diff --git a/README.md b/README.md index ccbfdb5..38fdab0 100644 --- a/README.md +++ b/README.md @@ -68,15 +68,15 @@ k3ama) into this machine. ```bash vagrant plugin install vagrant-vbguest ``` -3. Deploy Vagrant machine: +3. Deploy Vagrant machine, disabling SELinux: ```bash - vagrant up + SELINUX=Disabled vagrant up ``` 4. Access the Vagrant machine via SSH: ```bash vagrant ssh ``` -5. Run the prep script inside of the Vagrant machine: +5. Run all prep scripts inside of the Vagrant machine: ```bash sudo /opt/k3ama/vagrant-scripts/prep-all.sh ``` @@ -97,6 +97,17 @@ repository under `local-artifacts`. sudo /opt/k3ama/vagrant-scripts/k3s-install.sh ``` +### Installing RKE2 manually + +1. Access the Vagrant machine via SSH: + ```bash + vagrant ssh + ``` +2. Run the RKE2 install script inside of the Vagrant machine: + ```bash + sudo /opt/k3ama/vagrant-scripts/rke2-install.sh + ``` + ## Go CLI The initial MVP for a k3ama CLI used to streamline the packaging and deploying processes is in the diff --git a/Vagrantfile b/Vagrantfile index b24bbf5..9a45b69 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,8 +15,51 @@ Vagrant.configure("2") do |config| vb.memory = "2048" vb.cpus = "2" - config.vm.provision "shell", - run: "always", + config.vm.provision "airgap", run: "always", inline: "/opt/k3ama/vagrant-scripts/airgap.sh airgap" end + + # SELinux is Enforcing by default. + # To set SELinux as Disabled on a VM that has already been provisioned: + # SELINUX=Disabled vagrant up --provision-with=selinux + # To set SELinux as Permissive on a VM that has already been provsioned + # SELINUX=Permissive vagrant up --provision-with=selinux + config.vm.provision "selinux", type: "shell", run: "once" do |sh| + sh.upload_path = "/tmp/vagrant-selinux" + sh.env = { + 'SELINUX': ENV['SELINUX'] || "Enforcing" + } + sh.inline = <<~SHELL + #!/usr/bin/env bash + set -eux -o pipefail + + if ! type -p getenforce setenforce &>/dev/null; then + echo SELinux is Disabled + exit 0 + fi + + case "${SELINUX}" in + Disabled) + if mountpoint -q /sys/fs/selinux; then + setenforce 0 + umount -v /sys/fs/selinux + fi + ;; + Enforcing) + mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux + setenforce 1 + ;; + Permissive) + mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux + setenforce 0 + ;; + *) + echo "SELinux mode not supported: ${SELINUX}" >&2 + exit 1 + ;; + esac + + echo SELinux is $(getenforce) + SHELL + end end diff --git a/vagrant-scripts/rke2-install.sh b/vagrant-scripts/rke2-install.sh new file mode 100755 index 0000000..99893b7 --- /dev/null +++ b/vagrant-scripts/rke2-install.sh @@ -0,0 +1,59 @@ +#!/bin/sh + +################################################################################ +# RUN IN VAGRANT MACHINE +# Install a default, bare rke2 cluster into the Vagrant machine +################################################################################ + +BASE_SHARED_DIR="/opt/k3ama" +VAGRANT_SCRIPTS_DIR="${BASE_SHARED_DIR}/vagrant-scripts" + +RKE2_VERSION_DOCKER='v1.18.4-beta16-rke2' + +if pgrep -x "firewalld" >/dev/null +then + echo "[FATAL] disable firewalld first" +fi + +SELINUXSTATUS=$(getenforce) +if [ "$SELINUXSTATUS" == "Permissive" ] || [ "$SELINUXSTATUS" == "Enforcing" ] ; then + echo "[FATAL] disable selinux" + exit 1 +else + echo "SELINUX disabled. continuing" +fi + +LOCAL_IMAGES_FILEPATH=/var/lib/rancher/rke2/agent/images +ARTIFACT_DIR="${BASE_SHARED_DIR}/local-artifacts/rke2" + +mkdir -p ${LOCAL_IMAGES_FILEPATH} + +cp ${ARTIFACT_DIR}/images/* ${LOCAL_IMAGES_FILEPATH} + +# ---------------------------------------------------------- +# uncomment to use a specific local binary for the install +# ---------------------------------------------------------- +# LOCAL_RKE2_BIN='rke2-beta13-dev' + +if [ -n "${LOCAL_RKE2_BIN}" ] && [ -f "${ARTIFACT_DIR}/bin/${LOCAL_RKE2_BIN}" ] ; then + echo "Use "${ARTIFACT_DIR}/bin/${LOCAL_RKE2_BIN}" for rke2 binary" + INSTALL_RKE2_SKIP_START=true \ + RKE2_RUNTIME_IMAGE="rancher/rke2-runtime:${RKE2_VERSION_DOCKER}" \ + ${ARTIFACT_DIR}/bin/rke2-installer.run + rm -f /usr/local/bin/rke2 + cp "${ARTIFACT_DIR}/bin/${LOCAL_RKE2_BIN}" /usr/local/bin/rke2 + systemctl start rke2 +else + ${ARTIFACT_DIR}/bin/rke2-installer.run +fi + +while [ -f "/etc/rancher/rke2/rke2.yaml" ] ; do + echo "Waiting for /etc/rancher/rke2/rke2.yaml to exist..." + sleep 10 +done + +chmod +r /etc/rancher/rke2/rke2.yaml + +echo "RKE2 cluster is wrapping up installation, run the following commands to allow kubectl access: +export KUBECONFIG=/etc/rancher/rke2/rke2.yaml +export PATH=/var/lib/rancher/rke2/bin/:\${PATH}" diff --git a/vagrant-scripts/rke2-prep.sh b/vagrant-scripts/rke2-prep.sh new file mode 100755 index 0000000..0baf359 --- /dev/null +++ b/vagrant-scripts/rke2-prep.sh @@ -0,0 +1,50 @@ +#!/bin/sh + +################################################################################ +# RUN IN VAGRANT MACHINE +# Download all required dependencies for an air-gapped rke2 install, saving them +# to the folder shared with the host machine. +################################################################################ + +BASE_SHARED_DIR="/opt/k3ama" +VAGRANT_SCRIPTS_DIR="${BASE_SHARED_DIR}/vagrant-scripts" +ARTIFACTS_DIR="${BASE_SHARED_DIR}/local-artifacts/rke2" + +RKE2_VERSION='v1.18.4-beta16+rke2' +RKE2_VERSION_URL='v1.18.4-beta16%2Brke2' +RKE2_VERSION_DOCKER='v1.18.4-beta16-rke2' + +LOCAL_IMAGES="${ARTIFACTS_DIR}/images" +LOCAL_BIN="${ARTIFACTS_DIR}/bin" +LOCAL_RPM="${ARTIFACTS_DIR}/rpm" + +mkdir -p ${LOCAL_IMAGES} +mkdir -p ${LOCAL_BIN} +mkdir -p ${LOCAL_RPM} + +# temporarily allow internet access +${VAGRANT_SCRIPTS_DIR}/airgap.sh internet + +pushd ${LOCAL_IMAGES} + +curl -LO https://github.com/rancher/rke2/releases/download/${RKE2_VERSION_URL}/rke2-images.linux-amd64.tar.gz +gunzip rke2-images.linux-amd64.tar.gz + +popd + +pushd ${LOCAL_BIN} + +curl -L https://github.com/rancher/rke2/releases/download/${RKE2_VERSION_URL}/rke2-installer.linux-amd64.run -o rke2-installer.run +chmod +x ./* + +popd + +pushd ${LOCAL_RPM} + +# TODO - add RPMs + +popd + + +# restore air-gap configuration +${VAGRANT_SCRIPTS_DIR}/airgap.sh airgap