naviat
8/1/2018 - 4:41 PM

canonical-kubernetes-offline-install.sh

canonical-kubernetes-offline-install.sh

#!/usr/bin/env bash

echo "Installing Missing Packages"
sudo apt update && sudo apt install -y simplestreams apache2 apt-mirror git docker.io python3-pip unzip
sudo pip3 install pyyaml
sudo pip3 install pyaml
sudo snap install kubectl --classic 
sudo apt-get install juju -y 

echo "Writing Config Files"
sudo tee /etc/apt/mirror.list > /dev/null <<EOL
set nthreads     20
set _tilde 0

deb-i386 http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb-i386 http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb-i386 http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
deb-i386 http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse

deb-amd64 http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb-amd64 http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb-amd64 http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
deb-amd64 http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse

deb http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse

deb-src http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse

clean http://archive.ubuntu.com/ubuntu
EOL


echo "Syncing Files, this will take 2-3+ hours"
sudo docker run -d -p 5000:5000 --restart=always --name registry registry:2
export REGISTRY="localhost:5000"

sudo docker pull gcr.io/google_containers/pause-amd64:3.1
sudo docker tag gcr.io/google_containers/pause-amd64:3.1 ${REGISTRY}/google_containers/pause-amd64:3.1
sudo docker push ${REGISTRY}/google_containers/pause-amd64:3.1

sudo docker pull k8s.gcr.io/nginx-ingress-controller:0.9.0-beta.15
sudo docker tag k8s.gcr.io/nginx-ingress-controller:0.9.0-beta.15 ${REGISTRY}/nginx-ingress-controller:0.9.0-beta.15
sudo docker push ${REGISTRY}/nginx-ingress-controller:0.9.0-beta.15

sudo docker pull k8s.gcr.io/defaultbackend:1.4
sudo docker tag k8s.gcr.io/defaultbackend:1.4 ${REGISTRY}/defaultbackend:1.4
sudo docker push ${REGISTRY}/defaultbackend:1.4
sudo docker pull cdkbot/addon-resizer-amd64:1.8.1
sudo docker tag cdkbot/addon-resizer-amd64:1.8.1 ${REGISTRY}/addon-resizer-amd64:1.8.1
sudo docker push ${REGISTRY}/addon-resizer-amd64:1.8.1

sudo docker pull k8s.gcr.io/heapster-amd64:v1.5.3
sudo docker tag k8s.gcr.io/heapster-amd64:v1.5.3 ${REGISTRY}/heapster-amd64:v1.5.3
sudo docker push ${REGISTRY}/heapster-amd64:v1.5.3

sudo docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.3.3
sudo docker tag k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 ${REGISTRY}/heapster-influxdb-amd64:v1.3.3
sudo docker push ${REGISTRY}/heapster-influxdb-amd64:v1.3.3

sudo docker pull k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
sudo docker tag k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10 ${REGISTRY}/k8s-dns-kube-dns-amd64:1.14.10
sudo docker push ${REGISTRY}/k8s-dns-kube-dns-amd64:1.14.10

sudo docker pull k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
sudo docker tag k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10 ${REGISTRY}/k8s-dns-dnsmasq-nanny-amd64:1.14.10
sudo docker push ${REGISTRY}/k8s-dns-dnsmasq-nanny-amd64:1.14.10

sudo docker pull k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
sudo docker tag k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10 ${REGISTRY}/k8s-dns-sidecar-amd64:1.14.10
sudo docker push ${REGISTRY}/k8s-dns-sidecar-amd64:1.14.10

sudo docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
sudo docker tag k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 ${REGISTRY}/kubernetes-dashboard-amd64:v1.8.3
sudo docker push ${REGISTRY}/kubernetes-dashboard-amd64:v1.8.3

sudo docker pull k8s.gcr.io/metrics-server-amd64:v0.2.1
sudo docker tag k8s.gcr.io/metrics-server-amd64:v0.2.1 ${REGISTRY}/metrics-server-amd64:v0.2.1
sudo docker push ${REGISTRY}/metrics-server-amd64:v0.2.1

# pull nexus for a private registry  (optional)
sudo docker pull sonatype/nexus3:latest
sudo docker tag sonatype/nexus3:latest ${REGISTRY}/nexus3:latest
sudo docker push ${REGISTRY}/nexus3:latest

# pull rancher for management (optional)
sudo docker pull rancher/rancher:latest
sudo docker tag rancher/rancher:latest ${REGISTRY}/rancher:latest
sudo docker push ${REGISTRY}/rancher:latest
sudo apt-mirror

# simplestreams metadata
workdir=/var/spool/sstreams/juju
sudo sstream-mirror --no-verify --progress --max=1 --path=streams/v1/index2.sjson https://streams.canonical.com/juju/tools/ $workdir 'arch=amd64' 'release~(xenial|bionic)' 'version~(2.2|2.3|2.4)'
workdir=/var/spool/sstreams/lxdkvm
sudo sstream-mirror --keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg --progress --max=1 --path=streams/v1/index.json https://cloud-images.ubuntu.com/releases/ $workdir/_latest 'arch=amd64' 'release~(trusty|xenial)' 'ftype~(lxd.tar.xz|squashfs|root.tar.xz|root.tar.gz|disk1.img|.json|.sjson)'

# Running CDK Shrink Wrap
git clone https://github.com/juju-solutions/cdk-shrinkwrap.git
cd cdk-shrinkwrap && ./shrinkwrap.py canonical-kubernetes --channel stable

# Pull some missing charms for CDK: Ceph-OSD, Ceph-Mon, Canal, Calico, Vault
wget -O ceph-osd.zip https://api.jujucharms.com/charmstore/v5/ceph-osd/archive
wget -O ceph-mon.zip https://api.jujucharms.com/charmstore/v5/ceph-mon/archive
wget -O canal.zip https://api.jujucharms.com/charmstore/v5/canonical-kubernetes-canal/archive
wget -O calico.zip https://api.jujucharms.com/charmstore/v5/~containers/calico/archive
wget -O vault.zip https://api.jujucharms.com/charmstore/v5/~openstack-charmers/vault/archive

# Pull missing charms for log-monitoring and performance monitoring
wget -O telegraf.zip https://api.jujucharms.com/charmstore/v5/telegraf/archive
wget -O graylog.zip https://api.jujucharms.com/charmstore/v5/graylog/archive
wget -O mongodb.zip https://api.jujucharms.com/charmstore/v5/mongodb/archive
wget -O elasticsearch.zip https://api.jujucharms.com/charmstore/v5/elasticsearch/archive
wget -O apache2.zip https://api.jujucharms.com/charmstore/v5/apache2/archive
wget -O prometheus.zip https://api.jujucharms.com/charmstore/v5/prometheus/archive
wget -O grafana.zip https://api.jujucharms.com/charmstore/v5/grafana/archive
wget -o filebeat.zip https://api.jujucharms.com/charmstore/v5/filebeat/archive

# Pull missing configuration scripts and kubernetes payloads 
git clone https://github.com/CanonicalLtd/canonical-kubernetes-demos.git
git clone https://github.com/CanonicalLtd/canonical-kubernetes-third-party-integrations.git

# Configure Mirror to Serve Repo to other nodes
sudo tee /etc/apache2/sites-available/sstreams-mirror.conf > /dev/null <<EOL
<VirtualHost *:443>
    ServerName sstreams.cdk-juju
    ServerAlias * 
    DocumentRoot /var/spool/sstreams/
    SSLCACertificatePath /etc/ssl/certs
    SSLCertificateFile /etc/pki/tls/certs/mirror.crt
    SSLEngine On
    SSLCertificateKeyFile /etc/pki/tls/private/mirror.key

    LogLevel info
    ErrorLog /var/log/apache2/mirror-lxdkvm-error.log
    CustomLog /var/log/apache2/mirror-lxdkvm-access.log combined
    <Directory /var/spool/sstreams/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
    </Directory>

</VirtualHost>
EOL

sudo tee /etc/apache2/sites-available/ubuntu-mirror.conf > /dev/null <<EOL
<VirtualHost *:80>
    ServerName cdk-juju
    ServerAlias * 
    DocumentRoot /var/spool/apt-mirror/mirror/archive.ubuntu.com/

    LogLevel info
    ErrorLog /var/log/apache2/mirror-archive.ubuntu.com-error.log
    CustomLog /var/log/apache2/mirror-archive.ubuntu.com-access.log combined

    <Directory /var/spool/apt-mirror/>

    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
    </Directory>

</VirtualHost>
EOL

# Generate SSL cert to be used by apache
sudo mkdir -p /etc/pki/tls/private/
sudo mkdir -p /etc/pki/tls/certs/

PRIMARYIP=`hostname -i`
sudo tee /root/$HOSTNAME.conf > /dev/null <<EOL
[ req ]
prompt = no
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext

[ req_distinguished_name ]
C=GB
ST=London
L=London
O=Canonical
OU=Canonical
CN=$HOSTNAME

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = $HOSTNAME
DNS.2 = $PRIMARYIP
IP.1 = $PRIMARYIP
EOL

sudo openssl req \
    -new \
    -newkey rsa:4096 \
    -days 3650 \
    -nodes \
    -x509 \
    -config /root/$HOSTNAME.conf \
    -keyout /etc/pki/tls/private/mirror.key \
    -out /etc/pki/tls/certs/mirror.crt

sudo a2enmod ssl
sudo a2ensite sstreams-mirror.conf
sudo a2ensite ubuntu-mirror.conf
sudo systemctl restart apache2

echo "Repo configuration and sync done, exiting...!"
echo "Ubuntu repo: http://$HOSTNAME/ubuntu/"
echo "LXD and KVM metadata: https://$HOSTNAME/lxdkvm/"
echo "Juju metadata: https://$HOSTNAME/juju/"
echo "You should also be able to use the IP address"