Last active
November 23, 2019 16:18
-
-
Save hydrz/5ede1ed500ac3d48f26ae912c79c674a to your computer and use it in GitHub Desktop.
Kubernetes 安装脚本
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
# docker 配置 | |
: ${DOCKER_VERSION:="18.09"} | |
: ${DOCKER_CHANNEL:="stable"} | |
# k8s 配置 | |
: ${TAINT_NODES:="false"} | |
: ${K8S_VERSION:="1.15"} | |
: ${ADVERTISE_ADDRESS:="0.0.0.0"} | |
: ${CLUSTER_DOMAIN:="cluster.local"} | |
: ${CLUSTER_CIDR:="192.168.240.0/24"} | |
: ${SERVICE_CIDR:="192.168.241.0/24"} | |
# helm 配置 | |
: ${INSTALL_HELM:="true"} | |
: ${HELM_DOWNLOAD_URL:="https://mirrors.huaweicloud.com/helm"} | |
: ${HELM_VERSION:="v2.16.1"} | |
: ${HELM_STABLE_REPO_URL:="https://mirror.azure.cn/kubernetes/charts/"} | |
: ${HELM_BIN_INSTALL_DIR:="/usr/local/bin"} | |
# 扩展 | |
: ${INSTALL_OPENEBS:="false"} | |
: ${INSTALL_METALLB:="false"} | |
: ${INSTALL_KUBESPHERE:="false"} | |
# 阿里云配置(用于使用负载均衡) | |
: ${INSTALL_ALIYUN_CLOUD:="false"} | |
: ${ACCESS_KEY_ID:=""} | |
: ${ACCESS_KEY_SECRET:=""} | |
# 常量 | |
TMP_ROOT="$(mktemp -dt k8s-installer-XXXXXX)" | |
# 安装 Docker | |
install_docker() { | |
info "install_docker..." | |
curl -fsSL https://get.daocloud.io/docker | sed "s/sleep 20/sleep 3/" | VERSION=${DOCKER_VERSION} bash -s docker --mirror Aliyun | |
## Create /etc/docker directory. | |
run_as_root 'mkdir -p /etc/docker' | |
# Setup daemon. | |
run_as_root 'cat <<-EOF >/etc/docker/daemon.json | |
{ | |
"exec-opts": ["native.cgroupdriver=systemd"], | |
"log-driver": "json-file", | |
"log-opts": { | |
"max-size": "100m" | |
}, | |
"storage-driver": "overlay2", | |
"registry-mirrors": [ | |
"https://2q2p53i3.mirror.aliyuncs.com", | |
"https://053f3ac1058010d30f08c00ec2aca420.mirror.swr.myhuaweicloud.com" | |
] | |
} | |
EOF' | |
run_as_root 'mkdir -p /etc/systemd/system/docker.service.d' | |
# docker_as_nonroot | |
run_as_root 'usermod -aG docker $(id -un 2>/dev/null || true)' | |
# Restart | |
run_as_root 'systemctl daemon-reload' | |
run_as_root 'systemctl enable docker' | |
run_as_root 'systemctl restart docker' | |
} | |
# 安装 kubelet kubeadm kubectl | |
install_k8s_base() { | |
info "install kubelet kubeadm kubectl..." | |
run_as_root '/sbin/swapoff -a' | |
case "${LSB_DIST}" in | |
ubuntu | debian | raspbian) | |
apt_repo="deb [arch=${ARCH}] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | |
( | |
run_as_root "curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - " | |
run_as_root "echo $apt_repo >/etc/apt/sources.list.d/kubernetes.list" | |
run_as_root 'apt-get update' | |
) | |
local pkg_version="" | |
if [ -n "${K8S_VERSION}" ]; then | |
local pkg_pattern="$(echo "${K8S_VERSION}" | sed "s/-/.*/g").*-00" | |
local search_command="apt-cache madison 'kubeadm' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" | |
pkg_version="$(run_as_root "$search_command")" | |
info "Searching repository for K8S_VERSION '${K8S_VERSION}'" | |
info "$search_command" | |
if [ -z "$pkg_version" ]; then | |
fatal "'${K8S_VERSION}' not found amongst apt-cache madison results" | |
fi | |
fi | |
run_as_root "apt-get install -y --no-install-recommends kubelet=$pkg_version kubeadm=$pkg_version kubectl=$pkg_version" | |
;; | |
centos | fedora) | |
if [ "${LSB_DIST}" = "fedora" ]; then | |
local pkg_manager="dnf" | |
local config_manager="dnf config-manager" | |
else | |
local pkg_manager="yum" | |
local config_manager="yum-config-manager" | |
fi | |
run_as_root "cat <<-EOF >/etc/yum.repos.d/kubernetes.repo | |
[kubernetes] | |
name=Kubernetes | |
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ | |
enabled=1 | |
gpgcheck=1 | |
repo_gpgcheck=1 | |
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg | |
EOF" | |
run_as_root "$pkg_manager makecache" | |
local pkg_version="" | |
if [ -n "${K8S_VERSION}" ]; then | |
local pkg_pattern="$(echo "${K8S_VERSION}" | sed "s/-/.*/g").*-0" | |
local search_command="$pkg_manager list --showduplicates 'kubeadm' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" | |
pkg_version="$(run_as_root "$search_command")" | |
info "Searching repository for K8S_VERSION '${K8S_VERSION}'" | |
info "$search_command" | |
if [ -z "$pkg_version" ]; then | |
fatal "'${K8S_VERSION}' not found amongst $pkg_manager list results" | |
fi | |
# Cut out the epoch and prefix with a '-' | |
pkg_version="$(echo "$pkg_version" | cut -d':' -f 2)" | |
fi | |
run_as_root "$pkg_manager install -y kubelet-$pkg_version kubeadm-$pkg_version kubectl-$pkg_version" | |
;; | |
*) | |
fatal "Unsupported distribution '${LSB_DIST}'" | |
;; | |
esac | |
} | |
# init k8s | |
init_k8s() { | |
info "init_k8s..." | |
# 调参运行 | |
run_as_root 'cat <<-EOF > /usr/lib/sysctl.d/20-k8s.conf | |
net.ipv4.ip_forward=1 | |
net.ipv4.ip_local_reserved_ports=30000-32767 | |
net.bridge.bridge-nf-call-iptables=1 | |
net.bridge.bridge-nf-call-arptables=1 | |
net.bridge.bridge-nf-call-ip6tables=1 | |
EOF' | |
run_as_root 'sysctl --system > /dev/null' | |
# Restart | |
run_as_root 'systemctl daemon-reload' | |
run_as_root 'systemctl enable kubelet' | |
run_as_root 'systemctl restart kubelet' | |
# 阿里云拉取镜像 | |
for i in $(kubeadm config images list); do | |
imageName=${i#k8s.gcr.io/} | |
docker pull registry.aliyuncs.com/google_containers/$imageName | |
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName | |
docker rmi registry.aliyuncs.com/google_containers/$imageName | |
done | |
if [ -z "${K8S_ADDRESS}" ]; then | |
run_as_root 'mkdir -p /etc/kubernetes' | |
init_public_ip | |
CLUSTER_DNS=$(echo ${SERVICE_CIDR} | awk -F '/' '{print $1}' | awk -F '.' '{print $1"."$2"."$3".""10"}') | |
KUBEADM_INIT_CONFIG="/etc/kubernetes/kubelet.yaml" | |
kubeadm config print init-defaults --component-configs KubeletConfiguration | | |
sed "s?10.96.0.10?${CLUSTER_DNS}?g" | | |
sed "s?10.96.0.0/12?${SERVICE_CIDR}?g" | | |
sed "s/advertiseAddress.*/advertiseAddress: ${ADVERTISE_ADDRESS}/" | | |
sed "s/dnsDomain.*/dnsDomain: ${CLUSTER_DOMAIN}/" | | |
sed "s/kubernetesVersion.*/kubernetesVersion: \"$(kubeadm version -o short)\"/" | | |
sed "s/enableControllerAttachDetach.*/enableControllerAttachDetach: false/" | | |
sed "/serviceSubnet/a\ podSubnet: \"${CLUSTER_CIDR}\"" | | |
sed "/apiServer/a\ certSANs:\n - ${PUBLIC_IP}" | | |
# sed "/certificatesDir/a\controlPlaneEndpoint: ${PUBLIC_IP}:6443" | | |
run_as_root "tee ${KUBEADM_INIT_CONFIG} > /dev/null" | |
if [ "${INSTALL_ALIYUN_CLOUD}" = "true" ]; then | |
META_EP=http://100.100.100.200/latest/meta-data | |
REGION_ID=$(curl -s $META_EP/region-id) | |
INSTANCE_ID=$(curl -s $META_EP/instance-id) | |
cat ${KUBEADM_INIT_CONFIG} | | |
sed "s?name:.*?name: ${REGION_ID}.${INSTANCE_ID}?" | | |
# sed "/nodeRegistration/a\ kubeletExtraArgs:\n cloud-provider: external" | | |
# sed "/ClusterConfiguration/a\apiServerExtraArgs:\n cloud-provider: external" | | |
# sed "/ClusterConfiguration/a\controllerManagerExtraArgs:\n cloud-provider: external\n horizontal-pod-autoscaler-use-rest-clients: false \n node-cidr-mask-size: 20" | | |
run_as_root "tee ${KUBEADM_INIT_CONFIG} > /dev/null" | |
fi | |
run_as_root "kubeadm init --config=${KUBEADM_INIT_CONFIG} --ignore-preflight-errors=NumCPU" | |
# 写入配置 | |
mkdir -p ${HOME}/.kube | |
run_as_root "/bin/cp -rf /etc/kubernetes/admin.conf ${HOME}/.kube/config" | |
run_as_root "chown $(id -u):$(id -g) ${HOME}/.kube/config" | |
[ "${INSTALL_ALIYUN_CLOUD}" = "true" ] && install_aliyun_cloud | |
# 安装网络组件 | |
# curl -sfL https://docs.projectcalico.org/v3.10/manifests/calico.yaml | | |
# sed -e "s?192.168.0.0/16?${CLUSTER_CIDR}?g" | | |
# kubectl apply -f - | |
curl -sfL https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml | | |
sed -e "s?10.244.0.0/16?${CLUSTER_CIDR}?g" | | |
sed -e "s?quay.io?quay.azk8s.cn?g" | | |
kubectl apply -f - | |
# 代码提示 | |
run_as_root 'kubectl completion bash >/etc/bash_completion.d/kubectl' | |
run_as_root "echo 'alias k=kubectl' >>/etc/bash_completion.d/kubectl" | |
run_as_root "echo 'complete -F __start_kubectl k' >>/etc/bash_completion.d/kubectl" | |
K8S_ADDRESS=$(kubectl get nodes --selector=kubernetes.io/role!=master -o jsonpath={.items[*].status.addresses[?\(@.type==\"InternalIP\"\)].address}) | |
# 取消污点 | |
[ "${TAINT_NODES}" = "true" ] && kubectl taint nodes --all node-role.kubernetes.io/master- | |
[ "${INSTALL_HELM}" = "true" ] && install_helm | |
[ "${INSTALL_OPENEBS}" = "true" ] && install_openebs | |
[ "${INSTALL_METALLB}" = "true" ] && install_metallb | |
[ "${INSTALL_KUBESPHERE}" = "true" ] && install_kubephere | |
echo_k8s_join | |
else | |
if [ -z "${K8S_TOKEN}" ]; then | |
fatal "K8S_ADDRESS is defined, but K8S_TOKEN is not defined." | |
fi | |
kubeadm join ${K8S_ADDRESS} --token ${K8S_TOKEN} --discovery-token-unsafe-skip-ca-verification | |
fi | |
} | |
# 打印加入信息 | |
echo_k8s_join() { | |
cat <<-EOF | |
################################################################################################## | |
You can join any number of worker nodes by running the following on each as root: | |
kubeadm join ${K8S_ADDRESS}:6443 --token $(kubeadm token create) --discovery-token-unsafe-skip-ca-verification | |
TIP: default ttl duration is 24h | |
################################################################################################## | |
EOF | |
} | |
# 安装 helm | |
install_helm() { | |
info "install_helm..." | |
HELM_TMP="${TMP_ROOT}/helm" | |
mkdir -p ${HELM_TMP} | |
wget -O ${TMP_ROOT}/helm.tar.gz ${HELM_DOWNLOAD_URL}/$HELM_VERSION/helm-${HELM_VERSION}-${OS}-${ARCH}.tar.gz | |
tar xf ${TMP_ROOT}/helm.tar.gz -C "${HELM_TMP}" | |
run_as_root "cp ${HELM_TMP}/${OS}-${ARCH}/helm ${BIN_INSTALL_DIR}/helm" | |
run_as_root "chmod +x ${BIN_INSTALL_DIR}/helm" | |
cat <<-EOF >${HELM_TMP}/helm-rbac.yaml | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: tiller | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: tiller | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: ServiceAccount | |
name: tiller | |
namespace: kube-system | |
EOF | |
kubectl apply -f ${HELM_TMP}/helm-rbac.yaml | |
helm init --upgrade --service-account tiller -i registry.aliyuncs.com/google_containers/tiller:${HELM_VERSION} \ | |
