From ae3313c6ffddfc5d0351ab0cabd38721ddc6f65a Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 4 Mar 2022 13:40:10 +0100 Subject: [PATCH 1/7] fixed gitignore --- .gitignore | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 458f192..6c2542f 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,6 @@ crash.log kubeconfig.yaml kubeconfig.yaml-e terraform.tfvars -plans.yaml -traefik_config.yaml -kured.yaml +plans-custom.yaml +traefik-custom.yaml +kured-custom.yaml From d54a50d54446df0a9caed3e24d571e376bcf7563 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 4 Mar 2022 13:46:01 +0100 Subject: [PATCH 2/7] added cloudflare dns first --- modules/host/templates/userdata.yaml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 6720ca5..254abc3 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -41,7 +41,7 @@ runcmd: - [ sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp] # We set Google DNS servers -- [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config] +- [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config] # Bound the amount of logs that can survive on the system - [ sed, -i, 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] From c14d85300e49db6e3bd79aee7c325643b5d0f857 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 4 Mar 2022 13:46:52 +0100 Subject: [PATCH 3/7] switch back to the standard kured reboot method --- kustomize/kured.yaml | 1 - modules/host/templates/userdata.yaml.tpl | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize/kured.yaml b/kustomize/kured.yaml index b4abdea..bf72a0c 100644 --- a/kustomize/kured.yaml +++ b/kustomize/kured.yaml @@ -18,4 +18,3 @@ spec: command: - /usr/bin/kured - --reboot-command=/usr/bin/systemctl reboot - - --reboot-sentinel=/var/run/reboot-needed diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 254abc3..39bf5f3 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -54,6 +54,7 @@ runcmd: - systemctl reload sshd # Finishing automatic reboot via Kured setup +- echo 'REBOOT_METHOD=kured' > /etc/transactional-update.conf - rebootmgrctl set-strategy off # Reduce the default number of snapshots from 2-10 number limit, to 4 From 1cddf1288651fc5ebaaa30b876f403af5f680ade Mon Sep 17 00:00:00 2001 From: Marco Nenciarini Date: Fri, 4 Mar 2022 13:53:45 +0100 Subject: [PATCH 4/7] Return to default kured reboot method --- .gitignore | 1 - kustomize/kured.yaml | 1 - modules/host/templates/userdata.yaml.tpl | 6 ++++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 458f192..16bc502 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,3 @@ kubeconfig.yaml-e terraform.tfvars plans.yaml traefik_config.yaml -kured.yaml diff --git a/kustomize/kured.yaml b/kustomize/kured.yaml index b4abdea..bf72a0c 100644 --- a/kustomize/kured.yaml +++ b/kustomize/kured.yaml @@ -18,4 +18,3 @@ spec: command: - /usr/bin/kured - --reboot-command=/usr/bin/systemctl reboot - - --reboot-sentinel=/var/run/reboot-needed diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 6720ca5..4b20b5a 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -18,6 +18,12 @@ write_files: AuthorizedKeysFile .ssh/authorized_keys path: /etc/ssh/sshd_config.d/kube-hetzner.conf +# Setting the right reboot mode +- content: | + REBOOT_METHOD=kured + path: /etc/transactional-update.conf + append: true + # Add ssh authorized keys ssh_authorized_keys: %{ for key in sshAuthorizedKeys ~} From 32d43b50f40b30cba207fb5946dee422825d93ef Mon Sep 17 00:00:00 2001 From: Marco Nenciarini Date: Fri, 4 Mar 2022 15:11:07 +0100 Subject: [PATCH 5/7] Use Cloudflare DNS --- modules/host/templates/userdata.yaml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 4b20b5a..a4b06ea 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -47,7 +47,7 @@ runcmd: - [ sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp] # We set Google DNS servers -- [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config] +- [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1"#g', /etc/sysconfig/network/config] # Bound the amount of logs that can survive on the system - [ sed, -i, 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] From fecd312cdd41d159997db9d88db0fee30d0a567b Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 4 Mar 2022 15:46:15 +0100 Subject: [PATCH 6/7] userdata tweaks --- modules/host/templates/userdata.yaml.tpl | 39 +++++++++++------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 39bf5f3..7b027dd 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -18,6 +18,11 @@ write_files: AuthorizedKeysFile .ssh/authorized_keys path: /etc/ssh/sshd_config.d/kube-hetzner.conf +# Set reboot method as "kured" +- content: | + REBOOT_METHOD=kured + path: /etc/transactional-update.conf + # Add ssh authorized keys ssh_authorized_keys: %{ for key in sshAuthorizedKeys ~} @@ -31,33 +36,23 @@ growpart: # Make sure the hostname is set correctly hostname: ${hostname} preserve_hostname: true -manage_etc_hosts: "localhost" runcmd: # As above, make sure the hostname is not reset -- [ sed, -i, 's#preserve_hostname: false#preserve_hostname: true#g', /etc/cloud/cloud.cfg] -- [ sed, -i, 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g', /etc/sysconfig/network/config] -- [ sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp] +- [sed, -i, 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g', /etc/sysconfig/network/config] +- [sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp] -# We set Google DNS servers -- [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config] +# We set Cloudflare DNS servers, followed by Google as a backup +- [sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1 8.8.8.8"#g', /etc/sysconfig/network/config] -# Bound the amount of logs that can survive on the system -- [ sed, -i, 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] -- [ sed, -i, 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf] +# Bounds the amount of logs that can survive on the system +- [sed, -i, 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] +- [sed, -i, 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf] -# Activate the private network -- systemctl reload network +# Disables unneeded services +- [systemctl, disable, '--now', 'rebootmgr.service'] -# Activate ssh configuration -- systemctl reload sshd - -# Finishing automatic reboot via Kured setup -- echo 'REBOOT_METHOD=kured' > /etc/transactional-update.conf -- rebootmgrctl set-strategy off - -# Reduce the default number of snapshots from 2-10 number limit, to 4 -# And from 4-10 number limit important, to 2 -- snapper -c root set-config "NUMBER_LIMIT=4" -- snapper -c root set-config "NUMBER_LIMIT_IMPORTANT=2" +# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2 +- [snapper, -c, root, 'set-config', 'NUMBER_LIMIT=4'] +- [snapper, -c, root, 'set-config', 'NUMBER_LIMIT_IMPORTANT=2'] From 9f7c1fc8113a8281ff7c8357eeca7476943dc137 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 4 Mar 2022 16:08:05 +0100 Subject: [PATCH 7/7] fixed snapper config not holding --- modules/host/templates/userdata.yaml.tpl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 7b027dd..51ff107 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -40,19 +40,19 @@ preserve_hostname: true runcmd: # As above, make sure the hostname is not reset -- [sed, -i, 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g', /etc/sysconfig/network/config] -- [sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp] +- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME="yes"/NETCONFIG_NIS_SETDOMAINNAME="no"/g', /etc/sysconfig/network/config] +- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME="yes"/DHCLIENT_SET_HOSTNAME="no"/g', /etc/sysconfig/network/dhcp] # We set Cloudflare DNS servers, followed by Google as a backup -- [sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1 8.8.8.8"#g', /etc/sysconfig/network/config] +- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=""/NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1 8.8.8.8"/g', /etc/sysconfig/network/config] # Bounds the amount of logs that can survive on the system -- [sed, -i, 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] -- [sed, -i, 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf] +- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] +- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf] + +# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2 +- [sed, '-i', 's/NUMBER_LIMIT="2-10"/NUMBER_LIMIT="4"/g', /etc/snapper/configs/root] +- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT="4-10"/NUMBER_LIMIT_IMPORTANT="3"/g', /etc/snapper/configs/root] # Disables unneeded services - [systemctl, disable, '--now', 'rebootmgr.service'] - -# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2 -- [snapper, -c, root, 'set-config', 'NUMBER_LIMIT=4'] -- [snapper, -c, root, 'set-config', 'NUMBER_LIMIT_IMPORTANT=2']