terraform k3s run

README.md

@@ -0,0 +1 @@
+terraform apply -auto-approve

terraform/.terraform.lock.hcl

@@ -1,40 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/local" {
-  version = "2.8.0"
-  hashes = [
-    "h1:KCuj8nPbNP/ofQrAoQIuQ3CP6k+ADpULvxr7dw2PrpM=",
-    "zh:05f18164beab4a84753e5fedf463771ee0c6eca8e90346b8766f1e1c186dec1e",
-    "zh:563a0702e3711e25ba8930120899b681378b50cbb957fd204b37745c7c9b5f40",
-    "zh:5b56ab2ed70ed92721febb4a070af0837f1084c44825c18e4b95f7efb1d45d26",
-    "zh:6cbedc09b67a5cdb9501ff1b18a315fa46a38e0530424cab1c7f4b3acc75f489",
-    "zh:71b3bd50f89fb385a42a436ba2ce2b8e00f9de53535ce956deff1477b0b117dc",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:9d45ac0a00b85cabdd398b859349d17f124c598b6e6bf272f1bb01321ce708a8",
-    "zh:a453efe8641a8f31fe806b597bf2b34d7b78b971a8e3919061ea89d61fda7b8d",
-    "zh:ac692bacb8c3dca8b5b37e5383168aca1f87d3cd7b40615efd300defb76494f5",
-    "zh:bda9e90c8547d90c9c573206985c5675cc1406047605af037a5069942c3c5966",
-    "zh:c30a1967de040d00f5038086dd53cdbfb78cc05d1dbc75037410f011bf2a20d8",
-    "zh:c80bbd1c3f56b3c836d80cf93ac0e8809305c2642f0c98b54bf5d05d3b12718c",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
-  version = "3.2.4"
-  hashes = [
-    "h1:hkf5w5B6q8e2A42ND2CjAvgvSN3puAosDmOJb3zCVQM=",
-    "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43",
-    "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a",
-    "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991",
-    "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f",
-    "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e",
-    "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615",
-    "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442",
-    "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5",
-    "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f",
-    "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f",
-  ]
-}

terraform/main.tf

@@ -1,66 +0,0 @@
-# 1. 安装 K3S Server（正确官方安装法）
-resource "null_resource" "k3s_server" {
-  connection {
-    type        = "ssh"
-    host        = "101.201.78.54"
-    user        = "root"
-    password    = "Xs261617"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "curl -sfL https://get.k3s.io | sh -",
-      "sleep 20"
-    ]
-  }
-
-  # 每次都重新执行，确保拿最新token
-  triggers = {
-    always = timestamp()
-  }
-}
-
-# 2. 从 Server 下载 Token 到本地
-resource "null_resource" "get_token" {
-  depends_on = [null_resource.k3s_server]
-
-  connection {
-    type        = "ssh"
-    host        = "101.201.78.54"
-    user        = "root"
-    password    = "Xs261617"
-  }
-
-  provisioner "file" {
-    source      = "/var/lib/rancher/k3s/server/node-token"
-    destination = "node-token"
-  }
-}
-
-# 3. 读取本地 Token
-data "local_file" "k3s_token" {
-  filename = "node-token"
-  depends_on = [null_resource.get_token]
-}
-
-# 4. 自动安装 Worker 并加入集群
-resource "null_resource" "k3s_worker" {
-  depends_on = [data.local_file.k3s_token]
-
-  connection {
-    type        = "ssh"
-    host        = "47.120.61.39"
-    user        = "root"
-    password    = "Xs261617"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "curl -sfL https://get.k3s.io | K3S_URL=https://101.201.78.54:6443 K3S_TOKEN=${trimspace(data.local_file.k3s_token.content)} sh -"
-    ]
-  }
-}
-
-output "status" {
-  value = "✅ K3s 一主一从集群安装完成！"
-}

terraform/scripts/master.tf

@@ -0,0 +1,78 @@
+# Clean up any existing k3s installation on the master node
+resource "null_resource" "k3s_cleanup_master" {
+  # SSH 登录你的 master server
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = "root"
+    password    = var.master_password
+  }
+
+  # 远程执行清理命令
+  provisioner "remote-exec" {
+    inline = [
+      "echo -e '\\033[32mCleanup start on master node\\033[0m'",
+      "systemctl stop k3s 2>/dev/null || true",
+      "pkill -f k3s 2>/dev/null || true",
+      #"rm -rf /usr/local/bin/k3s",
+      "rm -f /etc/systemd/system/k3s.service",
+      "rm -rf /var/lib/rancher/k3s",
+      "rm -rf /etc/rancher/k3s",
+      "rm -rf /root/.kube",
+      "echo -e '\\033[32mCleanup completed on master node\\033[0m'"
+    ]
+  }
+}
+
+# Install k3s server on the master node
+resource "null_resource" "k3s_install_master" {
+  depends_on = [null_resource.k3s_cleanup_master]
+  
+  # SSH 登录你的 master server
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = "root"
+    password    = var.master_password
+  }
+
+  # 远程执行命令（你原来的所有逻辑，一模一样）
+  provisioner "remote-exec" {
+    inline = [
+      "if [ ! -f /usr/local/bin/k3s ]; then",
+        "wget -O /usr/local/bin/k3s http://download.9981.tech/k3s-v1.35.0%2Bk3s1",
+        "chmod +x /usr/local/bin/k3s",
+      "else",
+        "echo -e '\\033[32m start installing master ... \\033[0m'",
+        "chmod +x /usr/local/bin/k3s",
+        "nohup /usr/local/bin/k3s server --disable=traefik --disable=servicelb --disable=metrics-server --token=my-secret-token --https-listen-port=6443 --pause-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 --system-default-registry=registry.cn-hangzhou.aliyuncs.com > /root/k3s.log 2>&1 &",
+        #"/usr/local/bin/k3s server &",
+        "disown",
+        "echo -e '\\033[32m Done server master！ \\033[0m'",
+        #"systemctl start k3s",
+        #"echo -e '\\033[32m Done installing master ... \\033[0m'",
+      "fi"
+    ]
+  }
+}
+
+# Wait for k3s server to be ready on master node
+resource "null_resource" "wait_for_k3s_ready" {
+  depends_on = [null_resource.k3s_install_master]
+
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = "root"
+    password    = var.master_password
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "# 等待 k3s 服务完全启动并生成 token",
+      "timeout 300 bash -c 'while [ ! -f /var/lib/rancher/k3s/server/node-token ]; do echo waiting for k3s token...; sleep 10; done' || exit 1",
+      "  echo 'T----------------'",
+    ]
+  }
+}
+

