From 0f4ff1071544d6f85bf295a8d4ac42daae451eef Mon Sep 17 00:00:00 2001 From: Steven Pousty Date: Thu, 16 May 2019 17:33:06 -0700 Subject: [PATCH] up to date (#1) * Cleanup * Use latest version of docker * Remove Docker first * Remove more of Docker * Start Docker after installing * fixed misspecification --- .../master/build/1_k8s_master.sh | 252 +----------------- .../master/build/2_scripts.sh | 240 +++++++++++++++++ .../master/build/99_cleanup.sh | 4 + .../node01/build/1_k8s_node.sh | 11 +- .../node01/build/99_cleanup.sh | 4 + training/foundations-pathway.json | 6 +- 6 files changed, 272 insertions(+), 245 deletions(-) create mode 100644 environments/crunchydata-k8s-centos/master/build/2_scripts.sh create mode 100644 environments/crunchydata-k8s-centos/master/build/99_cleanup.sh create mode 100644 environments/crunchydata-k8s-centos/node01/build/99_cleanup.sh diff --git a/environments/crunchydata-k8s-centos/master/build/1_k8s_master.sh b/environments/crunchydata-k8s-centos/master/build/1_k8s_master.sh index c4811796..c52a9f85 100644 --- a/environments/crunchydata-k8s-centos/master/build/1_k8s_master.sh +++ b/environments/crunchydata-k8s-centos/master/build/1_k8s_master.sh @@ -1,3 +1,13 @@ +set -e +sudo yum remove -y docker docker-common + +sudo yum install -y yum-utils +sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo +sudo yum install -y docker-ce docker-ce-cli containerd.io +systemctl enable --now docker +systemctl start docker + + echo '127.0.0.1 master' >> /etc/hosts hostname master && echo master > /etc/hostname hostnamectl set-hostname master @@ -17,7 +27,7 @@ EOF setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config -yum install -y docker kubelet kubeadm kubectl --disableexcludes=kubernetes +yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes systemctl enable --now kubelet @@ -33,243 +43,3 @@ sudo kubeadm config images pull; sudo docker pull weaveworks/weave-kube:2.5.1 sudo docker pull weaveworks/weave-npc:2.5.1 -cat < /opt/launch-kubeadm.sh -#!/bin/sh -rm $HOME/.kube/config -kubeadm reset -f || true -systemctl start kubelet -mkdir -p /root/.kube -kubeadm init --kubernetes-version $(kubeadm version -o short) --token=96771a.f608976060d16396 -mkdir -p $HOME/.kube -sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config -sudo chown $(id -u):$(id -g) $HOME/.kube/config -kubectl apply -f /opt/weave-kube -EOF - -chmod +x /opt/launch-kubeadm.sh - -cat < /opt/weave-kube -apiVersion: v1 -kind: List -items: - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: weave-net - labels: - name: weave-net - namespace: kube-system - - apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRole - metadata: - name: weave-net - labels: - name: weave-net - rules: - - apiGroups: - - '' - resources: - - pods - - namespaces - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - networkpolicies - verbs: - - get - - list - - watch - - apiGroups: - - 'networking.k8s.io' - resources: - - networkpolicies - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - nodes/status - verbs: - - patch - - update - - apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - name: weave-net - labels: - name: weave-net - roleRef: - kind: ClusterRole - name: weave-net - apiGroup: rbac.authorization.k8s.io - subjects: - - kind: ServiceAccount - name: weave-net - namespace: kube-system - - apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: Role - metadata: - name: weave-net - namespace: kube-system - labels: - name: weave-net - rules: - - apiGroups: - - '' - resources: - - configmaps - resourceNames: - - weave-net - verbs: - - get - - update - - apiGroups: - - '' - resources: - - configmaps - verbs: - - create - - apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: RoleBinding - metadata: - name: weave-net - namespace: kube-system - labels: - name: weave-net - roleRef: - kind: Role - name: weave-net - apiGroup: rbac.authorization.k8s.io - subjects: - - kind: ServiceAccount - name: weave-net - namespace: kube-system - - apiVersion: extensions/v1beta1 - kind: DaemonSet - metadata: - name: weave-net - labels: - name: weave-net - namespace: kube-system - spec: - # Wait 5 seconds to let pod connect before rolling next pod - minReadySeconds: 5 - template: - metadata: - labels: - name: weave-net - spec: - containers: - - name: weave - command: - - /home/weave/launch.sh - env: - - name: HOSTNAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: 'weaveworks/weave-kube:2.5.1' - imagePullPolicy: Always - readinessProbe: - httpGet: - host: 127.0.0.1 - path: /status - port: 6784 - resources: - requests: - cpu: 10m - securityContext: - privileged: true - volumeMounts: - - name: weavedb - mountPath: /weavedb - - name: cni-bin - mountPath: /host/opt - - name: cni-bin2 - mountPath: /host/home - - name: cni-conf - mountPath: /host/etc - - name: dbus - mountPath: /host/var/lib/dbus - - name: lib-modules - mountPath: /lib/modules - - name: xtables-lock - mountPath: /run/xtables.lock - readOnly: false - - name: weave-npc - env: - - name: HOSTNAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: 'weaveworks/weave-npc:2.5.1' - imagePullPolicy: Always -#npc-args - resources: - requests: - cpu: 10m - securityContext: - privileged: true - volumeMounts: - - name: xtables-lock - mountPath: /run/xtables.lock - readOnly: false - hostNetwork: true - hostPID: true - restartPolicy: Always - securityContext: - seLinuxOptions: {} - serviceAccountName: weave-net - tolerations: - - effect: NoSchedule - operator: Exists - volumes: - - name: weavedb - hostPath: - path: /var/lib/weave - - name: cni-bin - hostPath: - path: /opt - - name: cni-bin2 - hostPath: - path: /home - - name: cni-conf - hostPath: - path: /etc - - name: dbus - hostPath: - path: /var/lib/dbus - - name: lib-modules - hostPath: - path: /lib/modules - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - updateStrategy: - type: RollingUpdate -EOF - -cat < /usr/local/bin/launch.sh -#!/bin/bash -echo Waiting for Kubernetes to start... - while [ ! -f /root/.kube/config ] - do - sleep 1 - done -echo Kubernetes started -if [ -f /root/.kube/start ]; then - /root/.kube/start -fi -EOF - -chmod +x /usr/local/bin/launch.sh diff --git a/environments/crunchydata-k8s-centos/master/build/2_scripts.sh b/environments/crunchydata-k8s-centos/master/build/2_scripts.sh new file mode 100644 index 00000000..6ba81c7a --- /dev/null +++ b/environments/crunchydata-k8s-centos/master/build/2_scripts.sh @@ -0,0 +1,240 @@ +cat < /opt/launch-kubeadm.sh +#!/bin/sh +rm $HOME/.kube/config +kubeadm reset -f || true +systemctl start kubelet +mkdir -p /root/.kube +kubeadm init --kubernetes-version $(kubeadm version -o short) --token=96771a.f608976060d16396 +mkdir -p $HOME/.kube +sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config +sudo chown $(id -u):$(id -g) $HOME/.kube/config +kubectl apply -f /opt/weave-kube +EOF + +chmod +x /opt/launch-kubeadm.sh + +cat < /opt/weave-kube +apiVersion: v1 +kind: List +items: + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: weave-net + labels: + name: weave-net + namespace: kube-system + - apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRole + metadata: + name: weave-net + labels: + name: weave-net + rules: + - apiGroups: + - '' + resources: + - pods + - namespaces + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: + - 'networking.k8s.io' + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - nodes/status + verbs: + - patch + - update + - apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: weave-net + labels: + name: weave-net + roleRef: + kind: ClusterRole + name: weave-net + apiGroup: rbac.authorization.k8s.io + subjects: + - kind: ServiceAccount + name: weave-net + namespace: kube-system + - apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: Role + metadata: + name: weave-net + namespace: kube-system + labels: + name: weave-net + rules: + - apiGroups: + - '' + resources: + - configmaps + resourceNames: + - weave-net + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: RoleBinding + metadata: + name: weave-net + namespace: kube-system + labels: + name: weave-net + roleRef: + kind: Role + name: weave-net + apiGroup: rbac.authorization.k8s.io + subjects: + - kind: ServiceAccount + name: weave-net + namespace: kube-system + - apiVersion: extensions/v1beta1 + kind: DaemonSet + metadata: + name: weave-net + labels: + name: weave-net + namespace: kube-system + spec: + # Wait 5 seconds to let pod connect before rolling next pod + minReadySeconds: 5 + template: + metadata: + labels: + name: weave-net + spec: + containers: + - name: weave + command: + - /home/weave/launch.sh + env: + - name: HOSTNAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: 'weaveworks/weave-kube:2.5.1' + imagePullPolicy: Always + readinessProbe: + httpGet: + host: 127.0.0.1 + path: /status + port: 6784 + resources: + requests: + cpu: 10m + securityContext: + privileged: true + volumeMounts: + - name: weavedb + mountPath: /weavedb + - name: cni-bin + mountPath: /host/opt + - name: cni-bin2 + mountPath: /host/home + - name: cni-conf + mountPath: /host/etc + - name: dbus + mountPath: /host/var/lib/dbus + - name: lib-modules + mountPath: /lib/modules + - name: xtables-lock + mountPath: /run/xtables.lock + readOnly: false + - name: weave-npc + env: + - name: HOSTNAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: 'weaveworks/weave-npc:2.5.1' + imagePullPolicy: Always +#npc-args + resources: + requests: + cpu: 10m + securityContext: + privileged: true + volumeMounts: + - name: xtables-lock + mountPath: /run/xtables.lock + readOnly: false + hostNetwork: true + hostPID: true + restartPolicy: Always + securityContext: + seLinuxOptions: {} + serviceAccountName: weave-net + tolerations: + - effect: NoSchedule + operator: Exists + volumes: + - name: weavedb + hostPath: + path: /var/lib/weave + - name: cni-bin + hostPath: + path: /opt + - name: cni-bin2 + hostPath: + path: /home + - name: cni-conf + hostPath: + path: /etc + - name: dbus + hostPath: + path: /var/lib/dbus + - name: lib-modules + hostPath: + path: /lib/modules + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + updateStrategy: + type: RollingUpdate +EOF + +cat < /usr/local/bin/launch.sh +#!/bin/bash +echo Waiting for Kubernetes to start... + while [ ! -f /root/.kube/config ] + do + sleep 1 + done +echo Kubernetes started +if [ -f /root/.kube/start ]; then + /root/.kube/start +fi +EOF + +chmod +x /usr/local/bin/launch.sh diff --git a/environments/crunchydata-k8s-centos/master/build/99_cleanup.sh b/environments/crunchydata-k8s-centos/master/build/99_cleanup.sh new file mode 100644 index 00000000..f9b42c3f --- /dev/null +++ b/environments/crunchydata-k8s-centos/master/build/99_cleanup.sh @@ -0,0 +1,4 @@ +rm -f ~/.kube/config; sudo rm -f /root/.kube/config; sudo rm -f /var/lib/dbus/machine-id; sudo rm -f /etc/machine-id; sudo rm -f /etc/weave/machine-uuid; sudo rm -f /etc/.regen-machine-id; sudo rm -f /root/.bash_history; sudo rm -f /home/ubuntu/.bash_history; sudo rm -f /etc/docker/key.json; sudo systemctl stop kubelet; sudo find /var/lib/kubelet | xargs -n 1 findmnt -n -t tmpfs -o TARGET -T | uniq | xargs -r sudo umount -v; sudo rm -r -f /etc/kubernetes /var/lib/kubelet /var/lib/etcd /etc/cni/net.d/* /var/lib/dockershim; true + +sudo dbus-uuidgen --ensure +sudo dbus-uuidgen > /etc/machine-id diff --git a/environments/crunchydata-k8s-centos/node01/build/1_k8s_node.sh b/environments/crunchydata-k8s-centos/node01/build/1_k8s_node.sh index ac7af4d1..077d61bb 100644 --- a/environments/crunchydata-k8s-centos/node01/build/1_k8s_node.sh +++ b/environments/crunchydata-k8s-centos/node01/build/1_k8s_node.sh @@ -1,3 +1,12 @@ +set -e +sudo yum remove -y docker docker-common + +sudo yum install -y yum-utils +sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo +sudo yum install -y docker-ce docker-ce-cli containerd.io +systemctl enable --now docker +systemctl start docker + echo '127.0.0.1 node01' >> /etc/hosts hostname node01 && echo node01 > /etc/hostname hostnamectl set-hostname node01 @@ -17,7 +26,7 @@ EOF setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config -yum install -y docker kubelet kubeadm kubectl --disableexcludes=kubernetes +yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes systemctl enable --now kubelet diff --git a/environments/crunchydata-k8s-centos/node01/build/99_cleanup.sh b/environments/crunchydata-k8s-centos/node01/build/99_cleanup.sh new file mode 100644 index 00000000..f9b42c3f --- /dev/null +++ b/environments/crunchydata-k8s-centos/node01/build/99_cleanup.sh @@ -0,0 +1,4 @@ +rm -f ~/.kube/config; sudo rm -f /root/.kube/config; sudo rm -f /var/lib/dbus/machine-id; sudo rm -f /etc/machine-id; sudo rm -f /etc/weave/machine-uuid; sudo rm -f /etc/.regen-machine-id; sudo rm -f /root/.bash_history; sudo rm -f /home/ubuntu/.bash_history; sudo rm -f /etc/docker/key.json; sudo systemctl stop kubelet; sudo find /var/lib/kubelet | xargs -n 1 findmnt -n -t tmpfs -o TARGET -T | uniq | xargs -r sudo umount -v; sudo rm -r -f /etc/kubernetes /var/lib/kubelet /var/lib/etcd /etc/cni/net.d/* /var/lib/dockershim; true + +sudo dbus-uuidgen --ensure +sudo dbus-uuidgen > /etc/machine-id diff --git a/training/foundations-pathway.json b/training/foundations-pathway.json index 5550cd79..8386c25d 100644 --- a/training/foundations-pathway.json +++ b/training/foundations-pathway.json @@ -4,9 +4,9 @@ "courses": [ { "pathway_id": "crunchydata/workshops", - "id": "postgrestraining", - "course_id": "postgrestraining", - "title": "PostgreSQL Training" + "id": "pitr", + "course_id": "pitr", + "title": "PostgreSQL Point In Time Recovery" }, { "pathway_id": "crunchydata/workshops",