Fix for ssh keys

marthanda93 · Apr 23, 2021 · 3200577 · 3200577
1 parent 93441bf
commit 3200577
Show file tree

Hide file tree

Showing 5 changed files with 207 additions and 102 deletions.
diff --git a/kubernetes/centos/Vagrantfile b/kubernetes/centos/Vagrantfile
@@ -34,18 +34,15 @@ Vagrant.configure(API_VERSION) do |config|
     # Hostfile :: Master node
     subconfig.vm.provision "master-hostfile", type: "shell" do |mhf|
       mhf.inline = <<-SHELL
-        echo "----------------------------------|| Update Master node hostfile for master"
         echo -e "127.0.0.1\t$2" | tee -a /etc/hosts; echo -e "$1\t$2" | tee -a /etc/hosts
       SHELL
       mhf.args = ["#{IP_PART}.10", "master-node"]
     end
     # Hostfile :: Worker node
     subconfig.vm.provision "Update hostfile and authorized_keys", type: "shell" do |whu|
       whu.inline = <<-SHELL
-        echo "----------------------------------|| Update Worker node hostfile for worker"
         for i in $(eval echo {1..$2}); do 
           echo -e "${3}.$((10 + $i))\tworker-node-${i}" | tee -a /etc/hosts
-          cat /home/${1}/.ssh/id_rsa.pub | sed "s/${1}@master-node/${1}@worker-node-${i}/g" >> /home/${1}/.ssh/authorized_keys
         done
       SHELL
       whu.args   = ["#{USER}", "#{NODE_COUNT}", "#{IP_PART}"]
@@ -81,8 +78,10 @@ Vagrant.configure(API_VERSION) do |config|
       # Hostfile :: Master node
       subconfig.vm.provision "master-hostfile", type: "shell" do |s|
         s.inline = <<-SHELL
-          echo "----------------------------------|| Update Master node hostfile for master"
           echo -e "$1\t$2" | tee -a /etc/hosts
+          firewall-cmd --permanent --add-port=10250/tcp
+          firewall-cmd --permanent --add-port=30000-32767/tcp
+          firewall-cmd --reload
         SHELL
         s.args = ["#{IP_PART}.10", "master-node"]
       end
@@ -91,15 +90,13 @@ Vagrant.configure(API_VERSION) do |config|
         if i != j
           subconfig.vm.provision "other-worker-hostfile", type: "shell" do |supdate|
             supdate.inline = <<-SHELL
-              echo "----------------------------------|| Update Other worker node hostfile update"
               echo -e "$1\t$2" | tee -a /etc/hosts
             SHELL
             supdate.args = ["#{IP_PART}.#{10 + j}", "worker-node-#{j}", "#{USER}", "#{i}"]
           end
         else
           subconfig.vm.provision "self-worker-hostfile", type: "shell" do |supdate|
             supdate.inline = <<-SHELL
-              echo "----------------------------------|| Self Other worker node hostfile update"
               echo -e "127.0.0.1\t$2" | tee -a /etc/hosts; echo -e "$1\t$2" | tee -a /etc/hosts
             SHELL
             supdate.args = ["#{IP_PART}.#{10 + j}", "worker-node-#{j}", "#{USER}", "#{i}"]
@@ -112,13 +109,22 @@ Vagrant.configure(API_VERSION) do |config|
         vb.cpus = 2
       end
 
-      subconfig.vm.provision "shell" do |supdate|
-        supdate.inline = <<-SHELL
-          echo "----------------------------------|| Update authorized_keys file"
-          cat /home/${1}/.ssh/id_rsa.pub >> /home/${1}/.ssh/authorized_keys
-          sed -i "s/${1}@master-node/${1}@worker-node-${2}/g" /home/${1}/.ssh/id_rsa.pub
-        SHELL
-        supdate.args   = ["#{USER}", "#{i}"]
+      subconfig.trigger.after :up do |trigger_local|
+        trigger_local.run = {inline: "/bin/bash -c 'wpub_key=$(vagrant ssh --no-tty -c \"cat /home/#{USER}/.ssh/id_rsa.pub\" worker-node-#{i}) && vagrant ssh --no-tty -c \"echo \${wpub_key} >> /home/#{USER}/.ssh/authorized_keys\" master-node; mpub_key=$(vagrant ssh --no-tty -c \"cat /home/#{USER}/.ssh/id_rsa.pub\" master-node) && vagrant ssh --no-tty -c \"echo \${mpub_key} >> /home/#{USER}/.ssh/authorized_keys\" worker-node-#{i}'"}
+      end
+
+      subconfig.trigger.after :up do |trigger_remote|
+        trigger_remote.run_remote = {inline: <<-SHELL
+              kube_join=\$(echo "ssh #{USER}@master-node -o StrictHostKeyChecking=no '( cat /home/#{USER}/.bash_profile | grep KUBEADM_JOIN)'" | su - #{USER})
+              kube_join=\$(echo ${kube_join} | awk -F'"' '{print \$2}')
+              echo "sudo $kube_join" | su - #{USER}
+
+              echo "scp -o StrictHostKeyChecking=no #{USER}@master-node:/etc/kubernetes/admin.conf /home/#{USER}/" | su - #{USER}
+              echo "mkdir -p /home/#{USER}/.kube" | su - #{USER}
+              echo "cp -i /home/#{USER}/admin.conf /home/#{USER}/.kube/config" | su - #{USER}
+              echo "sudo chown #{USER}:#{USER} -R /home/#{USER}/.kube" | su - #{USER}
+            SHELL
+        }
       end
 
       subconfig.vm.provision "Restart VM", type: "shell" do |reboot|
@@ -128,59 +134,11 @@ Vagrant.configure(API_VERSION) do |config|
         SHELL
         reboot.reboot = true
       end
-
-      subconfig.vm.provision "Join to Kubernetes Cluster", type: "shell" do |supdate|
-        supdate.inline = <<-SHELL
-          firewall-cmd --permanent --add-port=10250/tcp
-          firewall-cmd --permanent --add-port=30000-32767/tcp
-          firewall-cmd --reload
-
-          kube_join=\$(echo "ssh ${1}@${2} -o StrictHostKeyChecking=no '( cat /home/${1}/.bash_profile | grep KUBEADM_JOIN)'" | su - ${1})
-          kube_join=\$(echo ${kube_join} | awk -F'"' '{print \$2}')
-          echo "sudo $kube_join" | su - ${1}
-
-          echo "scp -o StrictHostKeyChecking=no ${1}@${2}:/etc/kubernetes/admin.conf /home/${1}/" | su - ${1}
-          echo "mkdir -p /home/${1}/.kube" | su - ${1}
-          echo "cp -i /home/${1}/admin.conf /home/${1}/.kube/config" | su - ${1}
-          echo "sudo chown ${1}:${1} -R /home/${1}/.kube" | su - ${1}
-        SHELL
-        supdate.args = ["#{USER}", "master-node"]
-      end
     end
   end
 
   config.vm.provision "vm-setup", type: "shell" do |vms|
     vms.path = "script/bootstrap.sh"
     vms.args   = ["#{USER}"]
   end
-
-  config.vm.provision "ssh-configure", type: "shell" do |sshc|
-    ssh_prv_key = ""
-    ssh_pub_key = ""
-    if File.file?("ssh/id_rsa")
-      ssh_prv_key = File.read("ssh/id_rsa")
-      ssh_pub_key = File.read("ssh/id_rsa.pub")
-    else
-      puts "No SSH key found. You will need to remedy this before pushing to the repository."
-    end
-    sshc.inline = <<-SHELL
-      echo "----------------------------------|| Setup ssh"
-
-      if grep -sq "#{ssh_pub_key}" /home/${1}/.ssh/authorized_keys; then
-        echo "SSH keys already provisioned."
-        exit 0;
-      fi
-      echo "SSH key provisioning."
-      mkdir -p /home/${1}/.ssh/
-      touch /home/${1}/.ssh/authorized_keys
-      echo #{ssh_pub_key} > /home/${1}/.ssh/id_rsa.pub
-      chmod 644 /home/vagrant/.ssh/id_rsa.pub
-      echo "#{ssh_prv_key}" > /home/${1}/.ssh/id_rsa
-      chmod 600 /home/${1}/.ssh/id_rsa
-      chown -R ${1}:${1} /home/${1}
-      exit 0
-    SHELL
-    sshc.args = ["#{USER}", "#{NODE_COUNT}"]
-  end
-
 end
diff --git a/kubernetes/centos/Vagrantfile.bak b/kubernetes/centos/Vagrantfile.bak
@@ -0,0 +1,186 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+API_VERSION = "2"
+IMAGE = "centos/8"
+DOMAIN = "k8.io"
+IP_PART = "192.160.0"
+NODE_COUNT = 2
+USER = "vagrant"
+
+$msg = <<MSG
+------------------------------------------------------
+Kubernetes up and running ✌	☺ ✌ 
+
+URLS:
+ - Kubernetes control plane is running at https://192.160.0.10:6443
+ - CoreDNS is running at https://192.160.0.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
+
+------------------------------------------------------
+MSG
+
+ENV["LC_ALL"] = "en_US.UTF-8"
+
+Vagrant.configure(API_VERSION) do |config|
+  config.vm.define "master-node" do |subconfig|
+    subconfig.vm.post_up_message = $msg
+    subconfig.vm.box = IMAGE
+
+    subconfig.vm.hostname = "master-node"
+
+    subconfig.vm.network :private_network, ip: "#{IP_PART}.10"
+    subconfig.vm.network :forwarded_port, guest: 80, host: 8080, auto_correct: true
+
+    # Hostfile :: Master node
+    subconfig.vm.provision "master-hostfile", type: "shell" do |mhf|
+      mhf.inline = <<-SHELL
+        echo "----------------------------------|| Update Master node hostfile for master"
+        echo -e "127.0.0.1\t$2" | tee -a /etc/hosts; echo -e "$1\t$2" | tee -a /etc/hosts
+      SHELL
+      mhf.args = ["#{IP_PART}.10", "master-node"]
+    end
+    # Hostfile :: Worker node
+    subconfig.vm.provision "Update hostfile and authorized_keys", type: "shell" do |whu|
+      whu.inline = <<-SHELL
+        echo "----------------------------------|| Update Worker node hostfile for worker"
+        for i in $(eval echo {1..$2}); do 
+          echo -e "${3}.$((10 + $i))\tworker-node-${i}" | tee -a /etc/hosts
+          cat /home/${1}/.ssh/id_rsa.pub | sed "s/${1}@master-node/${1}@worker-node-${i}/g" >> /home/${1}/.ssh/authorized_keys
+        done
+      SHELL
+      whu.args   = ["#{USER}", "#{NODE_COUNT}", "#{IP_PART}"]
+    end
+
+    subconfig.vm.provider "virtualbox" do |vb|
+      vb.memory = "2048"
+      vb.cpus = 2
+    end
+
+    subconfig.vm.provision "Restart VM", type: "shell" do |reboot|
+      reboot.privileged = true
+      reboot.inline = <<-SHELL
+        echo "----------------------------------|| Reboot to load all config"
+      SHELL
+      reboot.reboot = true
+    end
+
+    subconfig.vm.provision "master-node-setup", type: "shell" do |mns|
+      mns.path = "script/bootstrap_master.sh"
+      mns.args   = ["#{USER}", "#{IP_PART}", "10"]
+    end
+  end
+
+  (1..NODE_COUNT).each do |i|
+    config.vm.define "worker-node-#{i}" do |subconfig|
+      subconfig.vm.box = IMAGE
+
+      subconfig.vm.hostname = "worker-node-#{i}"
+
+      subconfig.vm.network :private_network, ip: "#{IP_PART}.#{i + 10}"
+
+      # Hostfile :: Master node
+      subconfig.vm.provision "master-hostfile", type: "shell" do |s|
+        s.inline = <<-SHELL
+          echo "----------------------------------|| Update Master node hostfile for master"
+          echo -e "$1\t$2" | tee -a /etc/hosts
+        SHELL
+        s.args = ["#{IP_PART}.10", "master-node"]
+      end
+      # Hostfile :: Worker node
+      (1..NODE_COUNT).each do |j|
+        if i != j
+          subconfig.vm.provision "other-worker-hostfile", type: "shell" do |supdate|
