introduce more automation for dedicated Hetzner server deployments prior to kubespray upgrades #676
Conversation
…yments prior to kubespray upgrades
jschumacher-wire
requested review from
smatting,
akshaymankar,
supersven,
julialongtin and
amitsagtani97
|
|
ansible/hetzner-single-deploy.yml
Outdated
| vars: | ||
| artifact_hash: a6e0929c9a5f4af09655c9433bb56a4858ec7574 | ||
| ubuntu_version: 22.04.3 | ||
| ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODDzgw4BncNvSVOIraAXZYkkLn+iTo6ixkXXQ4lKZhL [email protected]" |
There was a problem hiding this comment.
Should this be your personal public key?
| vars: | ||
| artifact_hash: a6e0929c9a5f4af09655c9433bb56a4858ec7574 | ||
| ubuntu_version: 22.04.3 | ||
| ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODDzgw4BncNvSVOIraAXZYkkLn+iTo6ixkXXQ4lKZhL [email protected]" |
There was a problem hiding this comment.
might want to just change the key comment here and consider not using a valid key. i am sure a user might accidentally copy this one day :)
…ffline-vm-setup.sh to detect if VM(s) already exist
…ot the directory itself
There was a problem hiding this comment.
I'm a bit confused why we're adding comments to commits instead of reviews... However, please take this into account: 7210a70#r137355832
…-setup.sh using static IPs and SSH key management, Readme updates, playbook fixes
| SSHKEY_DEMO=$(cat "$HOME"/.ssh/id_ed25519.pub) | ||
| fi | ||
|
|
||
| msg "" |
There was a problem hiding this comment.
so, how do we get our 'usual' key from 1password into this?
bin/offline-vm-setup.sh
Outdated
| name="$2" | ||
| create_assethost "$name" | ||
| fi | ||
| msg "Creating VM ""${VM_NAME[i]}"" with IP ""${VM_IP[i]}"" ..." |
There was a problem hiding this comment.
If we have to set this up again, we're going to have a LOT of duplicate entries in /etc/hosts
offline/docs_ubuntu_22.04.md
Outdated
|
|
||
| Note: If you are using a Hetzner machine, docker should already be installed (you can check with `docker version`) and you can skip this section. | ||
| This section is a continuation of the demo cluster setup described in single_hetzner_machine_installation.md. At this point, the following prerequisites should be met: |
There was a problem hiding this comment.
This document is certanly not a continuation: THIS IS WHERE CUSTOMERS START.
There was a problem hiding this comment.
EG: in a customer deployment, we point them to this document, and follow along with them, or they follow along with us.
| ## disable internet access to the vms | ||
|
|
||
| Replace all of ntftables.conf | ||
| VMs created with offline-vm-setup.sh are accessible via SSH with two public keys. |
There was a problem hiding this comment.
you might want to say where they're accessable from.
Co-authored-by: Julia Longtin <[email protected]>
…or ingress forwarding; adding more logic to offline-vm-deploy script; updating SSH pubkey to make use of existing infrastructure key
WPB-2324
Introduction of ansible playbook for Hetzner server bootstrapping; more automation for offline-vm-setup.sh