optimize scripts and add autobuild scripts

Author: Stevent-fei

.github/workflows/auto-build-main.yml

@@ -0,0 +1,29 @@
+name: Auto build image
+on:
+  issue_comment:
+    types:
+      - created
+jobs:
+  issue_comment:
+    name: Auto build image
+    if: startswith(github.event.comment.body, '/autobuild')
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+
+      - name: Auto build image
+        id: autobuild
+        run: |
+          commentbody="${{github.event.comment.body}}"
+          commentbody=$(echo $commentbody | sed "s/\/imagebuild//g")
+          sudo git clone https://github.com/sealerio/basefs.git && cd basefs
+          sudo touch autobuild.log && sudo chmod 666 autobuild.log && sudo bash auto-build-main.sh --username="${{secrets.REGISTRY_USERNAME}}" --password="${{secrets.REGISTRY_PASSWORD}}" $commentbody > autobuild.log && cat autobuild.log
+          echo "::set-output name=info::$(grep 'cri:' autobuild.log))"
+
+      - name: Success Commit
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            ${{ steps.autobuild.outputs.info }}

auto-build-main.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+
+set -e
+
+for i in "$@"; do
+  case $i in
+  -c=* | --cri=*)
+    cri="${i#*=}"
+    if [ "$cri" != "docker" ] && [ "$cri" != "containerd" ]; then
+      echo "Unsupported container runtime: ${cri}"
+      exit 1
+    fi
+    shift # past argument=value
+    ;;
+  -n=* | --buildName=*)
+    buildName="${i#*=}"
+    shift # past argument=value
+    ;;
+  --platform=*)
+    platform="${i#*=}"
+    shift # past argument=value
+    ;;
+  --push)
+    push="true"
+    shift # past argument=value
+    ;;
+  -p=* | --password=*)
+    password="${i#*=}"
+    shift # past argument=value
+    ;;
+  -u=* | --username=*)
+    username="${i#*=}"
+    shift # past argument=value
+    ;;
+  --k8s-version=*)
+    k8s_version="${i#*=}"
+    shift # past argument=value
+    ;;
+  -h | --help)
+    echo "
+### Options
+  --k8s-version         set the kubernetes k8s_version of the Clusterimage, k8s_version must be greater than 1.13
+  -c, --cri             cri can be set to docker or containerd between kubernetes 1.20-1.24 versions
+  -n, --buildName       set build image name, default is 'registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:${k8s_version}'
+  --platform            set the build mirror platform, the default is linux/amd64,linux/arm64
+  --push                push clusterimage after building the clusterimage. The image name must contain the full name of the repository, and use -u and -p to specify the username and password.
+  -u, --username        specify the user's username for pushing the Clusterimage
+  -p, --password        specify the user's password for pushing the Clusterimage
+  -d, --debug           show all script logs
+  -h, --help            help for auto build shell scripts"
+    exit 0
+    ;;
+  -d | --debug)
+    set -x
+    shift
+    ;;
+  -*)
+    echo "Unknown option $i"
+    exit 1
+    ;;
+  *) ;;
+
+  esac
+done
+
+version_compare() { printf '%s\n%s\n' "$2" "$1" | sort -V -C; } ## version_compare $a $b:  a>=b
+
+ARCH=$(case "$(uname -m)" in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo "unsupported architecture" "$(uname -m)" && exit 1 ;; esac)
+
+if [ "$k8s_version" = "" ]; then echo "pls use --k8s-version to set Clusterimage kubernetes version" && exit 1; else echo "$k8s_version" | grep "v" || k8s_version="v${k8s_version}"; fi
+#cri=$([[ -n "$cri" ]] && echo "$cri" || echo docker)
+cri=$( (version_compare "$k8s_version" "v1.24.0" && echo "containerd") || ([[ -n "$cri" ]] && echo "$cri" || echo "docker"))
+if [[ -z "$buildName" ]]; then
+  buildName="docker.io/sealerio/kubernetes:${k8s_version}"
+  if [[ "$cri" == "containerd" ]] && ! version_compare "$k8s_version" "v1.24.0"; then buildName=${buildName}-containerd; fi
+fi
+platform=$(if [[ -z "$platform" ]]; then echo "linux/arm64,linux/amd64"; else echo "$platform"; fi)
+echo "cri: ${cri}, kubernetes version: ${k8s_version}, build image name: ${buildName}"
+
+kubeadmApiVersion=$( (version_compare "$k8s_version" "v1.23.0" && echo 'kubeadm.k8s.io\/v1beta3') || (version_compare "$k8s_version" "v1.15.0" && echo 'kubeadm.k8s.io\/v1beta2') ||
+  (version_compare "$k8s_version" "v1.13.0" && echo 'kubeadm.k8s.io\/v1beta1') || (echo "Version must be greater than 1.13: ${k8s_version}" && exit 1))
+
+workdir="$(mktemp -d auto-build-XXXXX)" && sudo cp -r context "${workdir}" && cd "${workdir}/context" && sudo cp -rf "${cri}"/* .
+
+# shellcheck disable=SC1091
+sudo chmod +x version.sh download.sh && export kube_install_version="$k8s_version" && source version.sh
+./download.sh "${cri}"
+
+sudo chmod +x amd64/bin/kube* && sudo chmod +x arm64/bin/kube*
+#Download the latest version of sealer
+sudo git clone https://github.com/sealerio/sealer && cd sealer && git checkout main && make build-in-docker && cp _output/bin/sealer/linux_amd64/sealer /usr/bin/ && cd ..
+sudo sed -i "s/v1.19.8/$k8s_version/g" rootfs/etc/kubeadm.yml ##change k8s_version
+if [[ "$cri" == "containerd" ]]; then sudo sed -i "s/\/var\/run\/dockershim.sock/\/run\/containerd\/containerd.sock/g" rootfs/etc/kubeadm.yml; fi
+sudo sed -i "s/kubeadm.k8s.io\/v1beta2/$kubeadmApiVersion/g" rootfs/etc/kubeadm.yml
+sudo ./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml"
+sudo mkdir manifests
+sudo ./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" 2>/dev/null | sed "/WARNING/d" >>imageList
+if [ "$(sudo ./"${ARCH}"/bin/kubeadm config images list --config rootfs/etc/kubeadm.yml 2>/dev/null | grep -c "coredns/coredns")" -gt 0 ]; then sudo sed -i "s/#imageRepository/imageRepository/g" rootfs/etc/kubeadm.yml; fi
+sudo sed -i "s/k8s.gcr.io/sea.hub:5000/g" rootfs/etc/kubeadm.yml
+pauseImage=$(./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" 2>/dev/null | sed "/WARNING/d" | grep pause)
+if [ -f "rootfs/etc/dump-config.toml" ]; then sudo sed -i "s/sea.hub:5000\/pause:3.6/$(echo "$pauseImage" | sed 's/\//\\\//g')/g" rootfs/etc/dump-config.toml; fi
+#sudo sed -i "s/v1.19.8/${k8s_version}/g" {arm64,amd64}/etc/Metadata
+##linux/arm64,linux/amd64
+sudo sealer build -t "docker.io/sealerio/kubernetes:${k8s_version}" -f Kubefile
+if [[ "$push" == "true" ]]; then
+  if [[ -n "$username" ]] && [[ -n "$password" ]]; then
+    sudo sealer login "$(echo "docker.io" | cut -d "/" -f1)" -u "${username}" -p "${password}"
+  fi
+  sudo sealer push "docker.io/sealerio/kubernetes:${k8s_version}"
+fi

