From b42dc7c07e78e10bbf49f5476f3c4b028d3c0084 Mon Sep 17 00:00:00 2001
From: Yilong Ren <yilong.ryl@alibaba-inc.com>
Date: Wed, 7 Apr 2021 15:49:32 +0800
Subject: [PATCH] add ack-optimized-os support for 1.20 k8s cluster

---
 README.md                                     |  27 +-
 ...zed-os.json => ack-optimized-os-1.18.json} |   6 +-
 examples/ack-optimized-os-1.20.json           |  41 ++++
 ...timized-os.sh => ack-optimized-os-1.18.sh} |   2 +-
 scripts/ack-optimized-os-1.20.sh              | 232 ++++++++++++++++++
 5 files changed, 293 insertions(+), 15 deletions(-)
 rename examples/{ack-optimized-os.json => ack-optimized-os-1.18.json} (83%)
 create mode 100644 examples/ack-optimized-os-1.20.json
 rename scripts/{ack-optimized-os.sh => ack-optimized-os-1.18.sh} (99%)
 create mode 100755 scripts/ack-optimized-os-1.20.sh

diff --git a/README.md b/README.md
index 59f957e..68c940a 100644
--- a/README.md
+++ b/README.md
@@ -15,26 +15,31 @@ You must have [Packer](https://www.packer.io/) installed on your local system. F
 
 For more information, see [Alibaba Cloud builder](https://www.packer.io/docs/builders/alicloud-ecs.html) in the Packer documentation.
 
-## Build ACK-Optimized-OS image
-
-Execute following scripts in your shell
-
-```
-export ALICLOUD_ACCESS_KEY=XXX
-export ALICLOUD_SECRET_KEY=XXX
-packer build examples/ack-optimized-os.json
-```
-
 ## Building the OS Image
 
 Execute following scripts in your shell
 
 ```
+export ALICLOUD_REGION=XXX
 export ALICLOUD_ACCESS_KEY=XXX
 export ALICLOUD_SECRET_KEY=XXX
-packer build examples/ack-centos.json
+packer build examples/ack-aliyunlinux2.json
 ```
 
+## Build ACK-Optimized-OS image
+
+Execute following scripts in your shell
+
+```
+export RUNTIME=XXX
+export ALICLOUD_REGION=XXX
+export ALICLOUD_ACCESS_KEY=XXX
+export ALICLOUD_SECRET_KEY=XXX
+packer build examples/ack-optimized-os-1.20.json
+```
+NOTE: `RUNTIME` only support `docker` and `containerd`
+
+
 ## RAM Policy
 
 If you are using a sub account，the ram policy should at least include actions as below:
diff --git a/examples/ack-optimized-os.json b/examples/ack-optimized-os-1.18.json
similarity index 83%
rename from examples/ack-optimized-os.json
rename to examples/ack-optimized-os-1.18.json
index ae72ff1..8c6f71c 100644
--- a/examples/ack-optimized-os.json
+++ b/examples/ack-optimized-os-1.18.json
@@ -1,9 +1,9 @@
 {
   "variables": {
-    "region": "cn-hangzhou",
-    "image_name": "ack-optimized_image{{timestamp}}",
+    "image_name": "ack-optimized_image-1.18-{{timestamp}}",
     "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd",
     "instance_type": "ecs.g6.large",
+    "region": "{{env `ALICLOUD_REGION`}}",
     "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
     "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
   },
@@ -25,7 +25,7 @@
     {
       "type": "shell",
       "scripts": [
-          "scripts/ack-optimized-os.sh"
+          "scripts/ack-optimized-os-1.18.sh"
       ]
     }
   ]
diff --git a/examples/ack-optimized-os-1.20.json b/examples/ack-optimized-os-1.20.json
new file mode 100644
index 0000000..c56c445
--- /dev/null
+++ b/examples/ack-optimized-os-1.20.json
@@ -0,0 +1,41 @@
+{
+  "variables": {
+    "image_name": "ack-optimized_image-1.20-{{timestamp}}",
+    "source_image": "aliyun_2_1903_x64_20G_alibase_20210120.vhd",
+    "instance_type": "ecs.g6.large",
+    "region": "{{env `ALICLOUD_REGION`}}",
+    "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
+    "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}",
+    "runtime": "{{env `RUNTIME`}}",
+    "skip_secrutiy_fix": "{{env `SKIP_SECURITY_FIX`}}"
+  },
+  "builders": [
+    {
+      "type": "alicloud-ecs",
+      "access_key": "{{user `access_key`}}",
+      "secret_key": "{{user `secret_key`}}",
+      "region": "{{user `region`}}",
+      "image_name": "{{user `image_name`}}",
+      "source_image": "{{user `source_image`}}",
+      "ssh_username": "root",
+      "instance_type": "{{user `instance_type`}}",
+      "skip_image_validation": "true",
+      "io_optimized": "true"
+    }
+  ],
+  "provisioners": [
+    {
+      "type": "file",
+      "source": "scripts/ack-optimized-os-1.20.sh",
+      "destination": "/root/"
+    },
+    {
+      "type": "shell",
+      "inline": [
+        "export RUNTIME={{user `runtime`}}",
+        "export SKIP_SECURITY_FIX={{user `skip_secrutiy_fix`}}",
+        "bash /root/ack-optimized-os-1.20.sh"
+      ]
+    }
+  ]
+}
diff --git a/scripts/ack-optimized-os.sh b/scripts/ack-optimized-os-1.18.sh
similarity index 99%
rename from scripts/ack-optimized-os.sh
rename to scripts/ack-optimized-os-1.18.sh
index 7872ae5..379257e 100755
--- a/scripts/ack-optimized-os.sh
+++ b/scripts/ack-optimized-os-1.18.sh
@@ -176,4 +176,4 @@ main() {
     record_k8s_version
 }
 
-main
\ No newline at end of file
+main
diff --git a/scripts/ack-optimized-os-1.20.sh b/scripts/ack-optimized-os-1.20.sh
new file mode 100755
index 0000000..00f96c1
--- /dev/null
+++ b/scripts/ack-optimized-os-1.20.sh
@@ -0,0 +1,232 @@
+#!/bin/bash
+
+set -x
+set -e
+
+usage() {
+    cat >&2 <<-EOF
+Usage:
+    $0 -r RUNTIME [-s]
+
+Flags:
+    -r: sepcify container runtime, available value: docker and containerd
+    -s: skip security upgrade
+
+Example:
+    $0 -r docker -s
+    $0 -r docker
+    $0 -r containerd -s
+    $0 -r containerd
+EOF
+    exit 1
+}
+
+check_params() {
+    while getopts "r:sh" opt; do
+        case $opt in
+        r) RUNTIME="$OPTARG" ; ;;
+        s) SKIP_SECURITY_FIX="1" ; ;;
+        h | ?) usage ; ;;
+        esac
+    done
+
+    if [[ -z $RUNTIME ]] || [[ $RUNTIME != "docker" && $RUNTIME != "containerd" ]]; then
+        echo "ERROR: RUNTIME must not be empty, only support 'docker' and 'containerd' "
+        usage
+    fi
+}
+
+setup_env() {
+    export RUNTIME
+    export OS="AliyunOS"
+    export RUNTIME_VERSION="1.4.4"
+    export DOCKER_VERSION="19.03.5"
+    export CLOUD_TYPE="public"
+    export KUBE_VERSION="1.20.4-aliyun.1"
+    export REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id)
+    export PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/"
+    export ACK_OPTIMIZED_OS_BUILD=1
+
+    mkdir -p /root/ack-deploy
+    cd /root/ack-deploy
+
+}
+
+trim_os() {
+    local pkg_list="acl
+aic94xx-firmware
+aliyun-cli
+alsa-firmware
+alsa-lib
+alsa-tools-firmware
+authconfig
+avahi-libs
+bind-libs-lite
+bind-license
+biosdevname
+btrfs-progs
+cloud
+device-mapper-event
+device-mapper-event-libs
+dmraid
+dmraid-events
+dosfstools
+ed
+file
+firewalld
+firewalld-filesystem
+freetype
+fxload
+GeoIP
+geoipupdate
+gettext
+gettext-libs
+glibc-devel
+groff-base
+hunspell
+hunspell-en
+hunspell-en-GB
+hunspell-en-US
+ivtv-firmware
+iwl1000-firmware
+iwl100-firmware
+iwl105-firmware
+iwl135-firmware
+iwl2000-firmware
+iwl2030-firmware
+iwl3160-firmware
+iwl3945-firmware
+iwl4965-firmware
+iwl5000-firmware
+iwl5150-firmware
+iwl6000-firmware
+iwl6000g2a-firmware
+iwl6000g2b-firmware
+iwl6050-firmware
+iwl7260-firmware
+jansson
+kbd
+kbd-legacy
+kbd-misc
+libaio
+libdrm
+libfastjson
+libmpc
+libpciaccess
+libpng
+libreport-filesystem
+lm_sensors-libs
+lsscsi
+lvm2
+m4
+mailx
+man-db
+mariadb-libs
+mdadm
+microcode_ctl
+mpfr
+NetworkManager
+NetworkManager-libnm
+NetworkManager-team
+NetworkManager-tui
+patch
+perl-Getopt-Long
+plymouth
+plymouth-scripts
+postfix
+python3
+python3-libs
+python3-pip
+python3-setuptools
+python-decorator
+python-IPy
+rng-tools
+rsync
+rsyslog
+sgpio
+slang
+spax
+strace
+sysstat
+tcpdump
+teamd
+vim-common
+vim-enhanced
+vim-filesystem
+wl1000-firmware
+wpa_supplicant
+xfsprogs
+"
+
+    yum remove -y $pkg_list
+    rm -rf /lib/modules/$(uname -r)/kernel/drivers/{media,staging,gpu,usb}
+    rm -rf /boot/*-rescue-* /boot/*3.10.0* /usr/share/{doc,man} /usr/src
+}
+
+download_pkg() {
+    curl --retry 4 $PKG_FILE_SERVER/public/pkg/run/run-${KUBE_VERSION}.tar.gz -O
+    tar -zxvf run-${KUBE_VERSION}.tar.gz
+}
+
+install_pkg() {
+    ROLE=deploy-nodes pkg/run/$KUBE_VERSION/bin/kubernetes.sh
+}
+
+pull_image() {
+    if [[ "$RUNTIME" = "docker" ]]; then
+        systemctl start docker
+        sleep 10
+
+        docker pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION}
+        docker pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2
+        docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7
+    else
+        systemctl start containerd
+        sleep 10
+
+        ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION}
+        ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2
+        ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7
+    fi
+}
+
+update_os_release() {
+    sed -i "s#LTS#LTS ACK-Optimized-OS#" /etc/image-id
+}
+
+record_k8s_version() {
+    cat >/etc/ACK-Optimized-OS <<-EOF
+kubelet=$KUBE_VERSION
+runtime=$RUNTIME
+docker=$DOCKER_VERSION
+EOF
+}
+
+post_install() {
+    if [[ $SKIP_SECURITY_FIX ]]; then
+        touch /var/.skip-security-fix
+    fi
+}
+
+cleanup() {
+    rm -rf /root/ack-deploy
+}
+
+main() {
+    trap 'cleanup' EXIT
+
+    check_params "$@"
+    setup_env
+
+    trim_os
+
+    download_pkg
+    install_pkg
+
+    pull_image
+    update_os_release
+    record_k8s_version
+    post_install
+}
+
+main "$@"