From b51941a7b74ac5d83ded62ff8f9013353f6c1b98 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 11:18:08 +0800 Subject: [PATCH 1/8] update os version --- README.md | 22 +++++++++---------- examples/ack-aliyunlinux2.json | 2 +- ...ack-centos-using-existing-vpc-vswitch.json | 2 +- examples/ack-centos.json | 2 +- examples/ack-kubernetes.json | 4 ++-- examples/ack-optimized-os.json | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 40fe491..bc9727f 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This repository contains resources and configuration scripts for building a cust ## Supported OS -* CentOS 7.6/7.7 +* CentOS 7.6/7.7/7.8/7.9 * Aliyun Linux 2 (Alibaba Cloud Linux 2) ## Setup @@ -15,16 +15,6 @@ You must have [Packer](https://www.packer.io/) installed on your local system. F For more information, see [Alibaba Cloud builder](https://www.packer.io/docs/builders/alicloud-ecs.html) in the Packer documentation. -## Building the OS Image - -Execute following scripts in your shell - -``` -export ALICLOUD_ACCESS_KEY=XXX -export ALICLOUD_SECRET_KEY=XXX -packer build examples/ack-centos.json -``` - ## Build ACK-Optimized-OS image Execute following scripts in your shell @@ -35,6 +25,16 @@ export ALICLOUD_SECRET_KEY=XXX packer build examples/ack-optimized-os.json ``` +## Building the OS Image + +Execute following scripts in your shell + +``` +export ALICLOUD_ACCESS_KEY=XXX +export ALICLOUD_SECRET_KEY=XXX +packer build examples/ack-centos.json +``` + ## Building in the kubernetes ```shell script diff --git a/examples/ack-aliyunlinux2.json b/examples/ack-aliyunlinux2.json index 51002e2..0ac1fd0 100644 --- a/examples/ack-aliyunlinux2.json +++ b/examples/ack-aliyunlinux2.json @@ -2,7 +2,7 @@ "variables": { "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", - "source_image": "aliyun_2_1903_x64_20G_alibase_20200904.vhd", + "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", "instance_type": "ecs.g6.large", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" diff --git a/examples/ack-centos-using-existing-vpc-vswitch.json b/examples/ack-centos-using-existing-vpc-vswitch.json index b70bcb3..dcd3ed9 100644 --- a/examples/ack-centos-using-existing-vpc-vswitch.json +++ b/examples/ack-centos-using-existing-vpc-vswitch.json @@ -2,7 +2,7 @@ "variables": { "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", - "source_image": "centos_7_7_x64_20G_alibase_20200426.vhd", + "source_image": "centos_7_9_x64_20G_alibase_20210128.vhd", "instance_type": "ecs.g6.large", "vpc_id": "vpc-xxxxxx", "vswitch_id": "vsw-xxxxxx", diff --git a/examples/ack-centos.json b/examples/ack-centos.json index b3bb714..5a79efc 100644 --- a/examples/ack-centos.json +++ b/examples/ack-centos.json @@ -2,7 +2,7 @@ "variables": { "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", - "source_image": "centos_7_7_x64_20G_alibase_20200426.vhd", + "source_image": "centos_7_9_x64_20G_alibase_20210128.vhd", "instance_type": "ecs.g6.large", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" diff --git a/examples/ack-kubernetes.json b/examples/ack-kubernetes.json index 8db552b..a0f2257 100644 --- a/examples/ack-kubernetes.json +++ b/examples/ack-kubernetes.json @@ -2,7 +2,7 @@ "variables": { "region": "{{env `REGION`}}", "image_name": "test_image{{timestamp}}", - "source_image": "centos_7_7_x64_20G_alibase_20200426.vhd", + "source_image": "centos_7_9_x64_20G_alibase_20210128.vhd", "instance_type": "ecs.g6.large", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}", @@ -42,4 +42,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/examples/ack-optimized-os.json b/examples/ack-optimized-os.json index 11cad5c..ae72ff1 100644 --- a/examples/ack-optimized-os.json +++ b/examples/ack-optimized-os.json @@ -2,7 +2,7 @@ "variables": { "region": "cn-hangzhou", "image_name": "ack-optimized_image{{timestamp}}", - "source_image": "aliyun_2_1903_x64_20G_alibase_20200904.vhd", + "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", "instance_type": "ecs.g6.large", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" From 93ff40ffbd866f97acf427df641e6350968dbda3 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 11:20:17 +0800 Subject: [PATCH 2/8] remove ack-kubernetes.json --- README.md | 12 ---- examples/ack-kubernetes.json | 45 --------------- scripts/init.sh | 104 ----------------------------------- 3 files changed, 161 deletions(-) delete mode 100644 examples/ack-kubernetes.json delete mode 100644 scripts/init.sh diff --git a/README.md b/README.md index bc9727f..59f957e 100644 --- a/README.md +++ b/README.md @@ -35,18 +35,6 @@ export ALICLOUD_SECRET_KEY=XXX packer build examples/ack-centos.json ``` -## Building in the kubernetes - -```shell script -make -bash build/build.sh examples/ack-kubernetes.json -``` -Notes: you need input the follow params: -- [Alicloud ACCESS_KEY](https://help.aliyun.com/document_detail/53045.html?spm=a2c4g.11186623.2.18.60be682bppY9d0#concept-53045-zh) -- [Alicloud SECRET_KEY](https://help.aliyun.com/document_detail/53045.html?spm=a2c4g.11186623.2.18.60be682blplKSc#concept-53045-zh) -- [REGION](https://help.aliyun.com/document_detail/140601.html?spm=a2c4g.11186623.4.3.41b74c07HvI7Kj) -- Docker Version -- Kubernetes Version ## RAM Policy If you are using a sub account,the ram policy should at least include actions as below: diff --git a/examples/ack-kubernetes.json b/examples/ack-kubernetes.json deleted file mode 100644 index a0f2257..0000000 --- a/examples/ack-kubernetes.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "variables": { - "region": "{{env `REGION`}}", - "image_name": "test_image{{timestamp}}", - "source_image": "centos_7_9_x64_20G_alibase_20210128.vhd", - "instance_type": "ecs.g6.large", - "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", - "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}", - "docker_version": "{{env `DOCKER_VERSION`}}", - "kube_version": "{{env `KUBE_VERSION`}}" - }, - "builders": [ - { - "type": "alicloud-ecs", - "access_key": "{{user `access_key`}}", - "secret_key": "{{user `secret_key`}}", - "region": "{{user `region`}}", - "image_name": "{{user `image_name`}}", - "source_image": "{{user `source_image`}}", - "ssh_username": "root", - "instance_type": "{{user `instance_type`}}", - "skip_image_validation": "true", - "io_optimized": "true" - } - ], - "provisioners": [ - { - "type": "file", - "source": "scripts/init.sh", - "destination": "/root/" - }, - { - "type": "shell", - "inline": [ - "export REGION={{user `region`}}", - "export PKG_FILE_SERVER=http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com", - "export CLOUD_TYPE=public", - "export OS=CentOS", - "export DOCKER_VERSION={{user `docker_version`}}", - "export KUBE_VERSION={{user `kube_version`}}", - "bash /root/init.sh" - ] - } - ] -} diff --git a/scripts/init.sh b/scripts/init.sh deleted file mode 100644 index 0f7df08..0000000 --- a/scripts/init.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash -public::common::log() { - echo $(date +"[%Y%m%d %H:%M:%S]: ") $1 -} -public::common::prepare_package() { - PKG_TYPE=$1 - PKG_VERSION=$2 - if [ ! -f ${PKG_TYPE}-${PKG_VERSION}.tar.gz ]; then - curl --retry 4 $PKG_FILE_SERVER/$CLOUD_TYPE/pkg/$PKG_TYPE/${PKG_TYPE}-${PKG_VERSION}.tar.gz \ - >${PKG_TYPE}-${PKG_VERSION}.tar.gz || (public::common::log "download failed with 4 retry,exit 1" && exit 1) - fi - tar -xvf ${PKG_TYPE}-${PKG_VERSION}.tar.gz || (public::common::log "untar ${PKG_VERSION}.tar.gz failed!, exit" && exit 1) -} - -public::docker::install() { - set +e - docker version >/dev/null 2>&1 - i=$? - set -e - v=$(docker version | grep Version | awk '{gsub(/-/, ".");print $2}' | uniq) - if [ $i -eq 0 ]; then - if [[ "$DOCKER_VERSION" == "$v" ]]; then - public::common::log "docker has been installed , return. $DOCKER_VERSION" - return - fi - fi - public::common::prepare_package "docker" $DOCKER_VERSION - if [ "$OS" == "CentOS" ] || [ "$OS" == "RedHat" ] || [ "$OS" == "AliOS" ] || [ "$OS" == "AliyunOS" ]; then - if type docker; then - if [ "$(rpm -qa docker-engine-selinux | wc -l)" == "1" ]; then - yum erase -y docker-engine-selinux - fi - if [ "$(rpm -qa docker-engine | wc -l)" == "1" ]; then - yum erase -y docker-engine - fi - if [ "$(rpm -qa docker-ce | wc -l)" == "1" ]; then - yum erase -y docker-ce - fi - if [ "$(rpm -qa container-selinux | wc -l)" == "1" ]; then - yum erase -y container-selinux - fi - if [ "$(rpm -qa docker-ee | wc -l)" == "1" ]; then - yum erase -y docker-ee - fi - fi - - local pkg=pkg/docker/$DOCKER_VERSION/rpm/ - if [ "$OS" == "AliOS" ]; then - set +e - set +o pipefail - for package in $(ls $pkg | xargs -I '{}' echo -n "$pkg{} "); do - rpm -qp ${package} --requires |\ - grep -v container-selinux | grep -v 'rpmlib'| awk '{print $1}'|xargs -n1 yum install -y - rpm -ivh --nodeps ${package} - done - else - yum localinstall -y $(ls $pkg | xargs -I '{}' echo -n "$pkg{} ") - fi - elif [ "$OS" == "Ubuntu" ]; then - if [ "$need_reinstall" == "true" ]; then - if [ "$(echo $v | grep ee | wc -l)" == "1" ]; then - apt purge -y docker-ee docker-ee-selinux - elif [ "$(echo $v | grep ce | wc -l)" == "1" ]; then - apt purge -y docker-ce docker-ce-selinux container-selinux - else - apt purge -y docker-engine - fi - fi - - dir=pkg/docker/$DOCKER_VERSION/debain - dpkg -i $(ls $dir | xargs -I '{}' echo -n "$dir/{} ") - elif [ "$OS" == "SUSE" ]; then - if type docker; then - if [ "$(rpm -qa docker-engine-selinux | wc -l)" == "1" ]; then - zypper rm -y docker-engine-selinux - fi - if [ "$(rpm -qa docker-engine | wc -l)" == "1" ]; then - zypper rm -y docker-engine - fi - if [ "$(rpm -qa docker-ce | wc -l)" == "1" ]; then - zypper rm -y docker-ce - fi - if [ "$(rpm -qa container-selinux | wc -l)" == "1" ]; then - zypper rm -y container-selinux - fi - if [ "$(rpm -qa docker-ee | wc -l)" == "1" ]; then - zypper rm -y docker-ee - fi - fi - - local pkg=pkg/docker/$KUBE_VERSION/rpm/ - zypper --no-gpg-checks install -y $(ls $pkg | xargs -I '{}' echo -n "$pkg{} ") - else - public::common::log "install docker with [unsupported OS version] error!" - exit 1 - fi -} -main() { - public::common::prepare_package "docker" "$DOCKER_VERSION" - public::common::prepare_package "kubernetes" $KUBE_VERSION - public::docker::install -} -main "$@" - From 38daadf82239e69ae24e3763ba3c350c97f41716 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 11:43:55 +0800 Subject: [PATCH 3/8] update build/build.sh --- build/Dockerfile | 1 - Makefile => build/Makefile | 4 +-- build/build.sh | 67 ++++++++++++++++++++++++++------------ 3 files changed, 49 insertions(+), 23 deletions(-) rename Makefile => build/Makefile (75%) mode change 100644 => 100755 build/build.sh diff --git a/build/Dockerfile b/build/Dockerfile index 5a9feef..a2d9814 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -2,6 +2,5 @@ FROM alpine:3.10 ADD https://releases.hashicorp.com/packer/1.6.0/packer_1.6.0_linux_amd64.zip /packer_1.6.0_linux_amd64.zip RUN unzip packer_1.6.0_linux_amd64.zip && mv packer /bin/packer -COPY scripts/init.sh scripts/init.sh ENTRYPOINT ["packer", "build"] diff --git a/Makefile b/build/Makefile similarity index 75% rename from Makefile rename to build/Makefile index 7d779a9..82f7f99 100644 --- a/Makefile +++ b/build/Makefile @@ -4,6 +4,6 @@ PREFIX?=registry.aliyuncs.com/acs VERSION?=v1.0.0 docker-container: - docker build --pull -t $(PREFIX)/ack-image-builder:$(VERSION) -f build/Dockerfile . + docker build --pull -t $(PREFIX)/ack-image-builder:$(VERSION) . -.PHONY: all docker-container \ No newline at end of file +.PHONY: all docker-container diff --git a/build/build.sh b/build/build.sh old mode 100644 new mode 100755 index 3804c2b..fabe359 --- a/build/build.sh +++ b/build/build.sh @@ -1,25 +1,52 @@ #!/bin/bash -## -read -p "Please input the AliCloud access_key:" ACCESS_KEY -read -p "Please input the AliCloud secret_key:" SECRET_KEY -read -p "The Alicloud region is: " REGION -read -p "The Docker version is:" DOCKER_VERSION -read -p "The kubernetes version is:" KUBE_VERSION -## check params -if [[ -z $ACCESS_KEY || -z $SECRET_KEY || -z $REGION || -z $DOCKER_VERSION || -z $KUBE_VERSION ]]; then - echo -e "[ERROR] $(date '+%F %T') following parameters is empty: -access_key=${ACCESS_KEY} -secret_key=${SECRET_KEY} -region=${REGION} -docker_version=${DOCKER_VERSION} -kube_version=${KUBE_VERSION}" - exit 0 -fi +set -x +set -e +CUR_DIR=$(dirname $(readlink -e -v ${BASH_SOURCE[0]})) +SRC_DIR=$(dirname $CUR_DIR) -file_path="$(pwd)/$1" +usage() { + cat >&2 <<-EOF +Usage: + $0 build_template_file +Example: + $0 $SRC_DIR/examples/ack-aliyunlinux2.json +EOF +} + +check_params() { + BUILD_TEMPLATE_FILE="$1" + + if [[ -z $BUILD_TEMPLATE_FILE ]]; then + echo "ERROR: must be specify one template file" + usage + return 1 + fi + + if ! [[ -f $BUILD_TEMPLATE_FILE ]]; then + echo "ERROR: cannot find file: $BUILD_TEMPLATE_FILE" + return 1 + fi +} + +check_docker_image() { + if docker inspect registry.aliyuncs.com/acs/ack-image-builder:v1.0.0 &>/dev/null; then + : + else + make + fi +} + +build_os_image() { + docker run -v $BUILD_TEMPLATE_FILE:$BUILD_TEMPLATE_FILE registry.aliyuncs.com/acs/ack-image-builder:v1.0.0 $file_path +} + +main() { + check_params "$@" + check_docker_image + build_os_image +} + +main "$@" -##build OS image -docker run -e ALICLOUD_ACCESS_KEY=$ACCESS_KEY -e ALICLOUD_SECRET_KEY=$SECRET_KEY -e REGION=$REGION -e KUBE_VERSION=$KUBE_VERSION \ --e DOCKER_VERSION=$DOCKER_VERSION -v $file_path:$file_path registry.aliyuncs.com/acs/ack-image-builder:v1.0.0 $file_path From b42dc7c07e78e10bbf49f5476f3c4b028d3c0084 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 15:49:32 +0800 Subject: [PATCH 4/8] add ack-optimized-os support for 1.20 k8s cluster --- README.md | 27 +- ...zed-os.json => ack-optimized-os-1.18.json} | 6 +- examples/ack-optimized-os-1.20.json | 41 ++++ ...timized-os.sh => ack-optimized-os-1.18.sh} | 2 +- scripts/ack-optimized-os-1.20.sh | 232 ++++++++++++++++++ 5 files changed, 293 insertions(+), 15 deletions(-) rename examples/{ack-optimized-os.json => ack-optimized-os-1.18.json} (83%) create mode 100644 examples/ack-optimized-os-1.20.json rename scripts/{ack-optimized-os.sh => ack-optimized-os-1.18.sh} (99%) create mode 100755 scripts/ack-optimized-os-1.20.sh diff --git a/README.md b/README.md index 59f957e..68c940a 100644 --- a/README.md +++ b/README.md @@ -15,26 +15,31 @@ You must have [Packer](https://www.packer.io/) installed on your local system. F For more information, see [Alibaba Cloud builder](https://www.packer.io/docs/builders/alicloud-ecs.html) in the Packer documentation. -## Build ACK-Optimized-OS image - -Execute following scripts in your shell - -``` -export ALICLOUD_ACCESS_KEY=XXX -export ALICLOUD_SECRET_KEY=XXX -packer build examples/ack-optimized-os.json -``` - ## Building the OS Image Execute following scripts in your shell ``` +export ALICLOUD_REGION=XXX export ALICLOUD_ACCESS_KEY=XXX export ALICLOUD_SECRET_KEY=XXX -packer build examples/ack-centos.json +packer build examples/ack-aliyunlinux2.json ``` +## Build ACK-Optimized-OS image + +Execute following scripts in your shell + +``` +export RUNTIME=XXX +export ALICLOUD_REGION=XXX +export ALICLOUD_ACCESS_KEY=XXX +export ALICLOUD_SECRET_KEY=XXX +packer build examples/ack-optimized-os-1.20.json +``` +NOTE: `RUNTIME` only support `docker` and `containerd` + + ## RAM Policy If you are using a sub account,the ram policy should at least include actions as below: diff --git a/examples/ack-optimized-os.json b/examples/ack-optimized-os-1.18.json similarity index 83% rename from examples/ack-optimized-os.json rename to examples/ack-optimized-os-1.18.json index ae72ff1..8c6f71c 100644 --- a/examples/ack-optimized-os.json +++ b/examples/ack-optimized-os-1.18.json @@ -1,9 +1,9 @@ { "variables": { - "region": "cn-hangzhou", - "image_name": "ack-optimized_image{{timestamp}}", + "image_name": "ack-optimized_image-1.18-{{timestamp}}", "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", "instance_type": "ecs.g6.large", + "region": "{{env `ALICLOUD_REGION`}}", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, @@ -25,7 +25,7 @@ { "type": "shell", "scripts": [ - "scripts/ack-optimized-os.sh" + "scripts/ack-optimized-os-1.18.sh" ] } ] diff --git a/examples/ack-optimized-os-1.20.json b/examples/ack-optimized-os-1.20.json new file mode 100644 index 0000000..c56c445 --- /dev/null +++ b/examples/ack-optimized-os-1.20.json @@ -0,0 +1,41 @@ +{ + "variables": { + "image_name": "ack-optimized_image-1.20-{{timestamp}}", + "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", + "instance_type": "ecs.g6.large", + "region": "{{env `ALICLOUD_REGION`}}", + "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", + "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}", + "runtime": "{{env `RUNTIME`}}", + "skip_secrutiy_fix": "{{env `SKIP_SECURITY_FIX`}}" + }, + "builders": [ + { + "type": "alicloud-ecs", + "access_key": "{{user `access_key`}}", + "secret_key": "{{user `secret_key`}}", + "region": "{{user `region`}}", + "image_name": "{{user `image_name`}}", + "source_image": "{{user `source_image`}}", + "ssh_username": "root", + "instance_type": "{{user `instance_type`}}", + "skip_image_validation": "true", + "io_optimized": "true" + } + ], + "provisioners": [ + { + "type": "file", + "source": "scripts/ack-optimized-os-1.20.sh", + "destination": "/root/" + }, + { + "type": "shell", + "inline": [ + "export RUNTIME={{user `runtime`}}", + "export SKIP_SECURITY_FIX={{user `skip_secrutiy_fix`}}", + "bash /root/ack-optimized-os-1.20.sh" + ] + } + ] +} diff --git a/scripts/ack-optimized-os.sh b/scripts/ack-optimized-os-1.18.sh similarity index 99% rename from scripts/ack-optimized-os.sh rename to scripts/ack-optimized-os-1.18.sh index 7872ae5..379257e 100755 --- a/scripts/ack-optimized-os.sh +++ b/scripts/ack-optimized-os-1.18.sh @@ -176,4 +176,4 @@ main() { record_k8s_version } -main \ No newline at end of file +main diff --git a/scripts/ack-optimized-os-1.20.sh b/scripts/ack-optimized-os-1.20.sh new file mode 100755 index 0000000..00f96c1 --- /dev/null +++ b/scripts/ack-optimized-os-1.20.sh @@ -0,0 +1,232 @@ +#!/bin/bash + +set -x +set -e + +usage() { + cat >&2 <<-EOF +Usage: + $0 -r RUNTIME [-s] + +Flags: + -r: sepcify container runtime, available value: docker and containerd + -s: skip security upgrade + +Example: + $0 -r docker -s + $0 -r docker + $0 -r containerd -s + $0 -r containerd +EOF + exit 1 +} + +check_params() { + while getopts "r:sh" opt; do + case $opt in + r) RUNTIME="$OPTARG" ; ;; + s) SKIP_SECURITY_FIX="1" ; ;; + h | ?) usage ; ;; + esac + done + + if [[ -z $RUNTIME ]] || [[ $RUNTIME != "docker" && $RUNTIME != "containerd" ]]; then + echo "ERROR: RUNTIME must not be empty, only support 'docker' and 'containerd' " + usage + fi +} + +setup_env() { + export RUNTIME + export OS="AliyunOS" + export RUNTIME_VERSION="1.4.4" + export DOCKER_VERSION="19.03.5" + export CLOUD_TYPE="public" + export KUBE_VERSION="1.20.4-aliyun.1" + export REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id) + export PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/" + export ACK_OPTIMIZED_OS_BUILD=1 + + mkdir -p /root/ack-deploy + cd /root/ack-deploy + +} + +trim_os() { + local pkg_list="acl +aic94xx-firmware +aliyun-cli +alsa-firmware +alsa-lib +alsa-tools-firmware +authconfig +avahi-libs +bind-libs-lite +bind-license +biosdevname +btrfs-progs +cloud +device-mapper-event +device-mapper-event-libs +dmraid +dmraid-events +dosfstools +ed +file +firewalld +firewalld-filesystem +freetype +fxload +GeoIP +geoipupdate +gettext +gettext-libs +glibc-devel +groff-base +hunspell +hunspell-en +hunspell-en-GB +hunspell-en-US +ivtv-firmware +iwl1000-firmware +iwl100-firmware +iwl105-firmware +iwl135-firmware +iwl2000-firmware +iwl2030-firmware +iwl3160-firmware +iwl3945-firmware +iwl4965-firmware +iwl5000-firmware +iwl5150-firmware +iwl6000-firmware +iwl6000g2a-firmware +iwl6000g2b-firmware +iwl6050-firmware +iwl7260-firmware +jansson +kbd +kbd-legacy +kbd-misc +libaio +libdrm +libfastjson +libmpc +libpciaccess +libpng +libreport-filesystem +lm_sensors-libs +lsscsi +lvm2 +m4 +mailx +man-db +mariadb-libs +mdadm +microcode_ctl +mpfr +NetworkManager +NetworkManager-libnm +NetworkManager-team +NetworkManager-tui +patch +perl-Getopt-Long +plymouth +plymouth-scripts +postfix +python3 +python3-libs +python3-pip +python3-setuptools +python-decorator +python-IPy +rng-tools +rsync +rsyslog +sgpio +slang +spax +strace +sysstat +tcpdump +teamd +vim-common +vim-enhanced +vim-filesystem +wl1000-firmware +wpa_supplicant +xfsprogs +" + + yum remove -y $pkg_list + rm -rf /lib/modules/$(uname -r)/kernel/drivers/{media,staging,gpu,usb} + rm -rf /boot/*-rescue-* /boot/*3.10.0* /usr/share/{doc,man} /usr/src +} + +download_pkg() { + curl --retry 4 $PKG_FILE_SERVER/public/pkg/run/run-${KUBE_VERSION}.tar.gz -O + tar -zxvf run-${KUBE_VERSION}.tar.gz +} + +install_pkg() { + ROLE=deploy-nodes pkg/run/$KUBE_VERSION/bin/kubernetes.sh +} + +pull_image() { + if [[ "$RUNTIME" = "docker" ]]; then + systemctl start docker + sleep 10 + + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + else + systemctl start containerd + sleep 10 + + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + fi +} + +update_os_release() { + sed -i "s#LTS#LTS ACK-Optimized-OS#" /etc/image-id +} + +record_k8s_version() { + cat >/etc/ACK-Optimized-OS <<-EOF +kubelet=$KUBE_VERSION +runtime=$RUNTIME +docker=$DOCKER_VERSION +EOF +} + +post_install() { + if [[ $SKIP_SECURITY_FIX ]]; then + touch /var/.skip-security-fix + fi +} + +cleanup() { + rm -rf /root/ack-deploy +} + +main() { + trap 'cleanup' EXIT + + check_params "$@" + setup_env + + trim_os + + download_pkg + install_pkg + + pull_image + update_os_release + record_k8s_version + post_install +} + +main "$@" From e37ae092468c40d96deb6ddb1b0cd94a6cc7c1a5 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 15:58:40 +0800 Subject: [PATCH 5/8] build/build.sh: add params checking --- build/build.sh | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/build/build.sh b/build/build.sh index fabe359..47c927a 100755 --- a/build/build.sh +++ b/build/build.sh @@ -30,6 +30,18 @@ check_params() { fi } +check_env() { + if [[ -z $ALICLOUD_REGION || -z $ALICLOUD_ACCESS_KEY || -z $ALICLOUD_SECRET_KEY ]]; then + echo "ERROR: ALICLOUD_REGION/ALICLOUD_ACCESS_KEY/ALICLOUD_SECRET_KEY must be not empty" + return 1 + fi + + if [[ -z "$RUNTIME" ]]; then + echo "WARN: RUNTIME is empty, will set it 'docker' by default" + RUNTIME="docker" + fi +} + check_docker_image() { if docker inspect registry.aliyuncs.com/acs/ack-image-builder:v1.0.0 &>/dev/null; then : @@ -39,11 +51,17 @@ check_docker_image() { } build_os_image() { - docker run -v $BUILD_TEMPLATE_FILE:$BUILD_TEMPLATE_FILE registry.aliyuncs.com/acs/ack-image-builder:v1.0.0 $file_path + docker run -e ALICLOUD_REGION=$ALICLOUD_REGION \ + -e ALICLOUD_ACCESS_KEY=$ALICLOUD_ACCESS_KEY \ + -e ALICLOUD_SECRET_KEY=$ALICLOUD_SECRET_KEY \ + -e RUNTIME=$RUNTIME \ + -v $BUILD_TEMPLATE_FILE:/scripts/$(basename $BUILD_TEMPLATE_FILE) \ + registry.aliyuncs.com/acs/ack-image-builder:v1.0.0 /scripts/$(basename $BUILD_TEMPLATE_FILE) } main() { check_params "$@" + check_env check_docker_image build_os_image } From 3b9f0985526135045c55b44fafa128ef2da2505e Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 17:34:00 +0800 Subject: [PATCH 6/8] ack-optimized-os: add contianerd support for 1.18 k8s cluster --- examples/ack-optimized-os-1.18.json | 15 ++++- scripts/ack-optimized-os-1.18.sh | 90 +++++++++++++++++++++++------ 2 files changed, 83 insertions(+), 22 deletions(-) diff --git a/examples/ack-optimized-os-1.18.json b/examples/ack-optimized-os-1.18.json index 8c6f71c..b5f5368 100644 --- a/examples/ack-optimized-os-1.18.json +++ b/examples/ack-optimized-os-1.18.json @@ -5,7 +5,9 @@ "instance_type": "ecs.g6.large", "region": "{{env `ALICLOUD_REGION`}}", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", - "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" + "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}", + "runtime": "{{env `RUNTIME`}}", + "skip_secrutiy_fix": "{{env `SKIP_SECURITY_FIX`}}" }, "builders": [ { @@ -22,10 +24,17 @@ } ], "provisioners": [ + { + "type": "file", + "source": "scripts/ack-optimized-os-1.18.sh", + "destination": "/root/" + }, { "type": "shell", - "scripts": [ - "scripts/ack-optimized-os-1.18.sh" + "inline": [ + "export RUNTIME={{user `runtime`}}", + "export SKIP_SECURITY_FIX={{user `skip_secrutiy_fix`}}", + "bash /root/ack-optimized-os-1.18.sh" ] } ] diff --git a/scripts/ack-optimized-os-1.18.sh b/scripts/ack-optimized-os-1.18.sh index 379257e..d751d3d 100755 --- a/scripts/ack-optimized-os-1.18.sh +++ b/scripts/ack-optimized-os-1.18.sh @@ -3,13 +3,50 @@ set -x set -e -SRC_DIR=$(dirname $(readlink -e -v $0)) -OS="AliyunOS" -DOCKER_VERSION="19.03.5" -KUBE_VERSION="1.18.8-aliyun.1" -REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id) -PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/$BETA_VERSION" -ACK_OPTIMIZED_OS_BUILD=1 +usage() { + cat >&2 <<-EOF +Usage: + $0 -r RUNTIME [-s] + +Flags: + -r: sepcify container runtime, available value: docker and containerd + -s: skip security upgrade + +Example: + $0 -r docker -s + $0 -r docker + $0 -r containerd -s + $0 -r containerd +EOF + exit 1 +} + +check_params() { + while getopts "r:sh" opt; do + case $opt in + r) RUNTIME="$OPTARG" ; ;; + s) SKIP_SECURITY_FIX="1" ; ;; + h | ?) usage ; ;; + esac + done + + if [[ -z $RUNTIME ]] || [[ $RUNTIME != "docker" && $RUNTIME != "containerd" ]]; then + echo "ERROR: RUNTIME must not be empty, only support 'docker' and 'containerd' " + usage + fi +} + +setup_env() { + export RUNTIME + export OS="AliyunOS" + export RUNTIME_VERSION="1.4.4" + export DOCKER_VERSION="19.03.5" + export KUBE_VERSION="1.18.8-aliyun.1" + export REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id) + export PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/$BETA_VERSION" + export ACK_OPTIMIZED_OS_BUILD=1 +} + download_pkg() { curl --retry 4 $PKG_FILE_SERVER/public/pkg/run/run-${KUBE_VERSION}.tar.gz -O @@ -130,21 +167,27 @@ wl1000-firmware wpa_supplicant xfsprogs " - for pkg in $pkg_list; do - yum remove -y $pkg - done - + yum remove -y $pkg_list rm -rf /lib/modules/$(uname -r)/kernel/drivers/{media,staging,gpu,usb} rm -rf /boot/*-rescue-* /boot/*3.10.0* /usr/share/{doc,man} /usr/src } pull_image() { - systemctl start docker - sleep 3 + if [[ "$RUNTIME" = "docker" ]]; then + systemctl start docker + sleep 10 - docker pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} - docker pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 - docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + else + systemctl start containerd + sleep 10 + + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + fi } update_os_release() { @@ -158,6 +201,12 @@ docker=$DOCKER_VERSION EOF } +post_install() { + if [[ $SKIP_SECURITY_FIX ]]; then + touch /var/.skip-security-fix + fi +} + cleanup() { rm -rf ./{addon*,docker*,kubernetes*,pkg,run*} } @@ -165,10 +214,13 @@ cleanup() { main() { trap 'cleanup' EXIT - download_pkg - source_file + check_params "$@" + setup_env trim_os + + download_pkg + source_file install_pkg pull_image @@ -176,4 +228,4 @@ main() { record_k8s_version } -main +main "$@" From da95fdf48f48d66c48b23a42c4a8f5437fbe14a8 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Wed, 7 Apr 2021 17:39:05 +0800 Subject: [PATCH 7/8] update ecs type --- README.md | 4 ++-- examples/ack-aliyunlinux2.json | 2 +- examples/ack-centos-using-existing-vpc-vswitch.json | 2 +- examples/ack-centos.json | 2 +- examples/ack-optimized-os-1.18.json | 2 +- examples/ack-optimized-os-1.20.json | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 68c940a..6234fac 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ This repository contains resources and configuration scripts for building a cust ## Supported OS -* CentOS 7.6/7.7/7.8/7.9 * Aliyun Linux 2 (Alibaba Cloud Linux 2) +* CentOS 7.6/7.7/7.8/7.9 ## Setup @@ -35,7 +35,7 @@ export RUNTIME=XXX export ALICLOUD_REGION=XXX export ALICLOUD_ACCESS_KEY=XXX export ALICLOUD_SECRET_KEY=XXX -packer build examples/ack-optimized-os-1.20.json +packer build examples/ack-optimized-os-1.18.json ``` NOTE: `RUNTIME` only support `docker` and `containerd` diff --git a/examples/ack-aliyunlinux2.json b/examples/ack-aliyunlinux2.json index 0ac1fd0..76fc160 100644 --- a/examples/ack-aliyunlinux2.json +++ b/examples/ack-aliyunlinux2.json @@ -3,7 +3,7 @@ "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", - "instance_type": "ecs.g6.large", + "instance_type": "ecs.g6.2xlarge", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, diff --git a/examples/ack-centos-using-existing-vpc-vswitch.json b/examples/ack-centos-using-existing-vpc-vswitch.json index dcd3ed9..0f8454f 100644 --- a/examples/ack-centos-using-existing-vpc-vswitch.json +++ b/examples/ack-centos-using-existing-vpc-vswitch.json @@ -3,7 +3,7 @@ "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", "source_image": "centos_7_9_x64_20G_alibase_20210128.vhd", - "instance_type": "ecs.g6.large", + "instance_type": "ecs.g6.2xlarge", "vpc_id": "vpc-xxxxxx", "vswitch_id": "vsw-xxxxxx", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", diff --git a/examples/ack-centos.json b/examples/ack-centos.json index 5a79efc..8abe0ab 100644 --- a/examples/ack-centos.json +++ b/examples/ack-centos.json @@ -3,7 +3,7 @@ "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", "source_image": "centos_7_9_x64_20G_alibase_20210128.vhd", - "instance_type": "ecs.g6.large", + "instance_type": "ecs.g6.2xlarge", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, diff --git a/examples/ack-optimized-os-1.18.json b/examples/ack-optimized-os-1.18.json index b5f5368..5dfa5cd 100644 --- a/examples/ack-optimized-os-1.18.json +++ b/examples/ack-optimized-os-1.18.json @@ -2,7 +2,7 @@ "variables": { "image_name": "ack-optimized_image-1.18-{{timestamp}}", "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", - "instance_type": "ecs.g6.large", + "instance_type": "ecs.g6.2xlarge", "region": "{{env `ALICLOUD_REGION`}}", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}", diff --git a/examples/ack-optimized-os-1.20.json b/examples/ack-optimized-os-1.20.json index c56c445..afee1bb 100644 --- a/examples/ack-optimized-os-1.20.json +++ b/examples/ack-optimized-os-1.20.json @@ -2,7 +2,7 @@ "variables": { "image_name": "ack-optimized_image-1.20-{{timestamp}}", "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", - "instance_type": "ecs.g6.large", + "instance_type": "ecs.g6.2xlarge", "region": "{{env `ALICLOUD_REGION`}}", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}", From 1ab793a7d09aca0a075f281f83f56eeb2fa94856 Mon Sep 17 00:00:00 2001 From: Yilong Ren Date: Thu, 8 Apr 2021 21:35:38 +0800 Subject: [PATCH 8/8] ack-optimized-os-1.20.sh: update coredns to 1.7.0 --- scripts/ack-optimized-os-1.20.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ack-optimized-os-1.20.sh b/scripts/ack-optimized-os-1.20.sh index 00f96c1..62ff711 100755 --- a/scripts/ack-optimized-os-1.20.sh +++ b/scripts/ack-optimized-os-1.20.sh @@ -179,14 +179,14 @@ pull_image() { docker pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} docker pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 - docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.7.0 else systemctl start containerd sleep 10 ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2 - ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7 + ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.7.0 fi }