diff --git a/.github/workflows/auto-build-main.yml b/.github/workflows/auto-build-main.yml new file mode 100644 index 0000000..abacd52 --- /dev/null +++ b/.github/workflows/auto-build-main.yml @@ -0,0 +1,29 @@ +name: Auto build image +on: + issue_comment: + types: + - created +jobs: + issue_comment: + name: Auto build image + if: startswith(github.event.comment.body, '/autobuild') + runs-on: ubuntu-latest + permissions: + issues: write + steps: + + - name: Auto build image + id: autobuild + run: | + commentbody="${{github.event.comment.body}}" + commentbody=$(echo $commentbody | sed "s/\/imagebuild//g") + sudo git clone https://github.com/sealerio/basefs.git && cd basefs + sudo touch autobuild.log && sudo chmod 666 autobuild.log && sudo bash auto-build-main.sh --username="${{secrets.REGISTRY_USERNAME}}" --password="${{secrets.REGISTRY_PASSWORD}}" $commentbody > autobuild.log && cat autobuild.log + echo "::set-output name=info::$(grep 'cri:' autobuild.log))" + + - name: Success Commit + uses: peter-evans/create-or-update-comment@v1 + with: + issue-number: ${{ github.event.issue.number }} + body: | + ${{ steps.autobuild.outputs.info }} \ No newline at end of file diff --git a/auto-build-main.sh b/auto-build-main.sh new file mode 100644 index 0000000..c4a3c8e --- /dev/null +++ b/auto-build-main.sh @@ -0,0 +1,110 @@ +#!/bin/bash + +set -e + +for i in "$@"; do + case $i in + -c=* | --cri=*) + cri="${i#*=}" + if [ "$cri" != "docker" ] && [ "$cri" != "containerd" ]; then + echo "Unsupported container runtime: ${cri}" + exit 1 + fi + shift # past argument=value + ;; + -n=* | --buildName=*) + buildName="${i#*=}" + shift # past argument=value + ;; + --platform=*) + platform="${i#*=}" + shift # past argument=value + ;; + --push) + push="true" + shift # past argument=value + ;; + -p=* | --password=*) + password="${i#*=}" + shift # past argument=value + ;; + -u=* | --username=*) + username="${i#*=}" + shift # past argument=value + ;; + --k8s-version=*) + k8s_version="${i#*=}" + shift # past argument=value + ;; + -h | --help) + echo " +### Options + --k8s-version set the kubernetes k8s_version of the Clusterimage, k8s_version must be greater than 1.13 + -c, --cri cri can be set to docker or containerd between kubernetes 1.20-1.24 versions + -n, --buildName set build image name, default is 'registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:${k8s_version}' + --platform set the build mirror platform, the default is linux/amd64,linux/arm64 + --push push clusterimage after building the clusterimage. The image name must contain the full name of the repository, and use -u and -p to specify the username and password. + -u, --username specify the user's username for pushing the Clusterimage + -p, --password specify the user's password for pushing the Clusterimage + -d, --debug show all script logs + -h, --help help for auto build shell scripts" + exit 0 + ;; + -d | --debug) + set -x + shift + ;; + -*) + echo "Unknown option $i" + exit 1 + ;; + *) ;; + + esac +done + +version_compare() { printf '%s\n%s\n' "$2" "$1" | sort -V -C; } ## version_compare $a $b: a>=b + +ARCH=$(case "$(uname -m)" in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo "unsupported architecture" "$(uname -m)" && exit 1 ;; esac) + +if [ "$k8s_version" = "" ]; then echo "pls use --k8s-version to set Clusterimage kubernetes version" && exit 1; else echo "$k8s_version" | grep "v" || k8s_version="v${k8s_version}"; fi +#cri=$([[ -n "$cri" ]] && echo "$cri" || echo docker) +cri=$( (version_compare "$k8s_version" "v1.24.0" && echo "containerd") || ([[ -n "$cri" ]] && echo "$cri" || echo "docker")) +if [[ -z "$buildName" ]]; then + buildName="docker.io/sealerio/kubernetes:${k8s_version}" + if [[ "$cri" == "containerd" ]] && ! version_compare "$k8s_version" "v1.24.0"; then buildName=${buildName}-containerd; fi +fi +platform=$(if [[ -z "$platform" ]]; then echo "linux/arm64,linux/amd64"; else echo "$platform"; fi) +echo "cri: ${cri}, kubernetes version: ${k8s_version}, build image name: ${buildName}" + +kubeadmApiVersion=$( (version_compare "$k8s_version" "v1.23.0" && echo 'kubeadm.k8s.io\/v1beta3') || (version_compare "$k8s_version" "v1.15.0" && echo 'kubeadm.k8s.io\/v1beta2') || + (version_compare "$k8s_version" "v1.13.0" && echo 'kubeadm.k8s.io\/v1beta1') || (echo "Version must be greater than 1.13: ${k8s_version}" && exit 1)) + +workdir="$(mktemp -d auto-build-XXXXX)" && sudo cp -r context "${workdir}" && cd "${workdir}/context" && sudo cp -rf "${cri}"/* . + +# shellcheck disable=SC1091 +sudo chmod +x version.sh download.sh && export kube_install_version="$k8s_version" && source version.sh +./download.sh "${cri}" + +sudo chmod +x amd64/bin/kube* && sudo chmod +x arm64/bin/kube* +#Download the latest version of sealer +sudo git clone https://github.com/sealerio/sealer && cd sealer && git checkout main && make build-in-docker && cp _output/bin/sealer/linux_amd64/sealer /usr/bin/ && cd .. +sudo sed -i "s/v1.19.8/$k8s_version/g" rootfs/etc/kubeadm.yml ##change k8s_version +if [[ "$cri" == "containerd" ]]; then sudo sed -i "s/\/var\/run\/dockershim.sock/\/run\/containerd\/containerd.sock/g" rootfs/etc/kubeadm.yml; fi +sudo sed -i "s/kubeadm.k8s.io\/v1beta2/$kubeadmApiVersion/g" rootfs/etc/kubeadm.yml +sudo ./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" +sudo mkdir manifests +sudo ./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" 2>/dev/null | sed "/WARNING/d" >>imageList +if [ "$(sudo ./"${ARCH}"/bin/kubeadm config images list --config rootfs/etc/kubeadm.yml 2>/dev/null | grep -c "coredns/coredns")" -gt 0 ]; then sudo sed -i "s/#imageRepository/imageRepository/g" rootfs/etc/kubeadm.yml; fi +sudo sed -i "s/k8s.gcr.io/sea.hub:5000/g" rootfs/etc/kubeadm.yml +pauseImage=$(./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" 2>/dev/null | sed "/WARNING/d" | grep pause) +if [ -f "rootfs/etc/dump-config.toml" ]; then sudo sed -i "s/sea.hub:5000\/pause:3.6/$(echo "$pauseImage" | sed 's/\//\\\//g')/g" rootfs/etc/dump-config.toml; fi +#sudo sed -i "s/v1.19.8/${k8s_version}/g" {arm64,amd64}/etc/Metadata +##linux/arm64,linux/amd64 +sudo sealer build -t "docker.io/sealerio/kubernetes:${k8s_version}" -f Kubefile +if [[ "$push" == "true" ]]; then + if [[ -n "$username" ]] && [[ -n "$password" ]]; then + sudo sealer login "$(echo "docker.io" | cut -d "/" -f1)" -u "${username}" -p "${password}" + fi + sudo sealer push "docker.io/sealerio/kubernetes:${k8s_version}" +fi diff --git a/context/docker/rootfs/etc/daemon.json b/context/docker/rootfs/etc/daemon.json index ecfb319..3975872 100644 --- a/context/docker/rootfs/etc/daemon.json +++ b/context/docker/rootfs/etc/daemon.json @@ -1,4 +1,6 @@ { + "experimental": true, + "oom-score-adjust": -1000, "max-concurrent-downloads": 20, "log-driver": "json-file", "log-level": "warn", @@ -6,16 +8,12 @@ "max-size": "10m", "max-file": "3" }, - "mirror-registries": [ - { - "domain": "*", - "mirrors": [ - "https://sea.hub:5000" - ] - } - ], "exec-opts": [ "native.cgroupdriver=systemd" ], + "insecure-registries": ["0.0.0.0/0", "::/0"], + "storage-driver": "overlay2", + "storage-opts":["overlay2.override_kernel_check=true"], + "live-restore": true, "data-root": "/var/lib/docker" -} +} \ No newline at end of file diff --git a/context/docker/rootfs/etc/docker.service b/context/docker/rootfs/etc/docker.service index 63d390b..91be816 100644 --- a/context/docker/rootfs/etc/docker.service +++ b/context/docker/rootfs/etc/docker.service @@ -13,7 +13,7 @@ ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity +LimitNOFILE={{or .DockerLimitNOFILE "1048576"}} LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. diff --git a/context/docker/rootfs/scripts/clean.sh b/context/docker/rootfs/scripts/clean.sh deleted file mode 100644 index 65c7497..0000000 --- a/context/docker/rootfs/scripts/clean.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# Copyright © 2021 Alibaba Group Holding Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -systemctl stop docker -systemctl disable docker -docker0=$(ip addr show docker0 | head -1 | tr " " "\n" | grep "<" | grep -iwo "UP" | wc -l) -if [ "$docker0" == "1" ]; then - ip link delete docker0 type bridge -fi -rm -rf /lib/systemd/system/docker.service -rm -rf /usr/lib/systemd/system/docker.service -rm -rf /etc/docker/daemon.json -systemctl daemon-reload - -rm -f /usr/bin/conntrack -rm -f /usr/bin/kubelet-pre-start.sh -rm -f /usr/bin/containerd -rm -f /usr/bin/containerd-shim -rm -f /usr/bin/containerd-shim-runc-v2 -rm -f /usr/bin/crictl -rm -f /usr/bin/ctr -rm -f /usr/bin/docker -rm -f /usr/bin/docker-init -rm -f /usr/bin/docker-proxy -rm -f /usr/bin/dockerd - -systemctl disable kubelet -rm -f /usr/bin/kubeadm -rm -f /usr/bin/kubectl -rm -f /usr/bin/kubelet -rm -f /usr/bin/rootlesskit -rm -f /usr/bin/rootlesskit-docker-proxy -rm -f /usr/bin/runc -rm -f /usr/bin/vpnkit -rm -f /usr/bin/containerd-rootless-setuptool.sh -rm -f /usr/bin/containerd-rootless.sh -rm -f /usr/bin/nerdctl - -rm -f /etc/sysctl.d/k8s.conf -rm -f /etc/systemd/system/kubelet.service -rm -rf /etc/systemd/system/kubelet.service.d -rm -rf /var/lib/kubelet/ -rm -f /var/lib/kubelet/config.yaml -systemctl daemon-reload diff --git a/context/rootfs/scripts/docker.sh b/context/docker/rootfs/scripts/docker.sh similarity index 91% rename from context/rootfs/scripts/docker.sh rename to context/docker/rootfs/scripts/docker.sh index c3aba19..0ef5ca2 100644 --- a/context/rootfs/scripts/docker.sh +++ b/context/docker/rootfs/scripts/docker.sh @@ -16,10 +16,13 @@ set -x set -e -scripts_path=$(cd `dirname $0`; pwd) +# shellcheck disable=SC2046 +# shellcheck disable=SC2006 +scripts_path=$(cd `dirname "$0"`; pwd) image_dir="$scripts_path/../images" -DOCKER_VERSION="19.03.14-sealer" +DOCKER_VERSION="19.03.15" +# shellcheck disable=SC1091 get_distribution() { lsb_dist="" # Every system that we officially support has /etc/os-release @@ -31,6 +34,10 @@ get_distribution() { echo "$lsb_dist" } +utils_command_exists() { + command -v "$@" > /dev/null 2>&1 +} + disable_selinux() { if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config @@ -46,6 +53,7 @@ load_images() { done } +# shellcheck disable=SC2006 check_docker_valid() { if ! docker info 2>&1; then panic "docker is not healthy: $(docker info 2>&1), please check" @@ -58,7 +66,7 @@ check_docker_valid() { } storage=${1:-/var/lib/docker} -mkdir -p $storage +mkdir -p "$storage" if ! utils_command_exists docker; then lsb_dist=$(get_distribution) lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" @@ -101,8 +109,6 @@ if ! utils_command_exists docker; then systemctl enable docker.service systemctl restart docker.service cp "${scripts_path}"/../etc/daemon.json /etc/docker - mkdir -p /root/.docker/ - cp "${scripts_path}"/../etc/docker-cli-config.json /root/.docker/config.json if [[ -n $1 && -n $2 ]]; then sed -i "s/sea.hub:5000/$2:$3/g" /etc/docker/daemon.json fi @@ -113,4 +119,5 @@ systemctl daemon-reload systemctl restart docker.service check_docker_valid -load_images \ No newline at end of file +load_images +bash "${scripts_path}"/init-kube.sh \ No newline at end of file diff --git a/context/rootfs/scripts/uninstall-docker.sh b/context/docker/rootfs/scripts/uninstall-docker.sh similarity index 68% rename from context/rootfs/scripts/uninstall-docker.sh rename to context/docker/rootfs/scripts/uninstall-docker.sh index 76bb408..3c0b590 100644 --- a/context/rootfs/scripts/uninstall-docker.sh +++ b/context/docker/rootfs/scripts/uninstall-docker.sh @@ -4,11 +4,10 @@ systemctl stop docker ip link delete docker0 type bridge || true rm -rf /lib/systemd/system/docker.service rm -rf /usr/lib/systemd/system/docker.service -rm -rf /etc/docker/daemon.json +rm -rf /etc/docker systemctl daemon-reload rm -f /usr/bin/conntrack -rm -f /usr/bin/kubelet-pre-start.sh rm -f /usr/bin/containerd rm -f /usr/bin/containerd-shim rm -f /usr/bin/containerd-shim-runc-v2 @@ -18,9 +17,6 @@ rm -f /usr/bin/docker rm -f /usr/bin/docker-init rm -f /usr/bin/docker-proxy rm -f /usr/bin/dockerd -rm -f /usr/bin/kubeadm -rm -f /usr/bin/kubectl -rm -f /usr/bin/kubelet rm -f /usr/bin/rootlesskit rm -f /usr/bin/rootlesskit-docker-proxy rm -f /usr/bin/runc @@ -28,9 +24,4 @@ rm -f /usr/bin/vpnkit rm -f /usr/bin/containerd-rootless-setuptool.sh rm -f /usr/bin/containerd-rootless.sh rm -f /usr/bin/nerdctl - -rm -f /etc/sysctl.d/k8s.conf -rm -f /etc/systemd/system/kubelet.service -rm -rf /etc/systemd/system/kubelet.service.d -rm -rf /var/lib/kubelet/ -rm -f /var/lib/kubelet/config.yaml \ No newline at end of file +rm -f /usr/bin/seautil \ No newline at end of file diff --git a/context/download.sh b/context/download.sh index 0ba6a0d..86c9259 100644 --- a/context/download.sh +++ b/context/download.sh @@ -59,8 +59,9 @@ install_url="https://sealer.oss-cn-beijing.aliyuncs.com/auto-build" ##https://github.com/osemp/moby/releases/download/v19.03.14/docker-amd64.tar.gz ##registry ${ARCH} image: ghcr.io/osemp/distribution-amd64/distribution:latest if [ "${cri}" = "docker" ]; then - docker_version="19.03.14" - docker_url="https://github.com/osemp/moby" + docker_version="19.03.15" + #docker_url="https://github.com/osemp/moby" + docker_url="https://github.com/moby/moby" cri_tarball_amd64="docker-amd64.tar.gz" cri_tarball_arm64="docker-arm64.tar.gz" cri_tarball_amd64_url="${docker_url}/releases/download/v${docker_version}/${cri_tarball_amd64}" diff --git a/context/imageList b/context/imageList index fe4eb5c..0258210 100644 --- a/context/imageList +++ b/context/imageList @@ -1 +1 @@ -ack-agility-registry.cn-shanghai.cr.aliyuncs.com/sealer/lvscare:v1.1.3-beta.8 +ack-agility-registry.cn-shanghai.cr.aliyuncs.com/sealer/lvscare:v1.1.3-beta.8 \ No newline at end of file diff --git a/context/rootfs/etc/kubeadm.yml.tmpl b/context/rootfs/etc/kubeadm.yml.tmpl new file mode 100644 index 0000000..dc49253 --- /dev/null +++ b/context/rootfs/etc/kubeadm.yml.tmpl @@ -0,0 +1,194 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +localAPIEndpoint: + advertiseAddress: 172.16.0.181 + bindPort: 6443 +nodeRegistration: + criSocket: /var/run/dockershim.sock + taints: null + +--- +apiServer: + certSANs: + extraArgs: + audit-log-format: json + audit-log-maxage: "7" + audit-log-maxbackup: "10" + audit-log-maxsize: "100" + audit-log-path: /var/log/kubernetes/audit.log + audit-policy-file: /etc/kubernetes/audit-policy.yml + enable-aggregator-routing: "true" + etcd-servers: https://172.16.0.181:2379 + feature-gates: TTLAfterFinished=true,EphemeralContainers=true + extraVolumes: + - hostPath: /etc/kubernetes + mountPath: /etc/kubernetes + name: audit + pathType: DirectoryOrCreate + - hostPath: /var/log/kubernetes + mountPath: /var/log/kubernetes + name: audit-log + pathType: DirectoryOrCreate + - hostPath: /etc/localtime + mountPath: /etc/localtime + name: localtime + pathType: File + readOnly: true +apiVersion: kubeadm.k8s.io/v1beta2 +controlPlaneEndpoint: apiserver.cluster.local:6443 +controllerManager: + extraArgs: + experimental-cluster-signing-duration: 876000h + feature-gates: TTLAfterFinished=true,EphemeralContainers=true + extraVolumes: + - hostPath: /etc/localtime + mountPath: /etc/localtime + name: localtime + pathType: File + readOnly: true +dns: + type: "" + imageRepository: {{or .RegistryURL "sea.hub:5000"}}/coredns +etcd: + local: + dataDir: "" + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 +imageRepository: {{or .RegistryURL "sea.hub:5000"}} +kind: ClusterConfiguration +kubernetesVersion: v1.22.15 +networking: + podSubnet: 100.64.0.0/10 + serviceSubnet: 10.96.0.0/22 +scheduler: + extraArgs: + feature-gates: TTLAfterFinished=true,EphemeralContainers=true + extraVolumes: + - hostPath: /etc/localtime + mountPath: /etc/localtime + name: localtime + pathType: File + readOnly: true + +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +authentication: + anonymous: + enabled: false + webhook: + cacheTTL: 2m0s + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt +authorization: + mode: Webhook + webhook: + cacheAuthorizedTTL: 5m0s + cacheUnauthorizedTTL: 30s +cgroupDriver: cgroupfs +cgroupsPerQOS: true +clusterDomain: cluster.local +configMapAndSecretChangeDetectionStrategy: Watch +containerLogMaxFiles: 5 +containerLogMaxSize: 10Mi +contentType: application/vnd.kubernetes.protobuf +cpuCFSQuota: true +cpuCFSQuotaPeriod: 100ms +cpuManagerPolicy: none +cpuManagerReconcilePeriod: 10s +enableControllerAttachDetach: true +enableDebuggingHandlers: true +enforceNodeAllocatable: +- pods +eventBurst: 10 +eventRecordQPS: 5 +evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% +evictionPressureTransitionPeriod: 5m0s +failSwapOn: true +fileCheckFrequency: 20s +hairpinMode: promiscuous-bridge +healthzBindAddress: 127.0.0.1 +healthzPort: 10248 +httpCheckFrequency: 20s +imageGCHighThresholdPercent: 85 +imageGCLowThresholdPercent: 80 +imageMinimumGCAge: 2m0s +iptablesDropBit: 15 +iptablesMasqueradeBit: 14 +kind: KubeletConfiguration +kubeAPIBurst: 10 +kubeAPIQPS: 5 +logging: {} +makeIPTablesUtilChains: true +maxOpenFiles: 1000000 +maxPods: 110 +nodeLeaseDurationSeconds: 40 +nodeStatusReportFrequency: 10s +nodeStatusUpdateFrequency: 10s +oomScoreAdj: -999 +podPidsLimit: -1 +port: 10250 +registryBurst: 10 +registryPullQPS: 5 +rotateCertificates: true +runtimeRequestTimeout: 2m0s +serializeImagePulls: true +shutdownGracePeriod: 0s +shutdownGracePeriodCriticalPods: 0s +staticPodPath: /etc/kubernetes/manifests +streamingConnectionIdleTimeout: 4h0m0s +syncFrequency: 1m0s +volumeStatsAggPeriod: 1m0s + +--- +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +bindAddress: "" +bindAddressHardFail: false +clientConnection: + acceptContentTypes: "" + burst: 0 + contentType: "" + kubeconfig: "" + qps: 0 +clusterCIDR: "" +configSyncPeriod: 0s +conntrack: + maxPerCore: null + min: null + tcpCloseWaitTimeout: null + tcpEstablishedTimeout: null +detectLocalMode: "" +enableProfiling: false +healthzBindAddress: "" +hostnameOverride: "" +iptables: + masqueradeAll: false + masqueradeBit: null + minSyncPeriod: 0s + syncPeriod: 0s +ipvs: + excludeCIDRs: + - 10.103.97.2/32 + minSyncPeriod: 0s + scheduler: "" + strictARP: false + syncPeriod: 0s + tcpFinTimeout: 0s + tcpTimeout: 0s + udpTimeout: 0s +kind: KubeProxyConfiguration +metricsBindAddress: "" +mode: ipvs +nodePortAddresses: null +oomScoreAdj: null +portRange: "" +showHiddenMetricsForVersion: "" +udpIdleTimeout: 0s +winkernel: + enableDSR: false + networkName: "" + sourceVip: "" diff --git a/context/rootfs/etc/registry.yml b/context/rootfs/etc/registry.yml deleted file mode 100644 index 67d38f5..0000000 --- a/context/rootfs/etc/registry.yml +++ /dev/null @@ -1,4 +0,0 @@ -domain: sea.hub -port: "5000" -username: "" -password: "" diff --git a/context/rootfs/etc/registry_config.yml b/context/rootfs/etc/registry_config.yml new file mode 100644 index 0000000..28c6874 --- /dev/null +++ b/context/rootfs/etc/registry_config.yml @@ -0,0 +1,18 @@ +version: 0.1 +log: + fields: + service: registry +storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry +http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] +health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 \ No newline at end of file diff --git a/context/rootfs/scripts/init-kube.sh b/context/rootfs/scripts/init-kube.sh index 5e9c2d1..5ded641 100644 --- a/context/rootfs/scripts/init-kube.sh +++ b/context/rootfs/scripts/init-kube.sh @@ -1,7 +1,11 @@ #!/bin/bash -scripts_path=$(cd `dirname $0`; pwd) -source "${scripts_path}"/utils.sh +# shellcheck disable=SC2046 +# shellcheck disable=SC2164 +# shellcheck disable=SC2006 +# shellcheck disable=SC1091 +scripts_path=$(cd `dirname "$0"`; pwd) +#source "${scripts_path}"/utils.sh set -x @@ -34,18 +38,18 @@ disable_firewalld() { } copy_bins() { - chmod -R 755 ../bin/* - chmod 644 ../bin - cp ../bin/* /usr/bin - cp ../scripts/kubelet-pre-start.sh /usr/bin + chmod -R 755 "${scripts_path}"/../bin/* + chmod 644 "${scripts_path}"/../bin + cp "${scripts_path}"/../bin/* /usr/bin + cp "${scripts_path}"/../scripts/kubelet-pre-start.sh /usr/bin chmod +x /usr/bin/kubelet-pre-start.sh } copy_kubelet_service(){ mkdir -p /etc/systemd/system - cp ../etc/kubelet.service /etc/systemd/system/ + cp "${scripts_path}"/../etc/kubelet.service /etc/systemd/system/ [ -d /etc/systemd/system/kubelet.service.d ] || mkdir /etc/systemd/system/kubelet.service.d - cp ../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/ + cp "${scripts_path}"/../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/ } disable_firewalld @@ -56,4 +60,4 @@ copy_kubelet_service systemctl enable kubelet # nvidia-docker.sh need set kubelet labels, it should be run after kubelet -bash ${scripts_path}/nvidia-docker.sh || exit 1 \ No newline at end of file +#bash "${scripts_path}"/nvidia-docker.sh || exit 1 \ No newline at end of file diff --git a/context/rootfs/scripts/init-registry.sh b/context/rootfs/scripts/init-registry.sh index a9918a6..f06479c 100644 --- a/context/rootfs/scripts/init-registry.sh +++ b/context/rootfs/scripts/init-registry.sh @@ -1,10 +1,25 @@ #!/bin/bash +# Copyright © 2021 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -e set -x # prepare registry storage as directory +# shellcheck disable=SC2046 cd $(dirname "$0") +# shellcheck disable=SC2034 REGISTRY_PORT=${1-5000} VOLUME=${2-/var/lib/registry} REGISTRY_DOMAIN=${3-sea.hub} @@ -18,6 +33,7 @@ image_dir="$rootfs/images" mkdir -p "$VOLUME" || true +# shellcheck disable=SC2106 startRegistry() { n=1 while (( n <= 3 )) @@ -69,14 +85,17 @@ regArgs="-d --restart=always \ -v $certs_dir:/certs \ -v $VOLUME:/var/lib/registry \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$REGISTRY_DOMAIN.crt \ --e REGISTRY_HTTP_TLS_KEY=/certs/$REGISTRY_DOMAIN.key" +-e REGISTRY_HTTP_TLS_KEY=/certs/$REGISTRY_DOMAIN.key \ +-e REGISTRY_HTTP_DEBUG_ADDR=0.0.0.0:5001 \ +-e REGISTRY_HTTP_DEBUG_PROMETHEUS_ENABLED=true" +# shellcheck disable=SC2086 if [ -f $config ]; then sed -i "s/5000/$1/g" $config regArgs="$regArgs \ -v $config:/etc/docker/registry/config.yml" fi - +# shellcheck disable=SC2086 if [ -f $htpasswd ]; then docker run $regArgs \ -v $htpasswd:/htpasswd \ diff --git a/context/rootfs/scripts/init.sh b/context/rootfs/scripts/init.sh deleted file mode 100644 index 0fc4c1d..0000000 --- a/context/rootfs/scripts/init.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# Copyright © 2021 Alibaba Group Holding Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -STORAGE=${1:-/var/lib/docker} -REGISTRY_DOMAIN=${2-sea.hub} -REGISTRY_PORT=${3-5000} - -# Install docker -chmod a+x docker.sh -#./docker.sh /var/docker/lib sealer.hub 5001 -bash docker.sh ${STORAGE} ${REGISTRY_DOMAIN} $REGISTRY_PORT - -chmod a+x init-kube.sh - -bash init-kube.sh diff --git a/context/rootfs/scripts/nvidia-docker.sh b/context/rootfs/scripts/nvidia-docker.sh deleted file mode 100644 index b1be5ee..0000000 --- a/context/rootfs/scripts/nvidia-docker.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash - -scripts_path=$(cd `dirname $0`; pwd) -source "${scripts_path}"/utils.sh - -set -x - -# NVIDIA_VERSION=v1.0.1 -GPU_FOUNDED=0 - -# Check if customer buys gpu capablities inaglity -GPU_SUPPORT=0 - -RPM_DIR=${scripts_path}/../rpm/nvidia - -public::nvidia::check(){ - if [ "$ARCH" != "amd64" ];then - utils_info "gpu now not support $ARCH" - return - fi - if which nvidia-smi;then - GPU_SUPPORT=1 - fi -} - -public::nvidia::enable_gpu_capability(){ - utils_arch_env - public::nvidia::check - if [[ "0" == "$GPU_SUPPORT" ]]; then - return - fi - - kube::nvidia::detect_gpu - if [[ "1" == "$GPU_FOUNDED" ]]; then - public::nvidia::install_nvidia_docker2 - fi -} - -public::nvidia::enable_gpu_device_plugin() { - if [[ "0" == "$GPU_SUPPORT" ]] || [[ "0" == "$GPU_FOUNDED" ]]; then - return - fi - - sleep 10 - public::nvidia::deploy_static_pod -} - -kube::nvidia::detect_gpu(){ - tar -xvf ${scripts_path}/../tgz/nvidia.tgz -C ${scripts_path}/../rpm/ - kube::nvidia::setup_lspci - lspci | grep -i nvidia > /dev/null 2>&1 - if [[ "$?" == "0" ]]; then - export GPU_FOUNDED=1 - fi -} - -kube::nvidia::setup_lspci(){ - if utils_command_exists lspci; then - return - fi - utils_info "lspci command not exist, install it" - rpm -ivh --force --nodeps ${RPM_DIR}/pciutils*.rpm - if [[ "$?" != "0" ]]; then - panic "failed to install pciutils via command (rpm -ivh --force --nodeps ${RPM_DIR}/pciutils*.rpm) in dir ${PWD}, please run it for debug" - fi -} - - -public::nvidia::install_nvidia_driver(){ - # see cos/release in branch agility-develop for details. Installing driver is not supported in trident. - utils_info 'installing nvidia driver is not supported.' - return -} - - -public::nvidia::install_nvidia_docker2(){ - sleep 3 - if `which nvidia-container-runtime > /dev/null 2>&1` && [ $(echo $((docker info | grep nvidia) | wc -l)) -gt 1 ] ; then - utils_info 'nvidia-container-runtime is already insatlled' - return - fi - - # 1. Install nvidia-container-runtime - if ! output=$(rpm -ivh --force --nodeps `ls ${RPM_DIR}/*.rpm` 2>&1);then - panic "failed to install rpm, output:${output}, maybe your rpm db was broken, please see https://cloudlinux.zendesk.com/hc/en-us/articles/115004075294-Fix-rpmdb-Thread-died-in-Berkeley-DB-library for help" - fi - - # 2. Update docker daemon.json and reload docker daemon - if [[ -f /etc/docker/daemon.json.rpmorig ]];then - mv -f /etc/docker/daemon.json.rpmorig /etc/docker/daemon.json - fi - - mkdir -p /etc/docker - sed -i '2 i\ - \"default-runtime\": \"nvidia\",\ - \"runtimes\": {\ - \"nvidia\": {\ - \"path\": \"/usr/bin/nvidia-container-runtime\",\ - \"runtimeArgs\": []\ - }\ - },' /etc/docker/daemon.json - - # To do: we need make sure if it's better to reload rather than restart, e.g. service docker restart - pkill -SIGHUP dockerd - utils_info 'nvidia-docker2 installed' -} - -# deploy nvidia plugin in static pod -public::nvidia::deploy_static_pod() { - mkdir -p /etc/kubernetes/manifests - cp -f ${scripts_path}/../statics/nvidia-device-plugin.yml /etc/kubernetes/manifests/nvidia-device-plugin.yml - - utils_info "nvidia-device-plugin yaml succefully deployed ..." -} - -public::nvidia::enable_gpu_capability -public::nvidia::enable_gpu_device_plugin \ No newline at end of file diff --git a/context/rootfs/scripts/utils.sh b/context/rootfs/scripts/utils.sh deleted file mode 100644 index 1ee33ac..0000000 --- a/context/rootfs/scripts/utils.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash - -utils_version_ge() { - test "$(echo "$@" | tr ' ' '\n' | sort -rV | head -n 1)" == "$1" -} - -# This function will display the message in red, and exit immediately. -panic() -{ - set +x - echo -e "\033[1;31mPanic error: $@, please check this panic\033[0m" - exit 1 - set -x -} - -utils_info() -{ - echo -e "\033[1;32m$@\033[0m" -} - -utils_command_exists() { - command -v "$@" > /dev/null 2>&1 -} - -utils_arch_env() { - ARCH=$(uname -m) - case $ARCH in - armv5*) ARCH="armv5" ;; - armv6*) ARCH="armv6" ;; - armv7*) ARCH="armv7" ;; - aarch64) ARCH="arm64" ;; - x86) ARCH="386" ;; - x86_64) ARCH="amd64" ;; - i686) ARCH="386" ;; - i386) ARCH="386" ;; - esac -} - -utils_os_env() { - ubu=$(cat /etc/issue | grep -i "ubuntu" | wc -l) - debian=$(cat /etc/issue | grep -i "debian" | wc -l) - cet=$(cat /etc/centos-release | grep "CentOS" | wc -l) - redhat=$(cat /etc/redhat-release | grep "Red Hat" | wc -l) - alios=$(cat /etc/redhat-release | grep "Alibaba" | wc -l) - kylin=$(cat /etc/kylin-release | grep -E "Kylin" | wc -l) - anolis=$(cat /etc/anolis-release | grep -E "Anolis" | wc -l) - if [ "$ubu" == "1" ];then - export OS="Ubuntu" - elif [ "$cet" == "1" ];then - export OS="CentOS" - elif [ "$redhat" == "1" ];then - export OS="RedHat" - elif [ "$debian" == "1" ];then - export OS="Debian" - elif [ "$alios" == "1" ];then - export OS="AliOS" - elif [ "$kylin" == "1" ];then - export OS="Kylin" - elif [ "$anolis" == 1 ];then - export OS="Anolis" - else - panic "unkown os... exit" - fi - - case "$OS" in - CentOS) - export OSVersion="$(cat /etc/centos-release | awk '{print $4}')" - ;; - AliOS) - export OSVersion="$(cat /etc/alios-release | awk '{print $7}')" - ;; - Kylin) - export OSVersion="$(cat /etc/kylin-release | awk '{print $6}')" - ;; - Anolis) - export OSVersion="$(cat /etc/anolis-release | awk '{print $4}')" - ;; - *) - echo -e "Not support get OS version of ${OS}" - esac - - if [[ "$OS" == "CentOS" ]] || [[ "$OS" == "Anolis" ]] || [[ "$OS" == "AliOS" ]];then - export OSRelease="el7" - # vague compare: 8.x.xxx - if [[ $OSVersion =~ ^8\..*$ ]];then - export OSRelease="el8" - fi - fi -} - -utils_shouldMkFs() { - if [ "$1" != "" ] && [ "$1" != "/" ] && [ "$1" != "\"/\"" ];then - return 0 - fi - return 1 -} \ No newline at end of file diff --git a/context/version.sh b/context/version.sh index edf9f61..60315a7 100644 --- a/context/version.sh +++ b/context/version.sh @@ -4,7 +4,7 @@ set -x kube_install_version=$(echo "${kube_install_version:-"v1.19.8"}" | grep "v" || kube_install_version="v${kube_install_version}") export kube_install_version=${kube_install_version} -export libseccomp_version=${libseccomp_version:-"2.5.1"} +export libseccomp_version=${libseccomp_version:-"2.5.4"} export gperf_version=${gperf_version:-"3.1"} @@ -14,7 +14,7 @@ export nerdctl_version=${nerdctl_version:-"0.19.0"} export crictl_version=${crictl_version:-"1.24.1"} -export containerd_version=${containerd_version:-"1.6.4"} +export containerd_version=${containerd_version:-"1.6.12"} export seautil_version=${seautil_version:-"0.8.5"}