init commit

.gitignore

@@ -0,0 +1,2 @@
+config.cfg
+ansible.hosts.tmp

add_node.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+
+BASE_DIR=$(cd `dirname $0` && pwd)
+cd $BASE_DIR
+
+. ./config.cfg
+
+ansible-playbook playbooks/k8s/node.yml 

ansible.cfg

@@ -0,0 +1,43 @@
+# config file for ansible -- http://ansible.com/
+# ==============================================
+
+# This config file provides examples for running
+# the offline k8s playbooks with the provided
+# inventory scripts.
+
+[defaults]
+# Set the log_path
+log_path = ~/k8s-ansible.log
+
+# Additional default options for OpenShift Ansible
+forks = 20
+host_key_checking = False
+retry_files_enabled = False
+retry_files_save_path = ~/k8s-installer-retries
+nocows = True
+remote_user = root
+roles_path = roles/
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = $HOME/ansible/facts
+fact_caching_timeout = 600
+callback_whitelist = profile_tasks
+inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt, .ini
+# work around privilege escalation timeouts in ansible:
+timeout = 30
+
+# Uncomment to use the provided example inventory
+#inventory = inventory/hosts.example
+
+[inventory]
+# fail more helpfully when the inventory file does not parse (Ansible 2.4+)
+unparsed_is_failed=true
+
+# Additional ssh options for OpenShift Ansible
+[ssh_connection]
+pipelining = True
+ssh_args = -o ControlMaster=auto -o ControlPersist=600s
+timeout = 10
+# shorten the ControlPath which is often too long; when it is,
+# ssh connection reuse silently fails, making everything slower.
+control_path = %(directory)s/%%h-%%r

ansible.hosts.ha.tpl

@@ -0,0 +1,66 @@
+[k8sCluster:children]
+masters
+nodes
+install
+new_nodes
+
+# Set variables common for all k8s-cluster hosts
+[k8sCluster:vars]
+# SSH user, this user should allow ssh based auth without requiring a password
+ansible_ssh_user=root
+ansible_ssh_pass=12345678
+ansible_port=22
+
+# If ansible_ssh_user is not root, ansible_become must be set to true
+ansible_become=false
+
+# 是否更新操作系统及内核
+is_system_update=True
+
+# 默认节点不是公网节点
+public_network_node = True
+
+# 是否开启 flannel
+flannel_enable=True
+
+# api server 域名
+master_vip="172.26.181.239"
+master_vip_advertise_address="x.x.x.x"
+node_domain=solarfs.k8s
+install_domain=install.{{node_domain}}
+api_server_domain="api-server.{{node_domain}}"
+api_server_port="6443"
+
+# k8s 版本
+k8s_version=1.21.1
+# 定义外部镜像仓库
+registry_domain=registry.hisun.netwarps.com
+registry_repo="{{registry_domain}}" 
+pod_infra_container_image="{{registry_repo}}/google_containers/pause:3.2"
+
+# subnet
+service_subnet=10.96.0.0/12
+pod_subnet=10.128.0.0/16
+
+# helm
+helm_binary_md5=e4500993ba21e5e6bdfbc084b4342025
+helm_binary_url=https://pnode.solarfs.io/dn/file/{{helm_binary_md5}}/helm-v3.6.0-linux-amd64.tar.gz
+helm_repo_name=chartmuseum-hisun
+helm_repo=https://charts.apps181227.hisun.k8s
+helm_username=admin
+helm_password=12345678
+
+[install]
+master1.solarfs.k8s
+
+[masters]
+master1.solarfs.k8s ansible_host=172.26.181.236 advertise_address="x.x.x.x"
+master2.solarfs.k8s ansible_host=172.26.181.237 advertise_address="x.x.x.x"
+master3.solarfs.k8s ansible_host=172.26.181.238 advertise_address="x.x.x.x"
+
+[nodes]
+node1.solarfs.k8s ansible_host=172.26.181.240 advertise_address="x.x.x.x"
+node2.solarfs.k8s ansible_host=x.x.x.x advertise_address="x.x.x.x"
+
+[new_nodes]
+node3.solarfs.k8s ansible_host=x.x.x.x advertise_address="x.x.x.x"

base_init.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+
+BASE_DIR=$(cd `dirname $0` && pwd)
+cd $BASE_DIR
+
+. ./config.cfg
+
+base_init(){
+	# set date time
+	./install_init/setTime.sh
+	# install install-machine's yum repo
+        if [ "$is_offline" == "True" ];then
+		./install_init/installYumRepo.sh
+	fi
+	# init iptables
+	./install_init/init_iptables.sh
+	# install ansible
+	./install_init/installAnsible.sh
+	# all nodes host init
+	./host_init.sh
+}
+
+main(){
+	base_init
+}
+main

build_ansible_var.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+base_dir=$(cd `dirname $0` && pwd)
+cd $base_dir
+set -e
+. ./config.cfg
+
+mkdir -p /etc/ansible/group_vars
+echo '' > /etc/ansible/group_vars/all
+
+VAR_NAMES=`grep -Ev '^[[:space:]]*#|^$|\`|^set|^if|^elif|^else|^fi|^[[:space:]]*echo|^[[:space:]]*grep|^[[:space:]]*ACCESS_DOMAIN|^[[:space:]]*LB_DOMAIN|^[[:space:]]*MASTER_DOMAINS' ./config.cfg|awk -F '=' '{print $1}'`
+
+for VAR_NAME in $VAR_NAMES
+do
+
+	VAR_NAME=`echo $VAR_NAME|xargs|sed 's/export//g'|xargs`
+	eval VAR_VALUE=\$$VAR_NAME
+
+	if [ -z "$VAR_NAME" ] || [ -z "$VAR_VALUE" ];then
+		continue
+	fi
+
+        if [ "$VAR_VALUE" == "true" ] || [ "$VAR_VALUE" == "false" ];then
+                VAR_VALUE='"'$VAR_VALUE'"'
+        fi
+
+	if [ "$VAR_VALUE" == "yes" ] || [ "$VAR_VALUE" == "no" ];then
+                VAR_VALUE='"'$VAR_VALUE'"'
+        fi	
+
+	grep $VAR_NAME /etc/ansible/group_vars/all &>/dev/null && sed -i 's#'$VAR_NAME':.*#'$VAR_NAME': '"$VAR_VALUE"'#g' /etc/ansible/group_vars/all || echo "$VAR_NAME: $VAR_VALUE" >> /etc/ansible/group_vars/all
+done

check_count_tool.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+name=$1
+cmd=$2
+
+count=${3:-30}
+
+echo "check $name status "
+for i in `seq 1 $count`
+do
+	sleep 2
+	$cmd &>/dev/null && echo "$name status is ok." && break || echo -n "."
+	if [ $i -eq $count ];then
+		echo -e "\033[31m $name status is error \033[0m"
+		exit 1
+	fi
+done

config.cfg.example

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -x
+
+# 当前ansible-k8s目录所在路径,默认一般情况下不需要改动，如有变动请根据实际情况修改
+BASE_DIR="/data/ansible-k8s"
+
+# local network card
+LOCAL_ENNAME=eth0 ## Need to check
+
+# 是否线下安装
+is_offline=False
+
+# 负载均衡 IP
+master_vip="172.26.181.239"
+
+# 主机环境实际使用的上游dns server，酌情修改,公司内部实际使用的dns服务ip地址,poc建议为空（公司测试环境不建议配置，因为配置后所有节点就都可以访问外网，>有可能影响线>下包测试的准确性）
+upstream_dns_ips="172.26.164.91"
+
+# 是否安装时间同步服务(chronyd),True表示安装，False表示不安装，默认True，只有已经安装了 ntp 时间同步服务的情况下不安装;
+chronyd_install="True"
+# chronyd_install=True 时才生效,定义外部 ntp_server, ntp.cloud.aliyuncs.com 为阿里云内部 ntp 同步 server,  非阿里云主机访问可以改为 ntp.aliyun.com, 或自定义的 ntp server
+ntp_server="ntp.cloud.aliyuncs.com"
+
+export LOCAL_IP=`ip a show $LOCAL_ENNAME|awk '/inet.*brd.*'$LOCAL_ENNAME'/{print $2}'|awk -F "/" '{print $1}'`  # 无需改动
+if [ -z "$LOCAL_IP" ];then
+        echo "get $LOCAL_ENNAME ip error!" && exit 1
+fi
+
+# yum repo && config server
+export CONFIGSERVER_IP="$LOCAL_IP"
+export CONFIGSERVER_PORT="8081"
+
+
+# 高可用部署开关,True为部署高可用版，False为单机版一般无需改动
+if [ `$BASE_DIR/read-ansible-hosts.py -k masters|wc -l` -gt 1 ] ;then
+	HA="True"
+else
+	HA="False"
+fi

host_init.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+base_dir=$(cd `dirname $0` && pwd)
+cd $base_dir
+set -e
+
+. ./config.cfg
+
+INIT_HOSTS=k8sCluster
+
+if [ ! -z "$1" ];then
+	INIT_HOSTS=$1
+	shift
+fi
+
+export ANSIBLE_SCP_IF_SSH=y
+
+./build_ansible_var.sh
+
+ansible-playbook playbooks/host-init/host-init.yml --extra-vars "exec_hosts=$INIT_HOSTS $@"

install_init/init_iptables.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+BASE_DIR=$(cd `dirname $0` && pwd)
+cd $BASE_DIR
+
+. ../config.cfg
+
+# 禁用firewalld,保存现有iptables规则
+init_iptables(){
+	echo "##### disable firewalld start #####"
+	systemctl disable firewalld.service --now || echo
+	iptables -F
+	echo "##### disable firewalld end #####"
+
+}
+
+main(){
+	init_iptables
+}
+main

install_init/installAnsible.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+BASE_DIR=$(cd `dirname $0` && pwd)
+cd $BASE_DIR
+
+. ../config.cfg
+
+
+# install ansible
+installAnsible(){
+	echo "##### install ansible start #####"
+	# install ansible
+	if [ "$is_offline" == "True" ];then
+		yum --disablerepo=\* --enablerepo=offline-k8s* install -y ansible pyOpenSSL
+	else
+		yum install -y ansible pyOpenSSL
+	fi
+	# 配置/etc/ansible/ansible.cfg
+	\cp -f ../ansible.cfg /etc/ansible/ansible.cfg
+	echo "##### install ansible end #####"
+}
+
+configAnsible(){
+	echo "##### config ansible hosts start #####"
+        if [ -f "/etc/ansible/hosts" ] && grep -E 'k8sCluster' /etc/ansible/hosts &>/dev/null ;then
+		echo "/etc/ansible/hosts is already exists."
+	elif [  -f "../ansible.hosts.tmp" ]; then
+		\cp ../ansible.hosts.tmp /etc/ansible/hosts
+		rm -f ../ansible.hosts.tmp
+	else
+		echo "请将ansible.hosts.tpl拷贝为ansible.hosts.tmp并根据实际情况修改! "
+		exit 1
+	fi
+	echo "##### config ansible hosts end #####"
+}
+
+main(){
+	installAnsible
+	configAnsible
+}
+main

install_init/installYumRepo.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+# Author: jyliu
+set -e
+
+BASE_DIR=$(cd `dirname $0` && pwd)
+cd $BASE_DIR
+
+# install  install-machine's yum repo
+installMachineYumRepo(){
+	echo "##### install install-machine's yum repo start #####"
+	# 启动offline-yumrepo
+	sh ../../offline-yumrepo/enable.sh
+	systemctl restart offline-yumrepo
+	echo "##### install install-machine's yum repo end #####"
+}
+
+main(){
+	installMachineYumRepo
+}
+main

install_init/lockResolv.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+BASE_DIR=$(cd `dirname $0` && pwd)
+cd $BASE_DIR
+
+. ../config.cfg
+
+HOSTS=OSEv3
+if [ ! -z "$2" ];then
+	HOSTS=$2
+fi
+
+# lock /etc/resolv.conf
+lockResolv(){
+        ansible $HOSTS -m shell -a "chattr +i /etc/resolv.conf"
+}
+
+# unlock /etc/resolv.conf
+unlockResolv(){
+        ansible $HOSTS -m shell -a "chattr -i /etc/resolv.conf"
+}
+
+is_lock=$1
+
+if [ "x$is_lock" == "xtrue" ];then
+	lockResolv	
+elif [ "x$is_lock" == "xfalse" ];then
+	unlockResolv
+fi

install_init/setTime.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+timedatectl set-timezone Asia/Shanghai
+tmpdatetime=`date "+%F %T"`
+read -p "Please set current time, If it is empty, it is not modified. (example: $tmpdatetime): " datetime
+
+if [ ! -z "$datetime" ];then
+	date -s "$datetime"
+else
+	echo "The current time is not modified."
+fi