From b459d18894e4f2a625e309f686cd95aa1cccf304 Mon Sep 17 00:00:00 2001 From: Jacob Blain Christen Date: Wed, 26 Aug 2020 17:46:34 -0700 Subject: [PATCH] installer: refactor install script (#220) Make the install script simpler by leveraging a self-extracting tarball built with makeself. This adds a new release artifact, rke2-installer.${GOOS}-${GOARCH}.run, that is a self-extracting version of the tarball artifact. The install, killall, and uninstall logic has been moved into this artifact which ends up on hosts, by default, in the /usr/local/share/rke2/scripts directory. The install.sh at the root of the repository has been simplified. It will attempt to detect if yum is available and install via that method. Lacking yum, it will download and invoke the self-extracting tarball. --- .gitignore | 2 +- .gitmodules | 3 - Dockerfile | 1 - Vagrantfile | 2 +- bundle/etc/profile.d/rke2.sh | 2 + bundle/etc/sysctl.d/rke2-cis.conf | 5 + bundle/share/rke2/rke2.service | 26 + bundle/share/rke2/scripts/rke2-install.sh | 115 +++ bundle/share/rke2/scripts/rke2-killall.sh | 81 ++ bundle/share/rke2/scripts/rke2-uninstall.sh | 42 + install.sh | 909 +++----------------- packaging | 1 - scripts/build-charts | 17 - scripts/install-makeself | 10 + scripts/package | 2 +- scripts/package-binary | 4 +- scripts/package-bundle | 52 +- 17 files changed, 428 insertions(+), 846 deletions(-) delete mode 100644 .gitmodules create mode 100755 bundle/etc/profile.d/rke2.sh create mode 100644 bundle/etc/sysctl.d/rke2-cis.conf create mode 100644 bundle/share/rke2/rke2.service create mode 100755 bundle/share/rke2/scripts/rke2-install.sh create mode 100755 bundle/share/rke2/scripts/rke2-killall.sh create mode 100755 bundle/share/rke2/scripts/rke2-uninstall.sh delete mode 160000 packaging delete mode 100755 scripts/build-charts create mode 100755 scripts/install-makeself diff --git a/.gitignore b/.gitignore index 9f75f64871..7eb7c101c7 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,5 @@ .idea .vscode /data -./rke2 +/rke2 /build diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 3934805b2e..0000000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "packaging"] - path = packaging - url = https://github.com/rancher/rke2-packaging.git diff --git a/Dockerfile b/Dockerfile index c80a63c0b7..44fbd6328f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,6 @@ VOLUME /var/lib/rancher/k3s # Dapper/Drone/CI environment FROM build AS dapper - ENV DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT ENV DAPPER_OUTPUT ./dist ./bin ./build ENV DAPPER_DOCKER_SOCKET true diff --git a/Vagrantfile b/Vagrantfile index 0cc4d7b2ea..1be27d1b93 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -168,7 +168,7 @@ EOF echo 'RKE2_KUBECONFIG_MODE=0644' >> /etc/sysconfig/rke2-server systemctl enable --now rke2-server cat << 'EOF' > /etc/profile.d/rke2.sh -export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$(ls -td /var/lib/rancher/rke2/data/*/bin):$PATH +export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/var/lib/rancher/rke2/bin EOF SHELL end diff --git a/bundle/etc/profile.d/rke2.sh b/bundle/etc/profile.d/rke2.sh new file mode 100755 index 0000000000..d8327e9ba2 --- /dev/null +++ b/bundle/etc/profile.d/rke2.sh @@ -0,0 +1,2 @@ +KUBECONFIG="/etc/rancher/rke2/rke2.yaml" +PATH="$PATH:/var/lib/rancher/rke2/bin" diff --git a/bundle/etc/sysctl.d/rke2-cis.conf b/bundle/etc/sysctl.d/rke2-cis.conf new file mode 100644 index 0000000000..4ec70c53dc --- /dev/null +++ b/bundle/etc/sysctl.d/rke2-cis.conf @@ -0,0 +1,5 @@ +vm.panic_on_oom=0 +vm.overcommit_memory=1 +kernel.keys.root_maxbytes=25000000 +kernel.panic=10 +kernel.panic_on_oops=1 diff --git a/bundle/share/rke2/rke2.service b/bundle/share/rke2/rke2.service new file mode 100644 index 0000000000..a72e05427c --- /dev/null +++ b/bundle/share/rke2/rke2.service @@ -0,0 +1,26 @@ +[Unit] +Description=Rancher Kubernetes Engine v2 +Documentation=https://github.com/rancher/rke2#readme +Wants=network-online.target +After=network-online.target + +[Install] +WantedBy=multi-user.target + +[Service] +EnvironmentFile=-/etc/systemd/system/rke2.env +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=rke2 server +Type=notify diff --git a/bundle/share/rke2/scripts/rke2-install.sh b/bundle/share/rke2/scripts/rke2-install.sh new file mode 100755 index 0000000000..070fe7a71a --- /dev/null +++ b/bundle/share/rke2/scripts/rke2-install.sh @@ -0,0 +1,115 @@ +#!/bin/sh + +if [ "${DEBUG}" = 1 ]; then + set -x +fi + +# Environment variables: +# - RKE2_* +# Environment variables which begin with RKE2_ will be preserved for the +# systemd service to use. Setting RKE2_URL without explicitly setting +# a systemd exec command will default the command to "agent", and we +# enforce that RKE2_TOKEN or RKE2_CLUSTER_SECRET is also set. +# +# - INSTALL_RKE2_SKIP_ENABLE +# If set to true will not enable or start rke2 service. +# Default is "false". +# +# - INSTALL_RKE2_SKIP_START +# If set to true will not start rke2 service. +# Default is "false". +# +# - INSTALL_RKE2_VERSION +# Version of rke2 to download from github. Will attempt to download from the +# stable channel if not specified. +# +# - INSTALL_RKE2_ROOT +# Filesystem location to unpack tarball. +# Default is "/usr/local". +# +# - INSTALL_RKE2_NAME +# Name of systemd service to create. +# Default is "rke2". +# +# - INSTALL_RKE2_TYPE +# Type of rke2 service. Can be either "server" or "agent". +# Default is "server" when unspecified and $RKE2_URL is empty. +# Default is "agent" when unspecified and $RKE2_URL not empty. +# + +# make sure we run as root +if [ ! $(id -u) -eq 0 ]; then + echo "$(basename "${0}"): must be run as root" >&2 + exit 1 +fi + +# if no systemd then bail +command -v systemctl >/dev/null 2>&1 || return + +set -e + +: "${INSTALL_RKE2_NAME:="rke2"}" +: "${INSTALL_RKE2_ROOT:="/usr/local"}" + +INSTALL_RKE2_ROOT="$(realpath "${INSTALL_RKE2_ROOT}")" + +if [ -z "${INSTALL_RKE2_TYPE}" ]; then + if [ -z "${RKE2_URL}" ]; then + INSTALL_RKE2_TYPE="server" + else + INSTALL_RKE2_TYPE="agent" + fi +fi + +# should we assume selinux? +if [ -z "${RKE2_SELINUX}" ] && command -v getenforce >/dev/null 2>&1; then + if [ -f /usr/share/selinux/packages/rke2.pp ] && [ "$(getenforce)" != "Disabled" ]; then + RKE2_SELINUX=true + fi +fi + +mkdir -p "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service.d" + +# setup service/installation environment file +if [ -d "${INSTALL_RKE2_ROOT}/lib/systemd/system" ]; then +cat <<-EOF > "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.env" +HOME=/root +INSTALL_RKE2_ROOT=${INSTALL_RKE2_ROOT} +INSTALL_RKE2_NAME=${INSTALL_RKE2_NAME} +EOF +env | grep -E '^RKE2_' | sort >> "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.env" +fi + +# setup the service file +cp -f "${INSTALL_RKE2_ROOT}/share/rke2/rke2.service" "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service" +if [ "${RKE2_SELINUX}" = "true" ]; then + chcon -t container_unit_file_t "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service" || true +fi + +# setup the service overrides +cat <<-EOF > "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service.d/00-install.conf" +[Service] +EnvironmentFile=-${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.env +ExecStart= +ExecStart=${INSTALL_RKE2_ROOT}/bin/rke2 ${INSTALL_RKE2_TYPE} +EOF + +# enable the cis profile +if [ -n "${RKE2_CIS_PROFILE}" ]; then + for conf in "${INSTALL_RKE2_ROOT}"/etc/sysctl.d/*.conf; do + cp -f "${conf}" "/etc/sysctl.d/${INSTALL_RKE2_CIS_SYSCTL_PREFIX:="30"}-$(basename "${conf}")" + done + systemctl restart systemd-sysctl >/dev/null +fi + +# enable the service +if [ "${INSTALL_RKE2_SKIP_ENABLE="false"}" = "true" ]; then + return +fi +systemctl enable "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service" > /dev/null +systemctl daemon-reload >/dev/null + +# start the service +if [ "${INSTALL_RKE2_SKIP_START=false}" != "true" ]; then + systemctl restart "${INSTALL_RKE2_NAME}" +fi diff --git a/bundle/share/rke2/scripts/rke2-killall.sh b/bundle/share/rke2/scripts/rke2-killall.sh new file mode 100755 index 0000000000..5e7ef87b1e --- /dev/null +++ b/bundle/share/rke2/scripts/rke2-killall.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +# make sure we run as root +if [ ! $(id -u) -eq 0 ]; then + echo "$(basename "${0}"): must be run as root" >&2 + exit 1 +fi + +pschildren() { + ps -e -o ppid= -o pid= | \ + sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ + grep -w "^$1" | \ + cut -f2 +} + +pstree() { + for pid in "$@"; do + echo ${pid} + for child in $(pschildren ${pid}); do + pstree ${child} + done + done +} + +killtree() { + kill -9 $( + { set +x; } 2>/dev/null; + pstree "$@"; + set -x; + ) 2>/dev/null +} + +getshims() { + ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'rke2/data/[^/]*/bin/containerd-shim' | cut -f1 +} + +do_unmount() { + { set +x; } 2>/dev/null + MOUNTS= + while read ignore mount ignore; do + MOUNTS="${mount}\n${MOUNTS}" + done /dev/null; getshims; set -x) + +do_unmount '/run/k3s' +do_unmount '/var/lib/rancher/rke2' +do_unmount '/var/lib/kubelet/pods' +do_unmount '/run/netns/cni-' + +# Delete network interface(s) that match 'master cni0' +ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do + iface=${iface%%@*} + [ -z "$iface" ] || ip link delete $iface +done +ip link delete cni0 +ip link delete flannel.1 +rm -rf /var/lib/cni/ +iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore diff --git a/bundle/share/rke2/scripts/rke2-uninstall.sh b/bundle/share/rke2/scripts/rke2-uninstall.sh new file mode 100755 index 0000000000..64bc02795c --- /dev/null +++ b/bundle/share/rke2/scripts/rke2-uninstall.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +# make sure we run as root +if [ ! $(id -u) -eq 0 ]; then + echo "$(basename "${0}"): must be run as root" >&2 + exit 1 +fi + +if [ -e "/etc/systemd/system/${INSTALL_RKE2_NAME}.env" ]; then + . "/etc/systemd/system/${INSTALL_RKE2_NAME}.env" +fi + +: "${INSTALL_RKE2_ROOT:="/usr/local"}" +: "${INSTALL_RKE2_NAME:="rke2"}" + +if [ -e "${rke2_killall:="$(dirname "$0")/rke2-killall.sh"}" ]; then + eval "${rke2_killall}" +fi + +if command -v systemctl >/dev/null 2>&1; then + systemctl disable "${INSTALL_RKE2_NAME}" || true + systemctl reset-failed "${INSTALL_RKE2_NAME}" || true + systemctl daemon-reload +fi + +# remove service files +rm -f "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service" +rm -rf "${INSTALL_RKE2_ROOT}/lib/systemd/system/${INSTALL_RKE2_NAME}.service.d" + +if (ls ${INSTALL_RKE2_ROOT}/lib/systemd/system/rke2*.service || ls /etc/init.d/rke2*) >/dev/null 2>&1; then + set +x; echo 'Additional rke2 services installed, skipping uninstall of rke2'; set -x + exit +fi + +set -e + +rm -rf /etc/rancher/rke2 +rm -rf /var/lib/kubelet +rm -rf /var/lib/rancher/rke2 +rm -f "/etc/sysctl.d/*-${INSTALL_RKE2_NAME}-cis.conf" +rm -f "${INSTALL_RKE2_ROOT}/bin/rke2" +rm -f "/etc/systemd/system/${INSTALL_RKE2_NAME}.env" diff --git a/install.sh b/install.sh index 60fc48ace0..acde91fffa 100755 --- a/install.sh +++ b/install.sh @@ -2,7 +2,7 @@ set -e -if [ "${DEBUG}" = 1 ]; then +if [ "${DEBUG}" = 1 ]; then set -x fi @@ -11,89 +11,8 @@ fi # or # ENV_VAR=... ./install.sh # -# Environment variables: -# - RKE2_* -# Environment variables which begin with RKE2_ will be preserved for the -# systemd service to use. Setting RKE2_URL without explicitly setting -# a systemd exec command will default the command to "agent", and we -# enforce that RKE2_TOKEN or RKE2_CLUSTER_SECRET is also set. -# -# - INSTALL_RKE2_SKIP_DOWNLOAD -# If set to true will not download rke2 hash or binary. -# -# - INSTALL_RKE2_SYMLINK -# If set to 'skip' will not create symlinks, 'force' will overwrite, -# default will symlink if command does not exist in path. -# -# - INSTALL_RKE2_SKIP_ENABLE -# If set to true will not enable or start rke2 service. -# -# - INSTALL_RKE2_SKIP_START -# If set to true will not start rke2 service. -# -# - INSTALL_RKE2_VERSION -# Version of rke2 to download from github. Will attempt to download from the -# stable channel if not specified. -# -# - INSTALL_RKE2_BIN_DIR -# Directory to install rke2 binary, links, and uninstall script to, or use -# /usr/local/bin as the default -# -# - INSTALL_RKE2_BIN_DIR_READ_ONLY -# If set to true will not write files to INSTALL_RKE2_BIN_DIR, forces -# setting INSTALL_RKE2_SKIP_DOWNLOAD=true -# -# - INSTALL_RKE2_SYSTEMD_DIR -# Directory to install systemd service and environment files to, or use -# /etc/systemd/system as the default -# -# - INSTALL_RKE2_EXEC or script arguments -# Command with flags to use for launching rke2 in the systemd service, if -# the command is not specified will default to "agent" if RKE2_URL is set -# or "server" if not. The final systemd command resolves to a combination -# of EXEC and script args ($@). -# -# The following commands result in the same behavior: -# curl ... | INSTALL_RKE2_EXEC="--disable=traefik" sh -s - -# curl ... | INSTALL_RKE2_EXEC="server --disable=traefik" sh -s - -# curl ... | INSTALL_RKE2_EXEC="server" sh -s - --disable=traefik -# curl ... | sh -s - server --disable=traefik -# curl ... | sh -s - --disable=traefik -# -# - INSTALL_RKE2_NAME -# Name of systemd service to create, will default from the rke2 exec command -# if not specified. If specified the name will be prefixed with 'rke2-'. -# -# - INSTALL_RKE2_TYPE -# Type of systemd service to create, will default from the rke2 exec command -# if not specified. -# -# - INSTALL_RKE2_SELINUX_WARN -# If set to true will continue if rke2-selinux policy is not found. -# -# - INSTALL_RKE2_ETCD_USER -# Create a user 'etcd'. If this value is set, the installation -# will chown the etcd data-dir to this user and update the etcd -# pod manifest. -# -# - INSTALL_RKE2_CIS_MODE -# Enable all options to allow RKE2 to run in CIS mode if set to true. This -# will add an "etcd" system user and will update the following kernel -# parameters and set them to the necessary values: -# vm.overcommit_memory=1 -# vm.panic_on_oom=0 -# kernel.panic=10 -# kernel.panic_on_oops=1 -# kernel.keys.root_maxbytes=25000000 -BASE_DIR="/var/lib/rancher/rke2" -INSTALL_PATH="/usr/local/bin" -GITHUB_URL=https://github.com/rancher/rke2/releases -STORAGE_URL=https://storage.googleapis.com/rke2-ci-builds -DOWNLOADER= - -USING_RKE2_USER=0 -USING_ETCD_USER=0 +: "${INSTALL_RKE2_GITHUB_URL:="https://github.com/rancher/rke2"}" # info logs the given argument at info log level. info() { @@ -108,95 +27,28 @@ warn() { # fatal logs the given argument at fatal log level. fatal() { echo "[ERROR] " "$@" >&2 - exit 1 -} - -# verify_system checks for the existence of either -# systemd or openrc. If either of the two do not -# exist, the script will log and error and exit. -verify_system() { - if [ -x /sbin/openrc-run ]; then - HAS_OPENRC=true - return + if [ -n "${SUFFIX}" ]; then + echo "[ALT] Please visit 'https://github.com/rancher/rke2/releases' directly and download the latest rke2-installer.${SUFFIX}.run" >&2 fi - if [ -d /run/systemd ]; then - HAS_SYSTEMD=true - return - fi - fatal "can not find systemd or openrc to use as a process supervisor for rke2" -} - -# quote adds quotes to command arguments. -quote() { - for arg in "$@"; do - printf '%s\n' "$arg" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" - done -} - -# quote_indent adds indentation and trailing slash -# to quoted args. -quote_indent() { - printf ' \\\n' - for arg in "$@"; do - printf '\t%s \\\n' "$(quote "$arg")" - done -} - -# escape escapes most punctuation characters, except -# quotes, forward slash, and space. -escape() { - printf '%s' "$@" | sed -e 's/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;' -} - -# escape_dq escapes double quotes. -escape_dq() { - printf '%s' "$@" | sed -e 's/"/\\"/g' + exit 1 } # setup_env defines needed environment variables. setup_env() { - # --- use command args if passed or create default --- - case "$1" in - # --- if we only have flags discover if command should be server or agent --- - (-*|"") - if [ -z "${RKE2_URL}" ]; then - CMD_RKE2=server - else - if [ -z "${RKE2_TOKEN}" ] && [ -z "${RKE2_CLUSTER_SECRET}" ]; then - fatal "defaulted rke2 exec command to 'agent' because RKE2_URL is defined, but RKE2_TOKEN or RKE2_CLUSTER_SECRET is not defined." - fi - CMD_RKE2=agent - fi - ;; - # --- command is provided --- - (*) - CMD_RKE2=$1 - shift - ;; - esac - if [ "${INSTALL_RKE2_CIS_MODE}" = true ]; then - CMD_RKE2_EXEC=" --profile=cis-1.5 ${CMD_RKE2}$(quote_indent "$@")" - else - CMD_RKE2_EXEC="${CMD_RKE2}$(quote_indent "$@")" - fi - - # --- use systemd name if defined or create default --- - if [ -n "${INSTALL_RKE2_NAME}" ]; then - SYSTEM_NAME=rke2-${INSTALL_RKE2_NAME} - else - if [ "${CMD_RKE2}" = server ]; then - SYSTEM_NAME=rke2 + if [ -z "${INSTALL_RKE2_TYPE}" ]; then + if [ -z "${RKE2_URL}" ]; then + INSTALL_RKE2_TYPE="server" else - SYSTEM_NAME=rke2-${CMD_RKE2} + INSTALL_RKE2_TYPE="agent" fi fi # --- check for invalid characters in system name --- - valid_chars=$(printf '%s' "${SYSTEM_NAME}" | sed -e 's/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;' ) - if [ "${SYSTEM_NAME}" != "${valid_chars}" ]; then + valid_chars=$(printf '%s' "${INSTALL_RKE2_NAME}" | sed -e 's/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;') + if [ "${INSTALL_RKE2_NAME}" != "${valid_chars}" ]; then invalid_chars=$(printf '%s' "${valid_chars}" | sed -e 's/[^^]/ /g') fatal "invalid characters for system name: - ${SYSTEM_NAME} + ${INSTALL_RKE2_NAME} ${invalid_chars}" fi @@ -206,115 +58,38 @@ setup_env() { SUDO= fi - # --- use systemd type if defined or create default --- - if [ -n "${INSTALL_RKE2_TYPE}" ]; then - SYSTEMD_TYPE=${INSTALL_RKE2_TYPE} - else - if [ "${CMD_RKE2}" = server ]; then - SYSTEMD_TYPE=notify - else - SYSTEMD_TYPE=exec - fi - fi - - # --- use binary install directory if defined or create default --- - if [ -n "${INSTALL_RKE2_BIN_DIR}" ]; then - BIN_DIR=${INSTALL_RKE2_BIN_DIR} - else - BIN_DIR=/usr/local/bin - fi - - # --- use systemd directory if defined or create default --- - if [ -n "${INSTALL_RKE2_SYSTEMD_DIR}" ]; then - SYSTEMD_DIR="${INSTALL_RKE2_SYSTEMD_DIR}" - else - SYSTEMD_DIR=/etc/systemd/system - fi - - # --- set related files from system name --- - SERVICE_RKE2=${SYSTEM_NAME}.service - UNINSTALL_RKE2_SH=${UNINSTALL_RKE2_SH:-${BIN_DIR}/${SYSTEM_NAME}-uninstall.sh} - KILLALL_RKE2_SH=${KILLALL_RKE2_SH:-${BIN_DIR}/rke2-killall.sh} - - # --- use service or environment location depending on systemd/openrc --- - if [ "${HAS_SYSTEMD}" = true ]; then - FILE_RKE2_SERVICE=${SYSTEMD_DIR}/${SERVICE_RKE2} - FILE_RKE2_ENV=${SYSTEMD_DIR}/${SERVICE_RKE2}.env - elif [ "${HAS_OPENRC}" = true ]; then - ${SUDO} mkdir -p /etc/rancher/rke2 - FILE_RKE2_SERVICE=/etc/init.d/${SYSTEM_NAME} - FILE_RKE2_ENV=/etc/rancher/rke2/${SYSTEM_NAME}.env - fi - - # --- get hash of config & exec for currently installed rke2 --- - PRE_INSTALL_HASHES=$(get_installed_hashes) - - # --- if bin directory is read only skip download --- - if [ "${INSTALL_RKE2_BIN_DIR_READ_ONLY}" = true ]; then - INSTALL_RKE2_SKIP_DOWNLOAD=true - fi - - # --- setup channel values - INSTALL_RKE2_CHANNEL_URL=${INSTALL_RKE2_CHANNEL_URL:-"https://update.rke2.io/v1-release/channels"} - INSTALL_RKE2_CHANNEL=${INSTALL_RKE2_CHANNEL:-"stable"} -} - -# can_skip_download checks if skip download -# environment variable set. -can_skip_download() { - if [ "${INSTALL_RKE2_SKIP_DOWNLOAD}" != true ]; then - return 1 - fi -} - -# verify_rke2_is_executable verify an executabe -# rke2 binary is installed. -verify_rke2_is_executable() { - if [ ! -x ${BIN_DIR}/rke2 ]; then - fatal "executable rke2 binary not found at ${BIN_DIR}/rke2" + # --- use yum install method if available + if [ -z "${INSTALL_RKE2_METHOD}" ] && command -v yum >/dev/null 2>&1; then + INSTALL_RKE2_METHOD=yum fi } -# setup_verify_arch set arch and suffix, +# setup_arch set arch and suffix, # fatal if architecture not supported. -setup_verify_arch() { - if [ -z "${ARCH}" ]; then - ARCH=$(uname -m) - fi - case ${ARCH} in - amd64) - ARCH=amd64 - SUFFIX= - ;; - x86_64) - ARCH=amd64 - SUFFIX= - ;; - arm64) - ARCH=arm64 - SUFFIX=-${ARCH} - ;; - aarch64) - ARCH=arm64 - SUFFIX=-${ARCH} - ;; - arm*) - ARCH=arm - SUFFIX=-${ARCH}hf - ;; - *) - fatal "unsupported architecture ${ARCH}" +setup_arch() { + case ${ARCH:=$(uname -m)} in + amd64) + ARCH=amd64 + SUFFIX=$(uname -s | tr '[:upper:]' '[:lower:]')-${ARCH} + ;; + x86_64) + ARCH=amd64 + SUFFIX=$(uname -s | tr '[:upper:]' '[:lower:]')-${ARCH} + ;; + *) + fatal "unsupported architecture ${ARCH}" + ;; esac } # verify_downloader verifies existence of # network downloader executable. verify_downloader() { - cmd="$(which $1)" - if [ -z ${cmd} ]; then + cmd="$(command -v "${1}")" + if [ -z "${cmd}" ]; then return 1 fi - if [ ! -x ${cmd} ]; then + if [ ! -x "${cmd}" ]; then return 1 fi @@ -323,12 +98,12 @@ verify_downloader() { return 0 } -# setup_tmp creates a tempory directory +# setup_tmp creates a temporary directory # and cleans up when done. setup_tmp() { TMP_DIR=$(mktemp -d -t rke2-install.XXXXXXXXXX) - TMP_HASH=${TMP_DIR}/rke2.hash - TMP_BIN=${TMP_DIR}/rke2.bin + TMP_CHECKSUMS=${TMP_DIR}/rke2.checksums + TMP_INSTALLER=${TMP_DIR}/rke2.installer cleanup() { code=$? set +e @@ -342,25 +117,27 @@ setup_tmp() { # --- use desired rke2 version if defined or find version from channel --- get_release_version() { if [ -n "${INSTALL_RKE2_COMMIT}" ]; then - VERSION_RKE2="commit ${INSTALL_RKE2_COMMIT}" + version="commit ${INSTALL_RKE2_COMMIT}" elif [ -n "${INSTALL_RKE2_VERSION}" ]; then - VERSION_RKE2=${INSTALL_RKE2_VERSION} + version=${INSTALL_RKE2_VERSION} else info "finding release for channel ${INSTALL_RKE2_CHANNEL}" - version_url="${INSTALL_RKE2_CHANNEL_URL}/${INSTALL_RKE2_CHANNEL}" + # version_url="${INSTALL_RKE2_CHANNEL_URL}/${INSTALL_RKE2_CHANNEL}" + version_url="${INSTALL_RKE2_GITHUB_URL}/releases/latest" case ${DOWNLOADER} in - curl) - VERSION_RKE2=$(curl -w "%{url_effective}" -L -s -S ${version_url} -o /dev/null | sed -e 's|.*/||') - ;; - wget) - VERSION_RKE2=$(wget -SqO /dev/null ${version_url} 2>&1 | grep -i Location | sed -e 's|.