mirror of https://github.com/easzlab/kubeasz.git
adjust docker setup scripts
gjmzj
parent
640f158cb3
commit
e32dd8f68f
|
|
@ -6,7 +6,8 @@ CNCF 一致性认证项目(https://github.com/cncf/k8s-conformance) 可以很方
|
|||
|
||||
自kubeasz 3.0.0 版本,k8s v1.20.2开始,正式通过cncf一致性认证,成为cncf 官方认证安装工具;后续k8s主要版本发布或者kubeasz有大版本更新,会优先确保通过集群一致性认证。
|
||||
|
||||
- v1.27 [进行中]()
|
||||
- v1.28 [进行中](https://github.com/cncf/k8s-conformance/pull/2788)
|
||||
- v1.27 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.27/kubeasz)
|
||||
- v1.26 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.26/kubeasz)
|
||||
- v1.25 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.25/kubeasz)
|
||||
- v1.24 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.24/kubeasz)
|
||||
|
|
|
|||
34
ezdown
34
ezdown
|
|
@ -23,7 +23,7 @@ SYS_PKG_VER=1.0.0
|
|||
HARBOR_VER=v2.6.4
|
||||
REGISTRY_MIRROR=CN
|
||||
|
||||
# images downloaded by default(with '-D')
|
||||
# images downloaded by default(with 'ezdown -D')
|
||||
# https://github.com/projectcalico/calico
|
||||
calicoVer=v3.24.6
|
||||
# https://github.com/coredns/coredns
|
||||
|
|
@ -36,7 +36,7 @@ dashboardMetricsScraperVer=v1.0.8
|
|||
metricsVer=v0.6.4
|
||||
pauseVer=3.9
|
||||
|
||||
# images not downloaded by default(only download with '-X')
|
||||
# images not downloaded by default(only download with 'ezdown -X ***')
|
||||
# https://github.com/cilium/cilium
|
||||
ciliumVer=1.13.6
|
||||
# https://github.com/flannel-io/flannel
|
||||
|
|
@ -153,7 +153,8 @@ function download_docker() {
|
|||
fi
|
||||
|
||||
tar zxf "$BASE/down/docker-$DOCKER_VER.tgz" -C "$BASE/down" && \
|
||||
cp -f "$BASE"/down/docker/* "$BASE/bin" && \
|
||||
mkdir -p "$BASE/docker-bin" && \
|
||||
cp -f "$BASE"/down/docker/* "$BASE/docker-bin" && \
|
||||
mv -f "$BASE"/down/docker/* /opt/kube/bin && \
|
||||
ln -sf /opt/kube/bin/docker /bin/docker
|
||||
}
|
||||
|
|
@ -227,31 +228,6 @@ EOF
|
|||
EOF
|
||||
fi
|
||||
|
||||
# docker proxy setting
|
||||
http_proxy=${http_proxy:-}
|
||||
HTTP_PROXY=${HTTP_PROXY:-$http_proxy}
|
||||
https_proxy=${https_proxy:-}
|
||||
HTTPS_PROXY=${HTTPS_PROXY:-$https_proxy}
|
||||
USE_PROXY=0
|
||||
CONFIG="[Service]\n"
|
||||
|
||||
if [[ -n ${HTTP_PROXY} ]]; then
|
||||
USE_PROXY=1
|
||||
CONFIG=${CONFIG}"Environment=HTTP_PROXY=${HTTP_PROXY}\n"
|
||||
fi
|
||||
if [[ -n ${HTTPS_PROXY} ]]; then
|
||||
USE_PROXY=1
|
||||
CONFIG=${CONFIG}"Environment=HTTPS_PROXY=${HTTPS_PROXY}\n"
|
||||
fi
|
||||
if [[ ${USE_PROXY} == 1 ]]; then
|
||||
logger debug "generate docker service http proxy file"
|
||||
mkdir -p /etc/systemd/system/docker.service.d
|
||||
c=$(echo -e "$CONFIG")
|
||||
cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
|
||||
${c}
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [[ -f /etc/selinux/config ]]; then
|
||||
logger debug "turn off selinux"
|
||||
getenforce|grep Disabled || setenforce 0
|
||||
|
|
@ -260,7 +236,7 @@ EOF
|
|||
|
||||
logger debug "enable and start docker"
|
||||
systemctl enable docker
|
||||
