nettoyage

README.md

@@ -1,5 +1,7 @@
 # vagrant
 
+le 2022-12-04
+
 Ce dépôt héberge des **Vagrantfile** dont
   * **docker**
   * **docker-wordpress**
@@ -10,4 +12,6 @@ Ce dépôt héberge des **Vagrantfile** dont
   * **docker-traefik-nginx**
   * **docker-elk**
   * **devstack**
+  * **k8s** : kubernetes 1.26.00 + playbook pour master **k8s-master** et 2 noeuds **node-1** et **node-2**
   * **minione**
+  * **rundeck** : Vagrantfile + playbook pour installation avec Mariadb

k8s/README.md

@@ -0,0 +1,15 @@
+# kubernetes
+
+## Mise en place d'un cluster kubernetes à 3 machines (1 maitre et 2 noeuds)
+
+le 2022-12-27
+
+Ce ficher **Vagrantfile** permet l'installation d'un cluster kubernetes 1.26.00 avec **kubeadm**
+
+Ce cluster se compose :
+* d'un maitre (controle-plane) appelé **k8s-master** 192.168.56.10
+* et de deux noeuds : 
+  * **node-1** (192.168.56.11)
+  * **node-2** (192.168.56.12)
+
+La couche réseau est fournie par le fournisseur **calico**

k8s/Vagrantfile

@@ -0,0 +1,39 @@
+#IMAGE_NAME = "bento/ubuntu-16.04"
+IMAGE_NAME = "debian/bullseye64"
+N = 2
+
+Vagrant.configure("2") do |config|
+    config.ssh.insert_key = false
+
+    config.vm.provider "virtualbox" do |v|
+        v.memory = 2048
+        v.cpus = 2
+    end
+      
+    config.vm.define "k8s-master" do |master|
+        master.vm.box = IMAGE_NAME
+        master.vm.network "private_network", ip: "192.168.56.10"
+        master.vm.hostname = "k8s-master"
+        master.vm.provision "ansible" do |ansible|
+            ansible.playbook = "kubernetes-setup/master-playbook.yml"
+            ansible.extra_vars = {
+                node_ip: "192.168.56.10",
+            }
+        end
+    end
+
+    (1..N).each do |i|
+        config.vm.define "node-#{i}" do |node|
+            node.vm.box = IMAGE_NAME
+            node.vm.network "private_network", ip: "192.168.56.#{i + 10}"
+            node.vm.hostname = "node-#{i}"
+            node.vm.provision "ansible" do |ansible|
+                ansible.playbook = "kubernetes-setup/node-playbook.yml"
+                ansible.extra_vars = {
+                    node_ip: "192.168.56.#{i + 10}",
+                }
+            end
+        end
+    end
+end
+

