tookeyman/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initital commit

Browse Source
This commit is contained in:
dtookey 2024-09-03 09:25:22 -04:00
commit 74fde30eeb
35 changed files with 3346 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker/blog/Dockerfile Normal file
View File

@ -0,0 +1,6 @@
FROM nginx:alpine
COPY nginx/mime.types /etc/nginx/
COPY nginx/nginx.conf /etc/nginx/
COPY ./dist /usr/share/nginx/html

68
docker/blog/nginx/mime.types Normal file
View File

@ -0,0 +1,68 @@
types {
text/css css;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx;
application/vnd.openxmlformats-officedocument.spreadsheetml.template. xltx;
application/vnd.openxmlformats-officedocument.presentationml.template. potx;
}

47
docker/blog/nginx/nginx.conf Normal file
View File

@ -0,0 +1,47 @@
worker_processes 4;
# nginx.conf
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
sendfile on;
tcp_nopush on;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
server {
listen 80;
server_name lab.gg;
# Root directory for serving files
root /usr/share/nginx/html;
# Default file to serve
index index.html index.htm;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_proxied any;
gzip_types text/html text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
server_tokens off;
# Enable caching for static content for 15 minutes
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|webp|woff|woff2|ttf|otf|eot)$ {
expires 15m;
add_header Cache-Control "public, max-age=900";
try_files $uri.gz $uri =404;
}
}
}

6
groups/all Normal file
View File

@ -0,0 +1,6 @@
ares
artemis
cupid1
cupid2
cupid3
cupid4

1
groups/compute Normal file
View File

@ -0,0 +1 @@
artemis

2
groups/debug Normal file
View File

@ -0,0 +1,2 @@
ares
artemis

1
groups/leader Normal file
View File

@ -0,0 +1 @@
ares

4
groups/workers Normal file
View File

@ -0,0 +1,4 @@
cupid1
cupid2
cupid3
cupid4

3
kubes/cni/install.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

16
kubes/dns/coredns-tolerations.json Normal file
View File

@ -0,0 +1,16 @@
[
{
"op": "add",
"path": "/spec/template/spec/tolerations",
"value": [
{
"effect": "NoSchedule",
"key": "leader"
},
{
"effect": "NoSchedule",
"key": "node-role.kubernetes.io/control-plane"
}
]
}
]

211
kubes/dns/flannel.yaml Normal file
View File

@ -0,0 +1,211 @@
---
kind: Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
k8s-app: flannel
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: flannel
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
k8s-app: flannel
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"EnableNFTables": false,
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
k8s-app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- effect: NoSchedule
key: leader
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: docker.io/flannel/flannel:v0.25.6
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.25.6
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate

23
kubes/dns/kube-dns.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.96.0.10
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP

10
kubes/ingress/install.sh Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
PATH_ROOT=$GOPATH/src/mlog/infra/kubes/ingress
cd $PATH_ROOT || exit
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade -f tolerations.yaml --install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace

14
kubes/ingress/tolerations.yaml Normal file
View File

@ -0,0 +1,14 @@
controller:
tolerations:
- effect: NoSchedule
key: compute
admissionWebhooks:
patch:
tolerations:
- effect: NoSchedule
key: compute
defaultBackend:
tolerations:
- effect: NoSchedule
key: compute

7
kubes/metallb/install.sh Executable file
View File

@ -0,0 +1,7 @@
#! /usr/bin/env bash
PROJECT_ROOT=$GOPATH/src/mlog
cd ${PROJECT_ROOT}/infra/kubes/metallb || exit
kubectl apply -f loadbalancer.yaml
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" || true

2029
kubes/metallb/loadbalancer.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

6
kubes/proofofconcept/create-registry-secret.sh Executable file
View File

@ -0,0 +1,6 @@
#!/usr/bin/env bash
read -p "Enter the hostname: " hostname
read -p "Enter the username: " username
read -sp "Enter the secret: " secret
kubectl create secret -n proof-of-concept docker-registry regsecret --docker-server=${hostname} --docker-username=${username} --docker-password=${secret}

68
kubes/proofofconcept/poc-deployment.yaml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: v1
kind: Namespace
metadata:
name: proof-of-concept
---
apiVersion: v1
kind: Service
metadata:
name: proof-of-concept
namespace: proof-of-concept
spec:
type: NodePort
selector:
app: proof-of-concept
ports:
- protocol: TCP
port: 60000
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
namespace: proof-of-concept
spec:
ingressClassName: nginx
rules:
- host: lab.gg
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: proof-of-concept
port:
number: 60000
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: proof-of-concept
name: blog-static
labels:
app: proof-of-concept
spec:
replicas: 4
selector:
matchLabels:
app: proof-of-concept
template:
metadata:
labels:
app: proof-of-concept
spec:
tolerations:
- key: "worker"
operator: "Exists"
effect: "NoSchedule"
imagePullSecrets:
- name: regsecret
containers:
- name: static-blog
image: registry.geniuscartel.xyz/virgil/mlog:latest
imagePullPolicy: Always
ports:
- containerPort: 80
---

15
rpi/cupid/network-config.yaml Executable file
View File

@ -0,0 +1,15 @@
network:
version: 2
ethernets:
eth0:
dhcp4: false
addresses:
- 10.1.1.x/16
routes:
- to: default
via: 10.1.70.1
metric: 100
on-link: true
nameservers:
addresses: [10.1.70.1]

51
rpi/cupid/user-data.yaml Executable file
View File

@ -0,0 +1,51 @@
#cloud-config
hostname: cupidX
# here's the reference: https://docs.cloud-init.io/en/latest/reference/examples.html#including-users-and-groups
manage_etc_hosts: true
timezone: America/New_York
ssh_pwauth: false
users:
- name: virgil
groups: users,adm,dialout,netdev,plugdev,cdrom,input,gpio,spi,i2c,render,sudo,docker
shell: /bin/bash
lock_passwd: false
passwd: $5$8xH/luS/5i$EjrWRLUA4WbnGs.Vd/LQU6K7Pf7dIMOTpQ3ovPtCnSA
sudo: ALL=(ALL) NOPASSWD:ALL
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDgBk3q6TDTaFWoipBo8pDppCHlAHBdqXSDNWmy+zS5dm2VwmoTnT+46Sjurzb+nJOSCZ5wWkLUT+zPRq/Y83PGYseocJdXGZGHaDIudU+pnTShDcfY1e2xSapdPmYBgnoU6aOGb4JvlmLzLblBwSiwcSRrBFKvN/0Zz4JpkzNMRArqNZpIQtjAo5VG5RjudISJE57pqhy2f3YHcaqQlgRoP8i4syqSy0YZFIdnavyvszkQXXuoD9nxhkpamo87NgZiOWMSVEr7ilECFHbh2cYABaXaJvbpI9vkA1C8x1TDkSMAft6KvD36ezC2+YJPTpIYr8xlTZpfaGuyR2hOTkB9AkN3hm2aQFiz4Yh4xSYJjZJXfUOPDtGnwIvUFWXtXUAzDrFna/jJFNeXqbEGujcjyyAbZ695nwwXoIoH/sqqDZnXrl8qPvc82zG1hDWpnwpzUJQGFuYbRRWLO7aViwN5jZ6FDc4aw+XTzd2EfFL5YLK4/IZFDFMNdxD8+c1H5p/pajR/OV5jsMt24Yo6Y/j22OqrYzCZpeCAOEzBAFMwSTMEDUdhOilHxUNCrH3axCL39GMLDlY36LTjEht/TA/Bw2pHl5rkFUIhWnyerW5PFdrnromknal/jTqJLbzTuAVxwTefHIsrYd8Q+fc9SSlqUElSajpyvbMzNjdLrSv7Q== dtookey@Davids-MacBook-Air.local
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIwFFhCGt8gnqSCCAZc39DFcopQ2MhFSc7UDyvIpnCYgwVQP4phAV2qhQL3cNYQi5ihGtZuvJ08VH+WVat/9xL58+T7/cHt8Zy2xuPKzObeDVWX++K9P+/rzPVc3IcHIEaEfxN6f0Yk6HncQM9I/ku/At8NHk/zHyPKTXHOR1g0sMXGkLgSRD8phbSajyhD4pdtcQQJU3gePwEcwd7u+5L++Q5wGjVm9pa3ZvkhI4JpGYPAnXDae4NRe9HgqIW0icKWrxn/Ir5yECIe5iZJvmFCpE9MmaxFQJbkFUZLY41V0kwnRIu99agE8ktoCwN3Ow6P7KYgvJkzZuk34zXaNncL4QglMJd5FbIEt2w1ojdbFRHJD3JwNTMOW+5kBl77uj06VU4tjIbVEt6eHp47jQpvOzcNM5UFmeDCayM4eJV1dsT35EQu1yYNEMEMRuME4TkL0vLy/q6+0xCvC83vqp7eHuzvulFCXyPmah6qOQw572cO6x7w5cvtws+xtWrA3k= dtookey@nyx
package_update: true
package_upgrade: true
apt:
conf: |
Acquire {
Check-Date "false";
};
packages:
- rsync
- ca-certificates
- neovim
- fail2ban
- net-tools
- linux-modules-extra-raspi
- htop
- docker-ce
- docker-ce-cli
- containerd.io
- ebtables
- ethtool
- apt-transport-https
runcmd:
- echo " cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1" | tee -a /boot/firmware/cmdline.txt > /dev/null
power_state:
delay: now
timeout: 5
mode: reboot
message: Rebooting machine

24
scripts/deploy/finish_preseeded_ubuntu.sh Executable file
View File

@ -0,0 +1,24 @@
#! /usr/bin/env bash
PROJECT_ROOT=$GOPATH/src/mlog
# Function to display usage
usage() {
echo "Usage: $0 -n <host_name>"
exit 1
}
# Parse command-line arguments
while getopts "n:" opt; do
case $opt in
n) HOST_NAME="$OPTARG" ;;
*) usage ;;
esac
done
rsync -avP ./infra/ubuntu/bootstrap-ubuntu.sh ${HOST_NAME}:~/
ssh ${HOST_NAME} "sudo /bin/bash ./bootstrap-ubuntu.sh"
ssh ${HOST_NAME} "rm ~/bootstrap-ubuntu.sh"

