Add KVM hypervisor playbook to contrib
Optional Ansible playbook for preparing a host for running Kargo. This includes creation of a user account, some basic packages, and sysctl values required to allow CNI networking on a libvirt network.
This commit is contained in:
parent
f7ef452d8a
commit
3889c2e01c
7 changed files with 164 additions and 2 deletions
11
contrib/kvm-setup/README.md
Normal file
11
contrib/kvm-setup/README.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# Kargo on KVM Virtual Machines hypervisor preparation
|
||||||
|
|
||||||
|
A simple playbook to ensure your system has the right settings to enable Kargo
|
||||||
|
deployment on VMs.
|
||||||
|
|
||||||
|
This playbook does not create Virtual Machines, nor does it run Kargo itself.
|
||||||
|
|
||||||
|
### User creation
|
||||||
|
|
||||||
|
If you want to create a user for running Kargo deployment, you should specify
|
||||||
|
both `k8s_deployment_user` and `k8s_deployment_user_pkey_path`.
|
3
contrib/kvm-setup/group_vars/all
Normal file
3
contrib/kvm-setup/group_vars/all
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#k8s_deployment_user: kargo
|
||||||
|
#k8s_deployment_user_pkey_path: /tmp/ssh_rsa
|
||||||
|
|
8
contrib/kvm-setup/kvm-setup.yml
Normal file
8
contrib/kvm-setup/kvm-setup.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
gather_facts: False
|
||||||
|
become: yes
|
||||||
|
vars:
|
||||||
|
- bootstrap_os: none
|
||||||
|
roles:
|
||||||
|
- kvm-setup
|
46
contrib/kvm-setup/roles/kvm-setup/tasks/main.yml
Normal file
46
contrib/kvm-setup/roles/kvm-setup/tasks/main.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Upgrade all packages to the latest version (yum)
|
||||||
|
yum:
|
||||||
|
name: '*'
|
||||||
|
state: latest
|
||||||
|
when: ansible_os_family == "RedHat"
|
||||||
|
|
||||||
|
- name: Install required packages
|
||||||
|
yum:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
with_items:
|
||||||
|
- bind-utils
|
||||||
|
- ntp
|
||||||
|
when: ansible_os_family == "RedHat"
|
||||||
|
|
||||||
|
- name: Install required packages
|
||||||
|
apt:
|
||||||
|
upgrade: yes
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 3600
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
install_recommends: no
|
||||||
|
with_items:
|
||||||
|
- dnsutils
|
||||||
|
- ntp
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
|
- name: Upgrade all packages to the latest version (apt)
|
||||||
|
shell: apt-get -o \
|
||||||
|
Dpkg::Options::=--force-confdef -o \
|
||||||
|
Dpkg::Options::=--force-confold -q -y \
|
||||||
|
dist-upgrade
|
||||||
|
environment:
|
||||||
|
DEBIAN_FRONTEND: noninteractive
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
|
|
||||||
|
# Create deployment user if required
|
||||||
|
- include: user.yml
|
||||||
|
when: k8s_deployment_user is defined
|
||||||
|
|
||||||
|
# Set proper sysctl values
|
||||||
|
- include: sysctl.yml
|
46
contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
Normal file
46
contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
- name: Load br_netfilter module
|
||||||
|
modprobe:
|
||||||
|
name: br_netfilter
|
||||||
|
state: present
|
||||||
|
register: br_netfilter
|
||||||
|
|
||||||
|
- name: Add br_netfilter into /etc/modules
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/modules
|
||||||
|
state: present
|
||||||
|
line: 'br_netfilter'
|
||||||
|
when: br_netfilter is defined and ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Add br_netfilter into /etc/modules-load.d/kargo.conf
|
||||||
|
copy:
|
||||||
|
dest: /etc/modules-load.d/kargo.conf
|
||||||
|
content: |-
|
||||||
|
### This file is managed by Ansible
|
