underpost 2.8.7 → 2.8.8

package/manifests/lxd/underpost-setup.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# Exit immediately if a command exits with a non-zero status.
+set -e
+
+echo "Starting Underpost Kubernetes Node Setup for Production (Kubeadm/K3s Use Case)..."
+
+# --- Disk Partition Resizing (Keep as is, seems functional) ---
+echo "Expanding /dev/sda2 partition and resizing filesystem..."
+
+# Check if parted is installed
+if ! command -v parted &>/dev/null; then
+    echo "parted not found, installing..."
+    sudo dnf install -y parted
+fi
+
+# Get start sector of /dev/sda2
+START_SECTOR=$(sudo parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
+
+# Resize the partition
+# Using 'sudo' for parted commands
+sudo parted /dev/sda ---pretend-input-tty <<EOF
+unit s
+resizepart 2 100%
+Yes
+quit
+EOF
+
+# Resize the filesystem
+sudo resize2fs /dev/sda2
+
+echo "Disk and filesystem resized successfully."
+
+# --- Essential System Package Installation ---
+echo "Installing essential system packages..."
+sudo dnf install -y tar bzip2 git epel-release
+
+# Perform a system update to ensure all packages are up-to-date
+sudo dnf -y update
+
+# --- NVM and Node.js Installation ---
+echo "Installing NVM and Node.js v23.8.0..."
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+
+# Load nvm for the current session
+export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+
+nvm install 23.8.0
+nvm use 23.8.0
+
+echo "
+██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
+██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
+██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░
+██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═╝░░░██║░░██║░╚═══██╗░░░██║░░░
+╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
+░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
+
+Installing underpost k8s node...
+"
+
+# Install underpost globally
+npm install -g underpost
+
+# Ensure underpost executable is in PATH and has execute permissions
+# Adjusting this for global npm install which usually handles permissions
+# If you still face issues, ensure /root/.nvm/versions/node/v23.8.0/bin is in your PATH
+# For global installs, it's usually handled automatically.
+# chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost # This might not be necessary for global npm installs
+
+# --- Kernel Module for Bridge Filtering ---
+# This is crucial for Kubernetes networking (CNI)
+echo "Loading br_netfilter kernel module..."
+sudo modprobe br_netfilter
+
+# --- Initial Host Setup for Kubernetes Prerequisites ---
+# This calls the initHost method in cluster.js to install Docker, Podman, Kind, Kubeadm, Helm.
+echo "Running initial host setup for Kubernetes prerequisites..."
+# Ensure the current directory is where 'underpost' expects its root, or use absolute paths.
+# Assuming 'underpost root' correctly points to the base directory of your project.
+cd "$(underpost root)/underpost"
+underpost cluster --init-host
+
+# --- Argument Parsing for Kubeadm/Kind/K3s/Worker ---
+USE_KUBEADM=false
+USE_KIND=false # Not the primary focus for this request, but keeping the logic
+USE_K3S=false  # New K3s option
+USE_WORKER=false
+
+for arg in "$@"; do
+    case "$arg" in
+    --kubeadm)
+        USE_KUBEADM=true
+        ;;
+    --kind)
+        USE_KIND=true
+        ;;
+    --k3s) # New K3s argument
+        USE_K3S=true
+        ;;
+    --worker)
+        USE_WORKER=true
+        ;;
+    esac
+done
+
+echo "USE_KUBEADM = $USE_KUBEADM"
+echo "USE_KIND      = $USE_KIND"
+echo "USE_K3S      = $USE_K3S" # Display K3s flag status
+echo "USE_WORKER   = $USE_WORKER"
+
+# --- Kubernetes Cluster Initialization Logic ---
+
+# Apply host configuration (SELinux, Containerd, Sysctl, and now firewalld disabling)
+echo "Applying Kubernetes host configuration (SELinux, Containerd, Sysctl, Firewalld)..."
+underpost cluster --config
+
+if $USE_KUBEADM; then
+    if $USE_WORKER; then
+        echo "Running worker node setup for kubeadm..."
+        # For worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The join command itself needs to be provided from the control plane.
+        # This script assumes the join command will be executed separately or passed in.
+        # Example: underpost cluster --worker --join-command "kubeadm join ..."
+        # For now, this just runs the worker-specific config.
+        underpost cluster --worker
+        underpost cluster --chown
+        echo "Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your control plane, run 'kubeadm token create --print-join-command' and execute the output here."
+    else
+        echo "Running control plane setup with kubeadm..."
+        # This will initialize the kubeadm control plane and install Calico
+        underpost cluster --kubeadm
+        echo "Kubeadm control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_K3S; then # New K3s initialization block
+    if $USE_WORKER; then
+        echo "Running worker node setup for K3s..."
+        # For K3s worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The K3s join command (k3s agent --server ...) needs to be provided.
+        underpost cluster --worker --k3s
+        underpost cluster --chown
+        echo "K3s Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your K3s control plane, get the K3S_TOKEN from /var/lib/rancher/k3s/server/node-token"
+        echo "and the K3S_URL (e.g., https://<control-plane-ip>:6443)."
+        echo "Then execute: K3S_URL=${K3S_URL} K3S_TOKEN=${K3S_TOKEN} curl -sfL https://get.k3s.io | sh -"
+    else
+        echo "Running control plane setup with K3s..."
+        underpost cluster --k3s
+        echo "K3s control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_KIND; then
+    echo "Running control node with kind..."
+    underpost cluster
+    echo "Kind cluster initialized. Check cluster status with 'kubectl get nodes'."
+else
+    echo "No specific cluster role (--kubeadm, --kind, --k3s, --worker) specified. Please provide one."
+    exit 1
+fi
+
+echo "Underpost Kubernetes Node Setup completed."
+echo "Remember to verify cluster health with 'kubectl get nodes' and 'kubectl get pods --all-namespaces'."

package/manifests/maas/lxd-preseed.yaml

@@ -0,0 +1,32 @@
+config:
+  core.https_address: "[::]:8443"
+  # core.trust_password: password
+networks:
+  - config:
+      ipv4.address: 10.10.10.1/24
+      ipv6.address: none
+    description: ""
+    name: lxdbr0
+    type: ""
+    project: default
+storage_pools:
+  - config:
+      size: 500GB
+    description: ""
+    name: default
+    driver: zfs
+profiles:
+  - config: {}
+    description: ""
+    devices:
+      eth0:
+        name: eth0
+        network: lxdbr0
+        type: nic
+      root:
+        path: /
+        pool: default
+        type: disk
+    name: default
+projects: []
+cluster: null

package/manifests/maas/maas-setup.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+set -euo pipefail
+
+# Update LXD and install dependencies
+sudo snap install --channel=latest/stable lxd
+sudo snap refresh --channel=latest/stable lxd
+sudo snap install jq
+sudo snap install maas
+
+# Get default interface and IP address
+INTERFACE=$(ip route | grep default | awk '{print $5}')
+IP_ADDRESS=$(ip -4 addr show dev "$INTERFACE" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
+
+# Install and persist iptables NAT rules (Rocky Linux compatible)
+sudo dnf install -y iptables-services
+sudo systemctl enable --now iptables
+
+# Enable IP forwarding and configure NAT
+sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
+sudo sysctl -p
+sudo iptables -t nat -A POSTROUTING -o "$INTERFACE" -j SNAT --to "$IP_ADDRESS"
+sudo service iptables save
+
+# LXD preseed
+cd /home/dd/engine
+lxd init --preseed <manifests/maas/lxd-preseed.yaml
+
+# Wait for LXD to be ready
+lxd waitready
+
+# Load secrets
+underpost secret underpost --create-from-file /home/dd/engine/engine-private/conf/dd-cron/.env.production
+
+# Extract config values
+DB_PG_MAAS_USER=$(node bin config get --plain DB_PG_MAAS_USER)
+DB_PG_MAAS_PASS=$(node bin config get --plain DB_PG_MAAS_PASS)
+DB_PG_MAAS_HOST=$(node bin config get --plain DB_PG_MAAS_HOST)
+DB_PG_MAAS_NAME=$(node bin config get --plain DB_PG_MAAS_NAME)
+
+MAAS_ADMIN_USERNAME=$(node bin config get --plain MAAS_ADMIN_USERNAME)
+MAAS_ADMIN_EMAIL=$(node bin config get --plain MAAS_ADMIN_EMAIL)
+MAAS_ADMIN_PASS=$(node bin config get --plain MAAS_ADMIN_PASS)
+
+# Initialize MAAS
+maas init region+rack \
+    --database-uri "postgres://${DB_PG_MAAS_USER}:${DB_PG_MAAS_PASS}@${DB_PG_MAAS_HOST}/${DB_PG_MAAS_NAME}" \
+    --maas-url http://${IP_ADDRESS}:5240/MAAS
+
+# Let MAAS initialize
+sleep 30
+
+# Create admin and get API key
+maas createadmin \
+    --username "$MAAS_ADMIN_USERNAME" \
+    --password "$MAAS_ADMIN_PASS" \
+    --email "$MAAS_ADMIN_EMAIL"
+
+APIKEY=$(maas apikey --username "$MAAS_ADMIN_USERNAME")
+
+# Login to MAAS
+maas login "$MAAS_ADMIN_USERNAME" "http://localhost:5240/MAAS/" "$APIKEY"
+
+# Configure MAAS networking
+SUBNET=10.10.10.0/24
+FABRIC_ID=$(maas "$MAAS_ADMIN_USERNAME" subnet read "$SUBNET" | jq -r ".vlan.fabric_id")
+VLAN_TAG=$(maas "$MAAS_ADMIN_USERNAME" subnet read "$SUBNET" | jq -r ".vlan.vid")
+PRIMARY_RACK=$(maas "$MAAS_ADMIN_USERNAME" rack-controllers read | jq -r ".[] | .system_id")
+
+maas "$MAAS_ADMIN_USERNAME" subnet update "$SUBNET" gateway_ip=10.10.10.1
+maas "$MAAS_ADMIN_USERNAME" ipranges create type=dynamic start_ip=10.10.10.200 end_ip=10.10.10.254
+maas "$MAAS_ADMIN_USERNAME" vlan update "$FABRIC_ID" "$VLAN_TAG" dhcp_on=True primary_rack="$PRIMARY_RACK"
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=upstream_dns value=8.8.8.8
+
+# Register LXD as VM host
+VM_HOST_ID=$(maas "$MAAS_ADMIN_USERNAME" vm-hosts create \
+    password=password \
+    type=lxd \
+    power_address="https://${IP_ADDRESS}:8443" \
+    project=maas | jq '.id')
+
+# Set VM host CPU oversubscription
+maas "$MAAS_ADMIN_USERNAME" vm-host update "$VM_HOST_ID" cpu_over_commit_ratio=4

package/manifests/mariadb/statefulset.yaml

@@ -49,7 +49,8 @@ spec:
     - metadata:
         name: mariadb-storage
       spec:
-        accessModes: ['ReadWriteOnce']
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: mariadb-storage-class
         resources:
           requests:
             storage: 1Gi

package/manifests/mariadb/storage-class.yaml

@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: mariadb-storage-class # Renamed for clarity
+  annotations:
+    # Set this to "true" if you want this to be the default StorageClass
+    # storageclass.kubernetes.io/is-default-class: "true"
+provisioner: rancher.io/local-path # Ensure this provisioner is installed in your cluster
+reclaimPolicy: Retain # Or Delete, depending on your data retention policy
+volumeBindingMode: WaitForFirstConsumer

package/manifests/mongodb/kustomization.yaml

@@ -6,6 +6,6 @@ resources:
   - pv-pvc.yaml
   - headless-service.yaml
   - statefulset.yaml
-  - backup-pv-pvc.yaml
+  # - backup-pv-pvc.yaml
   # - backup-cronjob.yaml
   # - backup-access.yaml

