Archives de catégorie : Non classé

Install K3S on PI4

Publié le par

Prepare the PI4

Step1 : Get a « valid » 64bit system

You may be using PI4 with 8GB , and want to benefit the full available RAM.
For this you first need a stable working 64bit system.. at time I’m writting those lines I do recommand the ubuntu one (hypriot one is not ready, and raspoian one is still not upstream)

Go to the Ubuntu download page for Raspberry Pi images, and download the 64-bit version for Raspberry Pi 4 : Ubuntu Server 20.04.2 LTS

Step2 : Flash you sd card with the system

For this you can use Raspbery PI imager from https://www.raspberrypi.org/software/ . Just make sure to select your « Custom » image (the headless one you’ve downloaded before)

Step3 : Configure network your PI « node »

I’ve been using 4 PI on my side.
First to ensure a static IP is associated to each, I will let you play with your box DHCP setting to affect a given IP to all your PI. Once done you maye have something close to

IP            | MAC         | HOSTNAME
--------------------------------------
192.168.1.161 | dc:a6:xxx   | node1
192.168.1.162 | dc:a6:yyy   | node2
192.168.1.163 | dc:a6:zzz   | node3
192.168.1.164 | dc:a6:uuu   | node4

Then you need to configure a bit the network on the PI itself

#Use SSH to log on your PI
> ssh ubuntu@192.168.1.xxx 
#Default pass is "ubuntu", you will be asked to change it
> sudo vim /etc/hosts     <= enter all node ip 
# You should have a section like
# 192.168.1.161 node1
# 192.168.1.162 node2
# 192.168.1.163 node3
# 192.168.1.164 node4
> sudo vi /etc/hostname   <= enter current hostname
#On node1 you should have "node1" ... etc for node2 node3 node4

Then make sure you system is up-to date

> sudo apt update
> sudo apt -y upgrade && sudo systemctl reboot

Configure your master (node1)

> sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
> curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Warning: k3s will requires you to activate the cgroup memory , otherwise later on you will have an error « Failed to find memory cgroup »

To avoid this just add following text at end of /boot/firmware/cmdline.txt : cgroup_memory=1 cgroup_enable=memory

> sudo vi /boot/firmware/cmdline.txt
# Add cgroup_memory=1 cgroup_enable=memory at the end 
# On my side I've ended with a content 
# net.ifnames=0 dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=LABEL=writable rootfstype=ext4 elevator=deadline rootwait fixrtc cgroup_memory=1 cgroup_enable=memory
> shutdown -r now 

# Note: After reboot you can check which command line boot option was used doing a 
> cat /proc/cmdline

Then install k3s using:

> curl -sfL https://get.k3s.io | sh -

Check everything is fine

> sudo kubectl get nodes
# Should display something close to 
# NAME    STATUS   ROLES                  AGE   VERSION
# node1   Ready    control-plane,master   24h   v1.20.2+k3s1

> systemctl status k3s.service
# Should not display error, following warning will not be a problem
# Cannot read number of physical cores
# Cannot read number of sockets correctly

> journalctl -xe
# Should not display error, following warning will not be a problem
# Cannot read number of physical cores
# Cannot read number of sockets correctly

> sudo kubectl get nodes -o jsonpath='{.items[].status.capacity.cpu}{"\n"}'
# Should gives (4) because you have (4) cores on you CPU
# This validation should remove the stress from above warning

Configure your slave (node2 , node3 , node4)

Do the exact same action as for master except the k3s install (i.e correct the /boot/firmware/cmdline.txt cgroup_memory stuff)

On the MASTER (node1): Extract the JOIN TOKEN

> sudo cat /var/lib/rancher/k3s/server/node-token
# This gives something like
# XXXXXXXXXXXXXXXXXXXXX::server:YYYYYYYYYY

On the SLAVE (node2 ,node3, node4) : Install K3S in join mode (replace node1 ip and the join token below)

> curl -sfL http://get.k3s.io | K3S_URL=https://<NODE1 IP>:6443 K3S_TOKEN=XXXXXXXXXXXXXXXXXXXXX::server:YYYYYYYYYY sh -

Check everything is fine

> sudo kubectl get nodes
# Should display something close to 
# NAME    STATUS   ROLES                  AGE   VERSION
# node1   Ready    control-plane,master   24h   v1.20.2+k3s1
# node3   Ready    <none>                 24h   v1.20.2+k3s1
# node2   Ready    <none>                 24h   v1.20.2+k3s1
# node4   Ready    <none>                 24h   v1.20.2+k3s1

Don’t be afraid about the <none> ROLE, this is normal (at least on the k3s version i’ve tested)

Install kubectl client on Windows (or on you Main computer)

This will ease your life, as you may want to perform kubectl entries without having first to ssh on your master 🙂

Step1 : Get the kube config from your master

# From your ssh console on master node1
> sudo cat /etc/rancher/k3s/k3s.yaml
# Copy the content and paste it in a file of your Windows

Step2: Install kubectl on Windows

You can just download the installer from https://kubernetes.io/docs/tasks/tools/install-kubectl/

# Add kubectl.exe on your system PATH and run it one time 
> kubectl
# Replace the C:\Users\.kube\config file content from what you got from step1 above
# Replace the "server: https://127.0.0.1:6443" with the ip of your master node, for me "server: https://192.168.1.161:6443"

Check everything is fine

> kubectl get node
# Should display something close to 
# NAME    STATUS   ROLES                  AGE   VERSION
# node1   Ready    control-plane,master   24h   v1.20.2+k3s1
# node3   Ready    <none>                 24h   v1.20.2+k3s1
# node2   Ready    <none>                 24h   v1.20.2+k3s1
# node4   Ready    <none>                 24h   v1.20.2+k3s1

Install kubernetess dashboard

> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

Above will create kubernetes-dashboard namespace and install many object in it. 

#After a while you can control everything loks fine 
> kubectl get po -n kubernetes-dashboard
# NAME                                        READY   STATUS    
# dashboard-metrics-scraper-79c5968bdc-jrpqz   1/1     Running
# kubernetes-dashboard-5ff474b78f-svh86        1/1     Running

You may want to access you dashbhoard from your Windows browser using

#[From your windows] 
> kubectl proxy
# << Starting to serve on 127.0.0.1:8001

Then http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

And you will see nothing !!!!!! (and this is normal)

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard 
> kubectl apply -f dashboard-admin.yaml
> kubectl -n kubernetes-dashboard get secret 
# Above should then display a admin-user-token-xxxx secret
> kubectl -n kubernetes-dashboard describe secret admin-user-token-xxxx   # Extract the token XXXXXXXXXXXXXXXXXXX from above

Then http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

and use the XXXXXXXXXXXXXXXXXXXX token

K3d sur windows 10

Publié le par

Prérequis WLS2

# Activation de la fonctionalité WSL (windows Subsystem Linux)
> dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

# Activation de la fonctionnalité "Machine Virtuelle"
> dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

# Activation de la fonctionnalité "Machine Virtuelle"
https://docs.microsoft.com/fr-fr/windows/wsl/install-win10#step-4---download-the-linux-kernel-update-package

> wsl --set-default-version 2 

# Installer un terminal efficace pour votre Windows
https://www.microsoft.com/en-gb/p/ubuntu-2004-lts/9n6svws3rx71

#Installer Ubuntu (si vous ne l'avez pas déjà)
https://www.microsoft.com/en-gb/p/ubuntu-2004-lts/9n6svws3rx71

#Mettez a jour Ubuntu pour WLS 2 
>wsl.exe --set-version Ubuntu 2

https://hub.docker.com/editions/community/docker-ce-desktop-windows/
> Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

> Set-ExecutionPolicy Restricted
An error is displayed, but for other session the change is applied
> choco install k3d
> choco install kubernetes-helm 

> k3d cluster create mycluster

> docker build . -t flask-helm-example:latest --network host
> docker tag flask-helm-example:latest registry.local:5000/flask-helm-example
> docker push registry.local:5000/flask-helm-example  !!! FAILS

Configurer luckperms avec SQL

Publié le par

On sauvegarde les droits existants !

On veux éviter de re-créer les droits existant, on va donc faire une sauvegarde.

On s’assure que l’on est pas configurer en SQL (sinon on repasse en h2)

#On édite la configuration luckperms (elle devrait déjà être comme cela)
sudo vi ./installMC/plugins/LuckPerms/config.yml
storage-method: "h2"
#On redemarre
sudo systemctl restart mcb
sudo systemctl restart mc1

On fait un export depuis le jeu

#Depuis le jeu minecraft on demande l'export
/luckperms export mig1
#Cela genere un fichier json dans    ./installMC/plugins/LuckPerms/mig1.json.gz

Puis on configure luckperms pour utiliser notre client SQL

On suppose que vous avez un serveur MySQL disponible sur <monIP_Serveur> port 3306.
On suppose que vous avez définit un utilisateur mcraftuser ainsi qu’une database minecraftdb 

#On edite la configuration luckperms
sudo vi ./installMC/plugins/LuckPerms/config.yml
   storage-method: "mysql"
   address: <monIP_Serveur>:3306
   database: mcraftuser
   password: '<monpassword>'
#Et on redémarre
sudo systemctl restart mcb
sudo systemctl restart mc1
#Éventuellement vérifiez les log du démarrage (si vous avez une erreur de connexion SQL, vérifier votre IP et le règles firewall)
journalctl -u mc1.service

Enfin on re-importe les permissions !

