-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·414 lines (376 loc) · 12.4 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
#!/bin/bash
### install.sh
### automate installation tasks for SCOT4
HELM_VERSION="v3.14.3" # update to latest version you want
SERVERNAME="" # the dns name you plan on using to acces this scot server
REPOSERVER="x" # where to get the containers from
REG_SECRET="x" # the secret you need (if any) to pull the containers
REG_SECRET_NAME="x" # the name of the previous secret
AIRFLOW="airflow-server" # if you have an airflow server, refer to it here
S3SERVER="minio-server" # if you have a minio or other S3 server
TLS_CRT_FILE="" # point to a crt certificate file
TLS_KEY_FILE="" # point to a key certificate file
SQLALCHEMY_DATABASE_URI="x" # set this if you already have a database to use
PAUSE="false" # pause the script at strategic points, useful debugging
REPLICAS=1 # number of api replical pods, 2 for testing on small
# vm. up this to 16 or so for larger production
SURGE=1 # surge setting, increase this for production
TYPE="OS"
determine_os () {
if [ -f /etc/redhat-release ]; then
OS='RHEL'
fi
if [ -f /etc/debian_version ]; then
OS='Ubuntu'
fi
}
usage() {
cat <<EOF 1>&2
Usage: $0 [ options ]
-b REPLICAS set the number of API server replicas to create
-c TLS_CRT_FILE set the fully qualified filename for your TLS Cert file
-d SQLALCHEMY_URI set the SQLALCHEMY_DATABASE_URI necessary to connect to your database
(only necessary if using an existing DB)
-e SURGE set the surge limit for the API server
-g pause script after displaying variables set
-h VERSION sets Helm version to download, defaults to $HELM_VERSION
-i IPADDR IP address server will listen on for SCOT traffic
-k TLS_KEY_FILE set the fully qualified filename for your TLS Key file
-n NO_PROXY set the no_proxy env var (if not set in env)
-P HTTPS_PROXY set the proxy for https communications (if not set in env)
-p HTTP_PROXY set the proxy for http communications (if not set in env)
-r REPOSERVER set the Container Registry Servername[:port]
-s SERVERNAME set the servername for this scot instance, usually, scot4
-t TYPE OS (default) | dev | qual | prod
-x REG_SECRET set the pull secret for the Container Registry
-y REG_SECRET_NAME the name of the pull secret
EOF
}
determine_os
if [ "$EUID" != "0" ]; then
echo "!!!! ---- THIS SCRIPT MUST BE RUN AS ROOT! ---- !!!!"
echo "try: sudo $0"
exit 1;
fi
while getopts "b:c:d:e:gh:i:k:n:P:p:r:s:t:x:y:" options; do
echo "Option ${options} = ${OPTARG}"
case "${options}" in
b)
REPLICAS=${OPTARG}
;;
c)
TLS_CRT_FILE=${OPTARG}
;;
d)
SQLALCHEMY_DATABASE_URI=${OPTARG}
INTERNAL_DB="false"
;;
e)
SURGE=${OPTARG}
;;
g)
PAUSE="true"
;;
h)
HELM_VERSION=${OPTARG}
;;
i)
IPADDR=${OPTARG}
;;
k)
TLS_KEY_FILE=${OPTARG}
;;
n)
NO_PROXY=${OPTARG}
no_proxy=${OPTARG}
;;
P)
HTTPS_PROXY=${OPTARG}
https_proxy=${OPTARG}
;;
p)
HTTP_PROXY=${OPTARG}
http_proxy=${OPTARG}
;;
r)
REPOSERVER=${OPTARG}
;;
s)
SERVERNAME=${OPTARG}
;;
t)
TYPE=${OPTARG}
;;
x)
REG_SECRET=${OPTARG}
;;
y)
REG_SECRET_NAME=${OPTARG}
;;
:)
echo "Error: -${OPTARG} requires an argument."
usage
exit 1
;;
*)
echo "Unknown option provided"
usage
exit 1
;;
\?)
usage
exit 0
;;
esac
done
# Ask User for Server Name: e.g. scot4-dev
if [ "$SERVERNAME" = "" ]; then
SERVERDEFAULT=$(hostname)
echo "==="
echo "=== Please enter the hostname for your SCOT instance. "
echo "=== (press enter to use default $SERVERDEFAULT)"
echo "==="
read -p 'Server name => ' SERVERNAME
if [ "$SERVERNAME" = "" ]; then
SERVERNAME=$SERVERDEFAULT
fi
fi
if [ "$SERVERNAME" = "localhost.localdomain" ]; then
echo "--- removing localdomain from hostname $SERVERNAME"
SERVERNAME="localhost"
fi
# Ask user for location of TLS .crt and .key files
if [ "$TLS_KEY_FILE" = "" ]; then
echo "==="
echo "=== Please enter the fully qualified path to your TLS .key file"
echo "=== (press <enter> to create self-signed cert)"
echo "==="
read -p 'KEY File => ' TLS_KEY_FILE
fi
if [ "$TLS_CRT_FILE" = "" ]; then
echo "==="
echo "=== Please enter the fully qualified path to your TLS .crt file"
echo "=== (press <enter> to create self-signed cert)"
echo "==="
read -p 'CRT File => ' TLS_CRT_FILE
fi
if [ "$TLS_CRT_FILE" = "" ] && [ "$TLS_KEY_FILE" = "" ];then
SD="/home/scot4/.scotssl"
if [ -f "$SD/$SERVERNAME.crt" ] && [ -f "$SD/$SERVERNAME.csr" ] && [ -f "$SD/$SERVERNAME.key" ]; then
echo "Using existing self signed certs..."
TLS_CRT_FILE="$SD/$SERVERNAME.crt"
TLS_KEY_FILE="$SD/$SERVERNAME.key"
else
echo "Self Signed Cert Generation Begins..."
echo "!!!"
echo "!!! Note: use $SERVERNAME when prompted for Common Name"
echo "!!!"
TARGETDIR="/home/scot4/.scotssl"
mkdir -p $TARGETDIR
KEYFILE="$TARGETDIR/$SERVERNAME.key"
CSRFILE="$TARGETDIR/$SERVERNAME.csr"
CRTFILE="$TARGETDIR/$SERVERNAME.crt"
openssl genrsa -out $KEYFILE 2048
openssl req -key $KEYFILE -new -out $CSRFILE
openssl x509 -signkey $KEYFILE -in $CSRFILE -req -days 365 -out $CRTFILE
TLS_CRT_FILE=$CRTFILE
TLS_KEY_FILE=$KEYFILE
chown -R scot4 $TARGETDIR
fi
fi
if [ "$IPADDR" = "" ]; then
echo "==="
echo "=== IPADDR not SET. Select FROM IP addresses below:"
echo "==="
PS3="Select Number of IP Address > "
IPS=$(ip -4 -o addr show scope global | awk '{gsub(/\/.*/,"",$4); print $4}')
select IPADDR in $IPS
do
break
done
echo "=== IPADDR selected = $IPADDR"
fi
if [ "$HTTPS_PROXY" = "" ]; then
echo "==="
echo "=== HTTPS_PROXY NOT SET. If you are behind a proxy you will need "
echo "=== to set this variable. Press enter to leave it unset."
echo "==="
read -p 'HTTPS_PROXY => ' HTTPS_PROXY
https_proxy="$HTTPS_PROXY"
fi
if [ "$HTTP_PROXY" = "" ]; then
echo "==="
echo "=== HTTPS_PROXY NOT SET. If you are behind a proxy you will need "
echo "=== to set this variable. Press enter to leave it unset."
echo "==="
read -p 'HTTP_PROXY => ' HTTPS_PROXY
http_proxy="$HTTP_PROXY"
fi
if [ "$NO_PROXY" = "" ] && [ "$HTTPS_PROXY" = "" ] && [ "$HTTP_PROXY" = "" ]; then
echo "no proxy is a good proxy" # no need to worry about no_proxy
else
echo "http(s) proxies set, checking no_proxy"
if [ "$NO_PROXY" = "" ]; then
DEFNOPROXY="127.0.0.1,localhost,::1,10.,172.16.,192.168.,*.local,.local,169.254/16,$IPADDR"
echo "==="
echo "=== NO_PROXY NOT SET. If you are behind a proxy you will need "
echo "=== to set this variable. Press enter to accept default."
echo "=== enter 'none' to leave blank"
echo "=== default = $DEFNOPROXY"
echo "==="
read -p 'NO_PROXY => ' NO_PROXY
if [ "$NO_PROXY" = "" ]; then
NO_PROXY=$DEFNOPROXY
fi
if [ "$NO_PROXY" = "none" ]; then
NO_PROXY=""
fi
no_proxy="$NO_PROXY"
else
NO_PROXY="$NO_PROXY,$IPADDR"
no_proxy="$NO_PROXY"
fi
fi
# I hate proxies
export NO_PROXY no_proxy HTTP_PROXY http_proxy HTTPS_PROXY https_proxy
echo ""
echo "Installing SCOT4 "
echo " OS = $OS"
echo " Server Name = $SERVERNAME"
echo " Helm Version = $HELM_VERSION"
echo " TLS CRT FILE = $TLS_CRT_FILE"
echo " TLS_KEY_FILE = $TLS_KEY_FILE"
echo " SQLAlchemy URI = $SQLALCHEMY_DATABASE_URI"
echo " HTTPS_PROXY = $HTTPS_PROXY"
echo " HTTP_PROXY = $HTTP_PROXY"
echo " NO_PROXY = $NO_PROXY"
echo " IPADDR = $IPADDR"
echo " REPOSERVER = $REPOSERVER"
echo " REG_SECRET_NAME = $REG_SECRET_NAME"
echo " REG_SECRET = $REG_SECRET"
echo ""
if [ $PAUSE = "true" ];then
read -p "Enter to proceed..." FOO
fi
if getent passwd scot4 > /dev/null 2>&1; then
echo "User scot4 already exists..."
else
echo "Adding scot4 User..."
useradd -m -s /bin/bash -c "SCOT4 User" scot4
fi
# Install K3s
if ! type k3s >/dev/null 2>/dev/null; then
echo "Installing k3s..."
curl -sfLl https://get.k3s.io |
INSTALL_K3S_EXEC="--prefer-bundled-bin --disable-cloud-controller" sh -
if [ $? -ne 0 ]; then
echo "!!! Download of K3s failed !!!"
exit 1
fi
else
echo "K3S already installed."
fi
# update /etc/systemd/system/k3s.service.env with proxy information
KENV="/etc/systemd/system/k3s.service.env"
if [ -f $KENV ]; then
echo "Backing up existing $KENV to $KENV.bak"
mv $KENV $KENV.bak
fi
cat > $KENV <<EOF
http_proxy="$http_proxy"
HTTP_PROXY="$HTTP_PROXY"
https_proxy="$https_proxy"
HTTPS_PROXY="$HTTPS_PROXY"
no_proxy="$no_proxy"
NO_PROXY="$NO_PROXY"
EOF
systemctl daemon-reload
systemctl restart k3s
# install Helm
if ! type helm >/dev/null 2>/dev/null; then
echo "Installing Helm..."
HELM_TAR="helm-$HELM_VERSION-linux-amd64.tar.gz"
curl -sfl -o /tmp/$HELM_TAR https://get.helm.sh/$HELM_TAR
if [ $? -ne 0 ]; then
echo "!!! Download of HELM failed !!!"
exit 1
fi
tar zxvf /tmp/$HELM_TAR -C /tmp
mv /tmp/linux-amd64/helm /usr/local/bin/helm
else
echo "Helm already installed."
fi
# Adjust Firewall rules
# Necessary Firewall Tweaks https://docs.k3s.io/installation/requirements?os=rhel
# The port 6443 rule isn't required as this is a single node install
if [ "$OS" = "RHEL" ]; then
# api server
# firewall-cmd --permanent --add-port=6443/tcp
# pods
firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16
# services
firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16
firewall-cmd --reload
else
# Ubuntu
# api server port
# uncmment 6443 rule if multi node install
# ufw allow 6443/tcp
# pods
ufw allow from 10.42.0.0/16 to any
# services
ufw allow from 10.43.0.0/16 to any
fi
if ! type pip; then
echo "Installing PIP..."
if [ "$OS" = "RHEL" ];then
yum -y install pip
else
sudo apt-get -y install python3-pip
fi
fi
# Install kubectl tab-completion and allow alias to work as well
BASHRC=/home/scot4/.bashrc
mkdir -p ~scot4/.kube
cp /etc/rancher/k3s/k3s.yaml ~scot4/.kube/config
chown -R scot4:scot4 ~scot4/.kube
KUBECTL=/usr/local/bin/kubectl
echo "Examining $BASHRC for alias and tab completions"
if ! grep -q "KUBECONFIG" $BASHRC; then
echo "export KUBECONFIG=~scot4/.kube/config" >> $BASHRC
export KUBECONFIG="~scot4/.kube/config"
fi
if ! grep -q "alias k=$KUBECTL" $BASHRC; then
echo "alias k=$KUBECTL" >> $BASHRC
fi
if ! grep -q "source <($KUBECTL" $BASHRC; then
echo "source <($KUBECTL completion bash)" >> $BASHRC
fi
if ! grep -q "complete -o default -F __start_kubectl k" $BASHRC; then
echo "complete -o default -F __start_kubectl k" >> $BASHRC
fi
if ! grep -q "$KUBECTL config set-context" $BASHRC; then
echo "$KUBECTL config set-context --current --namespace=scot4" >> $BASHRC
fi
chown -R scot4:scot4 /home/scot4/.bashrc
# Disable swap because kubernetes likes that off
echo "Disabling swap, because thats how Kubernetes likes to roll"
swapoff -a
# find any line with swap in it and place one # at the beginning of the line
sed -e '/swap/ s/^#*/#/' -i /etc/fstab
# run rest of script as scot4 user
sudo -i -u scot4 ~scot4/scot4/install2.sh \
-a $AIRFLOW \
-b $REPLICAS \
-c $TLS_CRT_FILE \
-d $SQLALCHEMY_DATABASE_URI \
-e $SURGE \
-k $TLS_KEY_FILE \
-m $S3SERVER \
-n $REG_SECRET_NAME \
-r $REPOSERVER \
-s $SERVERNAME \
-t $REG_SECRET \
-v $TYPE
exit 0