adjust docker setup scripts

pull/1318/head
gjmzj 2023-09-05 19:24:03 +08:00
parent 640f158cb3
commit e32dd8f68f
6 changed files with 16 additions and 4687 deletions

View File

@ -6,7 +6,8 @@ CNCF 一致性认证项目(https://github.com/cncf/k8s-conformance) 可以很方
自kubeasz 3.0.0 版本k8s v1.20.2开始正式通过cncf一致性认证成为cncf 官方认证安装工具后续k8s主要版本发布或者kubeasz有大版本更新会优先确保通过集群一致性认证。
- v1.27 [进行中]()
- v1.28 [进行中](https://github.com/cncf/k8s-conformance/pull/2788)
- v1.27 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.27/kubeasz)
- v1.26 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.26/kubeasz)
- v1.25 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.25/kubeasz)
- v1.24 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.24/kubeasz)

34
ezdown
View File

@ -23,7 +23,7 @@ SYS_PKG_VER=1.0.0
HARBOR_VER=v2.6.4
REGISTRY_MIRROR=CN
# images downloaded by default(with '-D')
# images downloaded by default(with 'ezdown -D')
# https://github.com/projectcalico/calico
calicoVer=v3.24.6
# https://github.com/coredns/coredns
@ -36,7 +36,7 @@ dashboardMetricsScraperVer=v1.0.8
metricsVer=v0.6.4
pauseVer=3.9
# images not downloaded by default(only download with '-X')
# images not downloaded by default(only download with 'ezdown -X ***')
# https://github.com/cilium/cilium
ciliumVer=1.13.6
# https://github.com/flannel-io/flannel
@ -153,7 +153,8 @@ function download_docker() {
fi
tar zxf "$BASE/down/docker-$DOCKER_VER.tgz" -C "$BASE/down" && \
cp -f "$BASE"/down/docker/* "$BASE/bin" && \
mkdir -p "$BASE/docker-bin" && \
cp -f "$BASE"/down/docker/* "$BASE/docker-bin" && \
mv -f "$BASE"/down/docker/* /opt/kube/bin && \
ln -sf /opt/kube/bin/docker /bin/docker
}
@ -227,31 +228,6 @@ EOF
EOF
fi
# docker proxy setting
http_proxy=${http_proxy:-}
HTTP_PROXY=${HTTP_PROXY:-$http_proxy}
https_proxy=${https_proxy:-}
HTTPS_PROXY=${HTTPS_PROXY:-$https_proxy}
USE_PROXY=0
CONFIG="[Service]\n"
if [[ -n ${HTTP_PROXY} ]]; then
USE_PROXY=1
CONFIG=${CONFIG}"Environment=HTTP_PROXY=${HTTP_PROXY}\n"
fi
if [[ -n ${HTTPS_PROXY} ]]; then
USE_PROXY=1
CONFIG=${CONFIG}"Environment=HTTPS_PROXY=${HTTPS_PROXY}\n"
fi
if [[ ${USE_PROXY} == 1 ]]; then
logger debug "generate docker service http proxy file"
mkdir -p /etc/systemd/system/docker.service.d
c=$(echo -e "$CONFIG")
cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
${c}
EOF
fi
if [[ -f /etc/selinux/config ]]; then
logger debug "turn off selinux"
getenforce|grep Disabled || setenforce 0
@ -260,7 +236,7 @@ EOF
logger debug "enable and start docker"
systemctl enable docker
systemctl daemon-reload && systemctl restart docker && sleep 4
systemctl daemon-reload && systemctl restart docker && sleep 3
}
function get_kubeasz() {

File diff suppressed because it is too large Load Diff

View File

@ -1,70 +0,0 @@
#!/bin/bash
#
USER="admin"
PASS="XXXXXXXXXXXXXXXXXX"
HURL="https://{{ HARBOR_DOMAIN }}"
MTAG=$2
CONTAIN=$3
function usage() {
cat << HELP
docker-tag -- list all tags for a Docker image on a remote registry
EXAMPLE:
- list all tags for ubuntu:
docker-tag tags ubuntu
- list all php tags containing apache:
docker-tag tags php apache
- list all images of harbor:
docker-tag get_images
- list all tags for harbor redis:
docker-tag get_tags redis/redis
HELP
}
if [ $# -lt 1 ]; then
usage
exit 2
fi
function tags() {
TAGS=$(curl -ksL https://registry.hub.docker.com/v1/repositories/${MTAG}/tags | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}')
if [ "${CONTAIN}" != "" ]; then
echo -e $(echo "${TAGS}" | grep "${CONTAIN}") | tr ' ' '\n'
else
echo "${TAGS}"
fi
}
function get_images() {
RTOKEN=$(curl -k -s -u ${USER}:${PASS} ${HURL}/service/token?account=${USER}\&service=harbor-registry\&scope=registry:catalog:* | grep "token" | awk -F '"' '{print $4}')
RLIST=$(curl -k -s -H "authorization: bearer ${RTOKEN} " ${HURL}/v2/_catalog | awk -F '[' '{print $2}'|awk -F ']' '{print $1}' | sed 's/"//g')
echo ${RLIST} | tr ',' '\n'
}
function get_tags() {
TTOKEN=$(curl -iksL -X GET -u ${USER}:${PASS} ${HURL}/service/token?account=${USER}\&service=harbor-registry\&scope=repository:${MTAG}:pull | grep "token" | awk -F '"' '{print $4}')
TLIST=$(curl -ksL -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${TTOKEN}" ${HURL}/v2/${MTAG}/tags/list| awk -F '[' '{print $2}' | awk -F ']' '{print $1}' | sed 's/"//g')
echo ${TLIST} | tr ',' '\n'
}
case $1 in
get_images)
get_images
;;
get_tags)
get_tags
;;
tags)
tags
;;
*)
usage
;;
esac

View File

@ -2,30 +2,10 @@
shell: 'systemctl is-active docker || echo "NoFound"'
register: docker_svc
# 18.09.x 版本二进制名字有变化,需要做判断
- name: 获取docker版本信息
shell: "{{ base_dir }}/bin/dockerd --version|cut -d' ' -f3"
register: docker_ver
connection: local
run_once: true
tags: upgrade_docker, download_docker
- name: debug info
debug: var="docker_ver"
connection: local
run_once: true
tags: upgrade_docker, download_docker
- name: 转换docker版本信息为浮点数
set_fact:
DOCKER_VER: "{{ docker_ver.stdout.split('.')[0]|int + docker_ver.stdout.split('.')[1]|int/100 }}"
connection: local
run_once: true
tags: upgrade_docker, download_docker
- name: debug info
debug: var="DOCKER_VER"
tags: upgrade_docker, download_docker
- name: 已安装提示
debug:
msg: "docker 服务已安装"
when: "'NoFound' not in docker_svc.stdout"
- block:
- name: 准备docker相关目录
@ -33,58 +13,16 @@
with_items:
- "{{ bin_dir }}"
- "/etc/docker"
- "/etc/bash_completion.d"
- name: 下载 docker 二进制文件
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- docker-containerd
- docker-containerd-shim
- docker-init
- docker-runc
- docker
- docker-containerd-ctr
- dockerd
- docker-proxy
copy: src={{ item }} dest={{ bin_dir }}/ mode=0755
with_fileglob:
- "{{ base_dir }}/bin/docker-bin/*"
tags: upgrade_docker, download_docker
when: "DOCKER_VER|float < 18.09"
- name: 下载 docker 二进制文件(>= 18.09.x)
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- containerd
- containerd-shim
- docker-init
- runc
- docker
- ctr
- dockerd
- docker-proxy
tags: upgrade_docker, download_docker
when: "DOCKER_VER|float >= 18.09"
- name: 下载 docker 二进制文件(>= 20.10.x)
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- containerd-shim-runc-v2
tags: upgrade_docker, download_docker
when: "DOCKER_VER|float >= 20.10"
- name: docker命令自动补全
copy: src=docker dest=/etc/bash_completion.d/docker mode=0644
- name: docker国内镜像加速
- name: 配置docker daemon
template: src=daemon.json.j2 dest=/etc/docker/daemon.json
- name: flush-iptables
shell: "source /etc/profile; iptables -P INPUT ACCEPT \
&& iptables -P FORWARD ACCEPT \
&& iptables -P OUTPUT ACCEPT \
&& iptables -F && iptables -X \
&& iptables -F -t nat && iptables -X -t nat \
&& iptables -F -t raw && iptables -X -t raw \
&& iptables -F -t mangle && iptables -X -t mangle"
- name: 创建docker的systemd unit文件
template: src=docker.service.j2 dest=/etc/systemd/system/docker.service
tags: upgrade_docker, download_docker
@ -110,7 +48,3 @@
file: src={{ bin_dir }}/docker dest=/usr/bin/docker state=link
ignore_errors: true
when: "'NoFound' in docker_svc.stdout"
## 可选 ------安装docker查询镜像 tag的小工具----
- name: 下载 docker-tag
copy: src=docker-tag dest={{ bin_dir }}/docker-tag mode=0755

View File

@ -7,7 +7,7 @@ Environment="PATH={{ bin_dir }}:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart={{ bin_dir }}/dockerd
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity