Undercloud/undercloud-infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
root
2026-02-28 15:30:45 +00:00
parent 8759fddd95
commit 12e81a5aa4
4 changed files with 1203 additions and 1203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

396
terraform/control-plane1.bu
View File

@@ -23,9 +23,6 @@ storage:
mode: 0755
- path: /var/lib/undercloud-stamps
mode: 0755
- path: /var/lib/rsyslog
overwrite: true
mode: 0755
files:
- path: /etc/hostname
@@ -156,41 +153,6 @@ storage:
mode: 0755
contents:
source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/velero"
- path: /opt/bin/rsyslogd
mode: 0755
contents:
source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/rsyslogd"
- path: /etc/systemd/journald.conf.d/10-forward-to-syslog.conf
mode: 0644
contents:
inline: |
[Journal]
ForwardToSyslog=yes
Syslog=yes
- path: /etc/rsyslog.conf
mode: 0644
contents:
inline: |
# Minimal rsyslog: receive from journald syslog socket and forward to remote
global(workDirectory="/var/lib/rsyslog")
# This is the important part: pick up what journald forwards when ForwardToSyslog=yes
module(load="imuxsock" SysSock.Name="/run/systemd/journal/syslog")
# Forward everything to your syslog server (TCP recommended)
action(
type="omfwd"
target="syslog.undercloud.local"
port="514"
protocol="tcp"
action.resumeRetryCount="-1"
queue.type="linkedList"
queue.size="50000"
)
- path: /etc/kubernetes/kubeadm-init.yaml
mode: 0644
@@ -290,40 +252,9 @@ storage:
selector:
k8s-app: kube-dns
systemd:
units:
- name: rsyslog.service
enabled: true
contents: |
[Unit]
Description=rsyslog (journald -> remote syslog)
Wants=network-online.target
After=network-online.target systemd-journald.service
Requires=systemd-journald.service
[Service]
Type=simple
ExecStart=/opt/bin/rsyslogd -n -f /etc/rsyslog.conf
Restart=always
RestartSec=2
[Install]
WantedBy=multi-user.target
# --- Boot entrypoint: only this target is enabled at boot ---
- name: undercloud-bootstrap.target
enabled: true
contents: |
[Unit]
Description=Undercloud Bootstrap Chain
Wants=network-online.target
After=network-online.target
# Start the chain entry
Wants=containerd.service kubelet.service kubeadm-init.service
After=containerd.service kubelet.service kubeadm-init.service
[Install]
WantedBy=multi-user.target
- name: modules-load.service
enabled: true
contents: |
@@ -333,6 +264,7 @@ systemd:
[Service]
Type=oneshot
ExecStart=/usr/bin/modprobe br_netfilter
ExecStart=/usr/bin/modprobe overlay
RemainAfterExit=yes
@@ -349,9 +281,11 @@ systemd:
[Unit]
Description=containerd container runtime
After=network.target modules-load.service
Wants=modules-load.service
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
ExecStart=/usr/bin/containerd
Restart=always
RestartSec=5
@@ -369,15 +303,17 @@ systemd:
Description=Set Timezone
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "setting timezone to Europe/Berlin"'
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
ExecStart=/usr/bin/timedatectl set-ntp true
ExecStart=/bin/sh -c 'echo "setting timezone to Europe/Berlin"'
StandardOutput=journal+console
StandardError=journal+console
Type=oneshot
Restart=on-failure
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
ExecStart=/usr/bin/timedatectl set-ntp true
[Install]
WantedBy=multi-user.target
@@ -386,32 +322,32 @@ systemd:
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home
Documentation=https://kubernets.io/docs/home
Wants=network-online.target
After=network-online.target containerd.service
Requires=containerd.service
After=network-online.target
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
#EnvironmentFile=/run/metadata/coreos
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
# --- Chain step 1 ---
- name: kubeadm-init.service
enabled: false
enabled: true
contents: |
[Unit]
Description=Kubeadm Init Cluster
Wants=network-online.target
After=network-online.target containerd.service kubelet.service
Requires=containerd.service kubelet.service
Wants=network-online.target
ConditionPathExists=!/etc/kubernetes/kubelet.conf
[Service]
@@ -419,202 +355,230 @@ systemd:
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "kubeadm-init.service started..."'