29
scripts/deploy/kube_leader.sh Executable file
View File

@ -0,0 +1,29 @@
#! /usr/bin/env bash
PROJECT_ROOT=$GOPATH/src/mlog
# Function to display usage
usage() {
echo "Usage: $0 -n <host_name>"
exit 1
}
# Parse command-line arguments
while getopts "n:" opt; do
case $opt in
n) HOST_NAME="$OPTARG" ;;
*) usage ;;
esac
done
ssh -t ${HOST_NAME} "sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///run/containerd/containerd.sock"
ssh -t ${HOST_NAME} "mkdir -p ~/.kube && sudo cp /etc/kubernetes/admin.conf /home/virgil/.kube/config && sudo chown virgil:virgil /home/virgil/.kube/config"
rm ~/.kube/config
rsync -avP ${HOST_NAME}:~/.kube/config ~/.kube/config
kubectl taint nodes ${HOST_NAME} leader=:NoSchedule

33
scripts/deploy/kube_worker.sh Executable file
View File

@ -0,0 +1,33 @@
#! /usr/bin/env bash
PROJECT_ROOT=$GOPATH/src/mlog
# Function to display usage
usage() {
echo "Usage: $0 -n <host_name>"
exit 1
}
# Parse command-line arguments
while getopts "n:r:" opt; do
case $opt in
n) HOST_NAME="$OPTARG" ;;
r) ROLE="$OPTARG" ;;
*) usage ;;
esac
done
if [ -z $HOST_NAME ]; then
echo "Please provide a hostname with -n"
usage
exit
fi
SERVER_TOKEN=$(ssh ares "sudo kubeadm token create")
ssh ${HOST_NAME} "sudo kubeadm join 10.1.1.2:6443 --token ${SERVER_TOKEN} --discovery-token-ca-cert-hash sha256:63acb4dee8a6d0870f2a3312fd9091fabf443712cd2a9de74c3cf13ed33124b6"
if [ ! -z $ROLE ]; then
kubectl taint node ${HOST_NAME} ${ROLE}=:NoSchedule
fi

9
scripts/deploy/reformat_x86.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
cd $GOPATH/src/mlog || exit
ssh ares "sudo efibootmgr --bootnext 000B > /dev/null"
ssh ares "sudo shutdown -r now"
#ssh artemis "sudo efibootmgr --bootnext 000B > /dev/null"
#ssh artemis "sudo shutdown -r now"

34
scripts/preseed/generate_install_image_rpi.sh Executable file
View File

@ -0,0 +1,34 @@
#! /usr/bin/env zsh
FILE_PATH="/Volumes/system-boot"
# Function to display usage
usage() {
echo "Usage: $0 -c <cupid_number>"
exit 1
}
# Parse command-line arguments
while getopts "c:" opt; do
case $opt in
c) CUPID_ID="$OPTARG" ;;
*) usage ;;
esac
done
# Check if HOST_NAME and HOST are set
if [ -z "$CUPID_ID" ] ; then
echo "Error: CUPID_ID must be provided."
usage
fi
rm /Volumes/system-boot/user-data /Volumes/system-boot/network-config
rsync -avP $GOPATH/src/mlog/infra/rpi/cupid/network-config.yaml "${FILE_PATH}/network-config"
rsync -avP $GOPATH/src/mlog/infra/rpi/cupid/user-data.yaml "${FILE_PATH}/user-data"
sed -i -e 's,10.1.1.x,10.1.1.'$(expr 4 + $CUPID_ID)',g' "${FILE_PATH}/network-config"
sed -i -e 's,cupidX,cupid'${CUPID_ID}',g' "${FILE_PATH}/user-data"
rm ${FILE_PATH}/*-e

24
scripts/preseed/generate_install_iso_ubuntu.sh Executable file
View File

@ -0,0 +1,24 @@
#! /usr/bin/env bash
PROJECT_ROOT=$GOPATH/src/mlog
USER=virgil
# Function to display usage
usage() {
echo "Usage: $0 -n <host_name>"
exit 1
}
# Parse command-line arguments
while getopts "n:" opt; do
case $opt in
n) HOST_NAME="$OPTARG" ;;
*) usage ;;
esac
done
rsync -avP infra/ubuntu/autoinstaller-generate.sh atlas:/olympus/samba/linux/ag.sh
rsync -avP "infra/ubuntu/user-data.${HOST_NAME}.yaml" atlas:/olympus/samba/linux/user-data || exit
ssh -t atlas "cd /olympus/samba/linux && sudo chmod a+x ./ag.sh && ./ag.sh -a -u ./user-data -d ${HOST_NAME}.iso && rm ag.sh user-data"

29
scripts/preseed/local_iso.sh Executable file
View File

@ -0,0 +1,29 @@
#! /usr/bin/env bash
BUILD_ROOT=~/build
PROJECT_ROOT=$GOPATH/src/mlog
USER=virgil
# Function to display usage
usage() {
echo "Usage: $0 -n <host_name>"
exit 1
}
# Parse command-line arguments
while getopts "n:" opt; do
case $opt in
n) HOST_NAME="$OPTARG" ;;
*) usage ;;
esac
done
mkdir -p ${BUILD_ROOT}
cd $BUILD_ROOT || exit
rm ${HOST_NAME}.iso || true
sudo chown dtookey:dtookey ./*
rsync -avP "$PROJECT_ROOT/infra/ubuntu/autoinstaller-generate.sh" ./ag.sh
chmod a+x ./ag.sh
./ag.sh -a -u ${PROJECT_ROOT}/infra/ubuntu/user-data.${HOST_NAME}.yaml -d ${HOST_NAME}.iso