k8s/kubernetes-setup/master-playbook.yml

@@ -0,0 +1,173 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: Set timezone to Europe/Paris
+    community.general.timezone:
+     name: Europe/Paris
+
+  - name: maj fichier hosts  
+    ansible.builtin.blockinfile:
+      path: /etc/hosts
+      block: |
+        192.168.56.10 k8s-master
+        192.168.56.11 node-1
+        192.168.56.12 node-2
+
+  - name: Forwarding IPv4 and letting iptables see bridged traffic
+    ansible.builtin.blockinfile:
+      path: /etc/modules-load.d/k8s.conf
+      create: yes
+      block: |
+        overlay
+        br_netfilter
+ 
+  - name: charge module overlay 
+    community.general.modprobe:
+      state: present
+      name: overlay
+  
+  - name: charge module overlay et br_netfilter
+    community.general.modprobe:
+      state: present
+      name: br_netfilter
+ 
+  - name: persistance des bridges
+    ansible.builtin.blockinfile:
+      path: /etc/sysctl.d/k8s.conf
+      create: yes
+      block: |
+        net.bridge.bridge-nf-call-iptables  = 1
+        net.bridge.bridge-nf-call-ip6tables = 1
+        net.ipv4.ip_forward                 = 1
+
+  - name: applique les parametres sysctl
+    command: "sysctl --system"
+  
+  - name: Recupere get-docker
+    get_url: 
+      url: "https://get.docker.com"
+      dest: /tmp/get-docker.sh
+
+  - name: lance get-docker - installe docker, containerd ... 
+    command: 'sh /tmp/get-docker.sh'
+
+  - name: Add vagrant user to docker group
+    user:
+      name: vagrant
+      group: docker
+
+  - name: cree repertoire /etc/containerd
+    file:
+      path: /etc/containerd
+      state: directory  
+
+  - name: genere config.toml (containerd)
+    #command: "sudo containerd config default | sudo tee /etc/containerd/config.toml"
+    shell: "containerd config default | tee /etc/containerd/config.toml"
+
+  - name: configure cgroup driver pour systemd (config.toml)
+    replace:
+      path: "/etc/containerd/config.toml"
+      regexp:  'SystemdCgroup = false'
+      replace: 'SystemdCgroup = true'  
+      backup: yes
+
+  - name: redemarre containerd
+    service:
+      name: containerd
+      state: restarted
+      enabled: yes
+
+  - name: Remove swapfile from /etc/fstab
+    mount:
+      name: "{{ item }}"
+      fstype: swap
+      state: absent
+    with_items:
+      - swap
+      - none
+
+  - name: Disable swap
+    command: swapoff -a
+    when: ansible_swaptotal_mb > 0
+
+  - name: Add an apt signing key for Kubernetes
+    apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      state: present
+
+  - name: Adding apt repository for Kubernetes
+    apt_repository:
+      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
+      state: present
+      filename: kubernetes.list
+
+  - name: Install Kubernetes binaries
+    apt:
+      name: "{{ packages }}"
+      state: present
+      update_cache: yes
+    vars:
+      packages:
+        - kubelet
+        - kubeadm
+        - kubectl
+
+  - name: Cree file kubelet
+    ansible.builtin.file:
+      path: /etc/default/kubelet
+      state: touch 
+
+  - name: Configure node ip
+    lineinfile:
+      path: /etc/default/kubelet
+      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
+      create: yes
+
+  - name: Restart kubelet
+    service:
+      name: kubelet
+      daemon_reload: yes
+      state: restarted
+
+        #  - name:  nettoie config.toml 
+        #    file: 
+        #      path: /etc/containerd/config.toml
+        #      state: absent
+
+  - name:  redemarre containerd 
+    service:
+      name: containerd
+      state: restarted
+
+  - name: Initialize the Kubernetes cluster using kubeadm
+    command: kubeadm init --apiserver-advertise-address="{{ node_ip }}" --apiserver-cert-extra-sans="{{ node_ip }}"  --node-name k8s-master --pod-network-cidr=192.168.0.0/16
+
+  - name: Setup kubeconfig for vagrant user
+    command: "{{ item }}"
+    with_items:
+     - mkdir -p /home/vagrant/.kube
+     - cp -i /etc/kubernetes/admin.conf /home/vagrant/.kube/config
+     - chown vagrant:vagrant /home/vagrant/.kube/config
+
+  - name: Install calico pod network
+    become: false
+      #command: kubectl create -f https://docs.projectcalico.org/v3.24.5/getting-started/kubernetes/installation/hosted/calico.yaml
+#    command: kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/custom-resources.yaml
+#    command: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/tigera-operator.yaml"
+    command: "kubectl create -f https://docs.projectcalico.org/manifests/calico-typha.yaml"
+
+  - name: Generate join command
+    command: "kubeadm token create --print-join-command"
+    register: join_command
+
+  - name: Copy join command to local file
+    local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="./join-command"
+
+  handlers:
+    - name: docker status
+      service:
+         name: docker
+         state: started
+

k8s/kubernetes-setup/node-playbook.yml

@@ -0,0 +1,152 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: Set timezone to Europe/Paris
+    community.general.timezone:
+      name: Europe/Paris
+
+  - name: maj fichier hosts  
+    ansible.builtin.blockinfile:
+      path: /etc/hosts
+      block: |
+        192.168.56.10 k8s-master
+        192.168.56.11 node-1
+        192.168.56.12 node-2
+
+  - name: Forwarding IPv4 and letting iptables see bridged traffic
+    ansible.builtin.blockinfile:
+      path: /etc/modules-load.d/k8s.conf
+      create: yes
+      block: |
+        overlay
+        br_netfilter
+ 
+  - name: charge module overlay 
+    community.general.modprobe:
+      state: present
+      name: overlay
+  
+  - name: charge module overlay et br_netfilter
+    community.general.modprobe:
+      state: present
+      name: br_netfilter
+ 
+  - name: persistance des bridges
+    ansible.builtin.blockinfile:
+      path: /etc/sysctl.d/k8s.conf
+      create: yes
+      block: |
+        net.bridge.bridge-nf-call-iptables  = 1
+        net.bridge.bridge-nf-call-ip6tables = 1
+        net.ipv4.ip_forward                 = 1
+
+  - name: applique les parametres sysctl
+    command: "sysctl --system"
+  
+  - name: Recupere get-docker
+    get_url: 
+      url: "https://get.docker.com"
+      dest: /tmp/get-docker.sh
+
+  - name: lance get-docker - installe docker, containerd ... 
+    command: 'sh /tmp/get-docker.sh'
+
+  - name: Add vagrant user to docker group
+    user:
+      name: vagrant
+      group: docker
+
+  - name: cree repertoire /etc/containerd
+    file:
+      path: /etc/containerd
+      state: directory  
+
+  - name: genere config.toml (containerd)
+    #command: "sudo containerd config default | sudo tee /etc/containerd/config.toml"
+    shell: "containerd config default | tee /etc/containerd/config.toml"
+
+  - name: configure cgroup driver pour systemd (config.toml)
+    replace:
+      path: "/etc/containerd/config.toml"
+      regexp:  'SystemdCgroup = false'
+      replace: 'SystemdCgroup = true'  
+      backup: yes
+
+  - name: redemarre containerd
+    service:
+      name: containerd
+      state: restarted
+      enabled: yes
+
+  - name: Remove swapfile from /etc/fstab
+    mount:
+      name: "{{ item }}"
+      fstype: swap
+      state: absent
+    with_items:
+      - swap
+      - none
+
+  - name: Disable swap
+    command: swapoff -a
+    when: ansible_swaptotal_mb > 0
+
+  - name: Add an apt signing key for Kubernetes
+    apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      state: present
+
+  - name: Adding apt repository for Kubernetes
+    apt_repository:
+      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
+      state: present
+      filename: kubernetes.list
+
+  - name: Install Kubernetes binaries
+    apt:
+      name: "{{ packages }}"
+      state: present
+      update_cache: yes
+    vars:
+      packages:
+        - kubelet
+        - kubeadm
+        - kubectl
+
+  - name: Cree file kubelet
+    ansible.builtin.file:
+      path: /etc/default/kubelet
+      state: touch 
+
+  - name: Configure node ip
+    lineinfile:
+      path: /etc/default/kubelet
+      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
+      create: yes
+
+  - name: Restart kubelet
+    service:
+      name: kubelet
+      daemon_reload: yes
+      state: restarted
+
+  - name:  redemarre containerd 
+    service:
+      name: containerd
+      state: restarted
+
+  - name: Copy the join command to server location
+    copy: 
+      src: join-command
+      dest: /tmp/join-command.sh
+      mode: 0777
+
+  - name: Join the node to cluster
+    command: sh /tmp/join-command.sh
+
+  - name: docker status
+    service:
+       name: docker
+       state: started
+

rundeck/deploy-rundeck.yml

@@ -3,11 +3,11 @@
   hosts: all
   become: yes
   vars:
-     - rddbname: "rundeck"  
-     - rduser: "rundeckuser"  
-     - rdpw: "rundeckuserpassword"  
-     - rdhost: "rundeck" 
-     - rdtz: "Europe/Paris" 
+     - rddbname: "rundeck"
+     - rduser: "rundeckuser"
+     - rdpw: "rundeckuserpassword"
+     - rdhost: "rundeck"
+     - rdtz: "Europe/Paris"
 
   tasks:
   - name: Change TimeZone to "{{ rdtz }}"
@@ -21,7 +21,7 @@
         - gpg
         - curl
         - wget
-        - vim 
+        - vim
         - openjdk-11-jre-headless
         - python3-pymysql
       state: present
@@ -31,7 +31,7 @@
       name: mariadb-server
       state: present
 
-  - name: cree db "{{ rddbname }}"
+  - name: cree db "{{ rddbname }}"
     community.mysql.mysql_db:
       name: "{{ rddbname }}"
       state: present