# Environment
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/
ExecStart=/bin/sh -eu -c '\
echo "[kubeadm-init] started..." ; \
echo "[kubeadm-init] waiting for containerd socket..." ; \
for i in $(seq 1 60); do test -S /run/containerd/containerd.sock && break; sleep 1; done ; \
echo "[kubeadm-init] running kubeadm init..." ; \
/opt/bin/kubeadm init --upload-certs --config=/etc/kubernetes/kubeadm-init.yaml ; \
echo "[kubeadm-init] copying kubeconfig to core..." ; \
mkdir -p /home/core/.kube ; \
cp -f /etc/kubernetes/admin.conf /home/core/.kube/config ; \
chown core:core /home/core/.kube/config ; \
echo "[kubeadm-init] done." \
'
# strictly start next step (serialization)
ExecStartPost=/usr/bin/systemctl start install-calico.service
ExecStartPre=/bin/sleep 30s
ExecStart=/bin/sh -c 'echo "running kubeadm init..."'
ExecStart=/opt/bin/kubeadm init --upload-certs --config=/etc/kubernetes/kubeadm-init.yaml
# copy files for kubectl
ExecStart=/bin/sh -c 'echo "copying files (admin.conf) to core home folder."'
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=undercloud-bootstrap.target
# --- Chain step 2 ---
WantedBy=multi-user.target
- name: install-calico.service
enabled: false
enabled: true
contents: |
[Unit]
Description=Install Calico
Requires=kubeadm-init.service
Wants=kubeadm-init.service
After=kubeadm-init.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-calico.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "install.calico.service started..."'
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
ExecStart=/bin/sh -eu -c '\
echo "[calico] waiting for API /readyz..." ; \
for i in $(seq 1 180); do kubectl get --raw=/readyz >/dev/null 2>&1 && break; sleep 2; done ; \
echo "[calico] create namespace + operator..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/namespace.yaml ; \
kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/operator-crds.yaml || true ; \
kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/tigera-operator.yaml || true ; \
echo "[calico] wait for tigera-operator..." ; \
kubectl wait deployment -n tigera-operator tigera-operator --for condition=Available=True --timeout=1200s ; \
echo "[calico] apply custom resources..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/custom-resources.yaml ; \
echo "[calico] wait for calico-apiserver..." ; \
kubectl wait deployment -n calico-apiserver calico-apiserver --for condition=Available=True --timeout=1200s ; \
echo "[calico] apply peers + pools..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/calico-peer.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/ippools.yaml ; \
echo "[calico] done." \
'
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "witing 30s..."'
ExecStart=/bin/sleep 30s
ExecStart=/bin/sh -c 'echo "create calico namespace..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/namespace.yaml
ExecStart=/bin/sh -c 'echo "install tigera operator..."'
ExecStart=-/opt/bin/kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/operator-crds.yaml
ExecStart=-/opt/bin/kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/tigera-operator.yaml
ExecStart=/bin/sh -c 'echo "witing 60s..."'
ExecStart=/bin/sleep 60s
ExecStart=/bin/sh -c 'echo "witing for tigera operator... (20mini max)"'
ExecStart=/opt/bin/kubectl wait deployment -n tigera-operator tigera-operator --for condition=Available=True --timeout=1200s
ExecStart=/bin/sh -c 'echo "create clico custom ressources..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/custom-resources.yaml
ExecStart=/bin/sh -c 'echo "witing 3m.."'
ExecStart=/bin/sleep 3m
#ExecStart=/bin/sh -c 'echo "apply calico (calico-apiserver)..."'
#ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/calico.yaml
#ExecStart=/bin/sh -c 'echo "witing 1m..."'