package/manifests/mongodb/statefulset.yaml

@@ -3,7 +3,7 @@ kind: StatefulSet
 metadata:
   name: mongodb # Specifies the name of the statefulset
 spec:
-  serviceName: 'mongodb-service' # Specifies the service to use
+  serviceName: "mongodb-service" # Specifies the service to use
   replicas: 2
   selector:
     matchLabels:
@@ -18,8 +18,8 @@ spec:
           image: docker.io/library/mongo:latest
           command:
             - mongod
-            - '--replSet'
-            - 'rs0'
+            - "--replSet"
+            - "rs0"
             # - '--config'
             # - '-f'
             # - '/etc/mongod.conf'
@@ -35,9 +35,9 @@ spec:
             # - '--setParameter'
             # - 'authenticationMechanisms=SCRAM-SHA-1'
             # - '--fork'
-            - '--logpath'
-            - '/var/log/mongodb/mongod.log'
-            - '--bind_ip_all'
+            - "--logpath"
+            - "/var/log/mongodb/mongod.log"
+            - "--bind_ip_all"
           # command: ['sh', '-c']
           # args:
           #   - |
@@ -99,11 +99,11 @@ spec:
                   key: password
           resources:
             requests:
-              cpu: '100m'
-              memory: '256Mi'
+              cpu: "100m"
+              memory: "256Mi"
             limits:
-              cpu: '500m'
-              memory: '512Mi'
+              cpu: "500m"
+              memory: "512Mi"
       volumes:
         - name: keyfile
           secret:
@@ -119,7 +119,8 @@ spec:
     - metadata:
         name: mongodb-storage
       spec:
-        accessModes: ['ReadWriteOnce']
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: mongodb-storage-class
         resources:
           requests:
             storage: 5Gi

package/manifests/mongodb/storage-class.yaml

@@ -0,0 +1,9 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: mongodb-storage-class
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "false"
+provisioner: rancher.io/local-path
+reclaimPolicy: Retain
+volumeBindingMode: WaitForFirstConsumer

package/manifests/mongodb-4.4/service-deployment.yaml

@@ -13,11 +13,11 @@ spec:
       labels:
         app: mongodb
     spec:
-      hostname: mongo
+      hostname: mongodb-service
       containers:
         - name: mongodb
           image: mongo:4.4
-          command: ['mongod', '--replSet', 'rs0', '--bind_ip_all']
+          command: ["mongod", "--replSet", "rs0", "--bind_ip_all"]
           # -- bash
           # mongo
           # use admin

package/manifests/mysql/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# kubectl apply -k core/.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pv-pvc.yaml
+  - statefulset.yaml

package/manifests/mysql/pv-pvc.yaml

@@ -0,0 +1,27 @@
+# pv-pvc.yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

package/manifests/mysql/statefulset.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+spec:
+  ports:
+    - port: 3306
+      name: mysql
+  selector:
+    app: mysql
+  clusterIP: None
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql
+spec:
+  serviceName: "mysql"
+  selector:
+    matchLabels:
+      app: mysql
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+        - image: mysql:9
+          name: mysql
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: password
+          ports:
+            - containerPort: 3306
+              name: mysql
+          volumeMounts:
+            - name: mysql-persistent-storage
+              mountPath: /var/lib/mysql
+              subPath: mysql
+  volumeClaimTemplates:
+    - metadata:
+        name: mysql-persistent-storage
+      spec:
+        storageClassName: manual
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi

package/manifests/postgresql/statefulset.yaml

@@ -4,7 +4,7 @@ metadata:
   name: postgres
 spec:
   serviceName: postgres
-  replicas: 3
+  replicas: 1
   selector:
     matchLabels:
       app: postgres

package/manifests/valkey/service.yaml

@@ -1,17 +1,11 @@
----
 apiVersion: v1
 kind: Service
 metadata:
-  name: service-valkey
+  name: valkey-service
   namespace: default
 spec:
+  selector:
+    app: valkey-service
   ports:
     - port: 6379
       targetPort: 6379
-  selector:
-    app: service-valkey
-  ipFamilyPolicy: PreferDualStack
-  ipFamilies:
-    - IPv4
-    # - IPv6
-  type: ClusterIP

package/manifests/valkey/statefulset.yaml

@@ -1,41 +1,38 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: service-valkey
+  name: valkey-service
   namespace: default
 spec:
-  serviceName: service-valkey
+  serviceName: valkey-service
   replicas: 1
   selector:
     matchLabels:
-      app: service-valkey
+      app: valkey-service
   template:
     metadata:
       labels:
-        app: service-valkey
+        app: valkey-service
     spec:
-      # Prevent automatic token mounting if you're not using the default ServiceAccount
       automountServiceAccountToken: false
-
       containers:
-        - name: service-valkey
-          image: valkey/valkey:latest
-          # Ensure you pull only if not present (Never will error if missing)
-          imagePullPolicy: Never
-          env:
-            - name: TZ
-              value: Europe/Zurich
+        - name: valkey-service
+          image: docker.io/valkey/valkey:latest
+          imagePullPolicy: IfNotPresent
+          command: ["valkey-server"]
+          args: ["--port", "6379"]
           ports:
             - containerPort: 6379
           startupProbe:
             tcpSocket:
               port: 6379
-            failureThreshold: 30
             periodSeconds: 5
             timeoutSeconds: 5
+            failureThreshold: 30
           livenessProbe:
             tcpSocket:
               port: 6379
-            failureThreshold: 2
+            initialDelaySeconds: 10
             periodSeconds: 30
             timeoutSeconds: 5
+            failureThreshold: 2

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.7",
+    "version": "2.8.8",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/baremetal.js

@@ -0,0 +1,60 @@
+import { getNpmRootPath, getUnderpostRootPath } from '../server/conf.js';
+import { shellExec } from '../server/process.js';
+import dotenv from 'dotenv';
+class UnderpostBaremetal {
+  static API = {
+    callback(
+      options = {
+        dev: false,
+        controlServerInstall: false,
+        controlServerInitDb: false,
+        controlServerInit: false,
+        controlServerUninstall: false,
+        controlServerStop: false,
+        controlServerStart: false,
+      },
+    ) {
+      dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
+      const npmRoot = getNpmRootPath();
+      const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
+      const dbProviderId = 'postgresql-14';
+      if (options.controlServerUninstall === true) {
+        // Stop MAAS services
+        shellExec(`sudo systemctl stop maas.pebble || true`);
+        shellExec(`sudo snap stop maas`);
+        shellExec(`sudo snap remove maas --purge || true`);
+
+        // Remove Snap residual data
+        shellExec(`sudo rm -rf /var/snap/maas`);
+        shellExec(`sudo rm -rf ~/snap/maas`);
+
+        // Remove MAAS config and data directories
+        shellExec(`sudo rm -rf /etc/maas`);
+        shellExec(`sudo rm -rf /var/lib/maas`);
+        shellExec(`sudo rm -rf /var/log/maas`);
+      }
+      if (options.controlServerStart === true) {
+        shellExec(`sudo snap restart maas`);
+      }
+      if (options.controlServerStop === true) {
+        shellExec(`sudo snap stop maas`);
+      }
+      if (options.controlServerInitDb === true) {
+        shellExec(`node ${underpostRoot}/bin/deploy ${dbProviderId} install`);
+        shellExec(
+          `node ${underpostRoot}/bin/deploy pg-drop-db ${process.env.DB_PG_MAAS_NAME} ${process.env.DB_PG_MAAS_USER}`,
+        );
+        shellExec(`node ${underpostRoot}/bin/deploy maas db`);
+      }
+      if (options.controlServerInstall === true) {
+        shellExec(`chmod +x ${underpostRoot}/manifests/maas/maas-setup.sh`);
+        shellExec(`${underpostRoot}/manifests/maas/maas-setup.sh`);
+      }
+      if (options.controlServerInit === true) {
+        shellExec(`node ${underpostRoot}/bin/deploy maas reset`);
+      }
+    },
+  };
+}
+
+export default UnderpostBaremetal;