context/docker/rootfs/etc/daemon.json

@@ -1,21 +1,19 @@
 {
+  "experimental": true,
+  "oom-score-adjust": -1000,
   "max-concurrent-downloads": 20,
   "log-driver": "json-file",
   "log-level": "warn",
   "log-opts": {
     "max-size": "10m",
     "max-file": "3"
   },
-  "mirror-registries": [
-    {
-      "domain": "*",
-      "mirrors": [
-        "https://sea.hub:5000"
-      ]
-    }
-  ],
   "exec-opts": [
     "native.cgroupdriver=systemd"
   ],
+  "insecure-registries": ["0.0.0.0/0", "::/0"],
+  "storage-driver": "overlay2",
+  "storage-opts":["overlay2.override_kernel_check=true"],
+  "live-restore": true,
   "data-root": "/var/lib/docker"
-}
+}

context/docker/rootfs/etc/docker.service

@@ -13,7 +13,7 @@ ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
 ExecReload=/bin/kill -s HUP $MAINPID
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=infinity
+LimitNOFILE={{or .DockerLimitNOFILE "1048576"}}
 LimitNPROC=infinity
 LimitCORE=infinity
 # Uncomment TasksMax if your systemd version supports it.

context/docker/rootfs/scripts/clean.sh

@@ -16,10 +16,13 @@
 set -x
 set -e
 
-scripts_path=$(cd `dirname $0`; pwd)
+# shellcheck disable=SC2046
+# shellcheck disable=SC2006
+scripts_path=$(cd `dirname "$0"`; pwd)
 image_dir="$scripts_path/../images"
-DOCKER_VERSION="19.03.14-sealer"
+DOCKER_VERSION="19.03.15"
 
+# shellcheck disable=SC1091
 get_distribution() {
   lsb_dist=""
   # Every system that we officially support has /etc/os-release
@@ -31,6 +34,10 @@ get_distribution() {
   echo "$lsb_dist"
 }
 
+utils_command_exists() {
+    command -v "$@" > /dev/null 2>&1
+}
+
 disable_selinux() {
   if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
     sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
@@ -46,6 +53,7 @@ load_images() {
   done
 }
 
+# shellcheck disable=SC2006
 check_docker_valid() {
   if ! docker info 2>&1; then
     panic "docker is not healthy: $(docker info 2>&1), please check"
@@ -58,7 +66,7 @@ check_docker_valid() {
 }
 
 storage=${1:-/var/lib/docker}
-mkdir -p $storage
+mkdir -p "$storage"
 if ! utils_command_exists docker; then
   lsb_dist=$(get_distribution)
   lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
@@ -101,8 +109,6 @@ if ! utils_command_exists docker; then
   systemctl enable docker.service
   systemctl restart docker.service
   cp "${scripts_path}"/../etc/daemon.json /etc/docker
-  mkdir -p /root/.docker/
-  cp "${scripts_path}"/../etc/docker-cli-config.json /root/.docker/config.json
   if [[ -n $1 && -n $2 ]]; then
     sed -i "s/sea.hub:5000/$2:$3/g" /etc/docker/daemon.json
   fi
@@ -113,4 +119,5 @@ systemctl daemon-reload
 systemctl restart docker.service
 check_docker_valid
 
-load_images
+load_images
+bash "${scripts_path}"/init-kube.sh

context/rootfs/scripts/docker.sh renamed to context/docker/rootfs/scripts/docker.sh

@@ -4,11 +4,10 @@ systemctl stop docker
 ip link delete docker0 type bridge || true
 rm -rf /lib/systemd/system/docker.service
 rm -rf /usr/lib/systemd/system/docker.service
-rm -rf /etc/docker/daemon.json
+rm -rf /etc/docker
 systemctl daemon-reload
 
 rm -f /usr/bin/conntrack
-rm -f /usr/bin/kubelet-pre-start.sh
 rm -f /usr/bin/containerd
 rm -f /usr/bin/containerd-shim
 rm -f /usr/bin/containerd-shim-runc-v2
@@ -18,19 +17,11 @@ rm -f /usr/bin/docker
 rm -f /usr/bin/docker-init
 rm -f /usr/bin/docker-proxy
 rm -f /usr/bin/dockerd
-rm -f /usr/bin/kubeadm
-rm -f /usr/bin/kubectl
-rm -f /usr/bin/kubelet
 rm -f /usr/bin/rootlesskit
 rm -f /usr/bin/rootlesskit-docker-proxy
 rm -f /usr/bin/runc
 rm -f /usr/bin/vpnkit
 rm -f /usr/bin/containerd-rootless-setuptool.sh
 rm -f /usr/bin/containerd-rootless.sh
 rm -f /usr/bin/nerdctl
-
-rm -f /etc/sysctl.d/k8s.conf
-rm -f /etc/systemd/system/kubelet.service
-rm -rf /etc/systemd/system/kubelet.service.d
-rm -rf /var/lib/kubelet/
-rm -f /var/lib/kubelet/config.yaml
+rm -f /usr/bin/seautil

context/rootfs/scripts/uninstall-docker.sh renamed to context/docker/rootfs/scripts/uninstall-docker.sh

@@ -59,8 +59,9 @@ install_url="https://sealer.oss-cn-beijing.aliyuncs.com/auto-build"
 ##https://github.com/osemp/moby/releases/download/v19.03.14/docker-amd64.tar.gz
 ##registry ${ARCH} image: ghcr.io/osemp/distribution-amd64/distribution:latest
 if [ "${cri}" = "docker" ]; then
-  docker_version="19.03.14"
-  docker_url="https://github.com/osemp/moby"
+  docker_version="19.03.15"
+  #docker_url="https://github.com/osemp/moby"
+  docker_url="https://github.com/moby/moby"
   cri_tarball_amd64="docker-amd64.tar.gz"
   cri_tarball_arm64="docker-arm64.tar.gz"
   cri_tarball_amd64_url="${docker_url}/releases/download/v${docker_version}/${cri_tarball_amd64}"

context/download.sh

@@ -1 +1 @@
-ack-agility-registry.cn-shanghai.cr.aliyuncs.com/sealer/lvscare:v1.1.3-beta.8
+ack-agility-registry.cn-shanghai.cr.aliyuncs.com/sealer/lvscare:v1.1.3-beta.8