Skip to content

Instantly share code, notes, and snippets.

@amon-ra

amon-ra/crio-o.sh

Last active April 14, 2020 15:04
Show Gist options
  • Save amon-ra/e20a8c450ea4c8e571c6898ab7998938 to your computer and use it in GitHub Desktop.
Save amon-ra/e20a8c450ea4c8e571c6898ab7998938 to your computer and use it in GitHub Desktop.
Download ZIP
RKE node install
Raw
crio-o.sh
#!/bin/bash
IPFAILOVER=""
FIRSTHOST="hiro"
KUBE_VER="1.17"
MYNET="10.2.85."
CARPNET="10.174.1."
N1="167"
N2="168"
N3="169"
CARPPASS="rascaldev2020"
WORMHOLE="false"
##---------------- Finish config
echo $* > /var/log/cri-provision.log
systemctl restart networking
# IP1="${MYNET}${N1}"
# IP2="${MYNET}${N2}"
# IP3="${MYNET}${N3}"
CARP1="${CARPNET}${N1}"
CARP2="${CARPNET}${N2}"
CARP3="${CARPNET}${N3}"
HOSTNAME="$(hostname -s)"
#fix only one network in rancher provision
if [ -e "/root/.openrc.sh" ]
then
. /root/.openrc.sh
apt-get update && apt-get install -y python-openstackclient
python2-openstack server add network $HOSTNAME OONDEO
fi
EXTIP=$(ip route get 8.8.8.8 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}')
MY=$(ip route get ${MYNET}1 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}')
MYCARP=$(ip route get ${CARPNET}1 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}')
IPID=$(echo $MY | cut -d"." -f4)
CARPID=$(echo $MYCARP | cut -d"." -f4)
# DATASTORE_ENDPOINT='--datastore-endpoint="http://127.0.0.1:2379"'
DATASTORE_ENDPOINT=''
K3S_ENDPOINT=""
# K3S_ENDPOINT="--container-runtime-endpoint=/run/crio/crio.sock"
# skip already configured hosts
if [ "$(grep -e '^bpffs' /etc/fstab)" == "" ]
then
#5.4 grub: mitigations=off
#grub: noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off
sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT\="/GRUB_CMDLINE_LINUX_DEFAULT\="apparmor=0 mitigations=off /' /etc/default/grub
echo "bpffs /sys/fs/bpf bpf defaults 0 0" >> /etc/fstab
mount /sys/fs/bpf
modprobe overlay
modprobe br_netfilter
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
systemctl stop apparmor
systemctl disable apparmor
apt-get remove -y --purge apparmor
apt-get update && apt-get dist-upgrade -y
apt-get install -y curl gnupg2
echo "deb http://deb.debian.org/debian buster-backports main" | tee /etc/apt/sources.list.d/backports.list
echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -sfL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key | apt-key add -
apt-get update
apt-get install -y -t buster-backports wireguard linux-headers-cloud-amd64 linux-image-cloud-amd64
apt-get install -y cri-o-${KUBE_VER}
ls /var/lib/initramfs-tools | \
sudo xargs -n1 /usr/lib/dkms/dkms_autoinstaller start
echo wireguard >> /etc/modules
mkdir -p /etc/crio/crio.conf.d/
cat > /etc/crio/crio.conf.d/01-k3s.conf <<CRIO
[crio.runtime]
cgroup_manager = "cgroupfs"
selinux = false
CRIO
systemctl enable crio
systemctl start crio
exit 0
# curl -sfL "https://gist.githubusercontent.com/amon-ra/995f5c6bf05c8c8d1a88194754cfea11/raw/k3s-server.sh" > /tmp/k3s-server.sh
# . /tmp/k3s-server.sh
# cp /root/manifests/0* /var/lib/rancher/k3s/server/manifests || true
# cp /root/manifests/1* /var/lib/rancher/k3s/server/manifests || true
# reboot
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment