optimize rootfs scripts

context/rootfs/scripts/docker.sh

@@ -16,10 +16,13 @@
 set -x
 set -e
 
-scripts_path=$(cd `dirname $0`; pwd)
+# shellcheck disable=SC2046
+# shellcheck disable=SC2006
+scripts_path=$(cd `dirname "$0"`; pwd)
 image_dir="$scripts_path/../images"
 DOCKER_VERSION="19.03.14-sealer"
 
+# shellcheck disable=SC1091
 get_distribution() {
   lsb_dist=""
   # Every system that we officially support has /etc/os-release
@@ -46,6 +49,7 @@ load_images() {
   done
 }
 
+# shellcheck disable=SC2006
 check_docker_valid() {
   if ! docker info 2>&1; then
     panic "docker is not healthy: $(docker info 2>&1), please check"
@@ -58,7 +62,7 @@ check_docker_valid() {
 }
 
 storage=${1:-/var/lib/docker}
-mkdir -p $storage
+mkdir -p "$storage"
 if ! utils_command_exists docker; then
   lsb_dist=$(get_distribution)
   lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"

context/rootfs/scripts/init-kube.sh

@@ -1,6 +1,10 @@
 #!/bin/bash
 
-scripts_path=$(cd `dirname $0`; pwd)
+# shellcheck disable=SC2046
+# shellcheck disable=SC2164
+# shellcheck disable=SC2006
+# shellcheck disable=SC1091
+scripts_path=$(cd `dirname "$0"`; pwd)
 source "${scripts_path}"/utils.sh
 
 set -x
@@ -56,4 +60,4 @@ copy_kubelet_service
 systemctl enable kubelet
 
 # nvidia-docker.sh need set kubelet labels, it should be run after kubelet
-bash ${scripts_path}/nvidia-docker.sh || exit 1
+bash "${scripts_path}"/nvidia-docker.sh || exit 1

context/rootfs/scripts/init-registry.sh

@@ -1,10 +1,25 @@
 #!/bin/bash
+# Copyright © 2021 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
 set -e
 set -x
 # prepare registry storage as directory
+# shellcheck disable=SC2046
 cd $(dirname "$0")
 
+# shellcheck disable=SC2034
 REGISTRY_PORT=${1-5000}
 VOLUME=${2-/var/lib/registry}
 REGISTRY_DOMAIN=${3-sea.hub}
@@ -18,6 +33,7 @@ image_dir="$rootfs/images"
 
 mkdir -p "$VOLUME" || true
 
+# shellcheck disable=SC2106
 startRegistry() {
     n=1
     while (( n <= 3 ))
@@ -69,22 +85,25 @@ regArgs="-d --restart=always \
 -v $certs_dir:/certs \
 -v $VOLUME:/var/lib/registry \
 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$REGISTRY_DOMAIN.crt \
--e REGISTRY_HTTP_TLS_KEY=/certs/$REGISTRY_DOMAIN.key"
+-e REGISTRY_HTTP_TLS_KEY=/certs/$REGISTRY_DOMAIN.key \
+-e REGISTRY_HTTP_DEBUG_ADDR=0.0.0.0:5001 \
+-e REGISTRY_HTTP_DEBUG_PROMETHEUS_ENABLED=true"
 
-if [ -f $config ]; then
-    sed -i "s/5000/$1/g" $config
+if [ -f "$config" ]; then
+    sed -i "s/5000/$1/g" "$config"
     regArgs="$regArgs \
     -v $config:/etc/docker/registry/config.yml"
 fi
 
-if [ -f $htpasswd ]; then
-    docker run $regArgs \
+ # shellcheck disable=SC2086
+if [ -f "$htpasswd" ]; then
+    docker run "$regArgs" \
             -v $htpasswd:/htpasswd \
             -e REGISTRY_AUTH=htpasswd \
             -e REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd \
             -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" registry:2.7.1 || startRegistry
 else
-    docker run $regArgs registry:2.7.1 || startRegistry
+    docker run "$regArgs" registry:2.7.1 || startRegistry
 fi
 
 check_registry

context/rootfs/scripts/init.sh

@@ -13,15 +13,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# shellcheck disable=SC2181
 STORAGE=${1:-/var/lib/docker}
 REGISTRY_DOMAIN=${2-sea.hub}
 REGISTRY_PORT=${3-5000}
 
 # Install docker
 chmod a+x docker.sh
 #./docker.sh  /var/docker/lib  sealer.hub 5001
-bash docker.sh ${STORAGE} ${REGISTRY_DOMAIN} $REGISTRY_PORT
+bash docker.sh "${STORAGE}" "${REGISTRY_DOMAIN}" "$REGISTRY_PORT"
+if [  $? -ne 0 ]; then
+  exit 1
+fi
 
 chmod a+x init-kube.sh
-
 bash init-kube.sh
+if [  $? -ne 0 ]; then
+  exit 1
+fi

context/rootfs/scripts/nvidia-docker.sh

@@ -1,6 +1,14 @@
 #!/bin/bash
 
-scripts_path=$(cd `dirname $0`; pwd)
+# shellcheck disable=SC2046
+# shellcheck disable=SC2164
+# shellcheck disable=SC2092
+# shellcheck disable=SC1102
+# shellcheck disable=SC2006
+# shellcheck disable=SC2005
+# shellcheck disable=SC2181
+# shellcheck disable=SC1091
+scripts_path=$(cd `dirname "$0"`; pwd)
 source "${scripts_path}"/utils.sh
 
 set -x
@@ -46,7 +54,7 @@ public::nvidia::enable_gpu_device_plugin() {
 }
 
 kube::nvidia::detect_gpu(){
-    tar -xvf ${scripts_path}/../tgz/nvidia.tgz -C ${scripts_path}/../rpm/
+    tar -xvf "${scripts_path}"/../tgz/nvidia.tgz -C "${scripts_path}"/../rpm/
     kube::nvidia::setup_lspci
     lspci | grep -i nvidia > /dev/null 2>&1
     if [[ "$?" == "0" ]]; then
@@ -59,7 +67,7 @@ kube::nvidia::setup_lspci(){
         return
     fi
     utils_info "lspci command not exist, install it"
-    rpm -ivh --force --nodeps ${RPM_DIR}/pciutils*.rpm
+    rpm -ivh --force --nodeps "${RPM_DIR}"/pciutils*.rpm
     if [[ "$?" != "0" ]]; then
         panic "failed to install pciutils via command (rpm -ivh --force --nodeps ${RPM_DIR}/pciutils*.rpm) in dir ${PWD}, please run it for debug"
     fi
@@ -76,12 +84,13 @@ public::nvidia::install_nvidia_driver(){
 public::nvidia::install_nvidia_docker2(){
     sleep 3
     if  `which nvidia-container-runtime > /dev/null 2>&1` && [ $(echo $((docker info | grep nvidia) | wc -l)) -gt 1 ] ; then
-        utils_info 'nvidia-container-runtime is already insatlled'
+        utils_info 'nvidia-container-runtime is already installed'
         return
     fi
 
     # 1. Install nvidia-container-runtime
-    if ! output=$(rpm -ivh --force --nodeps `ls ${RPM_DIR}/*.rpm` 2>&1);then
+    # shellcheck disable=SC2046
+    if ! output=$(rpm -ivh --force --nodeps `ls "${RPM_DIR}"/*.rpm` 2>&1);then
         panic "failed to install rpm, output:${output}, maybe your rpm db was broken, please see https://cloudlinux.zendesk.com/hc/en-us/articles/115004075294-Fix-rpmdb-Thread-died-in-Berkeley-DB-library for help"
     fi
 
@@ -108,9 +117,9 @@ public::nvidia::install_nvidia_docker2(){
 # deploy nvidia plugin in static pod
 public::nvidia::deploy_static_pod() {
     mkdir -p /etc/kubernetes/manifests
-    cp -f ${scripts_path}/../statics/nvidia-device-plugin.yml /etc/kubernetes/manifests/nvidia-device-plugin.yml
+    cp -f "${scripts_path}"/../statics/nvidia-device-plugin.yml /etc/kubernetes/manifests/nvidia-device-plugin.yml
 
-    utils_info "nvidia-device-plugin yaml succefully deployed ..."
+    utils_info "nvidia-device-plugin yaml successfully deployed ..."
 }
 
 public::nvidia::enable_gpu_capability

context/rootfs/scripts/uninstall-docker.sh

@@ -4,11 +4,10 @@ systemctl stop docker
 ip link delete docker0 type bridge || true
 rm -rf /lib/systemd/system/docker.service
 rm -rf /usr/lib/systemd/system/docker.service
-rm -rf /etc/docker/daemon.json
+rm -rf /etc/docker
 systemctl daemon-reload
 
 rm -f /usr/bin/conntrack
-rm -f /usr/bin/kubelet-pre-start.sh
 rm -f /usr/bin/containerd
 rm -f /usr/bin/containerd-shim
 rm -f /usr/bin/containerd-shim-runc-v2
@@ -18,19 +17,10 @@ rm -f /usr/bin/docker
 rm -f /usr/bin/docker-init
 rm -f /usr/bin/docker-proxy
 rm -f /usr/bin/dockerd
-rm -f /usr/bin/kubeadm
-rm -f /usr/bin/kubectl
-rm -f /usr/bin/kubelet
 rm -f /usr/bin/rootlesskit
 rm -f /usr/bin/rootlesskit-docker-proxy
 rm -f /usr/bin/runc
 rm -f /usr/bin/vpnkit
 rm -f /usr/bin/containerd-rootless-setuptool.sh
 rm -f /usr/bin/containerd-rootless.sh
-rm -f /usr/bin/nerdctl
-
-rm -f /etc/sysctl.d/k8s.conf
-rm -f /etc/systemd/system/kubelet.service
-rm -rf /etc/systemd/system/kubelet.service.d
-rm -rf /var/lib/kubelet/
-rm -f /var/lib/kubelet/config.yaml
+rm -f /usr/bin/nerdctl

context/rootfs/scripts/utils.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# shellcheck disable=SC2145
+# shellcheck disable=SC2155
+# shellcheck disable=SC2126
+# shellcheck disable=SC2002
 utils_version_ge() {
   test "$(echo "$@" | tr ' ' '\n' | sort -rV | head -n 1)" == "$1"
 }
@@ -59,7 +63,7 @@ utils_os_env() {
     elif [ "$anolis" == 1 ];then
         export OS="Anolis"
     else
-       panic "unkown os...   exit"
+       panic "unknown os...   exit"
     fi
 
     case "$OS" in