systemctl daemon-reload && systemctl restart docker && sleep 4
|
||||
systemctl daemon-reload && systemctl restart docker && sleep 3
|
||||
}
|
||||
|
||||
function get_kubeasz() {
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,70 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
|
||||
USER="admin"
|
||||
PASS="XXXXXXXXXXXXXXXXXX"
|
||||
HURL="https://{{ HARBOR_DOMAIN }}"
|
||||
MTAG=$2
|
||||
CONTAIN=$3
|
||||
|
||||
function usage() {
|
||||
cat << HELP
|
||||
|
||||
docker-tag -- list all tags for a Docker image on a remote registry
|
||||
|
||||
EXAMPLE:
|
||||
- list all tags for ubuntu:
|
||||
docker-tag tags ubuntu
|
||||
|
||||
- list all php tags containing apache:
|
||||
docker-tag tags php apache
|
||||
|
||||
- list all images of harbor:
|
||||
docker-tag get_images
|
||||
|
||||
- list all tags for harbor redis:
|
||||
docker-tag get_tags redis/redis
|
||||
|
||||
HELP
|
||||
}
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
usage
|
||||
exit 2
|
||||
fi
|
||||
|
||||
function tags() {
|
||||
TAGS=$(curl -ksL https://registry.hub.docker.com/v1/repositories/${MTAG}/tags | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}')
|
||||
if [ "${CONTAIN}" != "" ]; then
|
||||
echo -e $(echo "${TAGS}" | grep "${CONTAIN}") | tr ' ' '\n'
|
||||
else
|
||||
echo "${TAGS}"
|
||||
fi
|
||||
}
|
||||
|
||||
function get_images() {
|
||||
RTOKEN=$(curl -k -s -u ${USER}:${PASS} ${HURL}/service/token?account=${USER}\&service=harbor-registry\&scope=registry:catalog:* | grep "token" | awk -F '"' '{print $4}')
|
||||
RLIST=$(curl -k -s -H "authorization: bearer ${RTOKEN} " ${HURL}/v2/_catalog | awk -F '[' '{print $2}'|awk -F ']' '{print $1}' | sed 's/"//g')
|
||||
echo ${RLIST} | tr ',' '\n'
|
||||
}
|
||||
|
||||
function get_tags() {
|
||||
TTOKEN=$(curl -iksL -X GET -u ${USER}:${PASS} ${HURL}/service/token?account=${USER}\&service=harbor-registry\&scope=repository:${MTAG}:pull | grep "token" | awk -F '"' '{print $4}')
|
||||
TLIST=$(curl -ksL -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${TTOKEN}" ${HURL}/v2/${MTAG}/tags/list| awk -F '[' '{print $2}' | awk -F ']' '{print $1}' | sed 's/"//g')
|
||||
echo ${TLIST} | tr ',' '\n'
|
||||
}
|
||||
|
||||
case $1 in
|
||||
get_images)
|
||||
get_images
|
||||
;;
|
||||
get_tags)
|
||||
get_tags
|
||||
;;
|
||||
tags)
|
||||
tags
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
|
|
@ -2,30 +2,10 @@
|
|||
shell: 'systemctl is-active docker || echo "NoFound"'
|
||||
register: docker_svc
|
||||
|
||||
# 18.09.x 版本二进制名字有变化,需要做判断
|
||||
- name: 获取docker版本信息
|
||||
shell: "{{ base_dir }}/bin/dockerd --version|cut -d' ' -f3"
|
||||
register: docker_ver
|
||||
connection: local
|
||||
run_once: true
|
||||
tags: upgrade_docker, download_docker
|
||||
|
||||
- name: debug info
|
||||
debug: var="docker_ver"
|
||||
connection: local
|
||||
run_once: true
|
||||
tags: upgrade_docker, download_docker
|
||||
|
||||
- name: 转换docker版本信息为浮点数
|
||||
set_fact:
|
||||
DOCKER_VER: "{{ docker_ver.stdout.split('.')[0]|int + docker_ver.stdout.split('.')[1]|int/100 }}"
|
||||
connection: local
|
||||
run_once: true
|
||||
tags: upgrade_docker, download_docker
|
||||
|
||||
- name: debug info
|
||||
debug: var="DOCKER_VER"
|
||||
tags: upgrade_docker, download_docker
|
||||
- name: 已安装提示
|
||||
debug:
|
||||
msg: "docker 服务已安装"
|
||||
when: "'NoFound' not in docker_svc.stdout"
|
||||
|
||||
- block:
|
||||
- name: 准备docker相关目录
|
||||
|
|
@ -33,58 +13,16 @@
|
|||
with_items:
|
||||
- "{{ bin_dir }}"
|
||||
- "/etc/docker"
|
||||
- "/etc/bash_completion.d"
|
||||
|
||||
- name: 下载 docker 二进制文件
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- docker-containerd
|
||||
- docker-containerd-shim
|
||||
- docker-init
|
||||
- docker-runc
|
||||
- docker
|
||||
- docker-containerd-ctr
|
||||
- dockerd
|
||||
- docker-proxy
|
||||
copy: src={{ item }} dest={{ bin_dir }}/ mode=0755
|
||||
with_fileglob:
|
||||
- "{{ base_dir }}/bin/docker-bin/*"
|
||||
tags: upgrade_docker, download_docker
|
||||
when: "DOCKER_VER|float < 18.09"
|
||||
|
||||
- name: 下载 docker 二进制文件(>= 18.09.x)
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- containerd
|
||||
- containerd-shim
|
||||
- docker-init
|
||||
- runc
|
||||
- docker
|
||||
- ctr
|
||||
- dockerd
|
||||
- docker-proxy
|
||||
tags: upgrade_docker, download_docker
|
||||
when: "DOCKER_VER|float >= 18.09"
|
||||
|
||||
- name: 下载 docker 二进制文件(>= 20.10.x)
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- containerd-shim-runc-v2
|
||||
tags: upgrade_docker, download_docker
|
||||
when: "DOCKER_VER|float >= 20.10"
|
||||
|
||||
- name: docker命令自动补全
|
||||
copy: src=docker dest=/etc/bash_completion.d/docker mode=0644
|
||||
|
||||
- name: docker国内镜像加速
|
||||
- name: 配置docker daemon
|
||||
template: src=daemon.json.j2 dest=/etc/docker/daemon.json
|
||||
|
||||
- name: flush-iptables
|
||||
shell: "source /etc/profile; iptables -P INPUT ACCEPT \
|
||||
&& iptables -P FORWARD ACCEPT \
|
||||
&& iptables -P OUTPUT ACCEPT \
|
||||
&& iptables -F && iptables -X \
|
||||
&& iptables -F -t nat && iptables -X -t nat \
|
||||
&& iptables -F -t raw && iptables -X -t raw \
|
||||
&& iptables -F -t mangle && iptables -X -t mangle"
|
||||
|
||||
- name: 创建docker的systemd unit文件
|
||||
template: src=docker.service.j2 dest=/etc/systemd/system/docker.service
|
||||
tags: upgrade_docker, download_docker
|
||||
|
|
@ -110,7 +48,3 @@
|
|||
file: src={{ bin_dir }}/docker dest=/usr/bin/docker state=link
|
||||
ignore_errors: true
|
||||
when: "'NoFound' in docker_svc.stdout"
|
||||
|
||||
## 可选 ------安装docker查询镜像 tag的小工具----
|
||||
- name: 下载 docker-tag
|
||||
copy: src=docker-tag dest={{ bin_dir }}/docker-tag mode=0755
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ Environment="PATH={{ bin_dir }}:/bin:/sbin:/usr/bin:/usr/sbin"
|
|||
ExecStart={{ bin_dir }}/dockerd
|
||||
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
Restart=always
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
LimitNOFILE=infinity
|
||||
LimitNPROC=infinity
|
||||
|
|
|
|||
Loading…
Reference in New Issue