General code tidy (#4)

* Avoid use of shorthand module to when referring to the Kubernetes module

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Give scripts an extension to indicate their usage

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Not necessary to open NodePorts

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Persistently disable swap

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Improve readability

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Continue rename of 'module' to 'Kubernetes module'

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Hotfix to e02b97e - Give scripts an extension to indicate their usage

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Continue rename of 'module' to 'Kubernetes module'

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Update user facing strings to include capitalisation

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Be consistent when using double quotes for globbing

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Improve readability of user facing messages

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* Allow expansion of variables in echo

Signed-off-by: Mark Cram <mark.cram@oracle.com>

* ssh-keyscan(1) matches the first hostname in a string, don't use quotes

Signed-off-by: Mark Cram <mark.cram@oracle.com>

modules/master/scripts/master.template.sh

@@ -19,6 +19,7 @@ systemctl enable --now chronyd
 
 # disable swap
 swapoff -a
+sed -i '/swap/d' /etc/fstab
 
 # br_netfilter
 modprobe br_netfilter

modules/operator/certificate.tf

@@ -36,7 +36,7 @@ resource null_resource "wait_for_operator" {
 
   provisioner "remote-exec" {
     inline = [
-      "while [ ! -f /home/opc/operator.finish ]; do echo 'waiting for operator to be ready';sleep 10; done",
+      "while [ ! -f /home/opc/operator.finish ]; do echo 'Waiting for operator node to be ready';sleep 10; done",
     ]
   }
 }
@@ -58,7 +58,7 @@ resource null_resource "wait_for_master" {
 
   provisioner "remote-exec" {
     inline = [
-      "while [ ! -f /home/opc/master.finish ]; do echo 'waiting for master to be ready';sleep 10; done",
+      "while [ ! -f /home/opc/master.finish ]; do echo 'Waiting for master node to be ready';sleep 10; done",
     ]
   }
   count = var.olcne_masters.master_nodes_size
@@ -81,7 +81,7 @@ resource null_resource "wait_for_worker" {
 
   provisioner "remote-exec" {
     inline = [
-      "while [ ! -f /home/opc/worker.finish ]; do echo 'waiting for worker to be ready';sleep 10; done",
+      "while [ ! -f /home/opc/worker.finish ]; do echo 'Waiting for worker node to be ready';sleep 10; done",
     ]
   }
   count = var.olcne_workers.worker_nodes_size
@@ -112,14 +112,14 @@ resource null_resource "download_private_key" {
 
   provisioner "file" {
     content     = data.template_file.download_private_key.rendered
-    destination = "~/get_key"
+    destination = "~/get_key.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
       "sleep 10",
-      "chmod +x $HOME/get_key",
-      "$HOME/get_key",
+      "chmod +x $HOME/get_key.sh",
+      "$HOME/get_key.sh",
       "chmod go-rw ~/.ssh/id_rsa",
     ]
   }
@@ -142,14 +142,14 @@ resource null_resource "create_certificate" {
 
   provisioner "file" {
     content     = data.template_file.create_certificate.rendered
-    destination = "~/create_certificate"
+    destination = "~/create_certificate.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/create_certificate",
-      "$HOME/create_certificate",
-      # "rm -f $HOME/create_certificate"
+      "chmod +x $HOME/create_certificate.sh",
+      "$HOME/create_certificate.sh",
+      # "rm -f $HOME/create_certificate.sh"
     ]
   }
 }

modules/operator/environment.tf

@@ -22,14 +22,14 @@ resource null_resource "configure_api" {
 
   provisioner "file" {
     content     = data.template_file.configure_api.rendered
-    destination = "~/configure_api"
+    destination = "~/configure_api.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/configure_api",
-      "$HOME/configure_api",
-      # "rm -f $HOME/configure_api"
+      "chmod +x $HOME/configure_api.sh",
+      "$HOME/configure_api.sh",
+      # "rm -f $HOME/configure_api.sh"
     ]
   }
 }
@@ -55,14 +55,14 @@ resource null_resource "configure_agent" {
 
   provisioner "file" {
     content     = data.template_file.configure_agent.rendered
-    destination = "~/configure_agent"
+    destination = "~/configure_agent.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/configure_agent",
-      "$HOME/configure_agent",
-      # "rm -f $HOME/configure_agent"
+      "chmod +x $HOME/configure_agent.sh",
+      "$HOME/configure_agent.sh",
+      # "rm -f $HOME/configure_agent.sh"
     ]
   }
   count = (var.olcne_masters.master_nodes_size + var.olcne_workers.worker_nodes_size)
@@ -93,14 +93,14 @@ resource null_resource "create_environment" {
 