||||||
|
br-netfilter
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
when: br_netfilter is defined
|
||||||
|
|
||||||
|
|
||||||
|
- name: Enable net.ipv4.ip_forward in sysctl
|
||||||
|
sysctl:
|
||||||
|
name: net.ipv4.ip_forward
|
||||||
|
value: 1
|
||||||
|
sysctl_file: /etc/sysctl.d/ipv4-ip_forward.conf
|
||||||
|
state: present
|
||||||
|
reload: yes
|
||||||
|
|
||||||
|
- name: Set bridge-nf-call-{arptables,iptables} to 0
|
||||||
|
sysctl:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
value: 0
|
||||||
|
sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
|
||||||
|
reload: yes
|
||||||
|
with_items:
|
||||||
|
- net.bridge.bridge-nf-call-arptables
|
||||||
|
- net.bridge.bridge-nf-call-ip6tables
|
||||||
|
- net.bridge.bridge-nf-call-iptables
|
||||||
|
when: br_netfilter is defined
|
46
contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
Normal file
46
contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
- name: Create user {{ k8s_deployment_user }}
|
||||||
|
user:
|
||||||
|
name: "{{ k8s_deployment_user }}"
|
||||||
|
groups: adm
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
- name: Ensure that .ssh exists
|
||||||
|
file:
|
||||||
|
path: "/home/{{ k8s_deployment_user }}/.ssh"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ k8s_deployment_user }}"
|
||||||
|
group: "{{ k8s_deployment_user }}"
|
||||||
|
|
||||||
|
- name: Configure sudo for deployment user
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
|
||||||
|
dest: "/etc/sudoers.d/55-k8s-deployment"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Write private SSH key
|
||||||
|
copy:
|
||||||
|
src: "{{ k8s_deployment_user_pkey_path }}"
|
||||||
|
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
|
||||||
|
mode: 0400
|
||||||
|
owner: "{{ k8s_deployment_user }}"
|
||||||
|
group: "{{ k8s_deployment_user }}"
|
||||||
|
when: k8s_deployment_user_pkey_path is defined
|
||||||
|
|
||||||
|
- name: Write public SSH key
|
||||||
|
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
|
||||||
|
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
||||||
|
args:
|
||||||
|
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
||||||
|
when: k8s_deployment_user_pkey_path is defined
|
||||||
|
|
||||||
|
- name: Fix ssh-pub-key permissions
|
||||||
|
file:
|
||||||
|
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
||||||
|
mode: 0600
|
||||||
|
owner: "{{ k8s_deployment_user }}"
|
||||||
|
group: "{{ k8s_deployment_user }}"
|
||||||
|
when: k8s_deployment_user_pkey_path is defined
|
|
@ -21,12 +21,14 @@
|
||||||
- name: delete gce instances
|
- name: delete gce instances
|
||||||
gce:
|
gce:
|
||||||
instance_names: "{{instance_names}}"
|
instance_names: "{{instance_names}}"
|
||||||
image: "{{ cloud_image }}"
|
image: "{{ cloud_image | default(omit) }}"
|
||||||
service_account_email: "{{ gce_service_account_email }}"
|
service_account_email: "{{ gce_service_account_email }}"
|
||||||
pem_file: "{{ gce_pem_file | default(omit)}}"
|
pem_file: "{{ gce_pem_file | default(omit)}}"
|
||||||
credentials_file: "{{gce_credentials_file | default(omit)}}"
|
credentials_file: "{{gce_credentials_file | default(omit)}}"
|
||||||
project_id: "{{ gce_project_id }}"
|
project_id: "{{ gce_project_id }}"
|
||||||
zone: "{{cloud_region | default('europe-west1-b')}}"
|
zone: "{{cloud_region | default('europe-west1-b')}}"
|
||||||
metadata: '{"test_id": "{{test_id}}", "network": "{{kube_network_plugin}}"}'
|
|
||||||
state: 'absent'
|
state: 'absent'
|
||||||
|
async: 120
|
||||||
|
poll: 3
|
||||||
|
retries: 3
|
||||||
register: gce
|
register: gce
|
||||||
|
|
Loading…
Reference in a new issue