leoh0/18.04-linuxkit.sh

## 18.04-linuxkit.sh
#!/bin/sh

if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

set -ex

apt update
apt install   -y  apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
#add-apt-repository    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
#   $(lsb_release -cs) \
#   stable"
# 18.04는 repo가 아직 없어서 artful을 이용해야 한다.
add-apt-repository    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   artful \
   stable"
apt update
apt install -y docker-ce uml-utilities qemu-kvm bridge-utils virtinst libvirt-bin golang-go

virsh net-destroy default
virsh net-autostart --disable default

ip link add virbr10-dummy address $(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom) type dummy

brctl addbr virbr10
brctl stp virbr10 on
brctl addif virbr10 virbr10-dummy
ip address add 10.0.0.1/8 dev virbr10 broadcast 192.168.100.255

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p

iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 224.0.0.0/24 -j RETURN
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 255.255.255.255/32 -j RETURN
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -p tcp -j MASQUERADE --to-ports 1024-65535
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -p udp -j MASQUERADE --to-ports 1024-65535
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MASQUERADE

iptables -t filter -A FORWARD -d 10.0.0.0/8 -o virbr10 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# 밖으로(169.254.0.0/16)으로 메타가 새면 하이퍼바이저의 메타를 들고온다..
iptables -t filter -A FORWARD -s 10.0.0.0/8 ! -d 169.254.0.0/16 -i virbr10 -j ACCEPT
iptables -t filter -A FORWARD -s 10.0.0.0/8 -d 169.254.0.0/16 -i virbr10 -j DROP

ip l set virbr10-dummy up
ip l set virbr10 up

mkdir -p /etc/qemu/
echo 'allow virbr10' > /etc/qemu/bridge.conf
mkdir -p /var/lib/dnsmasq/virbr10
touch /var/lib/dnsmasq/virbr10/hostsfile
touch /var/lib/dnsmasq/virbr10/leases

cat > /var/lib/dnsmasq/virbr10/dnsmasq.conf << EOF
# Only bind to the virtual bridge. This avoids conflicts with other running
# dnsmasq instances.
except-interface=lo
interface=virbr10
bind-dynamic

# If using dnsmasq 2.62 or older, remove "bind-dynamic" and "interface" lines
# and uncomment these lines instead:
#bind-interfaces
listen-address=10.0.0.1

# IPv4 addresses to offer to VMs. This should match the chosen subnet.
dhcp-range=10.0.0.2,10.15.255.254

# 굳이 안해도 되나 아이피 일괄적으로 주려면 이런게 제일 편하다.
dhcp-host=8a:a0:33:57:08:0a,10.0.0.2
dhcp-host=8a:a0:33:57:08:0b,10.0.0.3
dhcp-host=8a:a0:33:57:08:0c,10.0.0.4
dhcp-host=8a:a0:33:57:08:0d,10.0.0.5
dhcp-host=8a:a0:33:57:08:0e,10.0.0.6

# Set this to at least the total number of addresses in DHCP-enabled subnets.
dhcp-lease-max=1000

# File to write DHCP lease information to.
dhcp-leasefile=/var/lib/dnsmasq/virbr10/leases
# File to read DHCP host information from.
dhcp-hostsfile=/var/lib/dnsmasq/virbr10/hostsfile
# Avoid problems with old or broken clients.
dhcp-no-override
# https://www.redhat.com/archives/libvir-list/2010-March/msg00038.html
strict-order
EOF

cat > /etc/systemd/system/dnsmasq@.service << EOF
# '%i' becomes 'virbr10' when running `systemctl start dnsmasq@virbr10.service`
# Remember to run `systemctl daemon-reload` after creating or editing this file.

[Unit]
Description=DHCP and DNS caching server for %i.
After=network.target

[Service]
ExecStart=/usr/sbin/dnsmasq -k --conf-file=/var/lib/dnsmasq/%i/dnsmasq.conf
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF
systemctl start dnsmasq@virbr10.service

echo '''Host *
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    User root''' > /root/.ssh/config

export PATH=~/go/bin:$PATH
export PATH=/usr/libexec:$PATH

echo '''export PATH=~/go/bin:$PATH
export PATH=/usr/libexec:$PATH''' >> ~/.bashrc

git clone https://github.com/leoh0/kubernetes

go get -u github.com/linuxkit/linuxkit/src/cmd/linuxkit

echo -e "\n\n\n" | ssh-keygen -t rsa -N ""

echo '''
# cd /root/kubernetes
make all
KUBE_CLEAR_STATE=true KUBE_MAC=8a:a0:33:57:08:0a KUBE_NETWORKING="bridge,virbr10" ./boot.sh
KUBE_CLEAR_STATE=true KUBE_MAC=8a:a0:33:57:08:0b KUBE_NETWORKING="bridge,virbr10" ./boot.sh 1 10.0.0.2:6443 --token 3wkfov.fj3ywmkva55nr4p7 --discovery-token-ca-cert-hash sha256:ee14b16af5775cfa65215cff0f6fe2807d35b23a4a3dd8a72507e93292fcd8f1
'''
	#!/bin/sh

	if [ "$(id -u)" != "0" ]; then
	echo "This script must be run as root" 1>&2
	exit 1
	fi