+            supdate.inline = <<-SHELL
+              echo "----------------------------------|| Update Other worker node hostfile update"
+              echo -e "$1\t$2" | tee -a /etc/hosts
+            SHELL
+            supdate.args = ["#{IP_PART}.#{10 + j}", "worker-node-#{j}", "#{USER}", "#{i}"]
+          end
+        else
+          subconfig.vm.provision "self-worker-hostfile", type: "shell" do |supdate|
+            supdate.inline = <<-SHELL
+              echo "----------------------------------|| Self Other worker node hostfile update"
+              echo -e "127.0.0.1\t$2" | tee -a /etc/hosts; echo -e "$1\t$2" | tee -a /etc/hosts
+            SHELL
+            supdate.args = ["#{IP_PART}.#{10 + j}", "worker-node-#{j}", "#{USER}", "#{i}"]
+          end
+        end
+      end
+
+      subconfig.vm.provider "virtualbox" do |vb|
+        vb.memory = "2048"
+        vb.cpus = 2
+      end
+
+      subconfig.vm.provision "shell" do |supdate|
+        supdate.inline = <<-SHELL
+          echo "----------------------------------|| Update authorized_keys file"
+          cat /home/${1}/.ssh/id_rsa.pub >> /home/${1}/.ssh/authorized_keys
+          sed -i "s/${1}@master-node/${1}@worker-node-${2}/g" /home/${1}/.ssh/id_rsa.pub
+        SHELL
+        supdate.args   = ["#{USER}", "#{i}"]
+      end
+
+      subconfig.vm.provision "Restart VM", type: "shell" do |reboot|
+        reboot.privileged = true
+        reboot.inline = <<-SHELL
+          echo "----------------------------------|| Reboot to load all config"
+        SHELL
+        reboot.reboot = true
+      end
+
+      subconfig.vm.provision "Join to Kubernetes Cluster", type: "shell" do |supdate|
+        supdate.inline = <<-SHELL
+          firewall-cmd --permanent --add-port=10250/tcp
+          firewall-cmd --permanent --add-port=30000-32767/tcp
+          firewall-cmd --reload
+
+          kube_join=\$(echo "ssh ${1}@${2} -o StrictHostKeyChecking=no '( cat /home/${1}/.bash_profile | grep KUBEADM_JOIN)'" | su - ${1})
+          kube_join=\$(echo ${kube_join} | awk -F'"' '{print \$2}')
+          echo "sudo $kube_join" | su - ${1}
+
+          echo "scp -o StrictHostKeyChecking=no ${1}@${2}:/etc/kubernetes/admin.conf /home/${1}/" | su - ${1}
+          echo "mkdir -p /home/${1}/.kube" | su - ${1}
+          echo "cp -i /home/${1}/admin.conf /home/${1}/.kube/config" | su - ${1}
+          echo "sudo chown ${1}:${1} -R /home/${1}/.kube" | su - ${1}
+        SHELL
+        supdate.args = ["#{USER}", "master-node"]
+      end
+    end
+  end
+
+  config.vm.provision "vm-setup", type: "shell" do |vms|
+    vms.path = "script/bootstrap.sh"
+    vms.args   = ["#{USER}"]
+  end
+
+  config.vm.provision "ssh-configure", type: "shell" do |sshc|
+    ssh_prv_key = ""
+    ssh_pub_key = ""
+    if File.file?("ssh/id_rsa")
+      ssh_prv_key = File.read("ssh/id_rsa")
+      ssh_pub_key = File.read("ssh/id_rsa.pub")
+    else
+      puts "No SSH key found. You will need to remedy this before pushing to the repository."
+    end
+    sshc.inline = <<-SHELL
+      echo "----------------------------------|| Setup ssh"
+
+      if grep -sq "#{ssh_pub_key}" /home/${1}/.ssh/authorized_keys; then
+        echo "SSH keys already provisioned."
+        exit 0;
+      fi
+      echo "SSH key provisioning."
+      mkdir -p /home/${1}/.ssh/
+      touch /home/${1}/.ssh/authorized_keys
+      echo #{ssh_pub_key} > /home/${1}/.ssh/id_rsa.pub
+      chmod 644 /home/vagrant/.ssh/id_rsa.pub
+      echo "#{ssh_prv_key}" > /home/${1}/.ssh/id_rsa
+      chmod 600 /home/${1}/.ssh/id_rsa
+      chown -R ${1}:${1} /home/${1}
+      exit 0
+    SHELL
+    sshc.args = ["#{USER}", "#{NODE_COUNT}"]
+  end
+
+end
diff --git a/kubernetes/centos/script/bootstrap.sh b/kubernetes/centos/script/bootstrap.sh
@@ -32,7 +32,7 @@ EOF
 systemctl enable --now docker
 systemctl enable --now kubelet
 systemctl enable --now firewalld
-usermod -aG docker $1
+usermod -aG docker ${1}
 yum clean all
 
 # Enable transparent masquerading and facilitate Virtual Extensible LAN (VxLAN) traffic for communication between Kubernetes pods across the cluster.
@@ -57,4 +57,4 @@ sysctl --system
 sed -i '/swap/d' /etc/fstab
 swapoff -a
 
-# ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa <<<y
+echo "ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa <<<y" | su - ${1}
diff --git a/kubernetes/centos/ssh/id_rsa b/kubernetes/centos/ssh/id_rsa
diff --git a/kubernetes/centos/ssh/id_rsa.pub b/kubernetes/centos/ssh/id_rsa.pub