rootless in buildkit and containerd mirror iamges config shell script

nerdctl/setup_buildkit_config_rootless.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# setup_buildkit_config_rootless.sh
+# 说明：此脚本用于配置 BuildKit 的 rootless 模式配置文件。
+# 官方文档和配置选项请参考：https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
+
+# 获取当前执行脚本的用户
+CURRENT_USER=$(whoami)
+echo "当前用户：$CURRENT_USER"
+
+# BuildKit 配置文件路径
+CONFIG_DIR="$HOME/.config/buildkit"
+CONFIG_FILE="$CONFIG_DIR/buildkit.toml"
+
+# 镜像源配置
+declare -A mirrors
+mirrors=(
+  ["docker.io"]="https://docker.io https://docker.unsee.tech https://dockerhub.icu"
+  ["registry.k8s.io"]="https://registry.k8s.io https://k8s.m.daocloud.io"
+  ["docker.elastic.co"]="https://docker.elastic.co https://elastic.m.daocloud.io"
+  ["gcr.io"]="https://gcr.io https://gcr.m.daocloud.io"
+  ["ghcr.io"]="https://ghcr.io https://ghcr.m.daocloud.io"
+  ["k8s.gcr.io"]="https://k8s.gcr.io https://k8s-gcr.m.daocloud.io"
+  ["mcr.microsoft.com"]="https://mcr.microsoft.com https://mcr.m.daocloud.io"
+  ["nvcr.io"]="https://nvcr.io https://nvcr.m.daocloud.io"
+  ["quay.io"]="https://quay.io https://quay.m.daocloud.io"
+  ["registry.jujucharms.com"]="https://registry.jujucharms.com https://jujucharms.m.daocloud.io"
+  ["rocks.canonical.com"]="https://rocks.canonical.com https://rocks-canonical.m.daocloud.io"
+)
+
+# 创建配置目录
+mkdir -p "$CONFIG_DIR"
+
+# 生成 BuildKit 配置文件
+echo "生成 BuildKit 配置文件..."
+cat > "$CONFIG_FILE" <<EOF
+[worker.oci]
+  enabled = false
+
+[worker.containerd]
+  enabled = true
+  namespace = "buildkit"
+  platforms = ["linux/amd64", "linux/arm64"]
+  gc = true
+  gckeepstorage = 9000
+
+# 注册表配置，包含多个镜像加速器
+EOF
+
+# 添加镜像源到配置文件
+echo "配置镜像加速器..."
+for registry in "${!mirrors[@]}"; do
+  IFS=' ' read -r server host1 host2 <<<"${mirrors[$registry]}"
+  cat >> "$CONFIG_FILE" <<EOF
+
+[registry."$registry"]
+  mirrors = ["$host1", "$host2"]
+  http = true
+  insecure = true
+EOF
+done
+
+# 输出完成信息
+echo "BuildKit 配置文件已生成: $CONFIG_FILE"
+echo "镜像配置已设置完成，详细选项请参考官方文档：https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md"

nerdctl/setup_containerd_mirror_rootless.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+
+# 获取当前执行脚本的用户
+CURRENT_USER=$(whoami)
+echo "当前用户：$CURRENT_USER"
+
+# 配置路径
+CONFIG_PATH="$HOME/.config/containerd/certs.d"
+CONFIG_FILE="$HOME/.config/containerd/config.toml"
+NEW_STORAGE_PATH="/data/zly/containerd"
+OLD_STORAGE_PATH="$HOME/.local/share/containerd"  # 旧的 rootless 存储路径
+OLD_STATE_PATH="$XDG_RUNTIME_DIR/containerd"       # 旧的 state 路径
+
+# 创建配置目录
+mkdir -p "$CONFIG_PATH"
+mkdir -p "$HOME/.config/containerd"
+
+# 生成默认的 config.toml 配置文件（如果不存在）
+if [ ! -f "$CONFIG_FILE" ]; then
+  echo "生成默认的 config.toml 配置..."
+  containerd config default | sed 's|/var/lib/containerd|'"$NEW_STORAGE_PATH"'|g' > "$CONFIG_FILE"
+fi
+
+# 配置 registry
+echo '配置 containerd 的 config.toml...'
+
+# 修改 registry 的 `config_path` 参数
+line_number=$(grep -n -E '^\s*\[plugins.(\"|\x27)io.containerd.grpc.v1.cri(\"|\x27).registry\]' "$CONFIG_FILE" | cut -d':' -f1)
+
+if [ -n "$line_number" ]; then
+  next_line=$((line_number + 1))
+  if grep -q "^\s*config_path\s*=" "$CONFIG_FILE"; then
+    sed -i "${next_line}s|config_path\s*=.*|config_path = '$CONFIG_PATH'|" "$CONFIG_FILE"
+    echo "已修改 config_path 为 $CONFIG_PATH。"
+  else
+    echo "未找到 config_path，未执行任何修改。"
+  fi
+else
+  echo "未找到 [plugins.'io.containerd.grpc.v1.cri'.registry] 段落，请检查 config.toml 文件格式。"
+fi
+
+# 修改 root 和 state 路径
+echo "更新 containerd 存储路径配置..."
+sed -i "s|^\s*root\s*=.*|root = \"$NEW_STORAGE_PATH\"|" "$CONFIG_FILE"
+sed -i "s|^\s*state\s*=.*|state = \"$NEW_STORAGE_PATH/state\"|" "$CONFIG_FILE"
+
+# 创建新的存储目录和状态目录
+echo "创建新的存储目录 $NEW_STORAGE_PATH 和状态目录..."
+mkdir -p "$NEW_STORAGE_PATH"
+mkdir -p "$NEW_STORAGE_PATH/state"
+chmod -R 700 "$NEW_STORAGE_PATH"
+
+# 迁移旧的存储数据到新的存储路径
+if [ -d "$OLD_STORAGE_PATH" ]; then
+  echo "迁移旧存储数据到新路径..."
+  rsync -a "$OLD_STORAGE_PATH/" "$NEW_STORAGE_PATH/"
+  
+  if [ $? -eq 0 ]; then
+    echo "存储数据迁移完成，删除旧的存储路径..."
+    rm -rf "$OLD_STORAGE_PATH"
+    echo "旧的存储路径已删除。"
+  else
+    echo "存储数据迁移失败，保留旧的存储路径。"
+  fi
+else
+  echo "旧的存储路径 $OLD_STORAGE_PATH 不存在，无需迁移。"
+fi
+
+# 配置镜像源的主机和路径
+declare -A mirrors
+mirrors=(
+  ["docker.io"]="https://docker.io https://docker.unsee.tech https://dockerhub.icu"
+  ["registry.k8s.io"]="https://registry.k8s.io https://k8s.m.daocloud.io"
+  ["docker.elastic.co"]="https://docker.elastic.co https://elastic.m.daocloud.io"
+  ["gcr.io"]="https://gcr.io https://gcr.m.daocloud.io"
+  ["ghcr.io"]="https://ghcr.io https://ghcr.m.daocloud.io"
+  ["k8s.gcr.io"]="https://k8s.gcr.io https://k8s-gcr.m.daocloud.io"
+  ["mcr.microsoft.com"]="https://mcr.microsoft.com https://mcr.m.daocloud.io"
+  ["nvcr.io"]="https://nvcr.io https://nvcr.m.daocloud.io"
+  ["quay.io"]="https://quay.io https://quay.m.daocloud.io"
+  ["registry.jujucharms.com"]="https://registry.jujucharms.com https://jujucharms.m.daocloud.io"
+  ["rocks.canonical.com"]="https://rocks.canonical.com https://rocks-canonical.m.daocloud.io"
+)
+
+# 创建 hosts.toml 配置文件
+echo '正在配置镜像加速...'
+for registry in "${!mirrors[@]}"; do
+  IFS=' ' read -r server host1 host2 host3 <<<"${mirrors[$registry]}"
+  DIR="$CONFIG_PATH/$registry"
+  mkdir -p "$DIR"
+  tee "$DIR/hosts.toml" > /dev/null <<EOF
+server = "$server"
+
+[host."$host1"]
+  capabilities = ["pull", "resolve", "push"]
+
+[host."$host2"]
+  capabilities = ["pull", "resolve", "push"]
+
+[host."$host3"]
+  capabilities = ["pull", "resolve", "push"]
+EOF
+done
+
+# 删除旧的镜像缓存
+nerdctl --namespace k8s.io image prune -a --force
+nerdctl --namespace default image prune -a --force
+
+# 测试配置是否生效
+echo '测试配置是否生效...'
+if ctr --namespace=default image pull --hosts-dir "$CONFIG_PATH" docker.io/library/alpine:latest; then
+  echo "镜像加速配置成功！"
+else
+  echo "镜像加速配置失败，请检查配置。"
+fi