	set -ex

	apt update
	apt install -y apt-transport-https ca-certificates curl software-properties-common
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -
	apt-key fingerprint 0EBFCD88
	#add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
	# $(lsb_release -cs) \
	# stable"
	# 18.04는 repo가 아직 없어서 artful을 이용해야 한다.
	add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
	artful \
	stable"
	apt update
	apt install -y docker-ce uml-utilities qemu-kvm bridge-utils virtinst libvirt-bin golang-go

	virsh net-destroy default
	virsh net-autostart --disable default

	ip link add virbr10-dummy address $(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom) type dummy

	brctl addbr virbr10
	brctl stp virbr10 on
	brctl addif virbr10 virbr10-dummy
	ip address add 10.0.0.1/8 dev virbr10 broadcast 192.168.100.255

	echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
	echo "net.ipv4.conf.all.forwarding=1" >> /etc/sysctl.conf
	sysctl -p

	iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 224.0.0.0/24 -j RETURN
	iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 255.255.255.255/32 -j RETURN
	iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -p tcp -j MASQUERADE --to-ports 1024-65535
	iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -p udp -j MASQUERADE --to-ports 1024-65535
	iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MASQUERADE

	iptables -t filter -A FORWARD -d 10.0.0.0/8 -o virbr10 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	# 밖으로(169.254.0.0/16)으로 메타가 새면 하이퍼바이저의 메타를 들고온다..
	iptables -t filter -A FORWARD -s 10.0.0.0/8 ! -d 169.254.0.0/16 -i virbr10 -j ACCEPT
	iptables -t filter -A FORWARD -s 10.0.0.0/8 -d 169.254.0.0/16 -i virbr10 -j DROP

	ip l set virbr10-dummy up
	ip l set virbr10 up

	mkdir -p /etc/qemu/
	echo 'allow virbr10' > /etc/qemu/bridge.conf
	mkdir -p /var/lib/dnsmasq/virbr10
	touch /var/lib/dnsmasq/virbr10/hostsfile
	touch /var/lib/dnsmasq/virbr10/leases

	cat > /var/lib/dnsmasq/virbr10/dnsmasq.conf << EOF
	# Only bind to the virtual bridge. This avoids conflicts with other running
	# dnsmasq instances.
	except-interface=lo
	interface=virbr10
	bind-dynamic

	# If using dnsmasq 2.62 or older, remove "bind-dynamic" and "interface" lines
	# and uncomment these lines instead:
	#bind-interfaces
	listen-address=10.0.0.1

	# IPv4 addresses to offer to VMs. This should match the chosen subnet.
	dhcp-range=10.0.0.2,10.15.255.254

	# 굳이 안해도 되나 아이피 일괄적으로 주려면 이런게 제일 편하다.
	dhcp-host=8a:a0:33:57:08:0a,10.0.0.2
	dhcp-host=8a:a0:33:57:08:0b,10.0.0.3
	dhcp-host=8a:a0:33:57:08:0c,10.0.0.4
	dhcp-host=8a:a0:33:57:08:0d,10.0.0.5
	dhcp-host=8a:a0:33:57:08:0e,10.0.0.6

	# Set this to at least the total number of addresses in DHCP-enabled subnets.
	dhcp-lease-max=1000

	# File to write DHCP lease information to.
	dhcp-leasefile=/var/lib/dnsmasq/virbr10/leases
	# File to read DHCP host information from.
	dhcp-hostsfile=/var/lib/dnsmasq/virbr10/hostsfile
	# Avoid problems with old or broken clients.
	dhcp-no-override
	# https://www.redhat.com/archives/libvir-list/2010-March/msg00038.html
	strict-order
	EOF

	cat > /etc/systemd/system/dnsmasq@.service << EOF
	# '%i' becomes 'virbr10' when running `systemctl start dnsmasq@virbr10.service`
	# Remember to run `systemctl daemon-reload` after creating or editing this file.

	[Unit]
	Description=DHCP and DNS caching server for %i.
	After=network.target

	[Service]
	ExecStart=/usr/sbin/dnsmasq -k --conf-file=/var/lib/dnsmasq/%i/dnsmasq.conf
	ExecReload=/bin/kill -HUP $MAINPID
	Restart=on-failure
	RestartSec=5

	[Install]
	WantedBy=multi-user.target
	EOF
	systemctl start dnsmasq@virbr10.service

	echo '''Host *
	StrictHostKeyChecking no
	UserKnownHostsFile /dev/null
	User root''' > /root/.ssh/config

	export PATH=~/go/bin:$PATH
	export PATH=/usr/libexec:$PATH

	echo '''export PATH=~/go/bin:$PATH
	export PATH=/usr/libexec:$PATH''' >> ~/.bashrc

	git clone https://github.com/leoh0/kubernetes

	go get -u github.com/linuxkit/linuxkit/src/cmd/linuxkit

	echo -e "\n\n\n" \| ssh-keygen -t rsa -N ""

	echo '''
	# cd /root/kubernetes
	make all
	KUBE_CLEAR_STATE=true KUBE_MAC=8a:a0:33:57:08:0a KUBE_NETWORKING="bridge,virbr10" ./boot.sh
	KUBE_CLEAR_STATE=true KUBE_MAC=8a:a0:33:57:08:0b KUBE_NETWORKING="bridge,virbr10" ./boot.sh 1 10.0.0.2:6443 --token 3wkfov.fj3ywmkva55nr4p7 --discovery-token-ca-cert-hash sha256:ee14b16af5775cfa65215cff0f6fe2807d35b23a4a3dd8a72507e93292fcd8f1
	'''