diff --git a/context/rootfs/scripts/docker.sh b/context/rootfs/scripts/docker.sh index c3aba19..16a5b4e 100644 --- a/context/rootfs/scripts/docker.sh +++ b/context/rootfs/scripts/docker.sh @@ -16,10 +16,13 @@ set -x set -e -scripts_path=$(cd `dirname $0`; pwd) +# shellcheck disable=SC2046 +# shellcheck disable=SC2006 +scripts_path=$(cd `dirname "$0"`; pwd) image_dir="$scripts_path/../images" DOCKER_VERSION="19.03.14-sealer" +# shellcheck disable=SC1091 get_distribution() { lsb_dist="" # Every system that we officially support has /etc/os-release @@ -46,6 +49,7 @@ load_images() { done } +# shellcheck disable=SC2006 check_docker_valid() { if ! docker info 2>&1; then panic "docker is not healthy: $(docker info 2>&1), please check" @@ -58,7 +62,7 @@ check_docker_valid() { } storage=${1:-/var/lib/docker} -mkdir -p $storage +mkdir -p "$storage" if ! utils_command_exists docker; then lsb_dist=$(get_distribution) lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" diff --git a/context/rootfs/scripts/init-kube.sh b/context/rootfs/scripts/init-kube.sh index 5e9c2d1..82c7836 100644 --- a/context/rootfs/scripts/init-kube.sh +++ b/context/rootfs/scripts/init-kube.sh @@ -1,6 +1,10 @@ #!/bin/bash -scripts_path=$(cd `dirname $0`; pwd) +# shellcheck disable=SC2046 +# shellcheck disable=SC2164 +# shellcheck disable=SC2006 +# shellcheck disable=SC1091 +scripts_path=$(cd `dirname "$0"`; pwd) source "${scripts_path}"/utils.sh set -x @@ -56,4 +60,4 @@ copy_kubelet_service systemctl enable kubelet # nvidia-docker.sh need set kubelet labels, it should be run after kubelet -bash ${scripts_path}/nvidia-docker.sh || exit 1 \ No newline at end of file +bash "${scripts_path}"/nvidia-docker.sh || exit 1 \ No newline at end of file diff --git a/context/rootfs/scripts/init-registry.sh b/context/rootfs/scripts/init-registry.sh index a9918a6..0a335c8 100644 --- a/context/rootfs/scripts/init-registry.sh +++ b/context/rootfs/scripts/init-registry.sh @@ -1,10 +1,25 @@ #!/bin/bash +# Copyright © 2021 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -e set -x # prepare registry storage as directory +# shellcheck disable=SC2046 cd $(dirname "$0") +# shellcheck disable=SC2034 REGISTRY_PORT=${1-5000} VOLUME=${2-/var/lib/registry} REGISTRY_DOMAIN=${3-sea.hub} @@ -18,6 +33,7 @@ image_dir="$rootfs/images" mkdir -p "$VOLUME" || true +# shellcheck disable=SC2106 startRegistry() { n=1 while (( n <= 3 )) @@ -69,22 +85,25 @@ regArgs="-d --restart=always \ -v $certs_dir:/certs \ -v $VOLUME:/var/lib/registry \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$REGISTRY_DOMAIN.crt \ --e REGISTRY_HTTP_TLS_KEY=/certs/$REGISTRY_DOMAIN.key" +-e REGISTRY_HTTP_TLS_KEY=/certs/$REGISTRY_DOMAIN.key \ +-e REGISTRY_HTTP_DEBUG_ADDR=0.0.0.0:5001 \ +-e REGISTRY_HTTP_DEBUG_PROMETHEUS_ENABLED=true" -if [ -f $config ]; then - sed -i "s/5000/$1/g" $config +if [ -f "$config" ]; then + sed -i "s/5000/$1/g" "$config" regArgs="$regArgs \ -v $config:/etc/docker/registry/config.yml" fi -if [ -f $htpasswd ]; then - docker run $regArgs \ + # shellcheck disable=SC2086 +if [ -f "$htpasswd" ]; then + docker run "$regArgs" \ -v $htpasswd:/htpasswd \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" registry:2.7.1 || startRegistry else - docker run $regArgs registry:2.7.1 || startRegistry + docker run "$regArgs" registry:2.7.1 || startRegistry fi check_registry \ No newline at end of file diff --git a/context/rootfs/scripts/init.sh b/context/rootfs/scripts/init.sh index 0fc4c1d..79a6ac8 100644 --- a/context/rootfs/scripts/init.sh +++ b/context/rootfs/scripts/init.sh @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +# shellcheck disable=SC2181 STORAGE=${1:-/var/lib/docker} REGISTRY_DOMAIN=${2-sea.hub} REGISTRY_PORT=${3-5000} @@ -20,8 +21,13 @@ REGISTRY_PORT=${3-5000} # Install docker chmod a+x docker.sh #./docker.sh /var/docker/lib sealer.hub 5001 -bash docker.sh ${STORAGE} ${REGISTRY_DOMAIN} $REGISTRY_PORT +bash docker.sh "${STORAGE}" "${REGISTRY_DOMAIN}" "$REGISTRY_PORT" +if [ $? -ne 0 ]; then + exit 1 +fi chmod a+x init-kube.sh - bash init-kube.sh +if [ $? -ne 0 ]; then + exit 1 +fi diff --git a/context/rootfs/scripts/nvidia-docker.sh b/context/rootfs/scripts/nvidia-docker.sh index b1be5ee..8c38792 100644 --- a/context/rootfs/scripts/nvidia-docker.sh +++ b/context/rootfs/scripts/nvidia-docker.sh @@ -1,6 +1,14 @@ #!/bin/bash -scripts_path=$(cd `dirname $0`; pwd) +# shellcheck disable=SC2046 +# shellcheck disable=SC2164 +# shellcheck disable=SC2092 +# shellcheck disable=SC1102 +# shellcheck disable=SC2006 +# shellcheck disable=SC2005 +# shellcheck disable=SC2181 +# shellcheck disable=SC1091 +scripts_path=$(cd `dirname "$0"`; pwd) source "${scripts_path}"/utils.sh set -x @@ -46,7 +54,7 @@ public::nvidia::enable_gpu_device_plugin() { } kube::nvidia::detect_gpu(){ - tar -xvf ${scripts_path}/../tgz/nvidia.tgz -C ${scripts_path}/../rpm/ + tar -xvf "${scripts_path}"/../tgz/nvidia.tgz -C "${scripts_path}"/../rpm/ kube::nvidia::setup_lspci lspci | grep -i nvidia > /dev/null 2>&1 if [[ "$?" == "0" ]]; then @@ -59,7 +67,7 @@ kube::nvidia::setup_lspci(){ return fi utils_info "lspci command not exist, install it" - rpm -ivh --force --nodeps ${RPM_DIR}/pciutils*.rpm + rpm -ivh --force --nodeps "${RPM_DIR}"/pciutils*.rpm if [[ "$?" != "0" ]]; then panic "failed to install pciutils via command (rpm -ivh --force --nodeps ${RPM_DIR}/pciutils*.rpm) in dir ${PWD}, please run it for debug" fi @@ -76,12 +84,13 @@ public::nvidia::install_nvidia_driver(){ public::nvidia::install_nvidia_docker2(){ sleep 3 if `which nvidia-container-runtime > /dev/null 2>&1` && [ $(echo $((docker info | grep nvidia) | wc -l)) -gt 1 ] ; then - utils_info 'nvidia-container-runtime is already insatlled' + utils_info 'nvidia-container-runtime is already installed' return fi # 1. Install nvidia-container-runtime - if ! output=$(rpm -ivh --force --nodeps `ls ${RPM_DIR}/*.rpm` 2>&1);then + # shellcheck disable=SC2046 + if ! output=$(rpm -ivh --force --nodeps `ls "${RPM_DIR}"/*.rpm` 2>&1);then panic "failed to install rpm, output:${output}, maybe your rpm db was broken, please see https://cloudlinux.zendesk.com/hc/en-us/articles/115004075294-Fix-rpmdb-Thread-died-in-Berkeley-DB-library for help" fi @@ -108,9 +117,9 @@ public::nvidia::install_nvidia_docker2(){ # deploy nvidia plugin in static pod public::nvidia::deploy_static_pod() { mkdir -p /etc/kubernetes/manifests - cp -f ${scripts_path}/../statics/nvidia-device-plugin.yml /etc/kubernetes/manifests/nvidia-device-plugin.yml + cp -f "${scripts_path}"/../statics/nvidia-device-plugin.yml /etc/kubernetes/manifests/nvidia-device-plugin.yml - utils_info "nvidia-device-plugin yaml succefully deployed ..." + utils_info "nvidia-device-plugin yaml successfully deployed ..." } public::nvidia::enable_gpu_capability diff --git a/context/rootfs/scripts/uninstall-docker.sh b/context/rootfs/scripts/uninstall-docker.sh index 76bb408..5fc6b7a 100644 --- a/context/rootfs/scripts/uninstall-docker.sh +++ b/context/rootfs/scripts/uninstall-docker.sh @@ -4,11 +4,10 @@ systemctl stop docker ip link delete docker0 type bridge || true rm -rf /lib/systemd/system/docker.service rm -rf /usr/lib/systemd/system/docker.service -rm -rf /etc/docker/daemon.json +rm -rf /etc/docker systemctl daemon-reload rm -f /usr/bin/conntrack -rm -f /usr/bin/kubelet-pre-start.sh rm -f /usr/bin/containerd rm -f /usr/bin/containerd-shim rm -f /usr/bin/containerd-shim-runc-v2 @@ -18,19 +17,10 @@ rm -f /usr/bin/docker rm -f /usr/bin/docker-init rm -f /usr/bin/docker-proxy rm -f /usr/bin/dockerd -rm -f /usr/bin/kubeadm -rm -f /usr/bin/kubectl -rm -f /usr/bin/kubelet rm -f /usr/bin/rootlesskit rm -f /usr/bin/rootlesskit-docker-proxy rm -f /usr/bin/runc rm -f /usr/bin/vpnkit rm -f /usr/bin/containerd-rootless-setuptool.sh rm -f /usr/bin/containerd-rootless.sh -rm -f /usr/bin/nerdctl - -rm -f /etc/sysctl.d/k8s.conf -rm -f /etc/systemd/system/kubelet.service -rm -rf /etc/systemd/system/kubelet.service.d -rm -rf /var/lib/kubelet/ -rm -f /var/lib/kubelet/config.yaml \ No newline at end of file +rm -f /usr/bin/nerdctl \ No newline at end of file diff --git a/context/rootfs/scripts/utils.sh b/context/rootfs/scripts/utils.sh index 1ee33ac..3913279 100644 --- a/context/rootfs/scripts/utils.sh +++ b/context/rootfs/scripts/utils.sh @@ -1,5 +1,9 @@ #!/bin/bash +# shellcheck disable=SC2145 +# shellcheck disable=SC2155 +# shellcheck disable=SC2126 +# shellcheck disable=SC2002 utils_version_ge() { test "$(echo "$@" | tr ' ' '\n' | sort -rV | head -n 1)" == "$1" } @@ -59,7 +63,7 @@ utils_os_env() { elif [ "$anolis" == 1 ];then export OS="Anolis" else - panic "unkown os... exit" + panic "unknown os... exit" fi case "$OS" in