add nerdctl install updata

2024-11-12 14:14:28 +08:00
parent b00f025742
commit 94574632c2
4 changed files with 136 additions and 192 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 nerdctl-full-2.0.0-linux-amd64.tar.gz
 nerdctl-full-1.7.6-linux-amd64.tar.gz
--- a/nerdctl/install_nerdctl_full_alluser.sh
+++ b/nerdctl/install_nerdctl_full_alluser.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-VERSION="2.0.0"
+VERSION="1.7.6"
 FILENAME="nerdctl-full-${VERSION}-linux-amd64.tar.gz"
 # https://github.com/containerd/nerdctl/releases/download/v2.0.0/nerdctl-full-2.0.0-linux-amd64.tar.gz
 DOWNLOAD_URL="https://ghproxy.dockless.eu.org/https://github.com/containerd/nerdctl/releases/download/v${VERSION}/${FILENAME}"
@@ -17,27 +17,26 @@ install_nerdctl() {
    sudo apt-get update
    sudo apt-get install -y wget tar jq curl gnupg lsb-release uidmap
    # 检查文件是否已经下载
    if [ -f "${FILENAME}" ]; then
        echo "${FILENAME} 已存在，跳过下载。"
    else
        echo "下载 nerdctl-full..."
        wget ${DOWNLOAD_URL}
    fi
    echo "解压并移动到 /usr/local..."
    sudo tar -C /usr/local -xzf ${FILENAME}
    echo "启动并启用 containerd 服务..."
    sudo systemctl enable --now containerd
    echo "验证安装..."
    nerdctl --version
    # echo "清理下载文件..."
    # rm ${FILENAME}
    echo "安装 nerdctl bash 自动补全..."
    sudo apt install bash-completion -y
-    nerdctl completion bash > /etc/bash_completion.d/nerdctl
+    sudo nerdctl completion bash | sudo tee /etc/bash_completion.d/nerdctl > /dev/null
-    nerdctl completion bash > /etc/bash_completion.d/docker
+    sudo nerdctl completion bash | sudo tee /etc/bash_completion.d/docker > /dev/null
-    source /etc/bash_completion.d/nerdctl
+    sudo bash -c "source /etc/bash_completion.d/nerdctl"
-    source /etc/bash_completion.d/docker
+    sudo bash -c "source /etc/bash_completion.d/docker"
    echo "创建 docker 兼容命令..."
    sudo tee /usr/local/bin/docker > /dev/null <<EOT
@@ -46,18 +45,76 @@ exec nerdctl "\$@"
 EOT
    sudo chmod +x /usr/local/bin/docker
-    echo "普通用户安装"
+    echo "for root 生成 nerdctl 默认配置文件..."
 sudo mkdir -p /etc/nerdctl
 sudo tee /etc/nerdctl/nerdctl.toml > /dev/null <<EOT
 debug = false
 address = "unix:///run/containerd/containerd.sock"
 namespace = "k8s.io"
 snapshotter = "overlayfs"
 cgroup_manager = "cgroupfs"
 hosts_dir = ["/etc/containerd/certs.d"]
 experimental = true
 EOT
    echo "for 普通用户 安装 nerdctl"
    /usr/local/bin/containerd-rootless-setuptool.sh install
-    /usr/local/bin/containerd-rootless-setuptool.sh check
+
    echo "for 普通用户 生成 nerdctl 默认配置文件..."
 mkdir -p ~/.config/nerdctl
 tee ~/.config/nerdctl/nerdctl.toml > /dev/null <<EOT
 debug = false
 address = "unix:///run/containerd/containerd.sock"
 namespace = "k8s.io"
 snapshotter = "overlayfs"
 cgroup_manager = "cgroupfs"
 hosts_dir = ["/etc/containerd/certs.d"]
 experimental = true
 EOT
    echo "启动并启用 containerd 服务..."
    sudo systemctl enable --now containerd
    check_containerd_socket
    echo "验证安装..."
    nerdctl --version
    echo "nerdctl-full 安装完成。"
 }
 check_containerd_socket() {
    SOCKET_PATH="/run/containerd/containerd.sock"
    if [ -S "$SOCKET_PATH" ]; then
        echo "containerd 启动成功，套接字文件已存在：$SOCKET_PATH"
    else
        echo "containerd 未启动或套接字文件不存在，尝试启动 containerd..."
        sudo systemctl restart containerd
        # 再次检查套接字文件
        if [ -S "$SOCKET_PATH" ]; then
            echo "containerd 启动成功，套接字文件已创建：$SOCKET_PATH"
        else
            echo "containerd 启动失败，请检查服务状态。"
        fi
    fi
 }
 uninstall_nerdctl() {
    echo "停止 containerd 服务..."
    sudo systemctl disable --now containerd
    # 移除 BuildKit、bypass4netnsd、fuse-overlayfs 和 stargz 插件的 systemd 单元文件
    echo "卸载 BuildKit、bypass4netnsd、fuse-overlayfs 和 stargz 插件..."
    /usr/local/bin/containerd-rootless-setuptool.sh uninstall-buildkit
    /usr/local/bin/containerd-rootless-setuptool.sh uninstall-bypass4netnsd
    /usr/local/bin/containerd-rootless-setuptool.sh uninstall-fuse-overlayfs
    /usr/local/bin/containerd-rootless-setuptool.sh uninstall-stargz
    echo "删除 nerdctl 二进制文件..."
    sudo rm -rf /usr/local/bin/nerdctl
    sudo rm -rf /usr/local/libexec/cni
@@ -69,6 +126,7 @@ uninstall_nerdctl() {
    echo "删除相关文件和目录..."
    sudo rm -rf /etc/containerd
    sudo rm -rf /data/containerd
    sudo rm -rf /var/lib/containerd
    sudo rm -rf /usr/local/libexec/cni
@@ -118,7 +176,6 @@ configure_containerd() {
    # 创建 /etc/containerd 目录并生成默认配置文件
    sudo mkdir -p /etc/containerd
    # containerd config default > /etc/containerd/config.toml
    containerd config default | sudo tee /etc/containerd/config.toml
    # 使用 sed 命令在特定位置添加配置项
@@ -127,7 +184,12 @@ configure_containerd() {
    # 配置 NVIDIA runtime
    sudo nvidia-ctk runtime configure --runtime=containerd
    # 配置镜像源
    echo "配置镜像源....."
    bash ./setup_containerd_mirror_addall.sh
    # 重启 containerd 服务
    sudo systemctl daemon-reload
    sudo systemctl restart containerd
 }
@@ -144,65 +206,30 @@ start_containerd() {
 configure_buildkitd() {
    echo "配置 buildkitd 服务..."
-    # 创建 buildkitd 配置文件目录
+    /usr/local/bin/containerd-rootless-setuptool.sh check
-    sudo mkdir -p /etc/buildkit
+    /usr/local/bin/containerd-rootless-setuptool.sh install-buildkit
-    # https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
+    echo "buildkitd 服务 安装完成。"
-    sudo tee /etc/buildkit/buildkit.toml > /dev/null <<EOT
+}
 [worker.oci]
  enabled = false
-[worker.containerd]
+configure_fuse_overlayfs() {
-  enabled = true
+    echo "配置 FUSE-OverlayFS..."
-  # namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
+    /usr/local/bin/containerd-rootless-setuptool.sh check
-  namespace = "buildkit"
+    /usr/local/bin/containerd-rootless-setuptool.sh install-fuse-overlayfs
-  platforms = [ "linux/amd64", "linux/arm64" ]
+    echo "FUSE-OverlayFS 安装完成。"
-  gc = true
+}
  # gckeepstorage sets storage limit for default gc profile, in MB.
  gckeepstorage = 9000
-# registry configures a new Docker register used for cache import or output.
+configure_stargz_snapshotter() {
-[registry."docker.io"]
+    echo "配置 Stargz Snapshotter..."
-  # mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
+    /usr/local/bin/containerd-rootless-setuptool.sh check
-  mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
+    /usr/local/bin/containerd-rootless-setuptool.sh install-stargz
-  http = true
+    echo "Stargz Snapshotter 安装完成。"
-  insecure = true
+}
  #ca=["/etc/config/myca.pem"]
  #[[registry."docker.io".keypair]]
    #key="/etc/config/key.pem"
    #cert="/etc/config/cert.pem"
 EOT
    sudo tee /etc/systemd/system/buildkit.service > /dev/null <<EOT
 [Unit]
 Description=BuildKit Daemon
 Documentation=https://github.com/moby/buildkit
 Requires=buildkit.socket
 After=network.target buildkit.socket
 [Service]
 Type=notify
 ExecStart=/usr/local/bin/buildkitd --config /etc/buildkit/buildkit.toml --addr fd://
 Restart=always
 RestartSec=10s
 StartLimitInterval=0
 [Install]
 WantedBy=multi-user.target
 EOT
    sudo tee /etc/systemd/system/buildkit.socket > /dev/null <<EOT
 [Unit]
 Description=BuildKit
 Documentation=https://github.com/moby/buildkit
 [Socket]
 ListenStream=%t/buildkit/buildkitd.sock
 SocketMode=0660
 [Install]
 WantedBy=sockets.target
 EOT
 configure_bypass4netnsd() {
    echo "配置 bypass4netnsd 网络加速..."
    /usr/local/bin/containerd-rootless-setuptool.sh check
    /usr/local/bin/containerd-rootless-setuptool.sh install-bypass4netnsd
    echo "bypass4netnsd 安装完成。"
    sudo systemctl daemon-reload
    sudo systemctl enable --now buildkit.socket
    sudo systemctl start buildkit
@@ -217,6 +244,9 @@ case "$1" in
        configure_containerd
        start_containerd
        configure_buildkitd
        configure_fuse_overlayfs
        configure_stargz_snapshotter
        configure_bypass4netnsd
        ;;
    uninstall)
        uninstall_nerdctl
--- a/nerdctl/setup_containerd_mirror.sh
+++ b/nerdctl/setup_containerd_mirror.sh
@@ -1,116 +0,0 @@
 #!/bin/bash
 # 生成默认的 config.toml 配置文件（覆盖可能存在的失败配置）
 echo "生成默认的 config.toml 配置..."
 sudo containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
 # 配置路径
 CONFIG_PATH="/etc/containerd/certs.d"
 NEW_STORAGE_PATH="/data/containerd"
 OLD_STORAGE_PATH="/var/lib/containerd"
 OLD_STATE_PATH="/run/containerd"  # 旧的 state 目录
 # 修改 root 和 state 路径
 echo "更新 containerd 存储路径配置..."
 sudo sed -i "s|^\s*root\s*=.*|root = \"$NEW_STORAGE_PATH\"|" /etc/containerd/config.toml
 sudo sed -i "s|^\s*state\s*=.*|state = \"$NEW_STORAGE_PATH/state\"|" /etc/containerd/config.toml
 # 创建新的存储目录和状态目录
 echo "创建新的存储目录 $NEW_STORAGE_PATH 和状态目录..."
 sudo mkdir -p "$NEW_STORAGE_PATH"
 sudo mkdir -p "$NEW_STORAGE_PATH/state"
 sudo chown -R root:root "$NEW_STORAGE_PATH"
 sudo chmod -R 700 "$NEW_STORAGE_PATH"
 # 迁移旧的存储数据到新的存储路径
 if [ -d "$OLD_STORAGE_PATH" ]; then
  echo "迁移旧存储数据到新路径..."
  sudo rsync -a "$OLD_STORAGE_PATH/" "$NEW_STORAGE_PATH/"
  if [ $? -eq 0 ]; then
    echo "存储数据迁移完成，删除旧的存储路径..."
    sudo rm -rf "$OLD_STORAGE_PATH"
    echo "旧的存储路径已删除。"
  else
    echo "存储数据迁移失败，保留旧的存储路径。"
  fi
 else
  echo "旧的存储路径 $OLD_STORAGE_PATH 不存在，无需迁移。"
 fi
 # 迁移旧的状态数据到新的状态路径
 if [ -d "$OLD_STATE_PATH" ]; then
  echo "迁移旧状态数据到新状态路径..."
  sudo rsync -a "$OLD_STATE_PATH/" "$NEW_STORAGE_PATH/state/"
  if [ $? -eq 0 ]; then
    echo "状态数据迁移完成，删除旧的状态路径..."
    sudo rm -rf "$OLD_STATE_PATH"
    echo "旧的状态路径已删除。"
  else
    echo "状态数据迁移失败，保留旧的状态路径。"
  fi
 else
  echo "旧的状态路径 $OLD_STATE_PATH 不存在，无需迁移。"
 fi
 # 获取迁移后的新目录大小
 initial_size=$(sudo du -sb "$NEW_STORAGE_PATH" | awk '{print $1}')
 # 配置加速镜像的主机和路径
 declare -A mirrors
 mirrors=(
  ["docker.io"]="https://docker.io https://docker.unsee.tech https://dockerhub.icu"
  ["registry.k8s.io"]="https://registry.k8s.io https://k8s.m.daocloud.io"
  ["docker.elastic.co"]="https://docker.elastic.co https://elastic.m.daocloud.io"
  ["gcr.io"]="https://gcr.io https://gcr.m.daocloud.io"
  ["ghcr.io"]="https://ghcr.io https://ghcr.m.daocloud.io"
  ["k8s.gcr.io"]="https://k8s.gcr.io https://k8s-gcr.m.daocloud.io"
  ["mcr.microsoft.com"]="https://mcr.microsoft.com https://mcr.m.daocloud.io"
  ["nvcr.io"]="https://nvcr.io https://nvcr.m.daocloud.io"
  ["quay.io"]="https://quay.io https://quay.m.daocloud.io"
  ["registry.jujucharms.com"]="https://registry.jujucharms.com https://jujucharms.m.daocloud.io"
  ["rocks.canonical.com"]="https://rocks.canonical.com https://rocks-canonical.m.daocloud.io"
 )
 # 创建 hosts.toml 配置文件
 echo '正在配置镜像加速...'
 for registry in "${!mirrors[@]}"; do
  IFS=' ' read -r server host1 host2 host3 <<<"${mirrors[$registry]}"
  DIR="$CONFIG_PATH/$registry"
  sudo mkdir -p "$DIR"
  sudo tee "$DIR/hosts.toml" > /dev/null <<EOF
 server = "$server"
 [host."$host1"]
  capabilities = ["pull", "resolve", "push"]
 [host."$host2"]
  capabilities = ["pull", "resolve", "push"]
 [host."$host3"]
  capabilities = ["pull", "resolve", "push"]
 EOF
 done
 # 重启 containerd
 echo '重启 containerd 服务...'
 sudo systemctl daemon-reload
 sudo systemctl restart containerd
 # 测试配置是否生效并获取新的目录大小
 echo '测试配置是否生效...'
 if sudo ctr --namespace=default image pull --hosts-dir /etc/containerd/certs.d docker.io/library/alpine:latest; then
  echo "镜像加速配置成功！"
  # 检查拉取后目录大小
  final_size=$(sudo du -sb "$NEW_STORAGE_PATH" | awk '{print $1}')
  if [ "$final_size" -gt "$initial_size" ]; then
    echo "存储路径迁移成功，镜像数据已写入新路径。"
  else
    echo "存储路径迁移失败，新路径未见数据变化，请检查配置。"
  fi
 else
  echo "镜像加速配置失败，请检查配置。"
 fi
--- a/nerdctl/setup_containerd_mirror_addall.sh
+++ b/nerdctl/setup_containerd_mirror_addall.sh
@@ -4,15 +4,38 @@
 CURRENT_USER=$(whoami)
 # 生成默认的 config.toml 配置文件（覆盖可能存在的失败配置）
-echo "生成默认的 config.toml 配置..."
+# echo "生成默认的 config.toml 配置..."
-sudo containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
+# sudo containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
 # sudo containerd config default | sed 's/version = "3"/version = "2"/' | sudo tee /etc/containerd/config.toml > /dev/null
-# 配置路径
+#
 CONFIG_PATH="/etc/containerd/certs.d"
 NEW_STORAGE_PATH="/data/containerd"
 OLD_STORAGE_PATH="/var/lib/containerd"
 OLD_STATE_PATH="/run/containerd"  # 旧的 state 目录
 # 查找 [plugins.'io.containerd.grpc.v1.cri'.registry] 的位置并修改或添加 config_path 配置
 echo '配置 containerd 的 config.toml...'
 line_number=$(grep -n -E '^\s*\[plugins.(\"|\x27)io.containerd.grpc.v1.cri(\"|\x27).registry\]' /etc/containerd/config.toml | cut -d':' -f1)
 if [ -n "$line_number" ]; then
  # 检查下一行是否包含 `config_path`
  next_line=$((line_number + 1))
  if grep -q "^\s*config_path\s*=" /etc/containerd/config.toml; then
    # 若找到 `config_path`，则直接替换为新的值
    sudo sed -i "${next_line}s|config_path\s*=.*|config_path = '$CONFIG_PATH'|" /etc/containerd/config.toml
    echo "已修改 config_path 为 $CONFIG_PATH。"
  else
    echo "未找到 config_path，未执行任何修改。"
  fi
 else
  echo "未找到 [plugins.'io.containerd.grpc.v1.cri'.registry] 段落，请检查 config.toml 文件格式。"
 fi
 # 检查配置文件
 sudo containerd config dump
 # 修改 root 和 state 路径
 echo "更新 containerd 存储路径配置..."
 sudo sed -i "s|^\s*root\s*=.*|root = \"$NEW_STORAGE_PATH\"|" /etc/containerd/config.toml
@@ -57,6 +80,10 @@ else
  echo "旧的状态路径 $OLD_STATE_PATH 不存在，无需迁移。"
 fi
 # 删除所有的旧的镜像
 sudo nerdctl --namespace k8s.io image prune -a --force
 sudo nerdctl --namespace default image prune -a --force
 # 获取迁移后的新目录大小
 initial_size=$(sudo du -sb "$NEW_STORAGE_PATH" | awk '{print $1}')
@@ -103,6 +130,8 @@ sudo systemctl restart containerd
 # 设置 containerd.sock 的权限
 echo "设置 containerd.sock 的访问权限..."
 # sudo mkdir -p /run/containerd
 # sudo touch /run/containerd/containerd.sock
 sudo chown root:containerd /run/containerd/containerd.sock
 sudo chmod 660 /run/containerd/containerd.sock
`@@ -1 +1,2 @@`
	`nerdctl-full-2.0.0-linux-amd64.tar.gz`	`nerdctl-full-2.0.0-linux-amd64.tar.gz`
		`nerdctl-full-1.7.6-linux-amd64.tar.gz`