Merge pull request #6 from lsst-it/IT-5475/yum

add el9 support with installation via rpm
lsst-it · Jul 3, 2024 · 77f6e43 · 77f6e43
2 parents 7e13931 + c3ec036
commit 77f6e43
Show file tree

Hide file tree

Showing 16 changed files with 472 additions and 34 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -3,5 +3,7 @@
 ---
 fixtures:
   forge_modules:
+    concat: "puppetlabs/concat"  # required by yum::versionlock
     stdlib: "puppetlabs/stdlib"
-    archive: "puppet/archive"
+    yum: "puppet/yum"
+    yumrepo_core: "puppetlabs/yumrepo_core"
diff --git a/README.md b/README.md
@@ -1,51 +1,56 @@
 # rke2
 
-Welcome to rke2 module. This module installs the Rancher's lightweight
-Kubernetes, rke2 (see more on https://rke2.io/).
-
 ## Table of Contents
 
+1. [Overview](#overview)
 1. [Description](#description)
-1. [Setup - The basics of getting started with rke2](#setup)
-   - [Beginning with rke2](#beginning-with-rke2)
 1. [Usage - Configuration options and additional functionality](#usage)
-1. [Development - Guide for contributing to the module](#development)
-
-## Description
+1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
 
-This module installs the open source Rancher's next-generation Kubernetes, rke2.
+## Overview
 
-Using this module, you can easily automate rke2 installation in many machines,
-like in a School Lab.
+[RKE2](https://docs.rke2.io/), also known as RKE Government, is Rancher's next-generation Kubernetes distribution.
 
-## Setup
-
-### Beginning with rke2
+## Description
 
-Install this module using Puppet: `puppet module install etma/rke2`
+This module installs `rke2` from packages (E.g. a yum repo) and configures the installation via `config.yaml`.
 
-Or via Puppetfile: `mod 'etma-rke2', '1.0.0'`
+> [!IMPORTANT]
+> The `rspec-beaker` tests timeout / fail under github actions and at not part of an active workflow.  The acceptance tests will need to be run manually prior to the merge of PRs.
 
 ## Usage
 
-```puppet
-include rke2
-}
+Example role defined via hiera.
+
+```yaml
+---
+lookup_options:
+  rke2::config:
+    merge:
+      strategy: "deep"
+      knockout_prefix: "--"
+classes:
+  - "rke2"
+rke2::config:
+  server: "https://%{::cluster}.%{::site}.example.com:9345"
+  token: "ENC[PKCS7,...]"
+  node-name: "%{facts.hostname}"
+  tls-san:
+    - "%{::cluster}.%{::site}.example.com"
+  node-label:
+    - "role=storage-node"
+  disable:
+    - "rke2-ingress-nginx"
+  disable-cloud-controller: true
 ```
 
-## Development
-
-### Contributing
+In this example, a DNS A/AAAA record for `%{::cluster}.%{::site}.example.com` is required.
 
-- Create a topic branch from where you want to base your work. This is usually the master branch.
-- Push your changes to a topic branch in your fork of the repository.
-- Add yourself as a contributor in the Contributors sections of this file.
-- Make sure your commits messages are describing what has changed.
-- Make sure you have tested your changes and nothing breaks.
-- Validate your module using `pdk validate`.
-- Submit a pull request to this repository.
+If the cluster is being provisioned from scratch.
+In other words, when there are no pre-existing etcd instances.
+The `server` key will need to be manually deleted from `/etc/rancher/rke2/config.yaml` on one (and only one) node and the `rke2-server` service restarted.
+While this key could be knocked on a single node via hiera, if the node without the `server` key is ever re-provisioned, it would create a new standalone cluster instance which is detached from the existing etcd instances.
 
-## Release Notes/Contributors/Etc
+## Reference
 
-- Author: Erik Andersen (etma@vertisky.com)
-- Based on the k3s script from Igor Oliveira (igor.bezerra96@gmail.com) (igorolivei/puppet-k3s)
+See [REFERENCE](REFERENCE.md)
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -6,8 +6,17 @@
 
 ### Classes
 
+#### Public Classes
+
 * [`rke2`](#rke2): RKE2, also known as RKE Government, is Rancher's next-generation
 
+#### Private Classes
+
+* `rke2::config`
+* `rke2::install`
+* `rke2::repo`
+* `rke2::service`
+
 ## Classes
 
 ### <a name="rke2"></a>`rke2`
@@ -35,10 +44,67 @@ class { 'rke2':
 The following parameters are available in the `rke2` class:
 
 * [`node_type`](#-rke2--node_type)
+* [`release_channel`](#-rke2--release_channel)
+* [`release_series`](#-rke2--release_series)
+* [`server_packages`](#-rke2--server_packages)
+* [`agent_packages`](#-rke2--agent_packages)
+* [`config`](#-rke2--config)
+* [`version`](#-rke2--version)
+* [`versionlock`](#-rke2--versionlock)
 
 ##### <a name="-rke2--node_type"></a>`node_type`
 
 Data type: `Enum['server','agent']`
 
 
 
+##### <a name="-rke2--release_channel"></a>`release_channel`
+
+Data type: `Enum['stable','latest']`
+
+The rke2 release channel to use.
+
+##### <a name="-rke2--release_series"></a>`release_series`
+
+Data type: `String[1]`
+
+The rke2 release series to install.  Corresponds to k8s major.minor
+versions.  E.g. '1.28', '1.30', etc.
+
+##### <a name="-rke2--server_packages"></a>`server_packages`
+
+Data type: `Array[String[1]]`
+
+The list of packages to install on to a server node.
+
+##### <a name="-rke2--agent_packages"></a>`agent_packages`
+
+Data type: `Array[String[1]]`
+
+The list of packages to install on to an agent node.
+
+##### <a name="-rke2--config"></a>`config`
+
+Data type: `Optional[Hash]`
+
+Converted to the yaml as /etc/rancher/rke2/config.yaml.
+
+Default value: `undef`
+
+##### <a name="-rke2--version"></a>`version`
+
+Data type: `Optional[String[1]]`
+
+The specific version of rke2 to install and versionlock.  If not provided,
+the latest version in the release series will be installed.
+
+Default value: `undef`
+
+##### <a name="-rke2--versionlock"></a>`versionlock`
+
+Data type: `Boolean`
+
+Create a yum versionlock for the installed rke2 package(s).
+
+Default value: `false`
+
diff --git a/data/common.yaml b/data/common.yaml
@@ -1,2 +1,10 @@
 ---
 rke2::node_type: 'server'
+rke2::release_channel: 'stable'
+rke2::release_series: '1.28'
+rke2::server_packages:
+  - rke2-common
+  - rke2-server
+rke2::agent_packages:
+  - rke2-common
+  - rke2-agent
diff --git a/examples/release_series_1_30.pp b/examples/release_series_1_30.pp
@@ -0,0 +1,6 @@
+class { 'rke2':
+  release_series => '1.30',
+  config         => {
+    snapshotter => 'native',
+  },
+}
diff --git a/examples/simple.pp b/examples/simple.pp
@@ -0,0 +1,5 @@
+class { 'rke2':
+  config         => {
+    snapshotter => 'native',
+  },
+}
diff --git a/examples/version.pp b/examples/version.pp
@@ -0,0 +1,7 @@
+class { 'rke2':
+  release_series => '1.28',
+  version        => '1.28.2~rke2r1',
+  config         => {
+    snapshotter => 'native',
+  },
+}
diff --git a/examples/versionlock.pp b/examples/versionlock.pp
@@ -0,0 +1,18 @@
+class { 'rke2':
+  release_series => '1.30',
+  version        => '1.30.0~rke2r1',
+  versionlock    => true,
+  config         => {
+    tls-san                  => [
+      'rke2.example.com',
+    ],
+    node-label               => [
+      'role=storage-node',
+    ],
+    disable                  => [
+      'rke2-ingress-nginx',
+    ],
+    disable-cloud-controller => true,
+    snapshotter              => 'native',
+  },
+}
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -0,0 +1,21 @@
+# @api private
+class rke2::config {
+  assert_private()
+
+  file { '/etc/rancher/rke2/config.yaml':
+    ensure    => file,
+    owner     => 'root',
+    group     => 'root',
+    mode      => '0600',
+    show_diff => false,  # don't print 'token' into logs
+    content   => stdlib::to_yaml($rke2::config),
+  }
+
+  # The config.yaml.d directory is used by default. As we are using an all-in-one config
+  # file, it should be removed to ensure no config conflicts.
+  file { '/etc/rancher/rke2/config.yaml.d':
+    ensure  => absent,
+    recurse => true,
+    force   => true,
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -10,7 +10,53 @@
 #   }
 #
 # @param node_type
+#
+# @param release_channel
+#   The rke2 release channel to use.
+#
+# @param release_series
+#   The rke2 release series to install.  Corresponds to k8s major.minor
+#   versions.  E.g. '1.28', '1.30', etc.
+#
+# @param server_packages
+#   The list of packages to install on to a server node.
+#
+# @param agent_packages
+#   The list of packages to install on to an agent node.
+#
+# @param config
+#  Converted to the yaml as /etc/rancher/rke2/config.yaml.
+#
+# @param version
+#   The specific version of rke2 to install and versionlock.  If not provided,
+#   the latest version in the release series will be installed.
+#
+# @param versionlock
+#   Create a yum versionlock for the installed rke2 package(s).
+#
 class rke2 (
   Enum['server','agent'] $node_type,
+  String[1] $release_series,
+  Enum['stable','latest'] $release_channel,
+  Array[String[1]] $server_packages,
+  Array[String[1]] $agent_packages,
+  Optional[Hash] $config = undef,
+  Optional[String[1]] $version = undef,
+  Boolean $versionlock = false,
 ) {
+  contain rke2::repo
+  contain rke2::install
+  contain rke2::service
+
+  if $config {
+    contain rke2::config
+
+    Class['rke2::install']
+    -> Class['rke2::config']
+    ~> Class['rke2::service']
+  }
+
+  Class['rke2::repo']
+  ~> Class['rke2::install']
+  ~> Class['rke2::service']
 }
diff --git a/manifests/install.pp b/manifests/install.pp
@@ -0,0 +1,33 @@
+# @api private
+class rke2::install {
+  assert_private()
+
+  if $rke2::versionlock and $rke2::version == undef {
+    fail('rke2::version must be set when rke2::versionlock is true')
+  }
+
+  if $rke2::node_type == 'server' {
+    $pkgs = $rke2::server_packages
+  } else {
+    $pkgs = $rke2::agent_packages
+  }
+
+  $v = $rke2::version ? {
+    undef => installed,
+    default => $rke2::version,
+  }
+
+  package { $pkgs:
+    ensure => $v,
+  }
+
+  if $rke2::versionlock {
+    $pkgs.each |$pkg| {
+      yum::versionlock { $pkg:
+        ensure  => present,
+        version => $rke2::version,
+        before  => Package[$pkg],
+      }
+    }
+  }
+}
diff --git a/manifests/repo.pp b/manifests/repo.pp
@@ -0,0 +1,28 @@
+# @api private
+class rke2::repo {
+  assert_private()
+
+  $series = $rke2::release_series
+  $channel = $rke2::release_channel
+  $major = fact('os.release.major')
+
+  yumrepo { "rancher-rke2-common-${channel}":
+    descr         => "Rancher RKE2 Common (${channel})",
+    baseurl       => "https://rpm.rancher.io/rke2/${channel}/common/centos/${major}/noarch",
+    enabled       => 1,
+    gpgcheck      => 1,
+    repo_gpgcheck => 0,
+    gpgkey        => 'https://rpm.rancher.io/public.key',
+    target        => "/etc/yum.repos.d/rancher-rke2-common-${channel}.repo",
+  }
+
+  yumrepo { "rancher-rke2-${series}-${channel}":
+    descr         => "Rancher RKE2 ${series} (${channel})",
+    baseurl       => "https://rpm.rancher.io/rke2/${channel}/${series}/centos/${major}/x86_64",
+    enabled       => 1,
+    gpgcheck      => 1,
+    repo_gpgcheck => 0,
+    gpgkey        => 'https://rpm.rancher.io/public.key',
+    target        => "/etc/yum.repos.d/rancher-rke2-${series}-${channel}.repo",
+  }
+}
diff --git a/manifests/service.pp b/manifests/service.pp
@@ -0,0 +1,15 @@
+# @api private
+class rke2::service {
+  assert_private()
+
+  if $rke2::node_type == 'server' {
+    $svc = 'rke2-server'
+  } else {
+    $svc = 'rke2-agent'
+  }
+
+  service { $svc:
+    ensure => 'running',
+    enable => true,
+  }
+}