update scripts

context/rootfs/scripts/docker.sh

@@ -0,0 +1,116 @@
+#!/bin/bash
+# Copyright © 2021 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -x
+set -e
+
+scripts_path=$(cd `dirname $0`; pwd)
+image_dir="$scripts_path/../images"
+DOCKER_VERSION="19.03.14-sealer"
+
+get_distribution() {
+  lsb_dist=""
+  # Every system that we officially support has /etc/os-release
+  if [ -r /etc/os-release ]; then
+    lsb_dist="$(. /etc/os-release && echo "$ID")"
+  fi
+  # Returning an empty string here should be alright since the
+  # case statements don't act unless you provide an actual value
+  echo "$lsb_dist"
+}
+
+disable_selinux() {
+  if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
+    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
+    setenforce 0
+  fi
+}
+
+load_images() {
+  for image in "$image_dir"/*; do
+    if [ -f "${image}" ]; then
+      docker load -q -i "${image}"
+    fi
+  done
+}
+
+check_docker_valid() {
+  if ! docker info 2>&1; then
+    panic "docker is not healthy: $(docker info 2>&1), please check"
+  fi
+
+  dockerVersion=`docker info --format '{{json .ServerVersion}}' | tr -d '"'`
+  if [ "${dockerVersion}" != "${DOCKER_VERSION}" ]; then
+    panic "docker version is ${dockerVersion}, should be 19.03.15, please check"
+  fi
+}
+
+storage=${1:-/var/lib/docker}
+mkdir -p $storage
+if ! utils_command_exists docker; then
+  lsb_dist=$(get_distribution)
+  lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
+  echo "current system is $lsb_dist"
+  case "$lsb_dist" in
+  ubuntu | deepin | debian | raspbian)
+    cp "${scripts_path}"/../etc/docker.service /lib/systemd/system/docker.service
+    if [ ! -f /usr/sbin/iptables ];then
+      if [ -f /sbin/iptables ];then
+        ln -s /sbin/iptables /usr/sbin/iptables
+      else
+        panic "iptables not found, please check"
+      fi
+    fi
+    ;;
+  centos | rhel | anolis | ol | sles | kylin | neokylin)
+    cp "${scripts_path}"/../etc/docker.service /usr/lib/systemd/system/docker.service
+    ;;
+  alios)
+    docker0=$(ip addr show docker0 | head -1|tr " " "\n"|grep "<"|grep -iwo "UP"|wc -l)
+    if [ "$docker0" != "1" ]; then
+        ip link add name docker0 type bridge
+        ip addr add dev docker0 172.17.0.1/16
+    fi
+    cp "${scripts_path}"/../etc/docker.service /usr/lib/systemd/system/docker.service
+    ;;
+  *)
+    utils_info "unknown system to use /lib/systemd/system/docker.service"
+    cp "${scripts_path}"/../etc/docker.service /lib/systemd/system/docker.service
+    ;;
+  esac
+
+  [ -d /etc/docker/ ] || mkdir /etc/docker/ -p
+
+  chmod -R 755 "${scripts_path}"/../cri
+  tar -zxvf "${scripts_path}"/../cri/docker.tar.gz -C /usr/bin
+  chmod a+x /usr/bin
+  chmod a+x /usr/bin/docker
+  chmod a+x /usr/bin/dockerd
+  systemctl enable docker.service
+  systemctl restart docker.service
+  cp "${scripts_path}"/../etc/daemon.json /etc/docker
+  mkdir -p /root/.docker/
+  cp "${scripts_path}"/../etc/docker-cli-config.json /root/.docker/config.json
+  if [[ -n $1 && -n $2 ]]; then
+    sed -i "s/sea.hub:5000/$2:$3/g" /etc/docker/daemon.json
+  fi
+fi
+
+disable_selinux
+systemctl daemon-reload
+systemctl restart docker.service
+check_docker_valid
+
+load_images

context/rootfs/scripts/init-kube.sh

@@ -1,26 +1,9 @@
 #!/bin/bash
-# shellcheck disable=SC1091
 
-# Open ipvs
-modprobe -- ip_vs
-modprobe -- ip_vs_rr
-modprobe -- ip_vs_wrr
-modprobe -- ip_vs_sh
-modprobe -- br_netfilter
-## version_ge 4.19 4.19 true ;
-## version_ge 5.4 4.19 true ;
-## version_ge 3.10 4.19 false ;
+scripts_path=$(cd `dirname $0`; pwd)
+source "${scripts_path}"/utils.sh
 
-version_ge() {
-  test "$(echo "$@" | tr ' ' '\n' | sort -rV | head -n 1)" == "$1"
-}
-
-disable_selinux() {
-  if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
-    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
-    setenforce 0
-  fi
-}
+set -x
 
 get_distribution() {
   lsb_dist=""
@@ -50,32 +33,27 @@ disable_firewalld() {
   esac
 }
 
-kernel_version=$(uname -r | cut -d- -f1)
-if version_ge "${kernel_version}" 4.19; then
-  modprobe -- nf_conntrack
-else
-  modprobe -- nf_conntrack_ipv4
-fi
-
-cat <<EOF >/etc/sysctl.d/k8s.conf
-net.bridge.bridge-nf-call-ip6tables = 1
-net.bridge.bridge-nf-call-iptables = 1
-net.ipv4.conf.all.rp_filter=0
-EOF
-sysctl --system
-sysctl -w net.ipv4.ip_forward=1
-disable_firewalld
-swapoff -a || true
-disable_selinux
+copy_bins() {
+  chmod -R 755 ../bin/*
+  chmod 644 ../bin
+  cp ../bin/* /usr/bin
+  cp ../scripts/kubelet-pre-start.sh /usr/bin
+  chmod +x /usr/bin/kubelet-pre-start.sh
+}
 
-chmod -R 755 ../bin/*
-chmod 644 ../bin
-cp ../bin/* /usr/bin
-cp ../scripts/kubelet-pre-start.sh /usr/bin
-# Cgroup driver
-mkdir -p /etc/systemd/system
-cp ../etc/kubelet.service /etc/systemd/system/
-[ -d /etc/systemd/system/kubelet.service.d ] || mkdir /etc/systemd/system/kubelet.service.d
-cp ../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/
+copy_kubelet_service(){
+  mkdir -p /etc/systemd/system
+  cp ../etc/kubelet.service /etc/systemd/system/
+  [ -d /etc/systemd/system/kubelet.service.d ] || mkdir /etc/systemd/system/kubelet.service.d
+  cp ../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/
+}
 
-systemctl daemon-reload && systemctl enable kubelet
+disable_firewalld
+copy_bins
+copy_kubelet_service
+[ -d /var/lib/kubelet ] || mkdir -p /var/lib/kubelet/
+/usr/bin/kubelet-pre-start.sh
+systemctl enable kubelet
+
+# nvidia-docker.sh need set kubelet labels, it should be run after kubelet
+bash ${scripts_path}/nvidia-docker.sh || exit 1