mirror of https://github.com/easzlab/kubeasz.git
adjust docker setup scripts
parent
640f158cb3
commit
e32dd8f68f
|
@ -6,7 +6,8 @@ CNCF 一致性认证项目(https://github.com/cncf/k8s-conformance) 可以很方
|
||||||
|
|
||||||
自kubeasz 3.0.0 版本,k8s v1.20.2开始,正式通过cncf一致性认证,成为cncf 官方认证安装工具;后续k8s主要版本发布或者kubeasz有大版本更新,会优先确保通过集群一致性认证。
|
自kubeasz 3.0.0 版本,k8s v1.20.2开始,正式通过cncf一致性认证,成为cncf 官方认证安装工具;后续k8s主要版本发布或者kubeasz有大版本更新,会优先确保通过集群一致性认证。
|
||||||
|
|
||||||
- v1.27 [进行中]()
|
- v1.28 [进行中](https://github.com/cncf/k8s-conformance/pull/2788)
|
||||||
|
- v1.27 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.27/kubeasz)
|
||||||
- v1.26 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.26/kubeasz)
|
- v1.26 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.26/kubeasz)
|
||||||
- v1.25 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.25/kubeasz)
|
- v1.25 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.25/kubeasz)
|
||||||
- v1.24 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.24/kubeasz)
|
- v1.24 [已认证](https://github.com/cncf/k8s-conformance/tree/master/v1.24/kubeasz)
|
||||||
|
|
34
ezdown
34
ezdown
|
@ -23,7 +23,7 @@ SYS_PKG_VER=1.0.0
|
||||||
HARBOR_VER=v2.6.4
|
HARBOR_VER=v2.6.4
|
||||||
REGISTRY_MIRROR=CN
|
REGISTRY_MIRROR=CN
|
||||||
|
|
||||||
# images downloaded by default(with '-D')
|
# images downloaded by default(with 'ezdown -D')
|
||||||
# https://github.com/projectcalico/calico
|
# https://github.com/projectcalico/calico
|
||||||
calicoVer=v3.24.6
|
calicoVer=v3.24.6
|
||||||
# https://github.com/coredns/coredns
|
# https://github.com/coredns/coredns
|
||||||
|
@ -36,7 +36,7 @@ dashboardMetricsScraperVer=v1.0.8
|
||||||
metricsVer=v0.6.4
|
metricsVer=v0.6.4
|
||||||
pauseVer=3.9
|
pauseVer=3.9
|
||||||
|
|
||||||
# images not downloaded by default(only download with '-X')
|
# images not downloaded by default(only download with 'ezdown -X ***')
|
||||||
# https://github.com/cilium/cilium
|
# https://github.com/cilium/cilium
|
||||||
ciliumVer=1.13.6
|
ciliumVer=1.13.6
|
||||||
# https://github.com/flannel-io/flannel
|
# https://github.com/flannel-io/flannel
|
||||||
|
@ -153,7 +153,8 @@ function download_docker() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
tar zxf "$BASE/down/docker-$DOCKER_VER.tgz" -C "$BASE/down" && \
|
tar zxf "$BASE/down/docker-$DOCKER_VER.tgz" -C "$BASE/down" && \
|
||||||
cp -f "$BASE"/down/docker/* "$BASE/bin" && \
|
mkdir -p "$BASE/docker-bin" && \
|
||||||
|
cp -f "$BASE"/down/docker/* "$BASE/docker-bin" && \
|
||||||
mv -f "$BASE"/down/docker/* /opt/kube/bin && \
|
mv -f "$BASE"/down/docker/* /opt/kube/bin && \
|
||||||
ln -sf /opt/kube/bin/docker /bin/docker
|
ln -sf /opt/kube/bin/docker /bin/docker
|
||||||
}
|
}
|
||||||
|
@ -227,31 +228,6 @@ EOF
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# docker proxy setting
|
|
||||||
http_proxy=${http_proxy:-}
|
|
||||||
HTTP_PROXY=${HTTP_PROXY:-$http_proxy}
|
|
||||||
https_proxy=${https_proxy:-}
|
|
||||||
HTTPS_PROXY=${HTTPS_PROXY:-$https_proxy}
|
|
||||||
USE_PROXY=0
|
|
||||||
CONFIG="[Service]\n"
|
|
||||||
|
|
||||||
if [[ -n ${HTTP_PROXY} ]]; then
|
|
||||||
USE_PROXY=1
|
|
||||||
CONFIG=${CONFIG}"Environment=HTTP_PROXY=${HTTP_PROXY}\n"
|
|
||||||
fi
|
|
||||||
if [[ -n ${HTTPS_PROXY} ]]; then
|
|
||||||
USE_PROXY=1
|
|
||||||
CONFIG=${CONFIG}"Environment=HTTPS_PROXY=${HTTPS_PROXY}\n"
|
|
||||||
fi
|
|
||||||
if [[ ${USE_PROXY} == 1 ]]; then
|
|
||||||
logger debug "generate docker service http proxy file"
|
|
||||||
mkdir -p /etc/systemd/system/docker.service.d
|
|
||||||
c=$(echo -e "$CONFIG")
|
|
||||||
cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
|
|
||||||
${c}
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -f /etc/selinux/config ]]; then
|
if [[ -f /etc/selinux/config ]]; then
|
||||||
logger debug "turn off selinux"
|
logger debug "turn off selinux"
|
||||||
getenforce|grep Disabled || setenforce 0
|
getenforce|grep Disabled || setenforce 0
|
||||||
|
@ -260,7 +236,7 @@ EOF
|
||||||
|
|
||||||
logger debug "enable and start docker"
|
logger debug "enable and start docker"
|
||||||
systemctl enable docker
|
systemctl enable docker
|
||||||
systemctl daemon-reload && systemctl restart docker && sleep 4
|
systemctl daemon-reload && systemctl restart docker && sleep 3
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_kubeasz() {
|
function get_kubeasz() {
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,70 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
|
|
||||||
USER="admin"
|
|
||||||
PASS="XXXXXXXXXXXXXXXXXX"
|
|
||||||
HURL="https://{{ HARBOR_DOMAIN }}"
|
|
||||||
MTAG=$2
|
|
||||||
CONTAIN=$3
|
|
||||||
|
|
||||||
function usage() {
|
|
||||||
cat << HELP
|
|
||||||
|
|
||||||
docker-tag -- list all tags for a Docker image on a remote registry
|
|
||||||
|
|
||||||
EXAMPLE:
|
|
||||||
- list all tags for ubuntu:
|
|
||||||
docker-tag tags ubuntu
|
|
||||||
|
|
||||||
- list all php tags containing apache:
|
|
||||||
docker-tag tags php apache
|
|
||||||
|
|
||||||
- list all images of harbor:
|
|
||||||
docker-tag get_images
|
|
||||||
|
|
||||||
- list all tags for harbor redis:
|
|
||||||
docker-tag get_tags redis/redis
|
|
||||||
|
|
||||||
HELP
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ $# -lt 1 ]; then
|
|
||||||
usage
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
|
|
||||||
function tags() {
|
|
||||||
TAGS=$(curl -ksL https://registry.hub.docker.com/v1/repositories/${MTAG}/tags | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}')
|
|
||||||
if [ "${CONTAIN}" != "" ]; then
|
|
||||||
echo -e $(echo "${TAGS}" | grep "${CONTAIN}") | tr ' ' '\n'
|
|
||||||
else
|
|
||||||
echo "${TAGS}"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
function get_images() {
|
|
||||||
RTOKEN=$(curl -k -s -u ${USER}:${PASS} ${HURL}/service/token?account=${USER}\&service=harbor-registry\&scope=registry:catalog:* | grep "token" | awk -F '"' '{print $4}')
|
|
||||||
RLIST=$(curl -k -s -H "authorization: bearer ${RTOKEN} " ${HURL}/v2/_catalog | awk -F '[' '{print $2}'|awk -F ']' '{print $1}' | sed 's/"//g')
|
|
||||||
echo ${RLIST} | tr ',' '\n'
|
|
||||||
}
|
|
||||||
|
|
||||||
function get_tags() {
|
|
||||||
TTOKEN=$(curl -iksL -X GET -u ${USER}:${PASS} ${HURL}/service/token?account=${USER}\&service=harbor-registry\&scope=repository:${MTAG}:pull | grep "token" | awk -F '"' '{print $4}')
|
|
||||||
TLIST=$(curl -ksL -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${TTOKEN}" ${HURL}/v2/${MTAG}/tags/list| awk -F '[' '{print $2}' | awk -F ']' '{print $1}' | sed 's/"//g')
|
|
||||||
echo ${TLIST} | tr ',' '\n'
|
|
||||||
}
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
get_images)
|
|
||||||
get_images
|
|
||||||
;;
|
|
||||||
get_tags)
|
|
||||||
get_tags
|
|
||||||
;;
|
|
||||||
tags)
|
|
||||||
tags
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
usage
|
|
||||||
;;
|
|
||||||
esac
|
|
|
@ -2,30 +2,10 @@
|
||||||
shell: 'systemctl is-active docker || echo "NoFound"'
|
shell: 'systemctl is-active docker || echo "NoFound"'
|
||||||
register: docker_svc
|
register: docker_svc
|
||||||
|
|
||||||
# 18.09.x 版本二进制名字有变化,需要做判断
|
- name: 已安装提示
|
||||||
- name: 获取docker版本信息
|
debug:
|
||||||
shell: "{{ base_dir }}/bin/dockerd --version|cut -d' ' -f3"
|
msg: "docker 服务已安装"
|
||||||
register: docker_ver
|
when: "'NoFound' not in docker_svc.stdout"
|
||||||
connection: local
|
|
||||||
run_once: true
|
|
||||||
tags: upgrade_docker, download_docker
|
|
||||||
|
|
||||||
- name: debug info
|
|
||||||
debug: var="docker_ver"
|
|
||||||
connection: local
|
|
||||||
run_once: true
|
|
||||||
tags: upgrade_docker, download_docker
|
|
||||||
|
|
||||||
- name: 转换docker版本信息为浮点数
|
|
||||||
set_fact:
|
|
||||||
DOCKER_VER: "{{ docker_ver.stdout.split('.')[0]|int + docker_ver.stdout.split('.')[1]|int/100 }}"
|
|
||||||
connection: local
|
|
||||||
run_once: true
|
|
||||||
tags: upgrade_docker, download_docker
|
|
||||||
|
|
||||||
- name: debug info
|
|
||||||
debug: var="DOCKER_VER"
|
|
||||||
tags: upgrade_docker, download_docker
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: 准备docker相关目录
|
- name: 准备docker相关目录
|
||||||
|
@ -33,58 +13,16 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ bin_dir }}"
|
- "{{ bin_dir }}"
|
||||||
- "/etc/docker"
|
- "/etc/docker"
|
||||||
- "/etc/bash_completion.d"
|
|
||||||
|
|
||||||
- name: 下载 docker 二进制文件
|
- name: 下载 docker 二进制文件
|
||||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
copy: src={{ item }} dest={{ bin_dir }}/ mode=0755
|
||||||
with_items:
|
with_fileglob:
|
||||||
- docker-containerd
|
- "{{ base_dir }}/bin/docker-bin/*"
|
||||||
- docker-containerd-shim
|
|
||||||
- docker-init
|
|
||||||
- docker-runc
|
|
||||||
- docker
|
|
||||||
- docker-containerd-ctr
|
|
||||||
- dockerd
|
|
||||||
- docker-proxy
|
|
||||||
tags: upgrade_docker, download_docker
|
tags: upgrade_docker, download_docker
|
||||||
when: "DOCKER_VER|float < 18.09"
|
|
||||||
|
|
||||||
- name: 下载 docker 二进制文件(>= 18.09.x)
|
- name: 配置docker daemon
|
||||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
|
||||||
with_items:
|
|
||||||
- containerd
|
|
||||||
- containerd-shim
|
|
||||||
- docker-init
|
|
||||||
- runc
|
|
||||||
- docker
|
|
||||||
- ctr
|
|
||||||
- dockerd
|
|
||||||
- docker-proxy
|
|
||||||
tags: upgrade_docker, download_docker
|
|
||||||
when: "DOCKER_VER|float >= 18.09"
|
|
||||||
|
|
||||||
- name: 下载 docker 二进制文件(>= 20.10.x)
|
|
||||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
|
||||||
with_items:
|
|
||||||
- containerd-shim-runc-v2
|
|
||||||
tags: upgrade_docker, download_docker
|
|
||||||
when: "DOCKER_VER|float >= 20.10"
|
|
||||||
|
|
||||||
- name: docker命令自动补全
|
|
||||||
copy: src=docker dest=/etc/bash_completion.d/docker mode=0644
|
|
||||||
|
|
||||||
- name: docker国内镜像加速
|
|
||||||
template: src=daemon.json.j2 dest=/etc/docker/daemon.json
|
template: src=daemon.json.j2 dest=/etc/docker/daemon.json
|
||||||
|
|
||||||
- name: flush-iptables
|
|
||||||
shell: "source /etc/profile; iptables -P INPUT ACCEPT \
|
|
||||||
&& iptables -P FORWARD ACCEPT \
|
|
||||||
&& iptables -P OUTPUT ACCEPT \
|
|
||||||
&& iptables -F && iptables -X \
|
|
||||||
&& iptables -F -t nat && iptables -X -t nat \
|
|
||||||
&& iptables -F -t raw && iptables -X -t raw \
|
|
||||||
&& iptables -F -t mangle && iptables -X -t mangle"
|
|
||||||
|
|
||||||
- name: 创建docker的systemd unit文件
|
- name: 创建docker的systemd unit文件
|
||||||
template: src=docker.service.j2 dest=/etc/systemd/system/docker.service
|
template: src=docker.service.j2 dest=/etc/systemd/system/docker.service
|
||||||
tags: upgrade_docker, download_docker
|
tags: upgrade_docker, download_docker
|
||||||
|
@ -110,7 +48,3 @@
|
||||||
file: src={{ bin_dir }}/docker dest=/usr/bin/docker state=link
|
file: src={{ bin_dir }}/docker dest=/usr/bin/docker state=link
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: "'NoFound' in docker_svc.stdout"
|
when: "'NoFound' in docker_svc.stdout"
|
||||||
|
|
||||||
## 可选 ------安装docker查询镜像 tag的小工具----
|
|
||||||
- name: 下载 docker-tag
|
|
||||||
copy: src=docker-tag dest={{ bin_dir }}/docker-tag mode=0755
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ Environment="PATH={{ bin_dir }}:/bin:/sbin:/usr/bin:/usr/sbin"
|
||||||
ExecStart={{ bin_dir }}/dockerd
|
ExecStart={{ bin_dir }}/dockerd
|
||||||
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
|
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
|
||||||
ExecReload=/bin/kill -s HUP $MAINPID
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
Restart=always
|
Restart=on-failure
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
LimitNOFILE=infinity
|
LimitNOFILE=infinity
|
||||||
LimitNPROC=infinity
|
LimitNPROC=infinity
|
||||||
|
|
Loading…
Reference in New Issue