Depuis minecraft vous avez probablement perdu vos droits.
(N’oublier pas de vous mettre dans ops.json pour la suite, sinon vous ne pourrez pas effectuer le /luckperms import …)

#Depuis le jeu minecraft on demande l'export
/luckperms import mig1
#Et on verifie le tout dans la database
mysql -u mcraftuser -h localhost -P 3306 -p
use redblock
show tables;
+-----------------------------+
| Tables_in_redblock |
+-----------------------------+
| luckperms_actions |
| luckperms_group_permissions |
| luckperms_groups |
| luckperms_messenger |
| luckperms_players |
| luckperms_tracks |
| luckperms_user_permissions |
+-----------------------------+
select * from luckperms_groups;
select * from luckperms_group_permissions;

Istaller BungeeCord

Publié le par

Installation d’un serveur BungeeCord

Avant de commencer

Nous supposons que vous avez un 1er serveur minecraft configuré dans /home/mcraftuser/rd-ftp/installMC et que votre serveur écoute sur le port 2507 (qui n’est pas le port par défaut)

On suppose également que l’ensemble de vos instances minecraft tourne sur le même serveur

Installation de bungeecord

#En tant que root
cd /home/mcraftuser/rd-ftp
sudo mkdir installBungee
sudo chown mcraftuser:mc installBungee
#En tant que user mcraftuser
su mcraftuser
cd /home/mcraftuser/rd-ftp/installBungee
curl https://ci.md-5.net/job/BungeeCord/lastSuccessfulBuild/artifact/bootstrap/target/BungeeCord.jar -o BungeeCord.jar
#On lance le serveur une 1er fois
java -Xms512M -Xmx512M -jar BungeeCord.jar
#On quitte le serveur
Crtl+C

Configuration coté bungeecord

#En tant que user mcraftuser
su mcraftuser
cd /home/mcraftuser/rd-ftp/installBungee
#On active le ip forward (necessaire a certain plugin)
sed -i 's/ip_forward: false/ip_forward: true/g' config.yml
#On change le port par defaut d'ecoute
sed -i 's/25577/25077/g' config.yml
#En tant que root
sudo ufw allow 25077/tcp

Il faut maintenant configurer la liste des serveur mincraft. POur le moment on en a un seul, on fait juste attention a ce que le « lobby » pointe bien vers le bon serveur + port

#On met le bon port pour le serveur local
sed -i 's/address: localhost:25565/address: localhost:25065/g' config.yml

Configuration coté serveur minecraft

Les modification ci dessous sont a effectuer pour chaque serveur

#En tant que user mcraftuser
su mcraftuser
cd /home/mcraftuser/rd-ftp/installMC
#On change la configuration pour accepter les user venant de bugeecord
#!!! sinon les UUID ne seront pas bon et les inventaire/permission seront perdus
sed -i 's/online-mode=true/online-mode=false/g' server.properties
sed -i 's/bungeecord: false/bungeecord: true/g' spigot.yml
#On s'assure que les connection viennent uniquement de bugeecord
sed -i 's/server-ip=/server-ip=127.0.0.1/g' server.properties

https://github.com/PaperMC/Paper/issues/2011

Installer un serveur Mysql sur Ubuntu

Publié le par

Dans ce tutoriel nous allons installer un serveur mysql basic sur Ubunto / Rapberri PI

Installation de MySQL

#On met a jour les libraries disponibles
sudo apt update
#On install le dernier mysql
sudo apt install mysql-server

#On securise l'installation
sudo mysql_secure_installation
  VALIDATE PASSWORD - yes
  STRONG - 2
  Remove anonymous users - y
  Disallow root login remotely - y
  Remove test database - y
  Reload privilege tables now -y

Configuration des accès

La limitation des accès se fait de préférence avec le firewall.
En effet mysql permet de restreindre à une seul IP… mais c’est bien moins évolutif

#Dans la configuration mysql, on permet donc la connexion depuis toute IP
vim /etc/mysql/mysql.conf.d/mysqld.cnf
   bind-address = 0.0.0.0
sudo systemctl restart mysql.service
#Dans le firewall, on limite les accès au port mysql sur les IP clientes
sudo ufw allow from <mon_IP_Client> to any port 3306
sudo ufw allow from 127.0.0.1 to any port 3306
#On ajoute un utilisateur qui pourra se connecter en utilisant toute les IP cliente definit dans le firewall
sudo mysql
CREATE USER 'mcraftuser'@'%' IDENTIFIED BY '<monpassword>';
CREATE DATABASE minecraftdb;
GRANT ALL PRIVILEGES ON minecraftdb.* TO 'mcraftuser'@'%' WITH GRANT OPTION;
#On vérifie l’état du service MySQL
systemctl status mysql.service
#On vérifie que notre utilisateur arrive à se loguer :
mysql -u mcraftuser -h <mon_IP_Serveur> -P 3306 -p
mysql -u mcraftuser -h localhost -P 3306 -p
mysql -u mcraftuser -h 127.0.0.1 -P 3306 -p
#On vérifie que les commandes admin root fonctionnent bien
sudo mysqladmin version
#On peut éventuellement vérifier depuis un client aléatoire que la connexion est bien interdite
[Depuis un client] mysql -u mcraftuser -h <mon_IP_Serveur> -P 3306 -p
[Sur le serveur] cat /var/log/ufw.log | grep 3306
=> On devrait voir un BLOCK log

Astuce / Maintenance

# SAVE/EXPORT A DATABASE 
mysqldump -u [user] -p [db_name] | gzip > [filename_to_compress.sql.gz]

# IMPORT A DATABASE 
gunzip < [compressed_filename.sql.gz] | mysql -u [user] -p[password] [databasename]