#ExecStart=/bin/sleep 2m
ExecStart=/bin/sh -c 'echo "witing calico-apiserver... (20mini max)"'
ExecStart=/opt/bin/kubectl wait deployment -n calico-apiserver calico-apiserver --for condition=Available=True --timeout=1200s
ExecStart=/bin/sh -c 'echo "witing 120s..."'
ExecStart=/bin/sleep 2m
ExecStart=/bin/sh -c 'echo "apply calico-peers..."'
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/calico-peer.yaml
ExecStart=/bin/sh -c 'echo "witing 60s..."'
ExecStart=/bin/sleep 1m
ExecStart=/bin/sh -c 'echo "apply calico-ippools..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/ippools.yaml
#ExecStart=/bin/sh -c 'echo "witing for whisker.."'
#ExecStart=/opt/bin/kubectl wait deployment -n calico-system whisker --for condition=Available=True --timeout=1200s
#ExecStart=/bin/sh -c 'echo "port-forward -n calico-system service/whisker 8081:8081"'
#ExecStart=/opt/bin/kubectl port-forward -n calico-system service/whisker 8081:8081
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-calico.done
ExecStartPost=/usr/bin/systemctl start install-ceph.service
ExecStart=/usr/bin/systemctl disable install-calico.service
#RemainAfterExit=true
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=undercloud-bootstrap.target
# --- Chain step 3 ---
WantedBy=multi-user.target
- name: install-ceph.service
enabled: false
enabled: true
contents: |
[Unit]
Description=Install Ceph CSI
Requires=install-calico.service
After=install-calico.service
Wants=kubeadm-init.service
After=kubeadm-init.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-ceph.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "install.ceph.service started..."'
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "witing 30s..."'
ExecStart=/bin/sleep 30s
ExecStart=/bin/sh -c 'echo "create ceph namespace..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/namespace.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-nodeplugin-rbac.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-provisioner-rbac.yaml
ExecStart=/bin/sh -eu -c '\
echo "[ceph] waiting for API /readyz..." ; \
for i in $(seq 1 180); do kubectl get --raw=/readyz >/dev/null 2>&1 && break; sleep 2; done ; \
echo "[ceph] apply manifests..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/namespace.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-nodeplugin-rbac.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-provisioner-rbac.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/secrets.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/ceph-conf.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin-provisioner.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-config-map.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-encryption-kms-config.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csidriver.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/storage-class.yaml ; \
echo "[ceph] done." \
'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/secrets.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/ceph-conf.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin-provisioner.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-config-map.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-encryption-kms-config.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csidriver.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/storage-class.yaml
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-ceph.done
ExecStartPost=/usr/bin/systemctl start install-gitea.service
ExecStart=/usr/bin/systemctl disable install-ceph.service
#RemainAfterExit=true
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=undercloud-bootstrap.target
# --- Chain step 4 ---
WantedBy=multi-user.target
- name: install-gitea.service
enabled: false
enabled: true
contents: |
[Unit]
Description=Install Gitea
Requires=install-ceph.service
Wants=install-ceph.service
After=install-ceph.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-gitea.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
ExecStart=/bin/sh -eu -c '\
echo "[gitea] wait for ceph provisioner..." ; \
kubectl wait deployment -n ceph csi-cephfsplugin-provisioner --for condition=Available=True --timeout=1200s ; \
echo "[gitea] apply manifests..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/namespace.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/secrets.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/db.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/adminer.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/gitea.yaml ; \
echo "[gitea] wait for gitea deployment..." ; \
kubectl -n gitea wait deployment gitea --for=condition=Available=True --timeout=1200s ; \
echo "[gitea] run startup..." ; \
kubectl exec deploy/gitea -n gitea -- /bin/startup.sh ; \
echo "[gitea] done." \
'
Type=oneshot
ExecStart=/opt/bin/kubectl wait deployment -n ceph csi-cephfsplugin-provisioner --for condition=Available=True --timeout=1200s
ExecStart=/bin/sleep 4m
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/namespace.yaml
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/secrets.yaml
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/db.yaml
ExecStart=/bin/sleep 60s
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/adminer.yaml
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/gitea.yaml
ExecStart=/bin/sleep 3m
ExecStart=/opt/bin/kubectl exec deploy/gitea -n gitea -- /bin/startup.sh
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-gitea.done
ExecStartPost=/usr/bin/systemctl start install-argocd.service
ExecStart=/usr/bin/systemctl disable install-gitea.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=undercloud-bootstrap.target
# --- Chain step 5 ---
WantedBy=multi-user.target
- name: install-argocd.service
enabled: false
enabled: true
contents: |
[Unit]
Description=Install ArgoCD
Requires=install-calico.service install-gitea.service
After=install-calico.service install-gitea.service
Wants=install-calico.service
After=install-calico.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-argocd.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
Type=oneshot
ExecStart=/bin/sh -eu -c '\
echo "[argocd] wait for coredns..." ; \
kubectl -n kube-system wait deploy coredns --for=condition=Available=True --timeout=1200s ; \
echo "[argocd] install..." ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/namespace.yaml ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/install.yaml ; \
kubectl -n argocd wait deploy argocd-server --for=condition=Available=True --timeout=1200s ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/repo.yaml ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/apps.yaml ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/ingress.yaml ; \
echo "[argocd] done." \
'
ExecStart=/opt/bin/kubectl wait deployment -n kube-system coredns --for condition=Available=True --timeout=600s
ExecStart=/bin/sleep 1m
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/namespace.yaml
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/install.yaml
ExecStart=/opt/bin/kubectl wait deployment -n argocd argocd-server --for condition=Available=True --timeout=600s
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/repo.yaml
ExecStart=/bin/sleep 10s
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/apps.yaml
ExecStart=/bin/sleep 10s
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/ingress.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/repos/k8aux-bootstrap.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/repos/k8aux-apps.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/argocd.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/calico.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/rook-ceph.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/gitea.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/argocd/argocd-secret.yaml
##ExecStart=/bin/sleep 10m
#ExecStart=/opt/bin/kubectl wait deployment -n gitea gitea --for condition=Available=True --timeout=4800s
#ExecStart=/bin/sleep 10m
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://gitea.gitea.svc.k8aux.undercloud.cf:3000/undercloud/k8aux-apps/raw/branch/main/app-of-apps/app-of-apps.yaml
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-argocd.done
ExecStartPost=/usr/bin/systemctl start pin-service-ips.service
ExecStart=/usr/bin/systemctl disable install-argocd.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=undercloud-bootstrap.target
# --- Chain step 6 (final) ---
WantedBy=multi-user.target
- name: pin-service-ips.service
enabled: false
enabled: true
contents: |
[Unit]
Description=Pin fixed dual-stack ClusterIPs for kube-dns, argocd-server and whisker
Requires=install-argocd.service install-calico.service kubeadm-init.service
After=install-argocd.service install-calico.service kubeadm-init.service network-online.target
Wants=network-online.target
Wants=install-argocd.service install-calico.service kubeadm-init.service network-online.target
ConditionPathExists=!/var/lib/undercloud-stamps/pin-service-ips.done
[Service]
Type=oneshot
StandardOutput=journal+console
@@ -642,6 +606,8 @@ systemd:
'
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/pin-service-ips.done
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=undercloud-bootstrap.target
WantedBy=multi-user.target

400
terraform/control-plane1.bu.old → terraform/control-plane1.bu.mod
View File

@@ -23,6 +23,9 @@ storage:
mode: 0755
- path: /var/lib/undercloud-stamps
mode: 0755
- path: /var/lib/rsyslog
overwrite: true
mode: 0755
files:
- path: /etc/hostname
@@ -153,6 +156,41 @@ storage:
mode: 0755
contents:
source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/velero"
- path: /opt/bin/rsyslogd
mode: 0755
contents:
source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/rsyslogd"
- path: /etc/systemd/journald.conf.d/10-forward-to-syslog.conf
mode: 0644
contents:
inline: |
[Journal]
ForwardToSyslog=yes
Syslog=yes
- path: /etc/rsyslog.conf
mode: 0644
contents:
inline: |
# Minimal rsyslog: receive from journald syslog socket and forward to remote
global(workDirectory="/var/lib/rsyslog")
# This is the important part: pick up what journald forwards when ForwardToSyslog=yes
module(load="imuxsock" SysSock.Name="/run/systemd/journal/syslog")
# Forward everything to your syslog server (TCP recommended)
action(
type="omfwd"
target="syslog.undercloud.local"
port="514"
protocol="tcp"
action.resumeRetryCount="-1"
queue.type="linkedList"
queue.size="50000"
)
- path: /etc/kubernetes/kubeadm-init.yaml
mode: 0644
@@ -252,9 +290,40 @@ storage:
selector:
k8s-app: kube-dns
systemd:
units:
- name: rsyslog.service
enabled: true
contents: |
[Unit]
Description=rsyslog (journald -> remote syslog)
Wants=network-online.target
After=network-online.target systemd-journald.service
Requires=systemd-journald.service
[Service]
Type=simple
ExecStart=/opt/bin/rsyslogd -n -f /etc/rsyslog.conf
Restart=always
RestartSec=2
[Install]
WantedBy=multi-user.target
# --- Boot entrypoint: only this target is enabled at boot ---
- name: undercloud-bootstrap.target
enabled: true
contents: |
[Unit]
Description=Undercloud Bootstrap Chain
Wants=network-online.target
After=network-online.target
# Start the chain entry
Wants=containerd.service kubelet.service kubeadm-init.service
After=containerd.service kubelet.service kubeadm-init.service
[Install]
WantedBy=multi-user.target
- name: modules-load.service
enabled: true
contents: |
@@ -264,7 +333,6 @@ systemd:
[Service]
Type=oneshot
ExecStart=/usr/bin/modprobe br_netfilter
ExecStart=/usr/bin/modprobe overlay
RemainAfterExit=yes
@@ -281,11 +349,9 @@ systemd:
[Unit]
Description=containerd container runtime
After=network.target modules-load.service
Wants=modules-load.service
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
ExecStart=/usr/bin/containerd
Restart=always
RestartSec=5
@@ -303,17 +369,15 @@ systemd:
Description=Set Timezone
After=network-online.target
Wants=network-online.target
[Service]
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "setting timezone to Europe/Berlin"'
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
Type=oneshot
Restart=on-failure
ExecStart=/bin/sh -c 'echo "setting timezone to Europe/Berlin"'
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
ExecStart=/usr/bin/timedatectl set-ntp true
ExecStart=/usr/bin/timedatectl set-ntp true
[Install]
WantedBy=multi-user.target
@@ -322,32 +386,32 @@ systemd:
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernets.io/docs/home
Documentation=https://kubernetes.io/docs/home
Wants=network-online.target
After=network-online.target
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
After=network-online.target containerd.service
Requires=containerd.service
#EnvironmentFile=/run/metadata/coreos
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
# --- Chain step 1 ---
- name: kubeadm-init.service
enabled: true
enabled: false
contents: |
[Unit]
Description=Kubeadm Init Cluster
After=network-online.target containerd.service kubelet.service
Wants=network-online.target
After=network-online.target containerd.service kubelet.service
Requires=containerd.service kubelet.service
ConditionPathExists=!/etc/kubernetes/kubelet.conf
[Service]
@@ -355,230 +419,202 @@ systemd:
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "kubeadm-init.service started..."'
# Environment
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/
ExecStartPre=/bin/sleep 30s
ExecStart=/bin/sh -c 'echo "running kubeadm init..."'
ExecStart=/opt/bin/kubeadm init --upload-certs --config=/etc/kubernetes/kubeadm-init.yaml
# copy files for kubectl
ExecStart=/bin/sh -c 'echo "copying files (admin.conf) to core home folder."'
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
Restart=on-failure
RestartSec=120s
ExecStart=/bin/sh -eu -c '\
echo "[kubeadm-init] started..." ; \
echo "[kubeadm-init] waiting for containerd socket..." ; \
for i in $(seq 1 60); do test -S /run/containerd/containerd.sock && break; sleep 1; done ; \
echo "[kubeadm-init] running kubeadm init..." ; \
/opt/bin/kubeadm init --upload-certs --config=/etc/kubernetes/kubeadm-init.yaml ; \
echo "[kubeadm-init] copying kubeconfig to core..." ; \
mkdir -p /home/core/.kube ; \
cp -f /etc/kubernetes/admin.conf /home/core/.kube/config ; \
chown core:core /home/core/.kube/config ; \
echo "[kubeadm-init] done." \
'
# strictly start next step (serialization)
ExecStartPost=/usr/bin/systemctl start install-calico.service
[Install]
WantedBy=multi-user.target
WantedBy=undercloud-bootstrap.target
# --- Chain step 2 ---
- name: install-calico.service
enabled: true
enabled: false
contents: |
[Unit]
Wants=kubeadm-init.service
Description=Install Calico
Requires=kubeadm-init.service
After=kubeadm-init.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-calico.done
[Service]
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "install.calico.service started..."'
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "witing 30s..."'
ExecStart=/bin/sleep 30s
ExecStart=/bin/sh -c 'echo "create calico namespace..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/namespace.yaml
ExecStart=/bin/sh -c 'echo "install tigera operator..."'
ExecStart=-/opt/bin/kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/operator-crds.yaml
ExecStart=-/opt/bin/kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/tigera-operator.yaml
ExecStart=/bin/sh -c 'echo "witing 60s..."'
ExecStart=/bin/sleep 60s
ExecStart=/bin/sh -c 'echo "witing for tigera operator... (20mini max)"'
ExecStart=/opt/bin/kubectl wait deployment -n tigera-operator tigera-operator --for condition=Available=True --timeout=1200s
ExecStart=/bin/sh -c 'echo "create clico custom ressources..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/custom-resources.yaml
ExecStart=/bin/sh -c 'echo "witing 3m.."'
ExecStart=/bin/sleep 3m
#ExecStart=/bin/sh -c 'echo "apply calico (calico-apiserver)..."'
#ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/calico.yaml
#ExecStart=/bin/sh -c 'echo "witing 1m..."'
#ExecStart=/bin/sleep 2m
ExecStart=/bin/sh -c 'echo "witing calico-apiserver... (20mini max)"'
ExecStart=/opt/bin/kubectl wait deployment -n calico-apiserver calico-apiserver --for condition=Available=True --timeout=1200s
ExecStart=/bin/sh -c 'echo "witing 120s..."'
ExecStart=/bin/sleep 2m
ExecStart=/bin/sh -c 'echo "apply calico-peers..."'
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/calico-peer.yaml
ExecStart=/bin/sh -c 'echo "witing 60s..."'
ExecStart=/bin/sleep 1m
ExecStart=/bin/sh -c 'echo "apply calico-ippools..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/ippools.yaml
#ExecStart=/bin/sh -c 'echo "witing for whisker.."'
#ExecStart=/opt/bin/kubectl wait deployment -n calico-system whisker --for condition=Available=True --timeout=1200s
#ExecStart=/bin/sh -c 'echo "port-forward -n calico-system service/whisker 8081:8081"'
#ExecStart=/opt/bin/kubectl port-forward -n calico-system service/whisker 8081:8081
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
ExecStart=/bin/sh -eu -c '\
echo "[calico] waiting for API /readyz..." ; \
for i in $(seq 1 180); do kubectl get --raw=/readyz >/dev/null 2>&1 && break; sleep 2; done ; \
echo "[calico] create namespace + operator..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/namespace.yaml ; \
kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/operator-crds.yaml || true ; \
kubectl create -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/tigera-operator.yaml || true ; \
echo "[calico] wait for tigera-operator..." ; \
kubectl wait deployment -n tigera-operator tigera-operator --for condition=Available=True --timeout=1200s ; \
echo "[calico] apply custom resources..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/custom-resources.yaml ; \
echo "[calico] wait for calico-apiserver..." ; \
kubectl wait deployment -n calico-apiserver calico-apiserver --for condition=Available=True --timeout=1200s ; \
echo "[calico] apply peers + pools..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/calico-peer.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/calico-config/ippools.yaml ; \
echo "[calico] done." \
'
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-calico.done
ExecStart=/usr/bin/systemctl disable install-calico.service
#RemainAfterExit=true
Restart=on-failure
RestartSec=120s
ExecStartPost=/usr/bin/systemctl start install-ceph.service
[Install]
WantedBy=multi-user.target
WantedBy=undercloud-bootstrap.target
# --- Chain step 3 ---
- name: install-ceph.service
enabled: true
enabled: false
contents: |
[Unit]
Wants=kubeadm-init.service
After=kubeadm-init.service
Description=Install Ceph CSI
Requires=install-calico.service
After=install-calico.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-ceph.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "install.ceph.service started..."'
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
ExecStart=/bin/sh -c 'echo "witing 30s..."'
ExecStart=/bin/sleep 30s
ExecStart=/bin/sh -c 'echo "create ceph namespace..."'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/namespace.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-nodeplugin-rbac.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-provisioner-rbac.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/secrets.yaml
ExecStart=/bin/sh -eu -c '\
echo "[ceph] waiting for API /readyz..." ; \
for i in $(seq 1 180); do kubectl get --raw=/readyz >/dev/null 2>&1 && break; sleep 2; done ; \
echo "[ceph] apply manifests..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/namespace.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-nodeplugin-rbac.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-provisioner-rbac.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/secrets.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/ceph-conf.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin-provisioner.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-config-map.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-encryption-kms-config.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csidriver.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/storage-class.yaml ; \
echo "[ceph] done." \
'
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/ceph-conf.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin-provisioner.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-cephfsplugin.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-config-map.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csi-encryption-kms-config.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/csidriver.yaml
ExecStart=-/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/ceph/storage-class.yaml
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-ceph.done
ExecStart=/usr/bin/systemctl disable install-ceph.service
#RemainAfterExit=true
Restart=on-failure
RestartSec=120s
ExecStartPost=/usr/bin/systemctl start install-gitea.service
[Install]
WantedBy=multi-user.target
WantedBy=undercloud-bootstrap.target
# --- Chain step 4 ---
- name: install-gitea.service
enabled: true
enabled: false
contents: |
[Unit]
Wants=install-ceph.service
Description=Install Gitea
Requires=install-ceph.service
After=install-ceph.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-gitea.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
Type=oneshot
ExecStart=/opt/bin/kubectl wait deployment -n ceph csi-cephfsplugin-provisioner --for condition=Available=True --timeout=1200s
ExecStart=/bin/sleep 4m
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/namespace.yaml
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/secrets.yaml
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/db.yaml
ExecStart=/bin/sleep 60s
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/adminer.yaml
ExecStart=/opt/bin/kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/gitea.yaml
ExecStart=/bin/sleep 3m
ExecStart=/opt/bin/kubectl exec deploy/gitea -n gitea -- /bin/startup.sh
ExecStart=/bin/sh -eu -c '\
echo "[gitea] wait for ceph provisioner..." ; \
kubectl wait deployment -n ceph csi-cephfsplugin-provisioner --for condition=Available=True --timeout=1200s ; \
echo "[gitea] apply manifests..." ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/namespace.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/secrets.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/db.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/adminer.yaml ; \
kubectl apply -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/gitea/gitea.yaml ; \
echo "[gitea] wait for gitea deployment..." ; \
kubectl -n gitea wait deployment gitea --for=condition=Available=True --timeout=1200s ; \
echo "[gitea] run startup..." ; \
kubectl exec deploy/gitea -n gitea -- /bin/startup.sh ; \
echo "[gitea] done." \
'
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-gitea.done
ExecStart=/usr/bin/systemctl disable install-gitea.service
Restart=on-failure
RestartSec=120s
ExecStartPost=/usr/bin/systemctl start install-argocd.service
[Install]
WantedBy=multi-user.target
WantedBy=undercloud-bootstrap.target
# --- Chain step 5 ---
- name: install-argocd.service
enabled: true
enabled: false
contents: |
[Unit]
Wants=install-calico.service
After=install-calico.service
Description=Install ArgoCD
Requires=install-calico.service install-gitea.service
After=install-calico.service install-gitea.service
ConditionPathExists=!/var/lib/undercloud-stamps/install-argocd.done
[Service]
Type=oneshot
StandardOutput=journal+console
StandardError=journal+console
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin
Type=oneshot
ExecStart=/opt/bin/kubectl wait deployment -n kube-system coredns --for condition=Available=True --timeout=600s
ExecStart=/bin/sleep 1m
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/namespace.yaml
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/install.yaml
ExecStart=/opt/bin/kubectl wait deployment -n argocd argocd-server --for condition=Available=True --timeout=600s
ExecStart=/bin/sh -eu -c '\
echo "[argocd] wait for coredns..." ; \
kubectl -n kube-system wait deploy coredns --for=condition=Available=True --timeout=1200s ; \
echo "[argocd] install..." ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/namespace.yaml ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/install.yaml ; \
kubectl -n argocd wait deploy argocd-server --for=condition=Available=True --timeout=1200s ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/repo.yaml ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/apps.yaml ; \
kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/ingress.yaml ; \
echo "[argocd] done." \
'
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/repo.yaml
ExecStart=/bin/sleep 10s
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/apps.yaml
ExecStart=/bin/sleep 10s
ExecStart=/opt/bin/kubectl apply -n argocd -f http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/argocd/ingress.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/repos/k8aux-bootstrap.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/repos/k8aux-apps.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/argocd.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/calico.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/rook-ceph.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/apps/gitea.yaml
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://aux-balancer.undercloud.cf:3000/undercloud/k8aux-bootstrap/raw/branch/main/argocd/argocd-secret.yaml
##ExecStart=/bin/sleep 10m
#ExecStart=/opt/bin/kubectl wait deployment -n gitea gitea --for condition=Available=True --timeout=4800s
#ExecStart=/bin/sleep 10m
#ExecStart=/opt/bin/kubectl apply -n argocd -f http://gitea.gitea.svc.k8aux.undercloud.cf:3000/undercloud/k8aux-apps/raw/branch/main/app-of-apps/app-of-apps.yaml
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/install-argocd.done
ExecStart=/usr/bin/systemctl disable install-argocd.service
Restart=on-failure
RestartSec=120s
ExecStartPost=/usr/bin/systemctl start pin-service-ips.service
[Install]
WantedBy=multi-user.target
WantedBy=undercloud-bootstrap.target
# --- Chain step 6 (final) ---
- name: pin-service-ips.service
enabled: true
enabled: false
contents: |
[Unit]
Description=Pin fixed dual-stack ClusterIPs for kube-dns, argocd-server and whisker
Requires=install-argocd.service install-calico.service kubeadm-init.service
After=install-argocd.service install-calico.service kubeadm-init.service network-online.target
Wants=install-argocd.service install-calico.service kubeadm-init.service network-online.target
Wants=network-online.target
ConditionPathExists=!/var/lib/undercloud-stamps/pin-service-ips.done
[Service]
Type=oneshot
StandardOutput=journal+console
@@ -606,8 +642,6 @@ systemd:
'
ExecStartPost=/usr/bin/touch /var/lib/undercloud-stamps/pin-service-ips.done
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target
[Install]
WantedBy=undercloud-bootstrap.target

805
terraform/terraform.tfstate
View File

File diff suppressed because one or more lines are too long

805
terraform/terraform.tfstate.backup
View File

File diff suppressed because one or more lines are too long