terraform/scripts/upload_tf_files_to_server.py

@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""
+Upload Terraform files to server
+This script uploads all .tf files from the terraform directory to a remote server via SSH
+"""
+
+import os
+import sys
+from pathlib import Path
+import paramiko
+from scp import SCPClient
+
+def upload_tf_files(server_ip, username, password, local_dir="./", remote_dir="/tmp/terraform"):
+    """
+    Upload the entire tfs folder to remote server
+    
+    Args:
+        server_ip (str): Remote server IP address
+        username (str): Username for SSH connection
+        password (str): Password for SSH connection
+        local_dir (str): Local directory containing the tfs folder
+        remote_dir (str): Remote directory to upload files to
+    """
+    try:
+        # Create SSH client
+        ssh_client = paramiko.SSHClient()
+        ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        
+        # Connect to server
+        print(f"Connecting to {server_ip}...")
+        ssh_client.connect(hostname=server_ip, username=username, password=password)
+        
+        # Create SCP client
+        with SCPClient(ssh_client.get_transport()) as scp_client:
+            # Upload the entire tfs folder
+            local_path = Path(local_dir)
+            
+            if not local_path.exists():
+                print(f"Local directory {local_dir} does not exist")
+                return
+            
+            print(f"Uploading directory: {local_dir}")
+            
+            # Create remote directory if it doesn't exist
+            stdin, stdout, stderr = ssh_client.exec_command(f'mkdir -p {remote_dir}')
+            stdout.channel.recv_exit_status()  # Wait for command to complete
+            
+            # Upload the entire directory
+            print(f"Uploading {local_dir} to {server_ip}:{remote_dir}/...")
+            scp_client.put(str(local_path), remote_dir, recursive=True)
+            print(f"  [SUCCESS] Directory uploaded successfully")
+        
+        print(f"\nDirectory uploaded to {server_ip}:{remote_dir}/")
+        
+    except Exception as e:
+        print(f"Error uploading directory: {str(e)}")
+        raise
+    finally:
+        if 'ssh_client' in locals():
+            ssh_client.close()
+
+def main():
+    # Configuration
+    SERVER_IP = "47.113.186.215"  # Pre-set server IP
+    USERNAME = "root"  # Pre-set username
+    PASSWORD = "Xs261617"  # Pre-set password
+    LOCAL_DIR = r"E:\myaliyun\cicd_yamls\terraform\tfs"  # Directory containing the tfs folder
+    REMOTE_DIR = "/root/cicd_yamls/terraform"  # Remote directory to upload files to
+    
+    print(f"\nUploading tfs folder from {LOCAL_DIR} to {SERVER_IP}:{REMOTE_DIR}\n")
+    
+    upload_tf_files(SERVER_IP, USERNAME, PASSWORD, LOCAL_DIR, REMOTE_DIR)
+
+if __name__ == "__main__":
+    main()

terraform/terraform.tfstate

@@ -1,34 +0,0 @@
-{
-  "version": 4,
-  "terraform_version": "1.9.0",
-  "serial": 26,
-  "lineage": "97cf6d39-07aa-43df-7034-36aaeb3434b2",
-  "outputs": {
-    "status": {
-      "value": "✅ K3s 一主一从集群安装完成！",
-      "type": "string"
-    }
-  },
-  "resources": [
-    {
-      "mode": "managed",
-      "type": "null_resource",
-      "name": "k3s_server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
-      "instances": [
-        {
-          "status": "tainted",
-          "schema_version": 0,
-          "attributes": {
-            "id": "8349280120952191617",
-            "triggers": {
-              "always": "2026-04-30T08:41:51Z"
-            }
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    }
-  ],
-  "check_results": null
-}

terraform/tfs/main.tf

@@ -0,0 +1,19 @@
+# 什么 provider 都不需要！
+# 不用下载、不用镜像、不用 GitHub、不连外网！
+
+# 引入变量和模块配置
+# 配置分布在以下文件中：
+# - variables.tf: 定义所有变量
+# - master.tf: Master节点配置
+# - workers.tf: Worker节点配置
+# - outputs.tf: 输出配置
+
+# 该文件作为入口点，实际配置在其他文件中
+
+# Terraform 配置
+terraform {
+  required_version = ">= 0.12"
+}
+
+# Provider 配置（虽然我们不使用外部provider，但声明以满足语法）
+# 实际上我们只使用内置的 null provider

terraform/tfs/master.tf

@@ -0,0 +1,92 @@
+# Clean up any existing k3s installation on the master node
+resource "null_resource" "k3s_cleanup_master" {
+  # SSH 登录你的 master server
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = "root"
+    password    = var.master_password
+  }
+
+  # 远程执行清理命令
+  provisioner "remote-exec" {
+    inline = [
+      "echo -e '\\033[32mCleanup start on master node\\033[0m'",
+      "systemctl stop k3s 2>/dev/null || true",
+      "pkill -f k3s 2>/dev/null || true",
+      #"rm -rf /usr/local/bin/k3s",
+      "rm -f /etc/systemd/system/k3s.service",
+      "rm -rf /var/lib/rancher/k3s",
+      "rm -rf /etc/rancher/k3s",
+      "rm -rf /root/.kube",
+      "echo -e '\\033[32mCleanup completed on master node\\033[0m'"
+    ]
+  }
+}
+
+
+resource "null_resource" "k3s_install_master" {
+  depends_on = [null_resource.k3s_cleanup_master]
+  
+  # SSH 登录你的 master server
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = "root"
+    password    = var.master_password
+  }
+
+  # 远程执行命令（你原来的所有逻辑，一模一样）
+  provisioner "remote-exec" {
+    inline = [
+      "echo -e '\\033[32mChecking if k3s binary exists...\\033[0m'",
+      "if [ ! -f /usr/local/bin/k3s ]; then",
+      "  echo -e '\\033[32mDownloading k3s binary...\\033[0m'",
+      "  wget -O /usr/local/bin/k3s http://download.9981.tech/k3s-v1.35.0%2Bk3s1",
+      "  chmod +x /usr/local/bin/k3s",
+      "else",
+      "  echo -e '\\033[33mk3s binary already exists, skipping download\\033[0m'",
+      "fi",
+      "echo -e '\\033[32mCreating k3s systemd service...\\033[0m'",
+      # 关键：用 heredoc 完全避免语法错误
+      "cat > /etc/systemd/system/k3s.service <<'EOF'",
+      "[Unit]",
+      "Description=Lightweight Kubernetes",
+      "Documentation=https://k3s.io",
+      "After=network-online.target",
+      "[Service]",
+      "Type=exec",
+      "ExecStart=/usr/local/bin/k3s server --disable=traefik --disable=servicelb --disable=metrics-server --token=my-secret-token --https-listen-port=6443 --pause-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 --system-default-registry=registry.cn-hangzhou.aliyuncs.com",
+      "Restart=always",
+      "RestartSec=5s",
+      "[Install]",
+      "WantedBy=multi-user.target",
+      "EOF",
+      "systemctl daemon-reload",
+      "systemctl enable --now k3s",
+      "echo -e '\\033[32mK3s started successfully via systemd!\\033[0m'",
+    ]
+  }
+}
+
+
+resource "null_resource" "copy_token_to_workers" {
+  depends_on = [null_resource.k3s_install_master]
+  
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = "root"
+    password    = var.master_password
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "echo -e '\\033[32mK3s Starting copy token to workers!\\033[0m'",
+      "timeout 300 bash -c 'while [ ! -f /var/lib/rancher/k3s/server/node-token ]; do echo waiting for k3s token...; sleep 10; done'",
+      "sshpass -p '${var.worker_password}' scp -o StrictHostKeyChecking=no /var/lib/rancher/k3s/server/node-token root@${var.worker_ips[0]}:/root/",
+      "sshpass -p '${var.worker_password}' scp -o StrictHostKeyChecking=no /var/lib/rancher/k3s/server/node-token root@${var.worker_ips[1]}:/root/",
+      "echo -e '\\033[32mK3s Done copy token to workers!\\033[0m'",
+    ]
+  }
+}

terraform/tfs/outputs.tf

@@ -0,0 +1,19 @@
+output "结果" {
+  value = "k3s 集群安装完成！Master 和 Worker 节点都已配置！"
+}
+
+output "master_node" {
+  value = var.master_ip
+}
+
+output "worker_nodes" {
+  value = var.worker_ips
+}
+
+output "cluster_info" {
+  value = {
+    master = var.master_ip
+    workers = var.worker_ips
+    status = "Cluster configured with 1 master and 2 workers"
+  }
+}

terraform/tfs/run.sh

@@ -0,0 +1,2 @@
+terraform destroy --auto-approve
+terraform apply --auto-approve

terraform/tfs/variables.tf

@@ -0,0 +1,35 @@
+variable "master_ip" {
+  description = "Master node IP address"
+  type        = string
+  default     = "47.113.186.215"
+}
+
+variable "master_password" {
+  description = "Root password for master node"
+  type        = string
+  default     = "Xs261617"
+}
+
+variable "worker_ips" {
+  description = "Worker node IP addresses"
+  type        = list(string)
+  default     = ["101.201.78.54", "47.120.61.39"]
+}
+
+variable "worker_password" {
+  description = "Root password for worker nodes"
+  type        = string
+  default     = "Xs261617"
+}
+
+variable "k3s_version" {
+  description = "k3s version to install"
+  type        = string
+  default     = "v1.35.0+k3s1"
+}
+
+variable "k3s_download_url" {
+  description = "URL to download k3s binary"
+  type        = string
+  default     = "http://download.9981.tech/k3s-v1.35.0%2Bk3s1"
+}

terraform/tfs/workers.tf

@@ -0,0 +1,101 @@
+resource "null_resource" "k3s_cleanup_worker1" {
+  # SSH 登录到 worker 节点
+  connection {
+    type        = "ssh"
+    host        = var.worker_ips[0]
+    user        = "root"
+    password    = var.worker_password
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "# Stop k3s-agent service if running",
+      "systemctl stop k3s-agent 2>/dev/null || true",
+      "# Kill any remaining k3s processes",
+      "pkill -f k3s 2>/dev/null || true",
+      "# Remove k3s data directory",
+      "rm -rf /var/lib/rancher/k3s",
+      "# Remove k3s-agent service file",
+      "rm -f /etc/systemd/system/k3s-agent.service",
+      "echo 'Cleanup completed on worker node 1'"
+    ]
+  }
+}
+
+resource "null_resource" "k3s_cleanup_worker2" {
+  connection {
+    type        = "ssh"
+    host        = var.worker_ips[1]
+    user        = "root"
+    password    = var.worker_password
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "# Stop k3s-agent service if running",
+      "systemctl stop k3s-agent 2>/dev/null || true",
+      "# Kill any remaining k3s processes",
+      "pkill -f k3s 2>/dev/null || true",
+      "# Remove k3s data directory",
+      "rm -rf /var/lib/rancher/k3s",
+      "# Remove k3s-agent service file",
+      "rm -f /etc/systemd/system/k3s-agent.service",
+      "echo 'Cleanup completed on worker node 2'"
+    ]
+  }
+}
+
+resource "null_resource" "k3s_install_worker1" {
+  depends_on = [null_resource.copy_token_to_workers, null_resource.k3s_cleanup_worker1]
+
+  connection {
+    type        = "ssh"
+    host        = var.worker_ips[0]
+    user        = "root"
+    password    = var.worker_password
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "if [ -f /usr/local/bin/k3s ]; then",
+      "  echo 'k3s binary already exists, skipping download'",
+      "else",
+      "  wget -O /usr/local/bin/k3s ${var.k3s_download_url}",
+      "  chmod +x /usr/local/bin/k3s",
+      "fi",
+      "TOKEN=$(cat /root/node-token)",
+      "echo -e '\\033[32m--Start k3s agent 1--\\033[0m'",
+      "k3s agent --server https://${var.master_ip}:6443 --token $TOKEN --node-name worker-node-${replace(var.worker_ips[0], ".", "-")} --node-ip=${var.worker_ips[0]} --data-dir /var/lib/rancher/k3s",
+      "echo -e '\\033[32m--Done k3s agent 1--\\033[0m'",
+      "sleep 5",
+    ]
+  }
+}
+
+
+resource "null_resource" "k3s_install_worker2" {
+  depends_on = [null_resource.copy_token_to_workers, null_resource.k3s_cleanup_worker2]
+
+  connection {
+    type        = "ssh"
+    host        = var.worker_ips[1]
+    user        = "root"
+    password    = var.worker_password
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "if [ -f /usr/local/bin/k3s ]; then",
+      "  echo 'k3s binary already exists, skipping download'",
+      "else",
+      "  wget -O /usr/local/bin/k3s ${var.k3s_download_url}",
+      "  chmod +x /usr/local/bin/k3s",
+      "fi",
+      "TOKEN=$(cat /root/node-token)",
+      "echo -e '\\033[32m--Start k3s agent 2--\\033[0m'",
+      "k3s agent --server https://${var.master_ip}:6443 --token $TOKEN --node-name worker-node-${replace(var.worker_ips[1], ".", "-")} --node-ip=${var.worker_ips[1]} --data-dir /var/lib/rancher/k3s",
+      "echo -e '\\033[32m--Done k3s agent 2--\\033[0m'",
+      "sleep 5",
+    ]
+  }
+}