diff --git a/README.md b/README.md index 4c0b52b..5f8c496 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ This repository contains resources and configuration scripts for building a cust ## Supported OS -* Aliyun Linux 2 (Alibaba Cloud Linux 2) -* Aliyun Linux 3 (Alibaba Cloud Linux 3) -* CentOS 7.6/7.7/7.8/7.9 +* Alibaba Cloud Linux 3 +* Alibaba Cloud Linux 2 - deprecated +* CentOS 7.6/7.7/7.8/7.9 - deprecated * Red Hat Enterprise Linux 9 * Anolis OS 8 @@ -27,7 +27,7 @@ Execute following scripts in your shell export ALICLOUD_REGION=XXX export ALICLOUD_ACCESS_KEY=XXX export ALICLOUD_SECRET_KEY=XXX -packer build examples/ack-aliyunlinux2.json +packer build examples/ack-aliyunlinux3.json ``` ## Build ACK-Optimized-OS image @@ -46,8 +46,8 @@ NOTE: `RUNTIME` only support `docker` and `containerd` ```shell { "variables": { - "image_name": "ack-optimized_image-1.20-{{timestamp}}", - "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", + "image_name": "ack-optimized_image-1.28-{{timestamp}}", + "source_image": "aliyun_3_9_x64_20G_alibase_20231219.vhd", "instance_type": "ecs.gn6i-c4g1.xlarge", "region": "{{env `ALICLOUD_REGION`}}", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", @@ -84,7 +84,7 @@ NOTE: `RUNTIME` only support `docker` and `containerd` "export PRESET_GPU=true", # If you want to download gpu, set PRESET_GPU to true and also set instance_type to gpu instance, supports version 1.20+. "export NVIDIA_DRIVER_VERSION=460.106.00", # You can set the gpu version, default is 460.91.03 "export KEEP_IMAGE_DATA=true", # If you cache images, you must set KEEP_IMAGE_DATA to true - "export KUBE_VERSION=1.26.3-aliyun.1", # Set KUBE_VERSION according to your cluster version + "export KUBE_VERSION=1.28.9-aliyun.1", # Set KUBE_VERSION according to your cluster version "bash /root/ack-optimized-os-all.sh", "ctr -n k8s.io i pull docker.io/library/nginx:1.7.9" # You can cache images into OS image ] diff --git a/examples/ack-optimized-os-all.json b/examples/ack-optimized-os-all.json index f8be12a..336e571 100644 --- a/examples/ack-optimized-os-all.json +++ b/examples/ack-optimized-os-all.json @@ -1,7 +1,7 @@ { "variables": { - "image_name": "ack-optimized_image-1.20-{{timestamp}}", - "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd", + "image_name": "ack-optimized_image-1.28-{{timestamp}}", + "source_image": "aliyun_3_9_x64_20G_alibase_20231219.vhd", "instance_type": "ecs.gn6i-c4g1.xlarge", "region": "{{env `ALICLOUD_REGION`}}", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", @@ -38,7 +38,7 @@ "export PRESET_GPU=true", "export NVIDIA_DRIVER_VERSION=460.106.00", "export KEEP_IMAGE_DATA=true", - "export KUBE_VERSION=1.26.3-aliyun.1", + "export KUBE_VERSION=1.28.9-aliyun.1", "bash /root/ack-optimized-os-all.sh", "ctr -n k8s.io i pull docker.io/library/nginx:1.7.9" ] diff --git a/scripts/ack-optimized-os-1.16.sh b/scripts/ack-optimized-os-1.16.sh deleted file mode 100644 index 7685f46..0000000 --- a/scripts/ack-optimized-os-1.16.sh +++ /dev/null @@ -1,229 +0,0 @@ -#!/bin/bash - -set -x -set -e - -usage() { - cat >&2 <<-EOF -Usage: - $0 -r RUNTIME [-s] - -Flags: - -r: sepcify container runtime, available value: docker and containerd - -s: skip security upgrade - -Example: - $0 -r docker -s - $0 -r docker - $0 -r containerd -s - $0 -r containerd -EOF - exit 1 -} - -check_params() { - while getopts "r:sh" opt; do - case $opt in - r) RUNTIME="$OPTARG" ; ;; - s) SKIP_SECURITY_FIX="1" ; ;; - h | ?) usage ; ;; - esac - done - - if [[ -z $RUNTIME ]] || [[ $RUNTIME != "docker" && $RUNTIME != "containerd" ]]; then - echo "ERROR: RUNTIME must not be empty, only support 'docker' and 'containerd' " - usage - fi -} - -setup_env() { - export RUNTIME - export OS="AliyunOS" - export RUNTIME_VERSION="1.5.10" - export DOCKER_VERSION="19.03.5" - export KUBE_VERSION="1.16.9-aliyun.1" - export REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id) - export PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/$BETA_VERSION" - export ACK_OPTIMIZED_OS_BUILD=1 -} - - -download_pkg() { - curl --retry 4 $PKG_FILE_SERVER/public/pkg/run/run-${KUBE_VERSION}.tar.gz -O - tar -xvf run-${KUBE_VERSION}.tar.gz -} - -source_file() { - - source pkg/run/$KUBE_VERSION/kubernetes.sh --role source -} - -install_pkg() { - public::common::sync_ntpd - public::common::install_package -} - -trim_os() { - local pkg_list="acl -aic94xx-firmware -aliyun-cli -alsa-firmware -alsa-lib -alsa-tools-firmware -authconfig -avahi-libs -bind-libs-lite -bind-license -biosdevname -btrfs-progs -cloud -device-mapper-event -device-mapper-event-libs -dmraid -dmraid-events -dosfstools -ed -file -firewalld -firewalld-filesystem -freetype -fxload -GeoIP -geoipupdate -gettext -gettext-libs -glibc-devel -hunspell -hunspell-en -hunspell-en-GB -hunspell-en-US -ivtv-firmware -iwl1000-firmware -iwl100-firmware -iwl105-firmware -iwl135-firmware -iwl2000-firmware -iwl2030-firmware -iwl3160-firmware -iwl3945-firmware -iwl4965-firmware -iwl5000-firmware -iwl5150-firmware -iwl6000-firmware -iwl6000g2a-firmware -iwl6000g2b-firmware -iwl6050-firmware -iwl7260-firmware -jansson -kbd -kbd-legacy -kbd-misc -libaio -libdrm -libmpc -libpciaccess -libpng -libreport-filesystem -lm_sensors-libs -lsscsi -lvm2 -m4 -mailx -man-db -mariadb-libs -mdadm -microcode_ctl -mpfr -NetworkManager -NetworkManager-libnm -NetworkManager-team -NetworkManager-tui -patch -plymouth -plymouth-scripts -postfix -python3 -python3-libs -python3-pip -python3-setuptools -python-decorator -python-IPy -rng-tools -rsync -sgpio -slang -spax -strace -sysstat -tcpdump -teamd -vim-common -vim-enhanced -vim-filesystem -wl1000-firmware -wpa_supplicant -xfsprogs -" - yum remove -y $pkg_list - rm -rf /lib/modules/$(uname -r)/kernel/drivers/{media,staging,gpu,usb} - rm -rf /boot/*-rescue-* /boot/*3.10.0* /usr/share/{doc,man} /usr/src -} - -pull_image() { - if [[ "$RUNTIME" = "docker" ]]; then - systemctl start docker - sleep 10 - - docker pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} - docker pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/pause:3.2 - else - systemctl start containerd - sleep 10 - - ctr -n k8s.io i pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} - ctr -n k8s.io i pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/pause:3.2 - fi -} - -update_os_release() { - if [[ ! -f /etc/image-id ]]; then - touch /etc/image-id - fi - echo "custom_tag:ACK-Optimized-OS" >> /etc/image-id -} - -record_k8s_version() { - cat > /etc/ACK-Optimized-OS <<-EOF -kubelet=$KUBE_VERSION -docker=$DOCKER_VERSION -EOF -} - -post_install() { - if [[ $SKIP_SECURITY_FIX ]]; then - touch /var/.skip-security-fix - fi -} - -cleanup() { - rm -rf ./{addon*,docker*,kubernetes*,pkg,run*} -} - -main() { - trap 'cleanup' EXIT - - check_params "$@" - setup_env - - trim_os - - download_pkg - source_file - install_pkg - - pull_image - update_os_release - record_k8s_version -} - -main "$@" diff --git a/scripts/ack-optimized-os-1.20.sh b/scripts/ack-optimized-os-1.20.sh deleted file mode 100755 index 69910a7..0000000 --- a/scripts/ack-optimized-os-1.20.sh +++ /dev/null @@ -1,275 +0,0 @@ -#!/bin/bash - -set -x -set -e - -usage() { - cat >&2 <<-EOF -Usage: - $0 -r RUNTIME [-s] - -Flags: - -r: sepcify container runtime, available value: docker and containerd - -s: skip security upgrade - -Example: - $0 -r docker -s - $0 -r docker - $0 -r containerd -s - $0 -r containerd -EOF - exit 1 -} - -check_params() { - while getopts "r:sh" opt; do - case $opt in - r) RUNTIME="$OPTARG" ; ;; - s) SKIP_SECURITY_FIX="1" ; ;; - h | ?) usage ; ;; - esac - done - - if [[ -z $RUNTIME ]] || [[ $RUNTIME != "docker" && $RUNTIME != "containerd" ]]; then - echo "ERROR: RUNTIME must not be empty, only support 'docker' and 'containerd' " - usage - fi -} - -setup_env() { - export RUNTIME - export OS="AliyunOS" - export CLOUD_TYPE="public" - export KUBE_VERSION="1.20.11-aliyun.1" - export REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id) - export PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/" - export ACK_OPTIMIZED_OS_BUILD=1 - - if [[ "$RUNTIME" = "docker" ]]; then - RUNTIME_VERSION=${RUNTIME_VERSION:-19.03.15} - export RUNTIME_VERSION - DOCKER_VERSION=${RUNTIME_VERSION:-19.03.15} - export DOCKER_VERSION - else - RUNTIME_VERSION=${RUNTIME_VERSION:-1.5.13} - export RUNTIME_VERSION - fi - - # setup k8s pull image prefix - if [[ -z "$KUBE_REPO_PREFIX" && -n "$REGION" ]]; then - export KUBE_REPO_PREFIX=registry-vpc.$REGION.aliyuncs.com/acs - fi -} - -trim_os() { - local pkg_list="acl -aic94xx-firmware -aliyun-cli -alsa-firmware -alsa-lib -alsa-tools-firmware -authconfig -avahi-libs -bind-libs-lite -bind-license -biosdevname -btrfs-progs -cloud -device-mapper-event -device-mapper-event-libs -dmraid -dmraid-events -dosfstools -ed -file -firewalld -firewalld-filesystem -freetype -fxload -GeoIP -geoipupdate -gettext -gettext-libs -glibc-devel -hunspell -hunspell-en -hunspell-en-GB -hunspell-en-US -ivtv-firmware -iwl1000-firmware -iwl100-firmware -iwl105-firmware -iwl135-firmware -iwl2000-firmware -iwl2030-firmware -iwl3160-firmware -iwl3945-firmware -iwl4965-firmware -iwl5000-firmware -iwl5150-firmware -iwl6000-firmware -iwl6000g2a-firmware -iwl6000g2b-firmware -iwl6050-firmware -iwl7260-firmware -jansson -kbd -kbd-legacy -kbd-misc -libaio -libdrm -libmpc -libpciaccess -libpng -libreport-filesystem -lm_sensors-libs -lsscsi -lvm2 -m4 -mailx -man-db -mariadb-libs -mdadm -microcode_ctl -mpfr -NetworkManager -NetworkManager-libnm -NetworkManager-team -NetworkManager-tui -patch -plymouth -plymouth-scripts -postfix -python3 -python3-libs -python3-pip -python3-setuptools -python-decorator -python-IPy -rng-tools -rsync -sgpio -slang -spax -strace -sysstat -tcpdump -teamd -vim-common -vim-enhanced -vim-filesystem -wl1000-firmware -wpa_supplicant -xfsprogs -" - - yum remove -y $pkg_list - rm -rf /lib/modules/$(uname -r)/kernel/drivers/{media,staging,gpu,usb} - rm -rf /boot/*-rescue-* /boot/*3.10.0* /usr/share/{doc,man} /usr/src -} - -download_pkg() { - export RELEASE_VERSION=$(echo $KUBE_VERSION | awk -F. '{print $1"."$2}') - curl --retry 4 $PKG_FILE_SERVER/public/pkg/run/run-${RELEASE_VERSION}-linux-${OS_ARCH}.tar.gz -O - tar -xvf run-${RELEASE_VERSION}-linux-${OS_ARCH}.tar.gz -} - - -source_file() { - ROLE=deploy-nodes pkg/run/$RELEASE_VERSION/bin/kubernetes.sh -} - -preset_gpu() { - if [[ "$PRESET_GPU" == "true" ]]; then - for file_name in $(ls pkg/run/$RELEASE_VERSION/lib | grep -v init.sh); do - source pkg/run/$RELEASE_VERSION/lib/$file_name - done - - if [[ $NVIDIA_DRIVER_VERSION == "" ]];then - export NVIDIA_DRIVER_VERSION=460.91.03 - fi - - nvidia::create_dir - # --nvidia-driver-runfile 指定驱动文件路径 - nvidia::prepare_driver_package - # --nvidia-container-toolkit-rpms 指定nvidia container toolkit包含的rpm包所在目录 - nvidia::prepare_container_runtime_package - # --nvidia-fabricmanager-rpm 指定nvidia fabric manager安装包(rpm格式)路径 - nvidia::prepare_driver_package - # --nvidia-device-plugin-yaml 指定nvidia device plugin yaml文件路径 - nvidia::deploy_static_pod - - if [[ $RUNTIME == "docker" ]];then - export SKIP_CONTAINER_RUNTIME_CONFIG=true - fi - - nvidia::gpu::installer::main - fi -} - -pull_image() { - if [[ "$RUNTIME" = "docker" ]]; then - systemctl start docker - sleep 10 - - docker pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} - docker pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/pause:3.5 - else - systemctl start containerd - sleep 10 - - ctr -n k8s.io i pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION} - ctr -n k8s.io i pull registry-${REGION}-vpc.ack.aliyuncs.com/acs/pause:3.5 - fi -} - -update_os_release() { - if [[ ! -f /etc/image-id ]]; then - touch /etc/image-id - fi - echo "custom_tag:ACK-Optimized-OS" >> /etc/image-id -} - -record_k8s_version() { - cat >/etc/ACK-Optimized-OS <<-EOF -kubelet=$KUBE_VERSION -runtime=$RUNTIME -docker=$DOCKER_VERSION -EOF -} - -post_install() { - if [[ $SKIP_SECURITY_FIX ]]; then - touch /var/.skip-security-fix - fi -} - -keep_container_data() { - if [[ "$KEEP_IMAGE_DATA" = "true" ]]; then - touch /var/.keep-container-data - fi -} - -cleanup() { - rm -rf /root/ack-deploy -} - -main() { - trap 'cleanup' EXIT - - check_params "$@" - setup_env - - trim_os - - download_pkg - source_file - preset_gpu - pull_image - keep_container_data - update_os_release - record_k8s_version - post_install -} - -main "$@"