Commit 6ceb6dae authored by Dmytro Bogatov's avatar Dmytro Bogatov 💕

Deploy Varis. Fix 13. Fix 15.

parent fc4158e8
Pipeline #2869 canceled with stage
in 15 minutes and 6 seconds
......@@ -163,7 +163,7 @@ else
### Dashboard OAuth
# if run from CI, skip
if [ -d "~/.secrets/" ];
if [ -d "/Users/dmytro/.secrets" ];
then
echo "Dashboard auth configs..."
......
#!/usr/bin/env bash
set -e
shopt -s globstar
# Ensure that the CWD is set to script's location
cd "${0%/*}"
CWD=$(pwd)
set -x
SWAPFILE="/var/vm/swapfile1"
if [[ $EUID -ne 0 ]];
then
echo "This script must be run as root"
exit 1
fi
if ! [ $# -eq 1 ]
then
echo "APIKEY missing"
exit 1
fi
echo "Producing SWAP config"
cat >/etc/systemd/system/var-vm-swapfile1.swap <<SWAP
[Unit]
Description=Turn on swapcd clu
[Swap]
What=/var/vm/swapfile1
[Install]
WantedBy=multi-user.target
SWAP
echo "Adding SWAP"
if [ -f $SWAPFILE ];
then
echo "File $SWAPFILE already exists"
else
mkdir -p /var/vm
fallocate -l 2048m /var/vm/swapfile1
chmod 600 /var/vm/swapfile1
mkswap /var/vm/swapfile1
systemctl enable --now var-vm-swapfile1.swap
fi
echo "Enabling SWAP support for kubelet"
if grep -q "fail-swap-on=false" "/etc/systemd/system/kubelet.service";
then
echo "Already enabled"
else
sed -i '/kubelet-wrapper/a \ --fail-swap-on=false \\\' /etc/systemd/system/kubelet.service
fi
echo "Installing status site daemon"
NAME=$(cut -d " " -f 3 <<< $(hostnamectl | head -n 1))
APIKEY=$1
cat >/home/core/report-cpu-load.sh <<CPULOAD
#!/usr/bin/env bash
set -e
CPU_LOAD=\$(top -b -n2 -p 1 | fgrep "Cpu(s)" | tail -1 | awk -F'id,' -v prefix="$prefix" '{ split(\$1, vs, ","); v=vs[length(vs)]; sub("%", "", v); printf "%s%d", prefix, 100 - v }')
curl -X POST -s "https://status.dbogatov.org/api/cpuload" --data "value=\${CPU_LOAD}&source=$NAME" --header "apikey: $APIKEY" > /dev/null
CPULOAD
chmod +x /home/core/report-cpu-load.sh
cat >/etc/systemd/system/cpu-load.service <<CRONSERVICE
[Unit]
Description=Reports CPU load to status site
[Service]
Type=oneshot
ExecStart=/bin/bash -c '/home/core/report-cpu-load.sh'
CRONSERVICE
cat >/etc/systemd/system/cpu-load.timer <<CRONTIMER
[Unit]
Description=Run cpu-load.service every minute
[Timer]
OnCalendar=*:0/1
CRONTIMER
systemctl daemon-reload
systemctl start cpu-load.timer
echo "Done."
......@@ -8,22 +8,32 @@ shopt -s globstar
cd "${0%/*}"
CWD=$(pwd)
my-sleep () {
secs=$1
while [ $secs -gt 0 ]; do
echo -ne "Sleeping $secs\033[0K\r"
sleep 1
: $((secs--))
done
}
# Checks
usage () {
printf "usage: $0 <certDirPath> <statusSiteConfig> <name> <gitlab-runner-token>\n"
printf "where\n"
printf "\t certDirPath - absolute path to directory with SSL cert (certificate.crt) and key (certificate.key) file\n"
printf "\t statusSiteConfig - absolute path to appsettings.production.yml file\n"
printf "usage: $0 <certDirPath> <statusSiteConfig> <name> <status-site-api-key>\n"
printf "where\n"
printf "\t certDirPath - absolute path to directory with SSL cert (certificate.crt) and key (certificate.key) file\n"
printf "\t statusSiteConfig - absolute path to appsettings.production.yml file\n"
printf "\t name - cluster name (e.g. sandor in sandor.dbogatov.org)\n"
printf "\t gitlab-runner-token - runner's (not registration) token; if runner is not setup, use register-k8s-runner script;\n"
exit 1;
# printf "\t gitlab-runner-token - runner's (not registration) token; if runner is not setup, use register-k8s-runner script;\n"
printf "\t status-site-api-key - Status site API key for reporting CPU load\n"
exit 1;
}
if ! [ $# -eq 4 ]
then
usage
usage
fi
source .secret.sh
......@@ -31,7 +41,8 @@ source .secret.sh
CERTDIRPATH=$1
STATUSSITECONFIG=$2
NAME=$3
GITLAB_TOKEN=$4
GITLAB_TOKEN=$3
APIKEY=$4
# Initiate cluster
......@@ -41,18 +52,18 @@ echo "Initializing cluster on DigitalOcean"
ssh-add ~/.ssh/id_rsa
cd $CWD/terraform/clusters/
terraform destroy -force || true # might be that there is nothin to destroy
terraform destroy -force || true # might be that there is nothing to destroy
echo "Waiting 30 secs..."