3
scripts/preseed/xorriso_cmd.sh Executable file
View File

@ -0,0 +1,3 @@
#! /usr/bin/env bash
xorriso -indev $1 -report_el_torito as_mkisofs

34
scripts/setup/0-install_kubes.sh Executable file
View File

@ -0,0 +1,34 @@
#!/usr/bin/env bash
set -xe
cd $GOPATH/src/mlog || exit
USER_NAME=virgil
#clear out old known_host entries
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.2" || true
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.3" || true
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.4" || true
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.5" || true
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.6" || true
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.7" || true
ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.8" || true
ssh -t ares "echo \"virgil ALL=(ALL) NOPASSWD:ALL\" | sudo tee /etc/sudoers.d/passwordless > /dev/null"
ssh ares "echo \"ares checked in\""
ssh -t artemis "echo \"virgil ALL=(ALL) NOPASSWD:ALL\" | sudo tee /etc/sudoers.d/passwordless > /dev/null"
ssh artemis "sudo sed -i -e 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/g' /etc/systemd/logind.conf"
ssh artemis "sudo systemctl restart systemd-logind.service"
ssh artemis "echo \"artemis checked in\""
ssh cupid1 "echo \"cupid1 checked in\""
ssh cupid2 "echo \"cupid2 checked in\""
ssh cupid3 "echo \"cupid3 checked in\""
ssh cupid4 "echo \"cupid4 checked in\""
parallel -a infra/groups/all ./scripts/deploy/finish_preseeded_ubuntu.sh -n {}
./scripts/deploy/kube_leader.sh -n ares
echo "fix infra/scripts/deploy/kube_worker.sh and then run the following command:"
echo "scripts/setup/1-finish-config.sh"

20
scripts/setup/1-finish-config.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -xe
cd $GOPATH/src/mlog || exit
#parallel -a ./infra/groups/workers ./scripts/deploy/kube_worker.sh -n {} -r worker
#parallel -a ./infra/groups/compute ./scripts/deploy/kube_worker.sh -n {} -r compute
kubectl apply -f infra/kubes/dns/flannel.yaml
kubectl apply -f infra/kubes/dns/kube-dns.yaml
./infra/kubes/cni/install.sh
kubectl patch deployment coredns -n kube-system --type json --patch "$(cat infra/kubes/dns/coredns-tolerations.json)"
kubectl patch deployment calico-kube-controllers -n kube-system --type json --patch "$(cat infra/kubes/dns/coredns-tolerations.json)"
./infra/kubes/metallb/install.sh
./infra/kubes/ingress/install.sh
kubectl apply -f infra/kubes/proofofconcept/poc-deployment.yaml
./infra/kubes/proofofconcept/create-registry-secret.sh

5
scripts/taint/default-taints.sh Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
kubectl taint nodes cupid1 cupid2 cupid3 cupid4 worker=:NoSchedule
kubectl taint nodes artemis talos compute=:NoSchedule
kubectl taint nodes ares leader=:NoSchedule

302
ubuntu/autoinstaller-generate.sh Executable file
View File

@ -0,0 +1,302 @@
#!/bin/bash
# Taken from https://github.com/covertsh/ubuntu-autoinstall-generator
# modified Aug 23, 2024
#
# MIT License
#
# Copyright (c) 2020 covertsh
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
set -Eeuo pipefail
function cleanup() {
trap - SIGINT SIGTERM ERR EXIT
if [ -n "${tmpdir+x}" ]; then
rm -rf "$tmpdir"
log "🚽 Deleted temporary working directory $tmpdir"
fi
}
trap cleanup SIGINT SIGTERM ERR EXIT
script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
[[ ! -x "$(command -v date)" ]] && echo "💥 date command not found." && exit 1
today=$(date +"%Y-%m-%d")
function log() {
echo >&2 -e "[$(date +"%Y-%m-%d %H:%M:%S")] ${1-}"
}
function die() {
local msg=$1
local code=${2-1} # Bash parameter expansion - default exit status 1. See https://wiki.bash-hackers.org/syntax/pe#use_a_default_value
log "$msg"
exit "$code"
}
usage() {
cat <<EOF
Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-a] [-e] [-u user-data-file] [-m meta-data-file] [-k] [-c] [-r] [-s source-iso-file] [-d destination-iso-file]
💁 This script will create fully-automated Ubuntu 24.04 Noble Numbat installation media.
Available options:
-h, --help Print this help and exit
-v, --verbose Print script debug info
-a, --all-in-one Bake user-data and meta-data into the generated ISO. By default you will
need to boot systems with a CIDATA volume attached containing your
autoinstall user-data and meta-data files.
For more information see: https://ubuntu.com/server/docs/install/autoinstall-quickstart
-e, --use-hwe-kernel Force the generated ISO to boot using the hardware enablement (HWE) kernel. Not supported
by early Ubuntu 24.04 release ISOs.
-u, --user-data Path to user-data file. Required if using -a
-m, --meta-data Path to meta-data file. Will be an empty file if not specified and using -a
-k, --no-verify Disable GPG verification of the source ISO file. By default SHA256SUMS-$today and
SHA256SUMS-$today.gpg in ${script_dir} will be used to verify the authenticity and integrity
of the source ISO file. If they are not present the latest daily SHA256SUMS will be
downloaded and saved in ${script_dir}. The Ubuntu signing key will be downloaded and
saved in a new keyring in ${script_dir}
-c, --no-md5 Disable MD5 checksum on boot
-r, --use-release-iso Use the current release ISO instead of the daily ISO. The file will be used if it already
exists.
-s, --source Source ISO file. By default the latest daily ISO for Ubuntu 24.04 will be downloaded
and saved as ${script_dir}/ubuntu-original-$today.iso
That file will be used by default if it already exists.
-d, --destination Destination ISO file. By default ${script_dir}/ubuntu-autoinstall-$today.iso will be
created, overwriting any existing file.
EOF
exit
}
function parse_params() {
# default values of variables set from params
user_data_file=''
meta_data_file=''
download_url="https://cdimage.ubuntu.com/ubuntu-server/noble/daily-live/current"
download_iso="noble-live-server-amd64.iso"
original_iso="ubuntu-original-$today.iso"
source_iso="${script_dir}/${original_iso}"
destination_iso="${script_dir}/ubuntu-autoinstall-$today.iso"
sha_suffix="${today}"
gpg_verify=1
all_in_one=0
use_hwe_kernel=0
md5_checksum=1
use_release_iso=0
while :; do
case "${1-}" in
-h | --help) usage ;;
-v | --verbose) set -x ;;
-a | --all-in-one) all_in_one=1 ;;
-e | --use-hwe-kernel) use_hwe_kernel=1 ;;
-c | --no-md5) md5_checksum=0 ;;
-k | --no-verify) gpg_verify=0 ;;
-r | --use-release-iso) use_release_iso=1 ;;
-u | --user-data)
user_data_file="${2-}"
shift
;;
-s | --source)
source_iso="${2-}"
shift
;;
-d | --destination)
destination_iso="${2-}"
shift
;;
-m | --meta-data)
meta_data_file="${2-}"
shift
;;
-?*) die "Unknown option: $1" ;;
*) break ;;
esac
shift
done
log "👶 Starting up..."
# check required params and arguments
if [ ${all_in_one} -ne 0 ]; then
[[ -z "${user_data_file}" ]] && die "💥 user-data file was not specified."
[[ ! -f "$user_data_file" ]] && die "💥 user-data file could not be found."
[[ -n "${meta_data_file}" ]] && [[ ! -f "$meta_data_file" ]] && die "💥 meta-data file could not be found."
fi
if [ "${source_iso}" != "${script_dir}/${original_iso}" ]; then
[[ ! -f "${source_iso}" ]] && die "💥 Source ISO file could not be found."
fi
if [ "${use_release_iso}" -eq 1 ]; then
download_url="https://releases.ubuntu.com/noble"
log "🔎 Checking for current release..."
download_iso=$(curl -sSL "${download_url}" | grep -oP 'ubuntu-24\.04\.\d*-live-server-amd64\.iso' | head -n 1)
original_iso="${download_iso}"
source_iso="${script_dir}/${download_iso}"
current_release=$(echo "${download_iso}" | cut -f2 -d-)
sha_suffix="${current_release}"
log "💿 Current release is ${current_release}"
fi
destination_iso=$(realpath "${destination_iso}")
source_iso=$(realpath "${source_iso}")
return 0
}
ubuntu_gpg_key_id="843938DF228D22F7B3742BC0D94AA3F0EFE21092"
parse_params "$@"
tmpdir=$(mktemp -d)
if [[ ! "$tmpdir" || ! -d "$tmpdir" ]]; then
die "💥 Could not create temporary working directory."
else
log "📁 Created temporary working directory $tmpdir"
fi
log "🔎 Checking for required utilities..."
[[ ! -x "$(command -v xorriso)" ]] && die "💥 xorriso is not installed. On Ubuntu, install the 'xorriso' package."
[[ ! -x "$(command -v sed)" ]] && die "💥 sed is not installed. On Ubuntu, install the 'sed' package."
[[ ! -x "$(command -v curl)" ]] && die "💥 curl is not installed. On Ubuntu, install the 'curl' package."
[[ ! -x "$(command -v gpg)" ]] && die "💥 gpg is not installed. On Ubuntu, install the 'gpg' package."
log "👍 All required utilities are installed."
if [ ! -f "${source_iso}" ]; then
log "🌎 Downloading ISO image for Ubuntu 24.04 Noble Numbat..."
curl -NsSL "${download_url}/${download_iso}" -o "${source_iso}"
log "👍 Downloaded and saved to ${source_iso}"
else
log "☑️ Using existing ${source_iso} file."
if [ ${gpg_verify} -eq 1 ]; then
if [ "${source_iso}" != "${script_dir}/${original_iso}" ]; then
log "⚠️ Automatic GPG verification is enabled. If the source ISO file is not the latest daily or release image, verification will fail!"
fi
fi
fi
if [ ${gpg_verify} -eq 1 ]; then
if [ ! -f "${script_dir}/SHA256SUMS-${sha_suffix}" ]; then
log "🌎 Downloading SHA256SUMS & SHA256SUMS.gpg files..."
curl -NsSL "${download_url}/SHA256SUMS" -o "${script_dir}/SHA256SUMS-${sha_suffix}"
curl -NsSL "${download_url}/SHA256SUMS.gpg" -o "${script_dir}/SHA256SUMS-${sha_suffix}.gpg"
else
log "☑️ Using existing SHA256SUMS-${sha_suffix} & SHA256SUMS-${sha_suffix}.gpg files."
fi
if [ ! -f "${script_dir}/${ubuntu_gpg_key_id}.keyring" ]; then
log "🌎 Downloading and saving Ubuntu signing key..."
gpg -q --no-default-keyring --keyring "${script_dir}/${ubuntu_gpg_key_id}.keyring" --keyserver "hkp://keyserver.ubuntu.com" --recv-keys "${ubuntu_gpg_key_id}"
log "👍 Downloaded and saved to ${script_dir}/${ubuntu_gpg_key_id}.keyring"
else
log "☑️ Using existing Ubuntu signing key saved in ${script_dir}/${ubuntu_gpg_key_id}.keyring"
fi
log "🔐 Verifying ${source_iso} integrity and authenticity..."
gpg -q --keyring "${script_dir}/${ubuntu_gpg_key_id}.keyring" --verify "${script_dir}/SHA256SUMS-${sha_suffix}.gpg" "${script_dir}/SHA256SUMS-${sha_suffix}" 2>/dev/null
if [ $? -ne 0 ]; then
rm -f "${script_dir}/${ubuntu_gpg_key_id}.keyring~"
die "👿 Verification of SHA256SUMS signature failed."
fi
rm -f "${script_dir}/${ubuntu_gpg_key_id}.keyring~"
digest=$(sha256sum "${source_iso}" | cut -f1 -d ' ')
set +e
grep -Fq "$digest" "${script_dir}/SHA256SUMS-${sha_suffix}"
if [ $? -eq 0 ]; then
log "👍 Verification succeeded."
set -e
else
die "👿 Verification of ISO digest failed."
fi
else
log "🤞 Skipping verification of source ISO."
fi
log "🔧 Extracting ISO image..."
xorriso -osirrox on -indev "${source_iso}" -extract / "$tmpdir" &>/dev/null
chmod -R u+w "$tmpdir"
rm -rf "$tmpdir/"'[BOOT]'
log "👍 Extracted to $tmpdir"
if [ ${use_hwe_kernel} -eq 1 ]; then
if grep -q "hwe-vmlinuz" "$tmpdir/boot/grub/grub.cfg"; then
log "☑️ Destination ISO will use HWE kernel."
sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/boot/grub/loopback.cfg"
sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/boot/grub/loopback.cfg"
else
log "⚠️ This source ISO does not support the HWE kernel. Proceeding with the regular kernel."
fi
fi
log "🧩 Adding autoinstall parameter to kernel command line..."
sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/boot/grub/loopback.cfg"
log "👍 Added parameter to UEFI and BIOS kernel command lines."
if [ ${all_in_one} -eq 1 ]; then
log "🧩 Adding user-data and meta-data files..."
mkdir "$tmpdir/nocloud"
cp "$user_data_file" "$tmpdir/nocloud/user-data"
if [ -n "${meta_data_file}" ]; then
cp "$meta_data_file" "$tmpdir/nocloud/meta-data"
else
touch "$tmpdir/nocloud/meta-data"
fi
sed -i -e 's,timeout=30,timeout=1,g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's,---, ds=nocloud\\\;s=/cdrom/nocloud/ ---,g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's,---, ds=nocloud\\\;s=/cdrom/nocloud/ ---,g' "$tmpdir/boot/grub/loopback.cfg"
log "👍 Added data and configured kernel command line."
fi
if [ ${md5_checksum} -eq 1 ]; then
log "👷 Updating $tmpdir/md5sum.txt with hashes of modified files..."
md5=$(md5sum "$tmpdir/boot/grub/grub.cfg" | cut -f1 -d ' ')
sed -i -e 's,^.*[[:space:]] ./boot/grub/grub.cfg,'"$md5"' ./boot/grub/grub.cfg,' "$tmpdir/md5sum.txt"
md5=$(md5sum "$tmpdir/boot/grub/loopback.cfg" | cut -f1 -d ' ')
sed -i -e 's,^.*[[:space:]] ./boot/grub/loopback.cfg,'"$md5"' ./boot/grub/loopback.cfg,' "$tmpdir/md5sum.txt"
log "👍 Updated hashes."
else
log "🗑️ Clearing MD5 hashes..."
echo > "$tmpdir/md5sum.txt"
log "👍 Cleared hashes."
fi
log "📦 Repackaging extracted files into an ISO image..."
cd "$tmpdir"
xorriso -as mkisofs -r -V 'Ubuntu-Server 24.04.1 LTS amd64' --modification-date='2024083109475700' --grub2-mbr --interval:local_fs:0s-15s:zero_mbrpt,zero_gpt:'/home/dtookey/build/ubuntu-original-2024-09-02.iso' --protective-msdos-label -partition_cyl_align off -partition_offset 16 --mbr-force-bootable -append_partition 2 28732ac11ff8d211ba4b00a0c93ec93b --interval:local_fs:5577512d-5587655d::'/home/dtookey/build/ubuntu-original-2024-09-02.iso' -appended_part_as_gpt -iso_mbr_part_type a2a0d0ebe5b9334487c068b6b72699c7 -c '/boot.catalog' -b '/boot/grub/i386-pc/eltorito.img' -no-emul-boot -boot-load-size 4 -boot-info-table --grub2-boot-info -eltorito-alt-boot -e '--interval:appended_partition_2_start_1394378s_size_10144d:all::' -no-emul-boot -boot-load-size 10144 -o "${destination_iso}" . #&>/dev/null
cd "$OLDPWD"
log "👍 Repackaged into ${destination_iso}"
die "✅ Completed." 0

90
ubuntu/bootstrap-ubuntu.sh Normal file
View File

@ -0,0 +1,90 @@
#! /usr/bin/env bash
# make sure we're root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root."
exit 1
fi
USER_NAME=virgil
CRICTL_VERSION="v1.30.0" # check latest version in /releases page
#sudo/ssh configuration
printf "${USER_NAME} ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/passwordless > /dev/null
printf "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no\nPermitRootLogin no" | tee /etc/ssh/sshd_config.d/passwordless.conf > /dev/null
if [ -z "$(which docker)" ]; then
if [ ! -e "/etc/apt/keyrings/docker.asc" ]; then
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
fi
# Add the repository to Apt sources:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu noble stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io apt-transport-https
usermod -aG docker ${USER_NAME}
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i -e 's,SystemdCgroup = false,SystemdCgroup = true,g' /etc/containerd/config.toml
fi
if [ "arm64" == "$(dpkg --print-architecture)" ]; then
echo "{\"exec-opts\": [\"native.cgroupdriver=systemd\"],\"log-driver\": \"json-file\",\"log-opts\": {\"max-size\": \"100m\"},\"storage-driver\": \"overlay2\"}" | tee /etc/docker/daemon.json > /dev/null
fi
if [ ! -e "/etc/modules-load.d/containerd.conf" ]; then
#todo we need to handle kvm for intel/amd/arm64 here
cat <<EOF | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
fi
# make good and sure swap is disabled
swapoff -a
swapoff -a
sed -i.bak -r 's/(.+ swap .+)/#\1/' /etc/fstab
#kubeadm install
systemctl enable --now containerd
if [ -z "$(which kubeadm)" ]; then
systemctl restart containerd
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /
EOF
apt-get update && apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
kubeadm config images pull
fi
if [ -z "$(which helm)" ]; then
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/helm.gpg > /dev/null
sudo chmod 644 /etc/apt/keyrings/helm.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install -y helm
fi

80
ubuntu/user-data.ares.yaml Normal file
View File

@ -0,0 +1,80 @@
#cloud-config
autoinstall:
version: 1
# Reference: https://canonical-subiquity.readthedocs-hosted.com/en/latest/reference/autoinstall-reference.html
locale: en_US.UTF-8
#
source:
id: ubuntu-server-minimal
#
refresh-installer:
update: true
#
identity:
hostname: ares
password: $5$8xH/luS/5i$EjrWRLUA4WbnGs.Vd/LQU6K7Pf7dIMOTpQ3ovPtCnSA
username: virgil
#
storage:
layout:
name: lvm
match:
size: smallest
sizing-policy: scaled
config:
- type: partition
id: boot-partition
device: root-disk
size: 1G
- type: partition
id: root-partition
size: 14G
storage:
layout:
name: lvm
match:
size: largest
config:
- type: partition
id: data-partition
size: 256G
#
late-commands:
- curtin in-target -- apt-get update
- curtin in-target -- apt-get upgrade -y
#
ssh:
allow-pw: no
install-server: yes
authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDgBk3q6TDTaFWoipBo8pDppCHlAHBdqXSDNWmy+zS5dm2VwmoTnT+46Sjurzb+nJOSCZ5wWkLUT+zPRq/Y83PGYseocJdXGZGHaDIudU+pnTShDcfY1e2xSapdPmYBgnoU6aOGb4JvlmLzLblBwSiwcSRrBFKvN/0Zz4JpkzNMRArqNZpIQtjAo5VG5RjudISJE57pqhy2f3YHcaqQlgRoP8i4syqSy0YZFIdnavyvszkQXXuoD9nxhkpamo87NgZiOWMSVEr7ilECFHbh2cYABaXaJvbpI9vkA1C8x1TDkSMAft6KvD36ezC2+YJPTpIYr8xlTZpfaGuyR2hOTkB9AkN3hm2aQFiz4Yh4xSYJjZJXfUOPDtGnwIvUFWXtXUAzDrFna/jJFNeXqbEGujcjyyAbZ695nwwXoIoH/sqqDZnXrl8qPvc82zG1hDWpnwpzUJQGFuYbRRWLO7aViwN5jZ6FDc4aw+XTzd2EfFL5YLK4/IZFDFMNdxD8+c1H5p/pajR/OV5jsMt24Yo6Y/j22OqrYzCZpeCAOEzBAFMwSTMEDUdhOilHxUNCrH3axCL39GMLDlY36LTjEht/TA/Bw2pHl5rkFUIhWnyerW5PFdrnromknal/jTqJLbzTuAVxwTefHIsrYd8Q+fc9SSlqUElSajpyvbMzNjdLrSv7Q== dtookey@Davids-MacBook-Air.local
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIwFFhCGt8gnqSCCAZc39DFcopQ2MhFSc7UDyvIpnCYgwVQP4phAV2qhQL3cNYQi5ihGtZuvJ08VH+WVat/9xL58+T7/cHt8Zy2xuPKzObeDVWX++K9P+/rzPVc3IcHIEaEfxN6f0Yk6HncQM9I/ku/At8NHk/zHyPKTXHOR1g0sMXGkLgSRD8phbSajyhD4pdtcQQJU3gePwEcwd7u+5L++Q5wGjVm9pa3ZvkhI4JpGYPAnXDae4NRe9HgqIW0icKWrxn/Ir5yECIe5iZJvmFCpE9MmaxFQJbkFUZLY41V0kwnRIu99agE8ktoCwN3Ow6P7KYgvJkzZuk34zXaNncL4QglMJd5FbIEt2w1ojdbFRHJD3JwNTMOW+5kBl77uj06VU4tjIbVEt6eHp47jQpvOzcNM5UFmeDCayM4eJV1dsT35EQu1yYNEMEMRuME4TkL0vLy/q6+0xCvC83vqp7eHuzvulFCXyPmah6qOQw572cO6x7w5cvtws+xtWrA3k= dtookey@nyx
#
packages:
- rsync
- ca-certificates
- curl
- neovim
- fail2ban
- net-tools
- apt-transport-https
- htop
#
network:
version: 2
renderer: networkd
ethernets:
eno1:
addresses:
- 10.1.1.2/16
routes:
- to: default
via: 10.1.70.1
metric: 100
on-link: true
nameservers:
addresses: [10.1.70.1]
#
error-commands:
- tar -czf /installer-logs.tar.gz /var/log/installer/
- journalctl -b > /installer-journal.log

42
ubuntu/user-data.artemis.yaml Normal file
View File

@ -0,0 +1,42 @@
#cloud-config
autoinstall:
version: 1
# reference link to use https://canonical-subiquity.readthedocs-hosted.com/en/latest/reference/autoinstall-reference.html
locale: en_US.UTF-8
source:
id: ubuntu-server-minimal
refresh-installer:
update: true
identity:
hostname: artemis
password: $5$8xH/luS/5i$EjrWRLUA4WbnGs.Vd/LQU6K7Pf7dIMOTpQ3ovPtCnSA
username: virgil
packages:
- rsync
- ca-certificates
- curl
- neovim
- fail2ban
- net-tools
- apt-transport-https
- htop
network:
version: 2
renderer: networkd
ethernets:
enx00e04c937c49:
addresses:
- 10.1.1.4/16
routes:
- to: default
via: 10.1.70.1
metric: 100
on-link: true
nameservers:
addresses: [10.1.70.1]
ssh:
allow-pw: no
install-server: yes
authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDgBk3q6TDTaFWoipBo8pDppCHlAHBdqXSDNWmy+zS5dm2VwmoTnT+46Sjurzb+nJOSCZ5wWkLUT+zPRq/Y83PGYseocJdXGZGHaDIudU+pnTShDcfY1e2xSapdPmYBgnoU6aOGb4JvlmLzLblBwSiwcSRrBFKvN/0Zz4JpkzNMRArqNZpIQtjAo5VG5RjudISJE57pqhy2f3YHcaqQlgRoP8i4syqSy0YZFIdnavyvszkQXXuoD9nxhkpamo87NgZiOWMSVEr7ilECFHbh2cYABaXaJvbpI9vkA1C8x1TDkSMAft6KvD36ezC2+YJPTpIYr8xlTZpfaGuyR2hOTkB9AkN3hm2aQFiz4Yh4xSYJjZJXfUOPDtGnwIvUFWXtXUAzDrFna/jJFNeXqbEGujcjyyAbZ695nwwXoIoH/sqqDZnXrl8qPvc82zG1hDWpnwpzUJQGFuYbRRWLO7aViwN5jZ6FDc4aw+XTzd2EfFL5YLK4/IZFDFMNdxD8+c1H5p/pajR/OV5jsMt24Yo6Y/j22OqrYzCZpeCAOEzBAFMwSTMEDUdhOilHxUNCrH3axCL39GMLDlY36LTjEht/TA/Bw2pHl5rkFUIhWnyerW5PFdrnromknal/jTqJLbzTuAVxwTefHIsrYd8Q+fc9SSlqUElSajpyvbMzNjdLrSv7Q== dtookey@Davids-MacBook-Air.local
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIwFFhCGt8gnqSCCAZc39DFcopQ2MhFSc7UDyvIpnCYgwVQP4phAV2qhQL3cNYQi5ihGtZuvJ08VH+WVat/9xL58+T7/cHt8Zy2xuPKzObeDVWX++K9P+/rzPVc3IcHIEaEfxN6f0Yk6HncQM9I/ku/At8NHk/zHyPKTXHOR1g0sMXGkLgSRD8phbSajyhD4pdtcQQJU3gePwEcwd7u+5L++Q5wGjVm9pa3ZvkhI4JpGYPAnXDae4NRe9HgqIW0icKWrxn/Ir5yECIe5iZJvmFCpE9MmaxFQJbkFUZLY41V0kwnRIu99agE8ktoCwN3Ow6P7KYgvJkzZuk34zXaNncL4QglMJd5FbIEt2w1ojdbFRHJD3JwNTMOW+5kBl77uj06VU4tjIbVEt6eHp47jQpvOzcNM5UFmeDCayM4eJV1dsT35EQu1yYNEMEMRuME4TkL0vLy/q6+0xCvC83vqp7eHuzvulFCXyPmah6qOQw572cO6x7w5cvtws+xtWrA3k= dtookey@nyx