Vagrantfile 5.96 KB
ENV['VAGRANT_NO_PARALLEL'] = 'no'
NODE_ROLES = (ENV['E2E_NODE_ROLES'] ||
  ["server-0", "server-1", "server-2", "agent-0", "agent-1"])
NODE_BOXES = (ENV['E2E_NODE_BOXES'] ||
  ['generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004'])
GITHUB_BRANCH = (ENV['E2E_GITHUB_BRANCH'] || "master")
RELEASE_VERSION = (ENV['E2E_RELEASE_VERSION'] || "")
EXTERNAL_DB = (ENV['E2E_EXTERNAL_DB'] || "etcd")
HARDENED = (ENV['E2E_HARDENED'] || "")
RANCHER = (ENV['E2E_RANCHER'] || "")
NODE_CPUS = (ENV['E2E_NODE_CPUS'] || 2).to_i
NODE_MEMORY = (ENV['E2E_NODE_MEMORY'] || 1024).to_i
# Virtualbox >= 6.1.28 require `/etc/vbox/network.conf` for expanded private networks 
NETWORK_PREFIX = "10.10.10"
install_type = ""
hardened_arg = ""

def provision(vm, role, role_num, node_num)
  vm.box = NODE_BOXES[node_num]
  vm.hostname = role
  # An expanded netmask is required to allow VM<-->VM communication, virtualbox defaults to /32
  node_ip = "#{NETWORK_PREFIX}.#{100+node_num}"
  vm.network "private_network", ip: node_ip, netmask: "255.255.255.0"

  scripts_location = Dir.exists?("./scripts") ? "./scripts" : "../scripts" 
  vagrant_defaults = File.exists?("./vagrantdefaults.rb") ? "./vagrantdefaults.rb" : "../vagrantdefaults.rb"
  load vagrant_defaults

  defaultOSConfigure(vm)
  install_type = getInstallType(vm, RELEASE_VERSION, GITHUB_BRANCH)
  
  vm.provision "shell", inline: "ping -c 2 k3s.io"
  
  db_type = getDBType(role, role_num, vm)

  if !HARDENED.empty?
    vm.provision "Set kernel parameters", type: "shell", path: scripts_location + "/harden.sh"
    hardened_arg = "protect-kernel-defaults: true\nkube-apiserver-arg: \"enable-admission-plugins=NodeRestriction,PodSecurityPolicy,ServiceAccount\""
  end

  if role.include?("server") && role_num == 0
    vm.provision 'k3s-primary-server', type: 'k3s', run: 'once' do |k3s|
      k3s.args = "server "
      k3s.config = <<~YAML
        token: vagrant
        node-external-ip: #{NETWORK_PREFIX}.100
        flannel-iface: eth1
        tls-san: #{NETWORK_PREFIX}.100.nip.io
        #{db_type}
        #{hardened_arg}
      YAML
      k3s.env = %W[K3S_KUBECONFIG_MODE=0644 #{install_type}]
      k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321
    end
  
  elsif role.include?("server") && role_num != 0
    vm.provision 'k3s-secondary-server', type: 'k3s', run: 'once' do |k3s|
      k3s.args = "server"
      k3s.config = <<~YAML
        server: "https://#{NETWORK_PREFIX}.100:6443"
        token: vagrant
        node-external-ip: #{node_ip}
        flannel-iface: eth1
        #{db_type}
        #{hardened_arg}
      YAML
      k3s.env = %W[K3S_KUBECONFIG_MODE=0644 K3S_TOKEN=vagrant #{install_type}]
      k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321
    end
  end
  
  if role.include?("agent")
    vm.provision 'k3s-agent', type: 'k3s', run: 'once' do |k3s|
      k3s.args = "agent"
      k3s.config = <<~YAML
        server: "https://#{NETWORK_PREFIX}.100:6443"
        token: vagrant
        node-external-ip: #{node_ip}
        flannel-iface: eth1
        #{db_type}
        #{hardened_arg}
      YAML
      k3s.env = %W[K3S_KUBECONFIG_MODE=0644 #{install_type}]
      k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321
    end
  end
  if vm.box.to_s.include?("microos")
    vm.provision 'k3s-reload', type: 'reload', run: 'once'
    if !EXTERNAL_DB.empty?
      vm.provision "shell", inline: "docker start #{EXTERNAL_DB}"
    end
  end
  # This step does not run by default and is designed to be called by higher level tools
  if !RANCHER.empty?
    vm.provision "Install Rancher", type: "shell", run: "never", path: scripts_location + "/rancher.sh", args: node_ip
  end
end

def getDBType(role, role_num, vm)
  
  if EXTERNAL_DB == "mysql"
    if role.include?("server") && role_num == 0
      dockerInstall(vm)
      vm.provision "Start mysql", inline: "docker run -d -p 3306:3306 --name #{EXTERNAL_DB} -e MYSQL_ROOT_PASSWORD=e2e mysql:5.7"
      vm.provision "shell", inline: "echo \"Wait for mysql to startup\"; sleep 10"
      return "datastore-endpoint: 'mysql://root:e2e@tcp(#{NETWORK_PREFIX}.100:3306)/k3s'"
    elsif role.include?("server") && role_num != 0
      return "datastore-endpoint: 'mysql://root:e2e@tcp(#{NETWORK_PREFIX}.100:3306)/k3s'"
    end

  elsif EXTERNAL_DB == "postgres"
    if role.include?("server") && role_num == 0
      dockerInstall(vm)
      vm.provision "Start postgres", inline: "docker run -d -p 5432:5432 --name #{EXTERNAL_DB} -e POSTGRES_PASSWORD=e2e  postgres:14-alpine"
      vm.provision "shell", inline: "echo \"Wait for postgres to startup\"; sleep 10"
      return "datastore-endpoint: 'postgres://postgres:e2e@#{NETWORK_PREFIX}.100:5432/k3s?sslmode=disable'"
    elsif role.include?("server") && role_num != 0
      return "datastore-endpoint: 'postgres://postgres:e2e@#{NETWORK_PREFIX}.100:5432/k3s?sslmode=disable'"
    end

  elsif ( EXTERNAL_DB == "" || EXTERNAL_DB == "etcd" )
    if role.include?("server") && role_num == 0
      return "cluster-init: true"
    end
  elsif ( EXTERNAL_DB == "none" )
    # Use internal sqlite
  else
    puts "Unknown EXTERNAL_DB: " + EXTERNAL_DB
    abort
  end
  return ""
end

Vagrant.configure("2") do |config|
  config.vagrant.plugins = ["vagrant-k3s", "vagrant-reload"]
  # Default provider is libvirt, virtualbox is only provided as a backup
  config.vm.provider "libvirt" do |v|
    v.cpus = NODE_CPUS
    v.memory = NODE_MEMORY
  end
  config.vm.provider "virtualbox" do |v|
    v.cpus = NODE_CPUS
    v.memory = NODE_MEMORY
  end
  
  if NODE_ROLES.kind_of?(String)
    NODE_ROLES = NODE_ROLES.split(" ", -1)
  end
  if NODE_BOXES.kind_of?(String)
    NODE_BOXES = NODE_BOXES.split(" ", -1)
  end

  # Must iterate on the index, vagrant does not understand iterating 
  # over the node roles themselves
  NODE_ROLES.length.times do |i|
    name = NODE_ROLES[i]
    role_num = name.split("-", -1).pop.to_i
    config.vm.define name do |node|
      provision(node.vm, name, role_num, i)
    end
  end
end