2021-09-22 07:06:10 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
|
|
set -aeou pipefail
|
|
|
|
|
2021-09-23 09:17:13 +00:00
|
|
|
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
|
|
|
|
|
2021-09-22 07:06:10 +00:00
|
|
|
function printHelp(){
|
|
|
|
cat << EOF
|
|
|
|
Usage ${0##*/} [options..]
|
2021-09-25 14:56:16 +00:00
|
|
|
-h,-?, --help Show help and exit
|
|
|
|
-N, --network configure network settings
|
|
|
|
-s, --salt run a masterless salt-call
|
|
|
|
-y, --yes answer 'yes' on all questions
|
2021-09-26 13:05:08 +00:00
|
|
|
-i, --image-load pull images so they hits the local proxy
|
|
|
|
-t, --tools Install/update tools (kubectl, helm, etc)
|
2021-09-26 14:04:05 +00:00
|
|
|
-a, --airgap Prepera manifests for airgapped Rancher installs
|
2021-09-25 14:56:16 +00:00
|
|
|
--rmt-sync Sync database with SUSE Customer Center
|
|
|
|
--rmt-enable-products Enable all preconfigured repositories
|
|
|
|
--rmt-mirror Mirror repositories
|
2021-09-22 07:06:10 +00:00
|
|
|
EOF
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function asktobreak(){
|
|
|
|
if [[ "$ANSWER_YES" == true ]];then
|
|
|
|
printf "\n"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
printf "Do you want to run this step (y/n)"
|
|
|
|
while read -r -n 1 -s answer; do
|
|
|
|
if [[ $answer == [YyNn] ]];then
|
|
|
|
[[ $answer == [Yy] ]] && return_value=1
|
|
|
|
[[ $answer == [Nn] ]] && return_value=0
|
|
|
|
printf "\n"
|
|
|
|
break;
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
return $return_value
|
|
|
|
}
|
|
|
|
|
|
|
|
function new_log(){
|
|
|
|
# script output
|
|
|
|
printf "\n**** [%s] ***\n" "$*"
|
|
|
|
}
|
|
|
|
|
|
|
|
function log(){
|
|
|
|
printf "%s\n" "$*"
|
|
|
|
}
|
|
|
|
|
2021-09-22 14:33:00 +00:00
|
|
|
function parse_yaml() {
|
|
|
|
# ripped from https://gist.github.com/pkuczynski/8665367#gistcomment-2174214
|
|
|
|
local yaml_file=$1
|
|
|
|
local prefix=$2
|
|
|
|
local s
|
|
|
|
local w
|
|
|
|
local fs
|
|
|
|
|
|
|
|
s='[[:space:]]*'
|
|
|
|
w='[a-zA-Z0-9_]*'
|
|
|
|
fs="$(echo @|tr @ '\034')"
|
|
|
|
|
|
|
|
(
|
|
|
|
sed -ne 's/--//g; s/\"/\\\"/g; s/\#.*//g; s/\s*$//g;' \
|
|
|
|
-e "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
|
|
|
|
-e "s|^\($s\)\($w\)$s[:-]$s\(.*\)$s\$|\1$fs\2$fs\3|p" |
|
|
|
|
awk -F"$fs" '{
|
|
|
|
indent = length($1)/2;
|
|
|
|
if (length($2) == 0) { conj[indent]="+";} else {conj[indent]="";}
|
|
|
|
vname[indent] = $2;
|
|
|
|
for (i in vname) {if (i > indent) {delete vname[i]}}
|
|
|
|
if (length($3) > 0) {
|
|
|
|
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
|
|
|
|
printf("%s%s%s%s=(\"%s\")\n", "'"$prefix"'",vn, $2, conj[indent-1],$3);
|
|
|
|
}
|
|
|
|
}' |
|
|
|
|
sed 's/_=/+=/g'
|
|
|
|
) < "$yaml_file"
|
2021-09-22 10:30:23 +00:00
|
|
|
}
|
|
|
|
|
2021-09-22 07:06:10 +00:00
|
|
|
function check_prerequisites(){
|
|
|
|
set +e
|
|
|
|
local answer
|
|
|
|
type "$1" > /dev/null 2>&1
|
|
|
|
RESULT=$?
|
|
|
|
if [[ $RESULT != 0 ]];then
|
|
|
|
printf "$1 is not installed, do your want to install it [y/N]?"
|
|
|
|
read -r -n 1 -s answer;
|
|
|
|
printf "\n"
|
|
|
|
if [[ $answer == [yY] ]];then
|
|
|
|
sudo zypper --non-interactive install "$1"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
set -e
|
|
|
|
}
|
|
|
|
|
|
|
|
function do_salt_call(){
|
2021-09-24 12:04:48 +00:00
|
|
|
local salt="sudo salt-call --local --file-root $SCRIPTDIR/salt/states --pillar-root $SCRIPTDIR/salt/pillars --module-dirs=$SCRIPTDIR/salt/modules"
|
2021-09-22 07:06:10 +00:00
|
|
|
new_log "Running salt high state"
|
|
|
|
if asktobreak;then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
$salt state.apply pillar="{username: $USER}"
|
|
|
|
}
|
|
|
|
|
2021-09-22 09:48:11 +00:00
|
|
|
function configure_network(){
|
|
|
|
new_log "Configure network"
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
2021-09-22 10:30:23 +00:00
|
|
|
eval $(parse_yaml salt/pillars/network.sls "SALT_")
|
|
|
|
if [[ -f salt/pillars/local.sls ]];then
|
|
|
|
eval $(parse_yaml salt/pillars/local.sls "SALT_")
|
|
|
|
fi
|
2021-09-22 14:33:00 +00:00
|
|
|
#configure internal interface
|
|
|
|
sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.addresses "${SALT_network_ip}/${SALT_network_netmask}"
|
2021-09-22 10:30:23 +00:00
|
|
|
sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2"
|
|
|
|
sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.method manual
|
|
|
|
sudo nmcli connection down "$SALT_network_interface_internal"
|
|
|
|
sudo nmcli connection up "$SALT_network_interface_internal"
|
2021-09-22 14:33:00 +00:00
|
|
|
|
2021-10-13 09:33:38 +00:00
|
|
|
#configure wireless AP
|
|
|
|
sudo nmcli connection add type wifi ifname "$SALT_network_interface_wireless" mode ap con-name tlu-ap ssid "Transportable Lab Unit"
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless.band bg
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless.channel 6
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless-security.key-mgmt wpa-psk
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless-security.proto rsn
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless-security.group ccmp
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless-security.pairwise ccmp
|
|
|
|
sudo nmcli connection modify tlu-ap 802-11-wireless-security.psk "$SALT_network_wifipass"
|
|
|
|
sudo nmcli connection modify tlu-ap ipv4.addr "${SALT_network_ap}/${SALT_network_netmask}"
|
|
|
|
sudo nmcli connection modify tlu-ap ipv4.gateway "${SALT_network_ip}"
|
|
|
|
sudo nmcli connection modify tlu-ap ipv4.dns "${SALT_network_ip}"
|
|
|
|
sudo nmcli connection modify tlu-ap ipv4.method manual
|
|
|
|
sudo nmcli connection up tlu-ap
|
|
|
|
|
2021-09-22 14:33:00 +00:00
|
|
|
#configure external interface
|
2021-09-22 10:30:23 +00:00
|
|
|
sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto
|
|
|
|
sudo nmcli connection up "$SALT_network_interface_external"
|
2021-09-22 14:33:00 +00:00
|
|
|
|
|
|
|
#configure vlan interfaces
|
|
|
|
local len=${#SALT_network_vlan__id[@]}
|
|
|
|
for (( i=0; i<$len; i++ ));do
|
|
|
|
ifname="vlan.${SALT_network_vlan__id[$i]}"
|
|
|
|
if [[ $(nmcli connection show | grep -i "$ifname" | wc -l) == 0 ]]; then
|
|
|
|
sudo nmcli connection add type vlan con-name "$ifname" ifname "$ifname" dev "$SALT_network_interface_internal" id "${SALT_network_vlan__id[$i]}"
|
|
|
|
fi
|
|
|
|
sudo nmcli connection modify "$ifname" ipv4.addresses "${SALT_network_vlan__address[$i]}/${SALT_network_vlan__netmask[$i]}"
|
|
|
|
sudo nmcli connection modify "$ifname" ipv4.method manual
|
|
|
|
sudo nmcli connection up "$ifname"
|
|
|
|
done
|
2021-09-22 09:48:11 +00:00
|
|
|
|
|
|
|
|
|
|
|
}
|
2021-09-22 07:06:10 +00:00
|
|
|
|
2021-09-25 14:56:16 +00:00
|
|
|
function rmt_sync(){
|
|
|
|
new_log "Sync RMT Database with SUSE Customer Center"
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
sudo rmt-cli sync
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
function rmt_enable_products(){
|
|
|
|
new_log "Enable the following products in RMT?"
|
|
|
|
eval $(parse_yaml salt/pillars/rmt.sls "SALT_")
|
|
|
|
if [[ -f salt/pillars/local.sls ]];then
|
|
|
|
eval $(parse_yaml salt/pillars/local.sls "SALT_")
|
|
|
|
fi
|
|
|
|
for name in "${SALT_rmt_products__name[@]}"; do
|
|
|
|
echo " * $name"
|
|
|
|
done
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
sudo rmt-cli products enable "${SALT_rmt_products__id[*]}"
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
function rmt_mirror(){
|
|
|
|
new_log "Mirror all repositories"
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
sudo rmt-cli mirror all
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2021-09-26 13:05:08 +00:00
|
|
|
function image_load(){
|
|
|
|
new_log "Pre Load all Images"
|
|
|
|
for d in "$SCRIPTDIR"/image-lists/*/ ; do
|
|
|
|
name="${d::-1}"
|
|
|
|
name="${name##*/}"
|
|
|
|
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
|
|
|
|
version="${prdir::-1}"
|
|
|
|
version="${version##*/}"
|
|
|
|
echo " * $name $version"
|
|
|
|
done
|
|
|
|
done
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
for d in "$SCRIPTDIR"/image-lists/*/ ; do
|
|
|
|
name="${d::-1}"
|
|
|
|
name="${name##*/}"
|
|
|
|
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
|
|
|
|
version="${prdir::-1}"
|
|
|
|
version="${version##*/}"
|
|
|
|
for f in $prdir/*.txt; do
|
|
|
|
echo "Loading $name $version - ${f##*/}"
|
|
|
|
cat $f | while read line
|
|
|
|
do
|
|
|
|
sudo podman image pull "$line"
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
function install_tools(){
|
|
|
|
new_log "Install client tools"
|
|
|
|
echo "- kubectl"
|
|
|
|
echo "- heml"
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
set +e
|
|
|
|
|
|
|
|
echo "---- kubectl ----"
|
|
|
|
cd $HOME/bin
|
|
|
|
if [[ -f kubectl ]]; then
|
|
|
|
KUBECTL_CURRENT=$(./kubectl version 2> /dev/null| sed -n 's/.* GitVersion:"\(v[0-9]*\.[0-9]*\.[0-9]*\)".*/\1/p')
|
|
|
|
else
|
|
|
|
KUBECTL_CURRENT="N/A"
|
|
|
|
fi
|
|
|
|
KUBECTL_STABLE="$(curl -L -s https://dl.k8s.io/release/stable.txt)"
|
|
|
|
echo "Installed version: $KUBECTL_CURRENT"
|
|
|
|
echo "Latest stable version: $KUBECTL_STABLE"
|
|
|
|
if [[ "$KUBECTL_CURRENT" != "$KUBECTL_STABLE" ]]; then
|
|
|
|
curl -LO https://dl.k8s.io/release/$KUBECTL_STABLE/bin/linux/amd64/kubectl
|
|
|
|
chmod +x kubectl
|
|
|
|
fi
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
|
|
echo "---- helm ----"
|
|
|
|
if [[ -f helm ]]; then
|
|
|
|
HELM_CURRENT=$(./helm version | sed -n 's/.*Version:"\(v[0-9]*\.[0-9]*\.[0-9]*\)".*/\1/p')
|
|
|
|
else
|
|
|
|
HELM_CURRENT="N/A"
|
|
|
|
fi
|
|
|
|
HELM_STABLE="$(curl -Ls https://github.com/helm/helm/releases | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')"
|
|
|
|
echo "Installed version: $HELM_CURRENT"
|
|
|
|
echo "Latest stable version: $HELM_STABLE"
|
|
|
|
if [[ "$HELM_CURRENT" != "$HELM_STABLE" ]]; then
|
|
|
|
curl -LO https://get.helm.sh/helm-$HELM_STABLE-linux-amd64.tar.gz
|
|
|
|
tar xvzf helm-$HELM_STABLE-linux-amd64.tar.gz --strip-components=1 linux-amd64/helm
|
|
|
|
rm helm-$HELM_STABLE-linux-amd64.tar.gz
|
|
|
|
fi
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
set -e
|
|
|
|
}
|
|
|
|
|
2021-09-26 14:04:05 +00:00
|
|
|
function airgap(){
|
|
|
|
new_log "Prepair manifests for airgapped installs"
|
|
|
|
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
|
|
|
|
version="${dir::-1}"
|
|
|
|
version="${version##*/}"
|
|
|
|
echo " * Rancher $version"
|
|
|
|
done
|
|
|
|
if asktobreak; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
cd $SCRIPTDIR/airgap
|
|
|
|
|
|
|
|
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
|
|
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
|
|
helm repo update
|
|
|
|
|
|
|
|
|
|
|
|
#createing manifests for cert-manager
|
|
|
|
helm fetch jetstack/cert-manager --version v1.5.1
|
|
|
|
if [[ ! -d ./manifests/cert-manager-v1.5.1 ]];then
|
|
|
|
mkdir -p ./manifests/cert-manager-v1.5.1
|
|
|
|
fi
|
|
|
|
helm template cert-manager ./cert-manager-v1.5.1.tgz --output-dir ./manifests/cert-manager-v1.5.1 \
|
|
|
|
--namespace cert-manager
|
|
|
|
#--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller \
|
|
|
|
#--set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook \
|
|
|
|
#--set cainjector.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-cainjector
|
|
|
|
curl -L -o ./manifests/cert-manager-v1.5.1/cert-manager-crd.yaml \
|
|
|
|
https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
|
|
|
|
|
|
|
|
#creating manifests for Rancher
|
|
|
|
|
|
|
|
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
|
|
|
|
version="${dir::-1}"
|
|
|
|
version="${version##*/}"
|
|
|
|
|
|
|
|
helm template rancher ./rancher-${version#?}.tgz --output-dir ./manifests/Rancher-$version \
|
|
|
|
--no-hooks \
|
|
|
|
--namespace cattle-system \
|
|
|
|
--set useBundledSystemChart=true # Use the packaged Rancher system charts
|
|
|
|
#--set hostname=<RANCHER.YOURDOMAIN.COM> \
|
|
|
|
#--set certmanager.version=<CERTMANAGER_VERSION> \
|
|
|
|