sleep 30
my-sleep 30
terraform init
terraform apply -auto-approve
echo "Waiting 60 secs..."
sleep 60
my-sleep 60
# Add SWAP to master
......@@ -63,48 +74,22 @@ cd "$CWD"
IPS=("$(dig @ns1.digitalocean.com +short A alice-workers.$NAME.dbogatov.org)")
IPS+=("$(dig @ns1.digitalocean.com +short A alice.$NAME.dbogatov.org)")
cat >var-vm-swapfile1.swap <<EOL
[Unit]
Description=Turn on swapcd clu
for ip in ${IPS[@]}
do
[Swap]
What=/var/vm/swapfile1
echo "Executing init script for node $ip"
[Install]
WantedBy=multi-user.target
EOL
scp -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" node-init.sh core@$ip:/home/core
for ip in ${IPS[@]}
do
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo /home/core/node-init.sh $APIKEY"
if [ "$ip" != "165.227.218.138" ] && [ "$ip" != "167.99.48.97" ] && [ "$ip" != "142.93.75.184" ]
then
echo "Adding space for node $ip"
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo mkdir -p /var/vm"
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo fallocate -l 2048m /var/vm/swapfile1"
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo chmod 600 /var/vm/swapfile1"
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo mkswap /var/vm/swapfile1"
scp -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" var-vm-swapfile1.swap core@$ip:/home/core
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo mv var-vm-swapfile1.swap /etc/systemd/system/"
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo systemctl enable --now var-vm-swapfile1.swap"
echo "Enabling SWAP support for kubelet"
ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" core@$ip "sudo sed -i '/kubelet-wrapper/a \ --fail-swap-on=false \\\' /etc/systemd/system/kubelet.service"
fi
done
rm var-vm-swapfile1.swap
# Let it warm up
echo "Waiting 30 secs..."
sleep 30
my-sleep 30
cd "$CWD"
......@@ -114,9 +99,9 @@ NAMESPACES=("websites" "monitoring" "ingress" "status-site" "kube-system" "gitla
for namespace in ${NAMESPACES[@]}
do
kubectl create namespace "$namespace" || true # some of them already exist
kubectl create --namespace="$namespace" secret tls lets-encrypt --key "$CERTDIRPATH"/certificate.key --cert "$CERTDIRPATH"/certificate.crt || true # some of them already exist
kubectl create --namespace="$namespace" secret generic basic-auth --from-file=$CERTDIRPATH/auth || true # some of them already exist
kubectl create namespace "$namespace" || true # some of them already exist
kubectl create --namespace="$namespace" secret tls lets-encrypt --key "$CERTDIRPATH"/certificate.key --cert "$CERTDIRPATH"/certificate.crt || true # some of them already exist
kubectl create --namespace="$namespace" secret generic basic-auth --from-file=$CERTDIRPATH/auth || true # some of them already exist
done
echo "Deploying the registry secret"
......@@ -155,10 +140,10 @@ kubectl apply -R -f addons/nginx-ingress/digital-ocean/
cd $CWD
echo "Deploying Gitlab Runner"
# echo "Deploying Gitlab Runner"
./sources/gitlab-runner/gen-config.sh $GITLAB_TOKEN
kubectl apply -R -f ./sources/gitlab-runner/
# ./sources/gitlab-runner/gen-config.sh $GITLAB_TOKEN
# kubectl apply -R -f ./sources/gitlab-runner/
echo "Deploying DO volume provisioner"
......
......@@ -45,7 +45,7 @@ SERVICES["blog-bogatov-kiev-ua"]="registry.dbogatov.org/daddy/blog-bogatov-kiev-
declare -A DOMAINS
AVALUE="alice-workers.dontos.dbogatov.org"
AVALUE="alice-workers.varis.dbogatov.org"
DOMAINS["dbogatov.org"]=$AVALUE
DOMAINS["dmytro.app"]=$AVALUE
......
......@@ -10,7 +10,7 @@ module "digital-ocean-alice" {
}
region = "nyc3"
dns_zone = "dontos.dbogatov.org"
dns_zone = "varis.dbogatov.org"
cluster_name = "alice"
image = "coreos-stable"
......
......@@ -24,7 +24,7 @@ DOMAINS["socialimps.__MAIN__"]=$SUCCESS
DOMAINS["mail.__MAIN__"]=$SUCCESS
DOMAINS["dns.__MAIN__"]=$SUCCESS
DOMAINS["dashboard.dbogatov.org"]=$FOUND
# DOMAINS["dashboard.dbogatov.org"]=$FOUND
DOMAINS["netwatch.app"]=$SERVICE_UNABAILBALE
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment