From 3ed8cc4f4ae4716193e138bdc8257b6762f49643 Mon Sep 17 00:00:00 2001 From: Alexandr Demicev Date: Tue, 20 Feb 2024 20:37:22 +0100 Subject: [PATCH] Install system agent Signed-off-by: Alexandr Demicev --- .../internal/cloudinit/controlplane_init.go | 1 + pkg/rke2/config.go | 15 +++++ pkg/rke2/installsh.go | 59 +++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 pkg/rke2/installsh.go diff --git a/bootstrap/internal/cloudinit/controlplane_init.go b/bootstrap/internal/cloudinit/controlplane_init.go index ce419d7c..ad6119f3 100644 --- a/bootstrap/internal/cloudinit/controlplane_init.go +++ b/bootstrap/internal/cloudinit/controlplane_init.go @@ -37,6 +37,7 @@ runcmd: - 'systemctl start rke2-server.service' - 'mkdir /run/cluster-api' - '{{ .SentinelFileCommand }}' + - 'sudo sh /opt/system-agent-install.sh' {{- template "commands" .PostRKE2Commands }} {{ .AdditionalCloudInit -}} ` diff --git a/pkg/rke2/config.go b/pkg/rke2/config.go index d582a773..c6670408 100644 --- a/pkg/rke2/config.go +++ b/pkg/rke2/config.go @@ -381,6 +381,10 @@ func newRKE2ServerConfig(opts ServerConfigOpts) (*rke2ServerConfig, []bootstrapv return nil, nil, fmt.Errorf("server url setting is missing value") } + if serverUrl == "" { + return nil, nil, fmt.Errorf("server url is empty") + } + caSetting := &unstructured.Unstructured{} caSetting.SetGroupVersionKind(schema.GroupVersionKind{ Group: "management.cattle.io", @@ -440,12 +444,14 @@ func newRKE2ServerConfig(opts ServerConfigOpts) (*rke2ServerConfig, []bootstrapv files = append(files, bootstrapv1.File{ Path: "/etc/rancher/agent/connect-info-config.json", + Owner: consts.DefaultFileOwner, Permissions: "0600", Content: string(connectInfoConfigJson), }) files = append(files, bootstrapv1.File{ Path: "/etc/rancher/agent/config.yaml", + Owner: consts.DefaultFileOwner, Permissions: "0600", Content: `workDirectory: /var/lib/rancher/agent/work localPlanDirectory: /var/lib/rancher/agent/plans @@ -454,6 +460,15 @@ connectionInfoFile: /etc/rancher/agent/connect-info-config.json preserveWorkDirectory: true`, }) + serverUrlBash := fmt.Sprintf("CATTLE_SERVER=%s\n", serverUrl) + + files = append(files, bootstrapv1.File{ + Path: "/opt/system-agent-install.sh", + Owner: consts.DefaultFileOwner, + Permissions: "0600", + Content: fmt.Sprintf("%s%s", serverUrlBash, installsh), + }) + return rke2ServerConfig, files, nil } diff --git a/pkg/rke2/installsh.go b/pkg/rke2/installsh.go new file mode 100644 index 00000000..6e610bd2 --- /dev/null +++ b/pkg/rke2/installsh.go @@ -0,0 +1,59 @@ +package rke2 + +var installsh = ` +#!/bin/sh + +set -x +CURL_LOG="-v" + +echo "Downloading cert" +CACERT=$(mktemp) +curl --connect-timeout 60 --max-time 60 --write-out "%{http_code}\n" --insecure ${CURL_LOG} -fL "${CATTLE_SERVER}/cacerts" -o ${CACERT} + +echo "Download system agent binary" +CURL_CAFLAG="--cacert ${CACERT}" +CATTLE_AGENT_BIN_PREFIX="/usr/local" +mkdir -p ${CATTLE_AGENT_BIN_PREFIX}/bin +curl --connect-timeout 60 --max-time 300 --write-out "%{http_code}\n" ${CURL_CAFLAG} -v -fL "${CATTLE_SERVER}/assets/rancher-system-agent-amd64" -o "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent" +chmod +x "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent" + +echo "systemd: Creating service file" +cat <<-EOF >"/etc/systemd/system/rancher-system-agent.service" +[Unit] +Description=Rancher System Agent +Documentation=https://www.rancher.com +Wants=network-online.target +After=network-online.target +[Install] +WantedBy=multi-user.target +[Service] +EnvironmentFile=-/etc/default/rancher-system-agent +EnvironmentFile=-/etc/sysconfig/rancher-system-agent +EnvironmentFile=-/etc/systemd/system/rancher-system-agent.env +Type=simple +Restart=always +RestartSec=5s +Environment=CATTLE_LOGLEVEL=debug +Environment=CATTLE_AGENT_CONFIG=/etc/rancher/agent/config.yaml +ExecStart=${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent sentinel +EOF + +FILE_SA_ENV="/etc/systemd/system/rancher-system-agent.env" +echo "Creating environment file ${FILE_SA_ENV}" +install -m 0600 /dev/null "${FILE_SA_ENV}" +for i in "HTTP_PROXY" "HTTPS_PROXY" "NO_PROXY"; do + eval v=\"\$$i\" + if [ -z "${v}" ]; then + env | grep -E -i "^${i}" | tee -a ${FILE_SA_ENV} >/dev/null + else + echo "$i=$v" | tee -a ${FILE_SA_ENV} >/dev/null + fi +done + +systemctl daemon-reload >/dev/null +echo "Enabling rancher-system-agent.service" +systemctl enable rancher-system-agent +echo "Starting/restarting rancher-system-agent.service" +systemctl restart rancher-system-agent +rm -f ${CATTLE_AGENT_VAR_DIR}/interlock/restart-pending +`