#--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
|
|
|
|
#--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Set a default private registry to be used in Rancher
|
|
|
|
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2021-09-22 07:06:10 +00:00
|
|
|
#########################
|
|
|
|
#
|
|
|
|
# Main Script
|
|
|
|
#
|
|
|
|
########################
|
|
|
|
|
|
|
|
#initialize all options
|
|
|
|
ALL=true
|
|
|
|
SALT=false
|
2021-09-22 09:48:11 +00:00
|
|
|
NETWORK=false
|
2021-09-22 07:06:10 +00:00
|
|
|
ANSWER_YES=false
|
2021-09-25 14:56:16 +00:00
|
|
|
RMT_SYNC=false
|
|
|
|
RMT_MIRROR=false
|
|
|
|
RMT_ENABLE_PRODUCTS=false
|
2021-09-26 13:05:08 +00:00
|
|
|
IMAGE_LOAD=false
|
|
|
|
INSTALL_TOOLS=false
|
2021-09-26 14:04:05 +00:00
|
|
|
AIRGAP=false
|
2021-09-22 07:06:10 +00:00
|
|
|
|
|
|
|
while :; do
|
|
|
|
case ${1-noop} in
|
|
|
|
-h|-\?|--help)
|
|
|
|
printHelp
|
|
|
|
exit
|
|
|
|
;;
|
|
|
|
-s|--salt)
|
|
|
|
SALT=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
2021-09-22 09:48:11 +00:00
|
|
|
-N|--network)
|
|
|
|
NETWORK=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
2021-09-22 07:06:10 +00:00
|
|
|
-y|--yes)
|
|
|
|
ANSWER_YES=true
|
|
|
|
;;
|
2021-09-25 14:56:16 +00:00
|
|
|
--rmt-sync)
|
|
|
|
RMT_SYNC=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
|
|
|
--rmt-mirror)
|
|
|
|
RMT_MIRROR=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
|
|
|
--rmt-enable-products)
|
|
|
|
RMT_ENABLE_PRODUCTS=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
2021-09-26 13:05:08 +00:00
|
|
|
-i|--image-load)
|
|
|
|
IMAGE_LOAD=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
|
|
|
-t|--tools)
|
|
|
|
INSTALL_TOOLS=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
2021-09-26 14:04:05 +00:00
|
|
|
-a|--airgap)
|
|
|
|
AIRGAP=true
|
|
|
|
ALL=false
|
|
|
|
;;
|
2021-09-22 07:06:10 +00:00
|
|
|
--) #End of all options
|
|
|
|
shift
|
|
|
|
break
|
|
|
|
;;
|
|
|
|
-?*)
|
|
|
|
printf "'%s' is not a valid option\n" "$1" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
*) #Break out of case, no more options
|
|
|
|
break
|
|
|
|
esac
|
|
|
|
shift
|
|
|
|
done
|
|
|
|
|
|
|
|
for cmd in git salt-minion curl;do
|
|
|
|
check_prerequisites "$cmd"
|
|
|
|
done
|
|
|
|
|
2021-09-22 09:48:11 +00:00
|
|
|
[[ $ALL == true ]] || [[ $NETWORK == true ]] && configure_network
|
2021-09-22 07:06:10 +00:00
|
|
|
[[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
|
2021-09-25 14:56:16 +00:00
|
|
|
[[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
|
|
|
|
[[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products
|
|
|
|
[[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror
|
2021-09-26 13:05:08 +00:00
|
|
|
[[ $ALL == true ]] || [[ $IMAGE_LOAD == true ]] && image_load
|
|
|
|
[[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools
|
2021-09-26 14:04:05 +00:00
|
|
|
[[ $ALL == true ]] || [[ $AIRGAP == true ]] && airgap
|
2021-09-25 14:56:16 +00:00
|
|
|
|
2021-09-22 07:06:10 +00:00
|
|
|
|
|
|
|
printf "\n DONE!!!!!!!\n"
|
|
|
|
|