   provisioner "file" {
     content     = data.template_file.create_environment.rendered
-    destination = "~/create_environment"
+    destination = "~/create_environment.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/create_environment",
-      "$HOME/create_environment",
-      # "rm -f $HOME/create_environment"
+      "chmod +x $HOME/create_environment.sh",
+      "$HOME/create_environment.sh",
+      # "rm -f $HOME/create_environment.sh"
     ]
   }
 }

modules/operator/helm.tf

@@ -26,14 +26,14 @@ resource null_resource "install_helm" {
 
   provisioner "file" {
     content     = data.template_file.install_helm.rendered
-    destination = "~/install_helm"
+    destination = "~/install_helm.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/install_helm",
-      "$HOME/install_helm",
-      # "rm -f $HOME/install_helm"
+      "chmod +x $HOME/install_helm.sh",
+      "$HOME/install_helm.sh",
+      # "rm -f $HOME/install_helm.sh"
     ]
   }
 }

modules/operator/kubeconfig.tf

@@ -20,18 +20,18 @@ resource null_resource "get_kubeconfig" {
     bastion_private_key = file(var.olcne_bastion.ssh_private_key_path)
   }
 
-  depends_on = [null_resource.install_module]
+  depends_on = [null_resource.install_kubernetes_module]
 
   provisioner "file" {
     content     = data.template_file.get_kubeconfig.rendered
-    destination = "~/get_kubeconfig"
+    destination = "~/get_kubeconfig.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/get_kubeconfig",
-      "$HOME/get_kubeconfig",
-      # "rm -f $HOME/get_kubeconfig"
+      "chmod +x $HOME/get_kubeconfig.sh",
+      "$HOME/get_kubeconfig.sh",
+      # "rm -f $HOME/get_kubeconfig.sh"
     ]
   }
 }

modules/operator/module.tf → modules/operator/kubernetes_module.tf

@@ -1,8 +1,8 @@
 # Copyright 2020, Oracle Corporation and/or affiliates.  
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-data "template_file" "create_module" {
-  template = file("${path.module}/scripts/create_module.template.sh")
+data "template_file" "create_kubernetes_module" {
+  template = file("${path.module}/scripts/create_kubernetes_module.template.sh")
 
   vars = {
     environment            = var.olcne_environment.environment_name
@@ -14,7 +14,7 @@ data "template_file" "create_module" {
   }
 }
 
-resource null_resource "create_module" {
+resource null_resource "create_kubernetes_module" {
   connection {
     host        = local.operator_private_ip
     private_key = file(var.olcne_operator.ssh_private_key_path)
@@ -30,29 +30,28 @@ resource null_resource "create_module" {
   depends_on = [null_resource.create_environment]
 
   provisioner "file" {
-    content     = data.template_file.create_module.rendered
-    destination = "~/create_module"
+    content     = data.template_file.create_kubernetes_module.rendered
+    destination = "~/create_kubernetes_module.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/create_module",
-      "$HOME/create_module",
-      # "rm -f $HOME/create_module"
+      "chmod +x $HOME/create_kubernetes_module.sh",
+      "$HOME/create_kubernetes_module.sh",
     ]
   }
 }
 
-data "template_file" "install_module" {
-  template = file("${path.module}/scripts/install_module.template.sh")
+data "template_file" "install_kubernetes_module" {
+  template = file("${path.module}/scripts/install_kubernetes_module.template.sh")
 
   vars = {
     environment  = var.olcne_environment.environment_name
     cluster_name = var.olcne_environment.cluster_name
   }
 }
 
-resource null_resource "install_module" {
+resource null_resource "install_kubernetes_module" {
   connection {
     host        = local.operator_private_ip
     private_key = file(var.olcne_operator.ssh_private_key_path)
@@ -65,18 +64,17 @@ resource null_resource "install_module" {
     bastion_private_key = file(var.olcne_bastion.ssh_private_key_path)
   }
 
-  depends_on = [null_resource.create_module]
+  depends_on = [null_resource.create_kubernetes_module]
 
   provisioner "file" {
-    content     = data.template_file.install_module.rendered
-    destination = "~/install_module"
+    content     = data.template_file.install_kubernetes_module.rendered
+    destination = "~/install_kubernetes_module.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/install_module",
-      "$HOME/install_module",
-      # "rm -f $HOME/install_module"
+      "chmod +x $HOME/install_kubernetes_module.sh",
+      "$HOME/install_kubernetes_module.sh",
     ]
   }
 }

modules/operator/nginx.tf

@@ -34,7 +34,7 @@ resource null_resource "install_nginxcontroller" {
 
   provisioner "file" {
     content     = data.template_file.install_nginxcontroller.rendered
-    destination = "~/install_nginx"
+    destination = "~/install_nginx.sh"
   }
 
   provisioner "file" {
@@ -44,9 +44,9 @@ resource null_resource "install_nginxcontroller" {
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/install_nginx",
-      "$HOME/install_nginx",
-      # "rm -f $HOME/install_nginx"
+      "chmod +x $HOME/install_nginx.sh",
+      "$HOME/install_nginx.sh",
+      # "rm -f $HOME/install_nginx.sh"
     ]
   }
 }

modules/operator/scripts/configure_agent.template.sh

@@ -3,7 +3,7 @@
 # Copyright 2020, Oracle Corporation and/or affiliates.  
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-echo 'configuring agent'
+echo 'Configuring Platform Agent'
 
 sudo /etc/olcne/bootstrap-olcne.sh \
     --secret-manager-type file \
@@ -12,4 +12,4 @@ sudo /etc/olcne/bootstrap-olcne.sh \
     --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
     --olcne-component agent 2> /dev/null
 
-echo 'platform agent configured'
+echo 'Platform Agent configured'

modules/operator/scripts/configure_api.template.sh

@@ -3,7 +3,7 @@
 # Copyright 2020, Oracle Corporation and/or affiliates.  
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-echo 'configuring platform api server'
+echo 'Configuring Platform API Server'
 
 sudo /etc/olcne/bootstrap-olcne.sh \
     --secret-manager-type file \
@@ -12,4 +12,4 @@ sudo /etc/olcne/bootstrap-olcne.sh \
     --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
     --olcne-component api-server 2> /dev/null
 
-echo 'platform api server configured'
+echo 'Platform API Server configured'

modules/operator/scripts/configure_kata.template.sh

@@ -3,6 +3,6 @@
 # Copyright 2020, Oracle Corporation and/or affiliates.  
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-echo 'creating kata runtime'
+echo 'Creating Kata Containers runtime'
 
 kubectl apply -f kata.yaml 2> /dev/null

modules/operator/scripts/create_certificate.template.sh

@@ -5,7 +5,7 @@
 
 cd /etc/olcne
 
-echo 'generating certificates'
+echo 'Generating certificates'
 
 sudo ./gen-certs-helper.sh \
   --cert-request-organization-unit "${org_unit}" \
@@ -14,14 +14,14 @@ sudo ./gen-certs-helper.sh \
   --cert-request-state "${state}" \
   --cert-request-country "${country}" \
   --cert-request-common-name "${common_name}" \
-  --nodes ${operator_node},${master_nodes},${worker_nodes} 2> /dev/null
+  --nodes "${operator_node},${master_nodes},${worker_nodes}" 2> /dev/null
 
-echo 'getting nodes public keys'
+echo 'Getting nodes public keys'
 
 ssh-keyscan -H ${operator_node} ${scan_master_nodes} ${scan_worker_nodes} >> ~/.ssh/known_hosts 2> /dev/null
 
-echo 'copying certificates to all nodes'
+echo 'Copying certificates to all nodes'
 
 bash -ex configs/certificates/olcne-tranfer-certs.sh 2> /dev/null
 
-echo 'certificates copied to all nodes'
+echo 'Certificates copied to all nodes'

modules/operator/scripts/create_environment.template.sh

@@ -3,13 +3,13 @@
 # Copyright 2020, Oracle Corporation and/or affiliates.  
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-echo 'creating environment ${environment}'
+echo "Creating environment ${environment}"
 
-olcnectl --api-server 127.0.0.1:8091 environment create --environment-name ${environment} \
+olcnectl --api-server 127.0.0.1:8091 environment create --environment-name "${environment}" \
     --update-config \
     --secret-manager-type file \
     --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
     --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
     --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key 2> /dev/null
 
-echo 'environment ${environment} configured'
+echo "Environment ${environment} configured"

modules/operator/scripts/create_kubernetes_module.template.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Copyright 2020, Oracle Corporation and/or affiliates.  
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+echo "Creating cluster ${cluster_name} in environment ${environment}"
+
+olcnectl --api-server 127.0.0.1:8091 module create --environment-name "${environment}" \
+  --module kubernetes --name "${cluster_name}" \
+  --container-registry "${container_registry}"/olcne \
+  --virtual-ip "${master_vip}" \
+  --master-nodes "${master_nodes_addresses}" \
+  --worker-nodes "${worker_nodes_addresses}" 2> /dev/null
+
+echo "Cluster ${cluster_name} created in environment ${environment}"

modules/operator/scripts/download_private_key.template.sh

@@ -3,4 +3,4 @@
 # Copyright 2020, Oracle Corporation and/or affiliates.  
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-oci secrets secret-bundle get --secret-id ${secret_id} | jq '[.data."secret-bundle-content"."content" ]' | tr -d "[ \" ]" | base64 -d > ~/.ssh/id_rsa
+oci secrets secret-bundle get --secret-id "${secret_id}" | jq '[.data."secret-bundle-content"."content" ]' | tr -d "[ \" ]" | base64 -d > ~/.ssh/id_rsa