=yes state=present createhome=yes shell=/bin/bash + + - name: allow 'kube' to use sudo without needing a password + lineinfile: + dest: /etc/sudoers + line: 'kube ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' + + - name: set up authorized keys for the kube user + authorized_key: user=kube key="{{item}}" + with_file: + - ~/.ssh/id_rsa.pub diff --git a/stacks/lvl0/stack.yml b/stacks/lvl0/stack.yml new file mode 100644 index 0000000..87fbe3d --- /dev/null +++ b/stacks/lvl0/stack.yml @@ -0,0 +1,35 @@ +version: '3.2' + +services: + agent: + image: registry.vnfco.ir/library/portainer/agent:2.11.0 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - portainer_agent + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + + portainer: + image: registry.vnfco.ir/library/portainer/portainer-ce:2.11.0 + command: -H tcp://tasks.agent:9001 --tlsskipverify + ports: + - "9443:9443" + - "9000:9000" + - "8000:8000" + volumes: + - /volume/portainer:/data + networks: + - portainer_agent + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + +networks: + portainer_agent: + external: true \ No newline at end of file