--stable-repo-url ${HELM_STABLE_REPO_URL} | |
run_as_root 'helm completion bash >/etc/bash_completion.d/helm' | |
} | |
# 安装 openebs 本地存储 | |
install_openebs() { | |
info "install_openebs..." | |
if ! command_exists helm; then | |
fatal "Wanna install openebs, please install helm first." | |
fi | |
helm repo add hydrz https://hydrz.github.io/helm-charts/ | |
helm repo update | |
helm install --name=openebs --namespace openebs-system hydrz/openebs-lite \ | |
--set storageClass.isDefaultClass=true \ | |
--set ndm.nodeSelector."node-role\.kubernetes\.io\/master"= \ | |
--set localprovisioner.nodeSelector."node-role\.kubernetes\.io\/master"= \ | |
--set ndmOperator.nodeSelector."node-role\.kubernetes\.io\/master"= | |
} | |
# 安装 metallb 负载均衡网络 | |
install_metallb() { | |
info "install_metallb..." | |
if ! command_exists helm; then | |
fatal "Wanna install metallb, please install helm first." | |
fi | |
cat <<-EOF | helm install --name metallb --namespace metallb-system stable/metallb -f - | |
configInline: | |
address-pools: | |
- name: default | |
protocol: layer2 | |
addresses: | |
- ${METALLB_CIDR} | |
EOF | |
} | |
# 安装 KubeSphere (端口 30880 默认密码 admin/P@88w0rd) | |
install_kubephere() { | |
info "install_kubephere..." | |
if ! command_exists helm; then | |
fatal "Wanna install KubeSphere, please install helm first." | |
fi | |
kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml | |
} | |
# 安装 cloud-provider-alibaba-cloud | |
install_aliyun_cloud() { | |
info "install_aliyun_cloud..." | |
if [ -z "$ACCESS_KEY_ID" ]; then | |
fatal "ACCESS_KEY_ID must be provided" | |
fi | |
if [ -z "$ACCESS_KEY_SECRET" ]; then | |
fatal "ACCESS_KEY_SECRET must be provided" | |
fi | |
CA_DATA=$(cat /etc/kubernetes/pki/ca.crt | base64 -w 0) | |
cat <<-EOF | kubectl apply -f - | |
apiVersion: v1 | |
data: | |
special.keyid: $ACCESS_KEY_ID | |
special.keysecret: $ACCESS_KEY_SECRET | |
kind: ConfigMap | |
metadata: | |
name: cloud-config | |
namespace: kube-system | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: cloud-controller-manager | |
namespace: kube-system | |
data: | |
cloud-controller-manager.conf: |- | |
kind: Config | |
contexts: | |
- context: | |
cluster: kubernetes | |
user: system:cloud-controller-manager | |
name: system:cloud-controller-manager@kubernetes | |
current-context: system:cloud-controller-manager@kubernetes | |
users: | |
- name: system:cloud-controller-manager | |
user: | |
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
apiVersion: v1 | |
clusters: | |
- cluster: | |
certificate-authority-data: $CA_DATA | |
server: $(k cluster-info | xargs -n 1 | grep http | head -1) | |
name: kubernetes | |
EOF | |
curl -sfL https://raw.githubusercontent.com/kubernetes/cloud-provider-alibaba-cloud/master/docs/examples/cloud-controller-manager.yml | | |
sed "s?\${CLUSTER_CIDR}?${CLUSTER_CIDR}?" | | |
kubectl apply -f - | |
# 取消初始化污点 | |
# kubectl taint nodes --all node.cloudprovider.kubernetes.io/uninitialized- | |
} | |
# --- 依赖安装 --- | |
pre_install() { | |
info "install_dependencies..." | |
case "${LSB_DIST}" in | |
ubuntu | debian | raspbian) | |
if [ "${LSB_DIST}" = "debian" ]; then | |
# libseccomp2 does not exist for debian jessie main repos for aarch64 | |
if [ "$(uname -m)" = "aarch64" ] && [ "${DIST_VERSION}" = "jessie" ]; then | |
add_debian_backport_repo "${DIST_VERSION}" | |
fi | |
fi | |
local pre_reqs="apt-transport-https ca-certificates curl bash-completion" | |
if ! command_exists gpg; then | |
pre_reqs="$pre_reqs gnupg" | |
fi | |
run_as_root 'apt-get update' | |
run_as_root "DEBIAN_FRONTEND=noninteractive apt-get install -y $pre_reqs" | |
;; | |
centos | fedora) | |
local pre_reqs="bash-completion" | |
if [ "${LSB_DIST}" = "fedora" ]; then | |
local pkg_manager="dnf" | |
local config_manager="dnf config-manager" | |
pre_reqs="$pre_reqs dnf-plugins-core" | |
else | |
local pkg_manager="yum" | |
local config_manager="yum-config-manager" | |
pre_reqs="$pre_reqs yum-utils" | |
fi | |
run_as_root "$pkg_manager install -y $pre_reqs" | |
;; | |
*) | |
fatal "Unsupported distribution '${LSB_DIST}'" | |
;; | |
esac | |
} | |
# 辅助函数 | |
# --- 以root运行 --- | |
run_as_root() { | |
local CMD="$*" | |
local user="$(id -un 2>/dev/null || true)" | |
sh_c='sh -c' | |
if [ "$user" != 'root' ]; then | |
if command_exists sudo; then | |
sh_c='sudo -E sh -c' | |
elif command_exists su; then | |
sh_c='su -c' | |
else | |
cat >&2 <<-'EOF' | |
Error: this installer needs the ability to run commands as root. | |
We are unable to find either "sudo" or "su" available to make this happen. | |
EOF | |
exit 1 | |
fi | |
fi | |
$sh_c "$CMD" | |
} | |
# --- 日志 --- | |
info() { | |
echo '[INFO] ' "$@" | |
} | |
fatal() { | |
echo '[ERROR] ' "$@" >&2 | |
exit 1 | |
} | |
# --- 检查命令存在 --- | |
command_exists() { | |
command -v "$@" >/dev/null 2>/dev/null & | |
} | |
# --- 检查IP是否合法 --- | |
check_ip() { | |
IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' | |
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX" | |
} | |
# --- 向命令参数添加引号 --- | |
quote() { | |
for arg in "$@"; do | |
printf '%s\n' "$arg" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" | |
done | |
} | |
# --- 向带引号的参数添加缩进和换行符 --- | |
quote_indent() { | |
printf ' \\\n' | |
for arg in "$@"; do | |
printf '\t%s \\\n' "$(quote "$arg")" | |
done | |
} | |
# --- 转义大部分标点字符,引号、正斜杠和空格除外 --- | |
escape() { | |
printf '%s' "$@" | sed -e 's/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;' | |
} | |
# --- 转义双引号 --- | |
escape_dq() { | |
printf '%s' "$@" | sed -e 's/"/\\"/g' | |
} | |
# --- 操作系统类型 --- | |
init_os() { | |
OS=$(echo $(uname) | tr '[:upper:]' '[:lower:]') | |
case "$OS" in | |
# Minimalist GNU for Windows | |
mingw*) OS='windows' ;; | |
esac | |
} | |
# --- 系统架构 --- | |
init_arch() { | |
ARCH=$(uname -m) | |
case $ARCH in | |
armv5*) ARCH="armv5" ;; | |
armv6*) ARCH="armv6" ;; | |
armv7*) ARCH="arm" ;; | |
aarch64) ARCH="arm64" ;; | |
x86) ARCH="386" ;; | |
x86_64) ARCH="amd64" ;; | |
i686) ARCH="386" ;; | |
i386) ARCH="386" ;; | |
esac | |
} | |
# --- 发行版 --- | |
init_lsb() { | |
LSB_DIST="" | |
DIST_VERSION="" | |
# Every system that we officially support has /etc/os-release | |
if [ -r /etc/os-release ]; then | |
LSB_DIST="$(. /etc/os-release && echo "$ID")" | |
fi | |
LSB_DIST="$(echo "${LSB_DIST}" | tr '[:upper:]' '[:lower:]')" | |
case "${LSB_DIST}" in | |
ubuntu) | |
if command_exists lsb_release; then | |
DIST_VERSION="$(lsb_release --codename | cut -f2)" | |
fi | |
if [ -z "${DIST_VERSION}" ] && [ -r /etc/lsb-release ]; then | |
DIST_VERSION="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" | |
fi | |
;; | |
debian | raspbian) | |
DIST_VERSION="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" | |
case "${DIST_VERSION}" in | |
10) | |
DIST_VERSION="buster" | |
;; | |
9) | |
DIST_VERSION="stretch" | |
;; | |
8) | |
DIST_VERSION="jessie" | |
;; | |
esac | |
;; | |
centos) | |
if [ -z "${DIST_VERSION}" ] && [ -r /etc/os-release ]; then | |
DIST_VERSION="$(. /etc/os-release && echo "$DOCKER_VERSION_ID")" | |
fi | |
;; | |
rhel | ol | sles) | |
ee_notice "${LSB_DIST}" | |
exit 1 | |
;; | |
*) | |
if command_exists lsb_release; then | |
DIST_VERSION="$(lsb_release --release | cut -f2)" | |
fi | |
if [ -z "${DIST_VERSION}" ] && [ -r /etc/os-release ]; then | |
DIST_VERSION="$(. /etc/os-release && echo "$DOCKER_VERSION_ID")" | |
fi | |
;; | |
esac | |
# 检查发行版分支 | |
# Check for lsb_release command existence, it usually exists in forked distros | |
if command_exists lsb_release; then | |
# Check if the `-u` option is supported | |
set +e | |
lsb_release -a -u >/dev/null 2>&1 | |
lsb_release_exit_code=$? | |
set -e | |
# Check if the command has exited successfully, it means we're in a forked distro | |
if [ "$lsb_release_exit_code" = "0" ]; then | |
# Print info about current distro | |
cat <<-EOF | |
You're using '${LSB_DIST}' version '${DIST_VERSION}'. | |
EOF | |
# Get the upstream release info | |
LSB_DIST=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') | |
DIST_VERSION=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') | |
# Print info about upstream distro | |
cat <<-EOF | |
Upstream release is '${LSB_DIST}' version '${DIST_VERSION}'. | |
EOF | |
else | |
if [ -r /etc/debian_version ] && [ "${LSB_DIST}" != "ubuntu" ] && [ "${LSB_DIST}" != "raspbian" ]; then | |
if [ "${LSB_DIST}" = "osmc" ]; then | |
# OSMC runs Raspbian | |
LSB_DIST=raspbian | |
else | |
# We're Debian and don't even know it! | |
LSB_DIST=debian | |
fi | |
DIST_VERSION="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" | |
case "${DIST_VERSION}" in | |
10) | |
DIST_VERSION="buster" | |
;; | |
9) | |
DIST_VERSION="stretch" | |
;; | |
8 | 'Kali Linux 2') | |
DIST_VERSION="jessie" | |
;; | |
esac | |
fi | |
fi | |
fi | |
} | |
# --- 关闭selinux --- | |
selinux_disable() { | |
if command_exists getenforce && [ "$(getenforce)" = "Enabled" ]; then | |
run_as_root 'setenforce 0' | |
run_as_root "sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config" | |
info "Selinux disabled success!" | |
fi | |
} | |
# --- 关闭防火墙 --- | |
firewalld_stop() { | |
if [ "$(systemctl is-active firewalld)" = "active" ]; then | |
run_as_root 'systemctl disable firewalld' | |
run_as_root 'systemctl stop firewalld' | |
info "Firewall disabled success!" | |
fi | |
} | |
# --- 验证系统是否支持 --- | |
verify_system() { | |
if [ -d /run/systemd ]; then | |
HAS_SYSTEMD=true | |
return | |
fi | |
fatal 'Can not find systemd to use as a process supervisor.' | |
} | |
# --- 获取公网IP --- | |
init_public_ip() { | |
[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) | |
check_ip "$PUBLIC_IP" || PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) | |
check_ip "$PUBLIC_IP" || fatal "Cannot detect this server's public IP. Edit the script and manually enter it." | |
} | |
init_os | |
init_arch | |
init_lsb | |
verify_system | |
selinux_disable | |
firewalld_stop | |
pre_install | |
install_docker | |
install_k8s_base | |
init_k8s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment