init

README.md

@@ -0,0 +1,43 @@
+# Работа с zabbix и автоматика добавления агентов на ноды
+
+1. имеем конфигурацию rke для разворачивания кластера и собственно сам развернутый кластер
+2. задача - просадить на ноды zabbix-агентов
+
+## что нужно доставить
+
+1. ansible (в том числе ansible-vault)
+2. роли, любезно созданные командой [zabbix](https://github.com/ansible-collections/community.zabbix?ysclid=la8038qs3a456887161)
+
+```bash
+ansible-galaxy collection install community.zabbix
+```
+
+3. создать себе парольный файлик для вольта
+4. ключи ssh должны подходить к нодам кластера и работать с ансиблом, проверьте `ansible.cfg`
+
+## что уже есть
+
+1. роль для обновления хостов разом (или по очереди) - ./upgrade-hosts.sh
+2. настроенная для примера роль для установки агентов заббикса с кредами от сервера заббикс, зашиврованными вольтом
+3. скрипт для вытягивания инвентори из конфига rke ./update-inventory.sh
+
+## план работы
+
+1. имеем развернуный кластер и заполненный cluster.yml
+2. запущенный сервер заббикс и созданного пользователя с правами добавления хостов
+3. генерим инвентори для заббикса по шаблону в файлике `inventory-zabbix`
+4. заполняем `api-creds.yml` и шифруем `ansible-vault encrypt ansible/api-creds.yml --vault-password-file ~/.ssh/.vault_pass.txt` (само собой у вас уже должен быть `.vault_pass.txt` с парольной строкой внутри)
+5. запускаем установку `./install-zabbix-agents.sh`
+
+## для удаления агентов для отдельной группы нод
+
+1. zabbix_agent_host_state: present (Default) if the host needs to be created or absent is you want to delete it.
+
+## Видео к курсу
+- [видео]()
+
+##### Автор
+- **Vassiliy Yegorov**
+- [школа](https://realmanual.ru)
+- [youtube](https://youtube.com/realmanual)
+- [группа в ТГ](https://t.me/realmanual_group)

ansible/ansible.cfg

@@ -0,0 +1,11 @@
+[defaults]
+inventory = inventory
+
+remote_user: root
+private_key_file: ~/.ssh/id_rsa
+host_key_checking = False
+retry_files_enabled = False
+roles_path = ./roles
+
+stdout_callback = yaml
+bin_ansible_callbacks = True

ansible/api-creds.yml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+35323636366332323265643731373565383162393733623831333833326364383635356437626663
+3463633538393863396364666466653438333330653931330a643762336231306538316432333939
+34646232323234323965643536373463313539613731656133303737633630313963366136313336
+6463646664356437390a643138383231313034326231646564636334336330313966346139363064
+30663063383332623766393966336132643630363766396137303837643437646462366435373233
+32393330636362653330623031383761376361646236373663343962336131393064303934616463
+303664613531626438363264373333666433

ansible/install-zabbix-agent.yml

@@ -0,0 +1,19 @@
+
+- hosts: cluster-nodes
+  vars_files:
+    - "api-creds.yml"
+  roles:
+    - role: community.zabbix.zabbix_agent
+      zabbix_agent_server: za.mydomain.ru
+      zabbix_agent_serveractive: za.mydomain.ru
+      zabbix_api_server_url: https://za.mydomain.ru
+      zabbix_api_use: true
+      zabbix_api_login_user: "{{ api_login_user }}"
+      zabbix_api_login_pass: "{{ api_login_pass }}"
+      zabbix_api_create_hosts: true
+      zabbix_agent_host_state: present
+      zabbix_agent_become_on_localhost: false
+      zabbix_host_groups:
+        - test-hosts
+      zabbix_agent_link_templates:
+        - Template OS Linux

ansible/roles/k8s_update_nodes/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/roles/k8s_update_nodes/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+HOST_IP: localhost
+DEST_PATH: tmp
+docker_stopped: true

ansible/roles/k8s_update_nodes/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for k8s_update_nodes

ansible/roles/k8s_update_nodes/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.4
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  

ansible/roles/k8s_update_nodes/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Update repositories cache
+  apt:
+    update_cache: yes
+
+- name: Stop service docker
+  service:
+    name: docker
+    state: stopped
+  when: docker_stopped
+
+- name: Upgrade all packages to the latest version
+  apt:
+    name: "*"
+    state: latest
+
+- name: Remove useless packages from the cache
+  apt:
+    autoclean: yes
+
+- name: Remove dependencies that are no longer required
+  apt:
+    autoremove: yes
+
+- name: Reboot system
+  shell: "sleep 5 && reboot"
+  async: 1
+  poll: 0
+
+- name: Wait for the reboot to complete
+  wait_for_connection:
+    connect_timeout: 20
+    sleep: 5
+    delay: 5
+    timeout: 300

ansible/roles/k8s_update_nodes/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

ansible/roles/k8s_update_nodes/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - k8s_update_nodes

ansible/roles/k8s_update_nodes/vars/main.yml

@@ -0,0 +1,3 @@
+---
+HOST_IP: localhost
+DEST_PATH: tmp

ansible/update-inventory.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+echo "[cluster-nodes]" > ./ansible/inventory
+echo "[cluster-nodes]" > ./ansible/inventory-zabbix
+
+k=1
+node_name=node
+
+while read line; do
+  ip="$(grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' <<< "$line")"
+  [[ $ip ]] && {
+    echo "$ip" >> ./ansible/inventory
+    echo "$ip zabbix_agent_hostname=${node_name}$k" >> ./ansible/inventory-zabbix
+    ((k++))
+  }
+done < cluster.yml

ansible/upgrade-hosts.yml

@@ -0,0 +1,27 @@
+---
+- name: Init upgrade
+  hosts: "{{ hostlist|default(localhost) }}"
+  serial: "{{ forks|default(1) }}"
+  strategy: "{{ strat|default(linear) }}"
+  roles:
+#    - role: k8s_cordon_nodes
+#      hosts: localhost
+#      delegate_to: localhost
+#      vars:
+#        node_hostname: "{{ inventory_hostname }}"
+        # debug: true
+#      tags: cordon
+      # TODO when: cordoned|default(true)
+
+    - role: k8s_update_nodes
+      become: true
+      vars:
+        docker_stopped: true
+
+#    - role: k8s_cordon_nodes
+#      hosts: localhost
+#      delegate_to: localhost
+#      vars:
+#        node_hostname: "{{ inventory_hostname }}"
+#      tags: uncordon
+      # TODO when: cordoned|default(true)

cluster.yml

@@ -0,0 +1,56 @@
+cluster_name: test-cluster
+
+ignore_docker_version: true
+kubernetes_version: "v1.23.10-rancher1-1"
+
+# system_images:
+#   etcd: rancher/mirrored-coreos-etcd:v3.5.4
+
+# ssh_key_path: ~/.ssh/id_rsa
+
+nodes:
+# controlplane
+  - address:
+    hostname_override: node1
+    user: root
+    role: [etcd,controlplane,worker]
+    labels:
+      location: ru-1
+
+  - address:
+    hostname_override: node2
+    user: root
+    role: [etcd,controlplane,worker]
+    labels:
+      location: ru-1
+
+  - address: 
+    hostname_override: node3
+    user: root
+    role: [etcd,controlplane,worker]
+    labels:
+      location: ru-1
+
+ingress:
+  provider: nginx
+  node_selector:
+    orc_ingress: yes
+  tolerations:
+  - key: node-role.kubernetes.io/controlplane
+    operator: Exists
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/etcd
+    operator: Exists
+    effect: NoExecute
+  extra_args:
+    http-port: 80
+    https-port: 443
+
+services:
+  etcd:
+    snapshot: true
+    creation: 6h
+    retention: 30h
+  kube-controller:
+    extra_args:
+      terminated-pod-gc-threshold: 100

install-zabbix-agents.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+cd ansible && ansible-playbook -i inventory-zabbix install-zabbix-agent.yml --vault-password-file ~/.ssh/.vault_pass.txt

upgrade-hosts.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+TYPE=$1;
+HOSTLIST=$2;
+
+case $TYPE in
+  "serial")
+    echo "serial"
+    forks=1
+  ;;
+  "parallel")
+    echo "parallel"
+    forks=128
+  ;;
+  "independent")
+    echo "independent"
+    forks=128
+    strat=free
+  ;;
+  *)
+    echo 'Usage: upgrade.sh <strategy> <group or hostname> [strategy: serial|parallel|independent, default=serial], [you see group or hostname from inventory]'
+    echo ""
+    exit 1
+  ;;
+esac
+
+[[ ! -n "$HOSTLIST" ]] && {
+    echo 'Usage: upgrade.sh <strategy> <group or hostname> [strategy: serial|parallel, default=serial], [you see group or hostname from inventory]'
+    echo ""
+    echo -e "groups and hostnames available in inventory:\n"
+    cat ansible/inventory
+    exit 1
+}
+echo "Upgrading host/group:" $HOSTLIST
+cd ansible/ && ansible-playbook upgrade-hosts.yml --extra-vars forks=$forks --extra-vars strat=${strat:-linear} --extra-vars hostlist=$HOSTLIST && cd ..
+
+echo "===== upgraded ====="