250 lines
7.7 KiB
Bash
Executable File
250 lines
7.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
VERSION="2.0.0"
|
|
FILENAME="nerdctl-full-${VERSION}-linux-amd64.tar.gz"
|
|
# https://github.com/containerd/nerdctl/releases/download/v2.0.0/nerdctl-full-2.0.0-linux-amd64.tar.gz
|
|
DOWNLOAD_URL="https://ghproxy.dockless.eu.org/https://github.com/containerd/nerdctl/releases/download/v${VERSION}/${FILENAME}"
|
|
|
|
install_nerdctl() {
|
|
echo "正在安装必要的依赖包..."
|
|
|
|
# 删除 Docker 源
|
|
if [ -f /etc/apt/sources.list.d/docker.list ]; then
|
|
echo "删除 Docker APT 源..."
|
|
sudo rm /etc/apt/sources.list.d/docker.list
|
|
fi
|
|
|
|
sudo apt-get update
|
|
sudo apt-get install -y wget tar jq curl gnupg lsb-release uidmap
|
|
|
|
echo "下载 nerdctl-full..."
|
|
wget ${DOWNLOAD_URL}
|
|
|
|
echo "解压并移动到 /usr/local..."
|
|
sudo tar -C /usr/local -xzf ${FILENAME}
|
|
|
|
echo "启动并启用 containerd 服务..."
|
|
sudo systemctl enable --now containerd
|
|
|
|
echo "验证安装..."
|
|
nerdctl --version
|
|
|
|
# echo "清理下载文件..."
|
|
# rm ${FILENAME}
|
|
|
|
echo "安装 nerdctl bash 自动补全..."
|
|
sudo apt install bash-completion -y
|
|
nerdctl completion bash > /etc/bash_completion.d/nerdctl
|
|
nerdctl completion bash > /etc/bash_completion.d/docker
|
|
source /etc/bash_completion.d/nerdctl
|
|
source /etc/bash_completion.d/docker
|
|
|
|
echo "创建 docker 兼容命令..."
|
|
sudo tee /usr/local/bin/docker > /dev/null <<EOT
|
|
#!/bin/bash
|
|
exec nerdctl "\$@"
|
|
EOT
|
|
sudo chmod +x /usr/local/bin/docker
|
|
|
|
echo "普通用户安装"
|
|
/usr/local/bin/containerd-rootless-setuptool.sh install
|
|
/usr/local/bin/containerd-rootless-setuptool.sh check
|
|
nerdctl --version
|
|
|
|
echo "nerdctl-full 安装完成。"
|
|
}
|
|
|
|
uninstall_nerdctl() {
|
|
echo "停止 containerd 服务..."
|
|
sudo systemctl disable --now containerd
|
|
|
|
echo "删除 nerdctl 二进制文件..."
|
|
sudo rm -rf /usr/local/bin/nerdctl
|
|
sudo rm -rf /usr/local/libexec/cni
|
|
|
|
echo "删除 containerd..."
|
|
sudo rm -rf /usr/local/bin/containerd*
|
|
sudo rm -rf /usr/local/bin/ctr
|
|
sudo rm -rf /usr/local/bin/runc
|
|
|
|
echo "删除相关文件和目录..."
|
|
sudo rm -rf /etc/containerd
|
|
sudo rm -rf /var/lib/containerd
|
|
sudo rm -rf /usr/local/libexec/cni
|
|
|
|
echo "删除 buildkit 服务和 socket 文件..."
|
|
sudo systemctl stop buildkit
|
|
sudo systemctl stop buildkit.socket
|
|
sudo systemctl disable buildkit
|
|
sudo systemctl disable buildkit.socket
|
|
sudo rm -f /etc/systemd/system/buildkit.service
|
|
sudo rm -f /etc/systemd/system/buildkit.socket
|
|
sudo rm -f /usr/lib/systemd/system/buildkit.service
|
|
sudo rm -f /usr/lib/systemd/system/buildkit.socket
|
|
|
|
echo "删除 nvidia-container-toolkit..."
|
|
sudo apt-get remove --purge -y nvidia-container-toolkit
|
|
|
|
echo "删除 nerdctl bash 自动补全..."
|
|
sudo rm -f /etc/bash_completion.d/nerdctl
|
|
sudo rm -f /etc/bash_completion.d/docker
|
|
|
|
echo "删除 docker 兼容命令..."
|
|
sudo rm -f /usr/local/bin/docker
|
|
|
|
echo "清理完成。"
|
|
}
|
|
|
|
install_nvidia_docker() {
|
|
echo "正在安装 NVIDIA Docker..."
|
|
sudo apt-get update
|
|
sudo apt-get install -y curl gnupg lsb-release
|
|
|
|
if ! grep -q "^deb .\+nvidia-container-toolkit" /etc/apt/sources.list /etc/apt/sources.list.d/*; then
|
|
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
|
|
&& curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
|
|
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
|
|
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
|
|
else
|
|
echo "NVIDIA Docker 源已经配置,跳过此步骤。"
|
|
fi
|
|
|
|
sudo apt-get update
|
|
sudo apt-get install -y nvidia-container-toolkit
|
|
}
|
|
|
|
configure_containerd() {
|
|
echo "正在配置 containerd 使用 NVIDIA runtime..."
|
|
|
|
# 创建 /etc/containerd 目录并生成默认配置文件
|
|
sudo mkdir -p /etc/containerd
|
|
# containerd config default > /etc/containerd/config.toml
|
|
containerd config default | sudo tee /etc/containerd/config.toml
|
|
|
|
# 使用 sed 命令在特定位置添加配置项
|
|
sudo sed -i '/\[plugins."io.containerd.grpc.v1.cri".registry.configs\]/a \\t[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]\n\t\tinsecure_skip_verify = true' /etc/containerd/config.toml
|
|
|
|
# 配置 NVIDIA runtime
|
|
sudo nvidia-ctk runtime configure --runtime=containerd
|
|
|
|
# 重启 containerd 服务
|
|
sudo systemctl restart containerd
|
|
}
|
|
|
|
start_containerd() {
|
|
echo "正在启动 containerd..."
|
|
sudo systemctl enable --now containerd
|
|
if [ $? -ne 0 ]; then
|
|
echo "启动 containerd 失败。"
|
|
exit 1
|
|
fi
|
|
echo "containerd 启动成功。"
|
|
}
|
|
|
|
configure_buildkitd() {
|
|
echo "配置 buildkitd 服务..."
|
|
|
|
# 创建 buildkitd 配置文件目录
|
|
sudo mkdir -p /etc/buildkit
|
|
# https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
|
|
sudo tee /etc/buildkit/buildkit.toml > /dev/null <<EOT
|
|
[worker.oci]
|
|
enabled = false
|
|
|
|
[worker.containerd]
|
|
enabled = true
|
|
# namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
|
|
namespace = "buildkit"
|
|
platforms = [ "linux/amd64", "linux/arm64" ]
|
|
gc = true
|
|
# gckeepstorage sets storage limit for default gc profile, in MB.
|
|
gckeepstorage = 9000
|
|
|
|
# registry configures a new Docker register used for cache import or output.
|
|
[registry."docker.io"]
|
|
# mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
|
|
mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
|
|
http = true
|
|
insecure = true
|
|
#ca=["/etc/config/myca.pem"]
|
|
#[[registry."docker.io".keypair]]
|
|
#key="/etc/config/key.pem"
|
|
#cert="/etc/config/cert.pem"
|
|
EOT
|
|
|
|
sudo tee /etc/systemd/system/buildkit.service > /dev/null <<EOT
|
|
[Unit]
|
|
Description=BuildKit Daemon
|
|
Documentation=https://github.com/moby/buildkit
|
|
Requires=buildkit.socket
|
|
After=network.target buildkit.socket
|
|
|
|
[Service]
|
|
Type=notify
|
|
ExecStart=/usr/local/bin/buildkitd --config /etc/buildkit/buildkit.toml --addr fd://
|
|
Restart=always
|
|
RestartSec=10s
|
|
StartLimitInterval=0
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOT
|
|
|
|
sudo tee /etc/systemd/system/buildkit.socket > /dev/null <<EOT
|
|
[Unit]
|
|
Description=BuildKit
|
|
Documentation=https://github.com/moby/buildkit
|
|
|
|
[Socket]
|
|
ListenStream=%t/buildkit/buildkitd.sock
|
|
SocketMode=0660
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
EOT
|
|
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now buildkit.socket
|
|
sudo systemctl start buildkit
|
|
|
|
echo "buildkit 服务配置完成。"
|
|
}
|
|
|
|
case "$1" in
|
|
install)
|
|
install_nerdctl
|
|
install_nvidia_docker
|
|
configure_containerd
|
|
start_containerd
|
|
configure_buildkitd
|
|
;;
|
|
uninstall)
|
|
uninstall_nerdctl
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {install|uninstall}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# https://blog.csdn.net/u013522701/article/details/142153885
|
|
# 跳过校验
|
|
# [plugins]
|
|
# [plugins."io.containerd.grpc.v1.cri"]
|
|
# [plugins."io.containerd.grpc.v1.cri".registry]
|
|
# [plugins."io.containerd.grpc.v1.cri".registry.configs]
|
|
# [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
|
|
# insecure_skip_verify = true
|
|
# 配置镜像
|
|
# 在这里一行([plugins."io.containerd.grpc.v1.cri".registry])后面的一行加上:
|
|
# config_path = "/etc/containerd/certs.d"
|
|
# 然后在这个加上的路径上面添加文件夹(docker.io)并在这个文件里面添加hosts.toml文件
|
|
# cd /etc/containerd/certs.d
|
|
# mkdir -p docker.io
|
|
# 内容如下:
|
|
# server = "https://docker.io"
|
|
# [host."https://docker.rainbond.cc"]
|
|
# capabilities = ["pull", "resolve"]
|
|
|
|
# [host."https://docker.1panel.live"]
|
|
# capabilities = ["pull", "resolve"] |