diff --git a/main.go b/main.go new file mode 100644 index 0000000..a48fa1c --- /dev/null +++ b/main.go @@ -0,0 +1,9 @@ +package main + +import ( + "striveworks.us/stampede/pkg/listen" +) + +func main() { + Listen() +} diff --git a/pkg/broadcast.go b/pkg/broadcast.go new file mode 100644 index 0000000..09b2fee --- /dev/null +++ b/pkg/broadcast.go @@ -0,0 +1,24 @@ +package pkg + +import ( + "net" + "fmt" +) + +func Broadcast() { + pc, err := net.ListenPacket("udp4", ":8829") + if err != nil { + panic(err) + } + defer pc.Close() + + addr,err := net.ResolveUDPAddr("udp4", "192.168.7.255:8829") + if err != nil { + panic(err) + } + + _,err := pc.WriteTo([]byte("data to transmit"), addr) + if err != nil { + panic(err) + } +} diff --git a/pkg/listen.go b/pkg/listen.go new file mode 100644 index 0000000..71fb1a7 --- /dev/null +++ b/pkg/listen.go @@ -0,0 +1,23 @@ +package pkg + +import ( + "net" + "fmt" +) + + +func Listen() { + pc,err := net.ListenPacket("udp4", ":8829") + if err != nil { + panic(err) + } + defer pc.Close() + + buf := make([]byte, 1024) + n,addr,err := pc.ReadFrom(buf) + if err != nil { + panic(err) + } + + fmt.Printf("%s sent this: %s\n", addr, buf[:n]) +} diff --git a/scripts/init.sh b/scripts/init.sh new file mode 100644 index 0000000..e6a7471 --- /dev/null +++ b/scripts/init.sh @@ -0,0 +1,49 @@ +#/bin/env bash +set -ex + +source install.sh +source pre-install.sh + +host1="chariotmaster01.america.striveworks.us" +host2="chariotmaster02.america.striveworks.us" +host3="chariotmaster03.america.striveworks.us" + +RKE_USER="rke" + +if [ ! -f /root/${RKE_USER}-password.txt]; then + RKE=$(cat "/root/${RKE_USER}-password.txt") +else + RKE_PASS=$(tr -dc A-Za-z0-9 "/root/${RKE_USER}-password.txt" +fi + + +# Setup RKE user +setup_user + +# Disable swap +disable_swap + +# Kernel param config +kernel_setup + +# Install docker +install_docker + +# Allow tcp forwarding +allow_tcp_ssh_forwarding + + +if [ "$CONTROLLER" = "1" ]; + then + + # Create SSH keys for RKE/cluster + create_ssh_keys $host1 $host2 $host3 + # Get RKE binary + get_rke_binary + # Build RKE config + build_cluster_config $host1 $host2 $host3 + # Init RKE + cd /opt + rke_up +fi diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100644 index 0000000..8f16954 --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,203 @@ +#/bin/env bash +set -ex + + +function get_rke_binary { + wget https://github.com/rancher/rke/releases/download/v1.0.16/rke_linux-amd64 -O rke + chmod +x rke + cp rke /usr/local/bin +} + + +function build_cluster_config () { +cat << EOF > /home/$RKE_USER/cluster.yml +nodes: +- address: "$1" + port: "22" + internal_address: "" + role: + - controlplane + - etcd + hostname_override: "" + user: $RKE_USER + docker_socket: /var/run/docker.sock + ssh_key: "" + ssh_key_path: /home/$RKE_USER/.ssh/id_rsa + ssh_cert: "" + ssh_cert_path: "" + labels: {} + taints: [] +- address: "$2" + port: "22" + internal_address: "" + role: + - controlplane + - etcd + hostname_override: "" + user: $RKE_USER + docker_socket: /var/run/docker.sock + ssh_key: "" + ssh_key_path: /home/$RKE_USER/.ssh/id_rsa + ssh_cert: "" + ssh_cert_path: "" + labels: {} + taints: [] +- address: "$3" + port: "22" + internal_address: "" + role: + - controlplane + - etcd + hostname_override: "" + user: $RKE_USER + docker_socket: /var/run/docker.sock + ssh_key: "" + ssh_key_path: /home/$RKE_USER/.ssh/id_rsa + ssh_cert: "" + ssh_cert_path: "" + labels: {} + taints: [] +services: + etcd: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + external_urls: [] + ca_cert: "" + cert: "" + key: "" + path: "" + uid: 0 + gid: 0 + snapshot: null + retention: "" + creation: "" + backup_config: null + kube-api: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + service_cluster_ip_range: 10.43.0.0/16 + service_node_port_range: "" + pod_security_policy: false + always_pull_images: false + secrets_encryption_config: null + audit_log: null + admission_configuration: null + event_rate_limit: null + kube-controller: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + cluster_cidr: 10.42.0.0/16 + service_cluster_ip_range: 10.43.0.0/16 + scheduler: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + kubelet: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + cluster_domain: cluster.local + infra_container_image: "" + cluster_dns_server: 10.43.0.10 + fail_swap_on: false + generate_serving_certificate: false + kubeproxy: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] +network: + plugin: none +authentication: + strategy: x509 + sans: [] + webhook: null +addons: "" +addons_include: [] +system_images: + etcd: rancher/coreos-etcd:v3.4.3-rancher1 + alpine: rancher/rke-tools:v0.1.69 + nginx_proxy: rancher/rke-tools:v0.1.69 + cert_downloader: rancher/rke-tools:v0.1.69 + kubernetes_services_sidecar: rancher/rke-tools:v0.1.69 + kubedns: rancher/k8s-dns-kube-dns:1.15.0 + dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.0 + kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.0 + kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.7.1 + coredns: rancher/coredns-coredns:1.6.5 + coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.7.1 + nodelocal: rancher/k8s-dns-node-cache:1.15.7 + kubernetes: rancher/hyperkube:v1.17.17-rancher1 + flannel: rancher/coreos-flannel:v0.12.0 + flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 + calico_node: rancher/calico-node:v3.13.4 + calico_cni: rancher/calico-cni:v3.13.4 + calico_controllers: rancher/calico-kube-controllers:v3.13.4 + calico_ctl: rancher/calico-ctl:v3.13.4 + calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.13.4 + canal_node: rancher/calico-node:v3.13.4 + canal_cni: rancher/calico-cni:v3.13.4 + canal_flannel: rancher/coreos-flannel:v0.12.0 + canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.13.4 + weave_node: weaveworks/weave-kube:2.6.4 + weave_cni: weaveworks/weave-npc:2.6.4 + pod_infra_container: rancher/pause:3.1 + ingress: rancher/nginx-ingress-controller:nginx-0.35.0-rancher2 + ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1 + metrics_server: rancher/metrics-server:v0.3.6 + windows_pod_infra_container: rancher/kubelet-pause:v0.1.4 +ssh_key_path: ~/.ssh/id_rsa +ssh_cert_path: "" +ssh_agent_auth: false +authorization: + mode: rbac + options: {} +ignore_docker_version: false +kubernetes_version: "" +private_registries: [] +ingress: + provider: "" + options: {} + node_selector: {} + extra_args: {} + dns_policy: "" + extra_envs: [] + extra_volumes: [] + extra_volume_mounts: [] +cluster_name: "" +cloud_provider: + name: "" +prefix_path: "" +addon_job_timeout: 0 +bastion_host: + address: "" + port: "" + user: "" + ssh_key: "" + ssh_key_path: "" + ssh_cert: "" + ssh_cert_path: "" +monitoring: + provider: "" + options: {} + node_selector: {} +restore: + restore: false + snapshot_name: "" +dns: null + +EOF +} + + +function rke_up { + sudo -H -u rke bash -c 'cd $HOME && rke up --debug' +} diff --git a/scripts/pre-install.sh b/scripts/pre-install.sh new file mode 100644 index 0000000..5a60c4d --- /dev/null +++ b/scripts/pre-install.sh @@ -0,0 +1,109 @@ +#/bin/env bash +set -ex + + +function setup_user { + # Setup Docker for non-root user + groupadd -f docker + + # Create RKE User + useradd $RKE_USER \ + --groups docker \ + --create-home \ + --password $RKE_PASS \ + || true + + passwd $RKE_USER --stdin <<< "$RKE_PASS" + # Add RKE User to sudoers + grep -qxF "$RKE_USER ALL=(ALL:ALL) ALL" /etc/sudoers || echo "$RKE_USER ALL=(ALL:ALL) ALL" >> /etc/sudoers + +} + +function create_ssh_keys { + apt-get install sshpass -y + rm -rf /home/$RKE_USER/.ssh/ + mkdir -p /home/$RKE_USER/.ssh/ + mkdir -p $HOME/.ssh + ssh-keygen -b 2048 -t rsa -f /home/$RKE_USER/.ssh/id_rsa -q -N "" + cat /home/$RKE_USER/.ssh/id_rsa.pub >> /home/$RKE_USER/.ssh/authorized_keys + chown $RKE_USER:$RKE_USER /home/$RKE_USER/.ssh/id_rsa + chown $RKE_USER:$RKE_USER /home/$RKE_USER/.ssh/id_rsa.pub + chown $RKE_USER:$RKE_USER /home/$RKE_USER/.ssh/authorized_keys + + for host in $1 $2 $3 + do + if [ "$(hostname -f)" != "$host" ]; + then + sshpass -f /root/${RKE_USER}-password.txt ssh-copy-id -i /home/$RKE_USER/.ssh/id_rsa.pub $RKE_USER@$host + fi + done +} + +function disable_swap { + # Disable Swap + swapoff -a + sed -i '/ swap / s/^/#/' /etc/fstab + +} + + +function kernel_setup { + apt-get update + apt-get dist-upgrade -y + + # Check all kernel modules are present + for module in br_netfilter ip6_udp_tunnel ip_set ip_set_hash_ip ip_set_hash_net iptable_filter iptable_nat iptable_mangle iptable_raw nf_conntrack_netlink nf_conntrack nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat nf_nat_ipv4 nf_nat_masquerade_ipv4 nfnetlink udp_tunnel veth vxlan x_tables xt_addrtype xt_conntrack xt_comment xt_mark xt_multiport xt_nat xt_recent xt_set xt_statistic xt_tcpudp; + do + modprobe $module + if ! lsmod | grep -q $module; then + echo "module $module is not present"; + exit 1 + fi; + done + + + echo "br_netfilter" > /etc/modules-load.d/bridge.conf + # Ensure net.bridge.bridge-nf-call-iptables is enabled in the kernel + sysctl net.bridge.bridge-nf-call-iptables=1 + sysctl net.bridge.bridge-nf-call-ip6tables=1 + sysctl net.bridge.bridge-nf-call-arptables=1 + +} + + +function install_docker { + # Remove any old versions of Docker + apt-get remove docker docker-engine docker.io containerd runc + + # Instal deps + apt-get update + apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg-agent \ + software-properties-common + + + # Add docker CE repo + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" + + apt-get update + #Instal docker + apt-get -y install docker-ce=18.06.1~ce~3-0~ubuntu containerd.io --allow-downgrades + + #Enable docker on startup + systemctl restart docker.service + systemctl enable docker.service + systemctl enable containerd.service + +} + + +function allow_tcp_ssh_forwarding { + grep -qxF "AllowTcpForwarding yes" /etc/ssh/sshd_config || echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config +}