*/||') - ;; - *) - fatal "Incorrect downloader executable '${DOWNLOADER}'" - ;; + *curl) + version=$(${DOWNLOADER} -w "%{url_effective}" -L -s -S ${version_url} -o /dev/null | sed -e 's|.*/||') + ;; + *wget) + version=$(${DOWNLOADER} -SqO /dev/null ${version_url} 2>&1 | grep -i Location | sed -e 's|.*/||') + ;; + *) + fatal "Unsupported downloader executable '${DOWNLOADER}'" + ;; esac + INSTALL_RKE2_VERSION="${version}" fi - info "using ${VERSION_RKE2} as release" + info "using ${INSTALL_RKE2_VERSION} as release" } # download downloads from github url. @@ -370,14 +147,14 @@ download() { fi case ${DOWNLOADER} in - *curl) - curl -o "$1" -sfL "$2" + *curl) + curl -o "$1" -fsSL "$2" ;; - *wget) - wget -qO "$1" "$2" + *wget) + wget -qO "$1" "$2" ;; - *) - fatal "incorrect executable '${DOWNLOADER}'" + *) + fatal "downloader executable not supported: '${DOWNLOADER}'" ;; esac @@ -387,540 +164,84 @@ download() { fi } -# download_hash downloads hash from github url. -download_hash() { +# download_checksums downloads hash from github url. +download_checksums() { if [ -n "${INSTALL_RKE2_COMMIT}" ]; then - HASH_URL=${STORAGE_URL}/rke2${SUFFIX}-${INSTALL_RKE2_COMMIT}.sha256sum + fatal "downloading by commit is currently not supported" + # CHECKSUMS_URL=${STORAGE_URL}/rke2${SUFFIX}-${INSTALL_RKE2_COMMIT}.sha256sum else - HASH_URL=${GITHUB_URL}/download/${VERSION_RKE2}/sha256sum-${ARCH}.txt - fi - info "downloading hash ${HASH_URL}" - download "${TMP_HASH}" "${HASH_URL}" - HASH_EXPECTED=$(grep -E 'rke2.linux-amd64' "${TMP_HASH}" | grep -v 'tar.gz' | awk -F ' ' '{print $1}') -} - -# installed_hash_matches checks hash against -# installed version. -installed_hash_matches() { - if [ -x ${BIN_DIR}/rke2 ]; then - HASH_INSTALLED=$(sha256sum ${BIN_DIR}/rke2 | awk -F ' ' '{print $1}') - if [ "${HASH_EXPECTED}" = "${HASH_INSTALLED}" ]; then - return - fi + CHECKSUMS_URL=${INSTALL_RKE2_GITHUB_URL}/releases/download/${INSTALL_RKE2_VERSION}/sha256sum-${ARCH}.txt fi - return 1 + info "downloading checksums at ${CHECKSUMS_URL}" + download "${TMP_CHECKSUMS}" "${CHECKSUMS_URL}" + CHECKSUM_EXPECTED=$(grep "rke2-installer.${SUFFIX}.run" "${TMP_CHECKSUMS}" | awk '{print $1}') } -# download_binary downloads binary from github url. -download_binary() { +# download_installer downloads binary from github url. +download_installer() { if [ -n "${INSTALL_RKE2_COMMIT}" ]; then - BIN_URL=${STORAGE_URL}/rke2${SUFFIX}-${INSTALL_RKE2_COMMIT} + fatal "downloading by commit is currently not supported" + # INSTALLER_URL=${STORAGE_URL}/rke2-installer.${SUFFIX}-${INSTALL_RKE2_COMMIT}.run else - BIN_URL=${GITHUB_URL}/download/${VERSION_RKE2}/rke2.linux-${ARCH} + INSTALLER_URL=${INSTALL_RKE2_GITHUB_URL}/releases/download/${INSTALL_RKE2_VERSION}/rke2-installer.${SUFFIX}.run fi - info "downloading binary at ${BIN_URL}" - download "${TMP_BIN}" "${BIN_URL}" + info "downloading installer at ${INSTALLER_URL}" + download "${TMP_INSTALLER}" "${INSTALLER_URL}" } -# verify_binary verifies the downloaded -# binary hash. -verify_binary() { +# verify_installer verifies the downloaded installer checksum. +verify_installer() { info "verifying binary download" - HASH_BIN=$(sha256sum "${TMP_BIN}" | awk -F ' ' '{print $1}') - if [ "${HASH_EXPECTED}" != "${HASH_BIN}" ]; then - fatal "download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}" - fi -} - -# setup_binary sets up permissions and moves -# the binary to the system directory. -setup_binary() { - chmod 755 "${TMP_BIN}" - info "installing rke2 to ${BIN_DIR}/rke2" - if [ ${USING_RKE2_USER} ]; then - ${SUDO} chown "${INSTALL_RKE2_USER}":"${INSTALL_RKE2_USER}" "${TMP_BIN}" - else - ${SUDO} chown root:root "${TMP_BIN}" - fi - ${SUDO} mv -f "${TMP_BIN}" "${BIN_DIR}"/rke2 -} - -# setup_selinux sets up selinux policy. -setup_selinux() { - policy_hint="please install: - yum install -y container-selinux selinux-policy-base - rpm -i https://rpm.rancher.io/rke2-selinux-0.1.1-rc1.el7.noarch.rpm -" - policy_error=fatal - if [ "${INSTALL_RKE2_SELINUX_WARN}" = true ]; then - policy_error=warn - fi - - if ! ${SUDO} chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/rke2 >/dev/null 2>&1; then - if ${SUDO} grep '^\s*SELINUX=enforcing' /etc/selinux/config >/dev/null 2>&1; then - ${policy_error} "Failed to apply container_runtime_exec_t to ${BIN_DIR}/rke2, ${policy_hint}" - fi - else - if [ ! -f /usr/share/selinux/packages/rke2.pp ]; then - ${policy_error} "Failed to find the rke2-selinux policy, ${policy_hint}" - fi - fi + CHECKSUM_ACTUAL=$(sha256sum "${TMP_INSTALLER}" | awk '{print $1}') + if [ "${CHECKSUM_EXPECTED}" != "${CHECKSUM_ACTUAL}" ]; then + fatal "download sha256 does not match ${CHECKSUM_EXPECTED}, got ${CHECKSUM_ACTUAL}" + fi +} + +do_rpm() { + cat <<-EOF | ${SUDO} tee "/etc/yum.repos.d/rancher-rke2-${1}.repo" >/dev/null +[rancher-rke2-common-${1}] +name=Rancher RKE2 Common (${1}) +baseurl=https://rpm-${1}.rancher.io/rke2/${1}/common/centos/7/noarch +enabled=1 +gpgcheck=1 +gpgkey=https://rpm-${1}.rancher.io/public.key +[rancher-rke2-1-18-${1}] +name=Rancher RKE2 1.18 (${1}) +baseurl=https://rpm-${1}.rancher.io/rke2/${1}/1.18/centos/7/x86_64 +enabled=1 +gpgcheck=1 +gpgkey=https://rpm-${1}.rancher.io/public.key +EOF + ${SUDO} yum -y install "rke2-${INSTALL_RKE2_TYPE}" } -# download_and_verify downloads and verifies rke2. -download_and_verify() { - if can_skip_download; then - info "skipping rke2 download and verify" - verify_rke2_is_executable - return - fi - - setup_verify_arch +do_installer() { verify_downloader curl || verify_downloader wget || fatal "can not find curl or wget for downloading files" setup_tmp get_release_version - download_hash - - if installed_hash_matches; then - info "skipping binary download. installed rke2 matches hash" - return - fi - - download_binary - verify_binary - setup_binary -} - -# create_symlinks adds additional utility links. -create_symlinks() { - info "creating symlinks..." - for bin in ${BASE_DIR}/data/*/bin/*; do - ${SUDO} ln -sf "${bin}" "${INSTALL_PATH}"/"$(basename ${bin})" - done -} - -# create_killall creates the killall script. -create_killall() { - if [ "${INSTALL_RKE2_BIN_DIR_READ_ONLY}" = true ]; then - return - fi - info "creating killall script ${KILLALL_RKE2_SH}" - ${SUDO} tee "${KILLALL_RKE2_SH}" >/dev/null << \EOF -#!/bin/sh -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -for bin in ${BASE_DIR}/data/**/bin/; do - [ -d $bin ] && export PATH=$PATH:$bin:$bin/aux -done - -set -x - -for service in /etc/systemd/system/rke2*.service; do - [ -s ${service} ] && systemctl stop $(basename ${service}) -done - -for service in /etc/init.d/rke2*; do - [ -x ${service} ] && ${service} stop -done - -pschildren() { - ps -e -o ppid= -o pid= | \ - sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ - grep -w "^$1" | \ - cut -f2 -} - -pstree() { - for pid in $@; do - echo ${pid} - for child in $(pschildren ${pid}); do - pstree ${child} - done - done -} - -killtree() { - kill -9 $( - { set +x; } 2>/dev/null; - pstree $@; - set -x; - ) 2>/dev/null -} - -getshims() { - ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'rke2/data/[^/]*/bin/containerd-shim' | cut -f1 + download_checksums + download_installer + verify_installer + sh "${TMP_INSTALLER}" } -killtree $({ set +x; } 2>/dev/null; getshims; set -x) +do_install() { + setup_env + setup_arch -do_unmount() { - { set +x; } 2>/dev/null - MOUNTS= - while read ignore mount ignore; do - MOUNTS="${mount}\n${MOUNTS}" - done /dev/null | grep 'master cni0' | while read ignore iface ignore; do - iface=${iface%%@*} - [ -z "$iface" ] || ip link delete $iface -done -ip link delete cni0 -ip link delete flannel.1 -rm -rf /var/lib/cni/ -iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore -EOF - ${SUDO} chmod 755 "${KILLALL_RKE2_SH}" - - if [ ${USING_RKE2_USER} ]; then - ${SUDO} chown "${INSTALL_RKE2_USER}":"${INSTALL_RKE2_USER}" "${KILLALL_RKE2_SH}" - else - ${SUDO} chown root:root "${KILLALL_RKE2_SH}" - fi -} - -# create_uninstall creates the uninstall script. -create_uninstall() { - if [ "${INSTALL_RKE2_BIN_DIR_READ_ONLY}" = true ]; then - return - fi - info "creating uninstall script ${UNINSTALL_RKE2_SH}" - ${SUDO} tee "${UNINSTALL_RKE2_SH}" >/dev/null << EOF -#!/bin/sh -set -x -[ \$(id -u) -eq 0 ] || exec sudo \$0 \$@ - -${KILLALL_RKE2_SH} - -if which systemctl; then - systemctl disable ${SYSTEM_NAME} - systemctl reset-failed ${SYSTEM_NAME} - systemctl daemon-reload -fi -if which rc-update; then - rc-update delete ${SYSTEM_NAME} default -fi - -rm -f ${FILE_RKE2_SERVICE} -rm -f ${FILE_RKE2_ENV} - -remove_uninstall() { - rm -f ${UNINSTALL_RKE2_SH} -} -trap remove_uninstall EXIT - -if (ls ${SYSTEMD_DIR}/rke2*.service || ls /etc/init.d/rke2*) >/dev/null 2>&1; then - set +x; echo 'Additional rke2 services installed, skipping uninstall of rke2'; set -x - exit -fi - -for cmd in kubectl crictl ctr; do - if [ -L ${BIN_DIR}/\$cmd ]; then - rm -f ${BIN_DIR}/\$cmd - fi -done - -rm -rf /etc/rancher/rke2 -rm -rf "${BASE_DIR}" -rm -rf /var/lib/kubelet -rm -f ${BIN_DIR}/rke2 -rm -f ${KILLALL_RKE2_SH} - -for u in etcd rke2; do - if id -u \${u} 2>/dev/null; then - userdel \${u} - groupdel \${u} - fi -done - -EOF - ${SUDO} chmod 755 "${UNINSTALL_RKE2_SH}" - - if [ ${USING_RKE2_USER} ]; then - ${SUDO} chown "${INSTALL_RKE2_USER}":"${INSTALL_RKE2_USER}" "${UNINSTALL_RKE2_SH}" - else - ${SUDO} chown root:root "${UNINSTALL_RKE2_SH}" - fi -} - -# systemd_disable disables the current -# service if loaded. -systemd_disable() { - ${SUDO} rm -f "/etc/systemd/system/${SERVICE_RKE2}" || true - ${SUDO} rm -f "/etc/systemd/system/${SERVICE_RKE2}.env" || true - ${SUDO} systemctl disable "${SYSTEM_NAME}" >/dev/null 2>&1 || true -} - -# create_env_file captures current env and creates -# a file containing rke2_ variables. -create_env_file() { - info "env: creating environment file ${FILE_RKE2_ENV}" - UMASK=$(umask) - umask 0377 - env | grep '^RKE2_' | ${SUDO} tee "${FILE_RKE2_ENV}" >/dev/null - env | grep -E -i '^(NO|HTTP|HTTPS)_PROXY' | ${SUDO} tee -a "${FILE_RKE2_ENV}" >/dev/null - echo "HOME=/root" | ${SUDO} tee -a "${FILE_RKE2_ENV}" >/dev/null - umask "${UMASK}" -} - -# create_systemd_service_file writes the -# systemd service file. -create_systemd_service_file() { - info "systemd: Creating service file ${FILE_RKE2_SERVICE}" - ${SUDO} tee "${FILE_RKE2_SERVICE}" >/dev/null << EOF -[Unit] -Description=Rancher Kubernetes Engine v2 -Documentation=https://rke2.io -Wants=network-online.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=${SYSTEMD_TYPE} -EnvironmentFile=${FILE_RKE2_ENV} -KillMode=process -Delegate=yes -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=1048576 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -TimeoutStartSec=0 -Restart=always -RestartSec=5s -ExecStartPre=-/sbin/modprobe br_netfilter -ExecStartPre=-/sbin/modprobe overlay -ExecStart=${BIN_DIR}/rke2 \\ - ${CMD_RKE2_EXEC} - -EOF -} - -# create_openrc_service_file writes the openrc -# service file. -create_openrc_service_file() { - LOG_FILE=/var/log/${SYSTEM_NAME}.log - - info "openrc: Creating service file ${FILE_RKE2_SERVICE}" - ${SUDO} tee "${FILE_RKE2_SERVICE}" >/dev/null << EOF -#!/sbin/openrc-run - -depend() { - after network-online - want cgroups -} - -start_pre() { - rm -f /tmp/rke2.* -} - -supervisor=supervise-daemon -name=${SYSTEM_NAME} -command="${BIN_DIR}/rke2" -command_args="$(escape_dq "${CMD_RKE2_EXEC}") - >>${LOG_FILE} 2>&1" - -output_log=${LOG_FILE} -error_log=${LOG_FILE} - -pidfile="/var/run/${SYSTEM_NAME}.pid" -respawn_delay=5 - -set -o allexport -if [ -f /etc/environment ]; then source /etc/environment; fi -if [ -f ${FILE_RKE2_ENV} ]; then source ${FILE_RKE2_ENV}; fi -set +o allexport -EOF - ${SUDO} chmod 0755 "${FILE_RKE2_SERVICE}" - - ${SUDO} tee "/etc/logrotate.d/${SYSTEM_NAME}" >/dev/null << EOF -${LOG_FILE} { - missingok - notifempty - copytruncate -} -EOF -} - -# create_service_file writes the supervisor -# service file. -create_service_file() { - if [ "${HAS_SYSTEMD}" = true ]; then - create_systemd_service_file - fi - if [ "${HAS_OPENRC}" = true ]; then - create_openrc_service_file - fi - return 0 -} - -# get_installed_hashes gets the hashes of the -# current rke2 binary and service files. -get_installed_hashes() { - ${SUDO} sha256sum ${BIN_DIR}/rke2 "${FILE_RKE2_SERVICE}" "${FILE_RKE2_ENV}" 2>&1 || true -} - -# systemd_enable enables and starts systemd service. -systemd_enable() { - info "systemd: Enabling ${SYSTEM_NAME} unit" - ${SUDO} systemctl enable ${FILE_RKE2_SERVICE} >/dev/null - ${SUDO} systemctl daemon-reload >/dev/null -} - -# systemd_start starts systemd. -systemd_start() { - info "systemd: starting ${SYSTEM_NAME}" - ${SUDO} systemctl restart "${SYSTEM_NAME}" -} - -# openrc_enable enables and starts openrc service. -openrc_enable() { - info "openrc: enabling ${SYSTEM_NAME} service for default runlevel" - ${SUDO} rc-update add "${SYSTEM_NAME}" default >/dev/null -} - -# openrc_start starts openrc. -openrc_start() { - info "openrc: starting ${SYSTEM_NAME}" - ${SUDO} "${FILE_RKE2_SERVICE}" restart -} - -# service_enable_and_start starts up the supervisor service. -service_enable_and_start() { - if [ "${INSTALL_RKE2_SKIP_ENABLE}" = true ]; then - return - fi - - if [ "${HAS_SYSTEMD}" = true ]; then - systemd_enable - fi - - if [ "${HAS_OPENRC}" = true ]; then - openrc_enable - fi - - if [ "${INSTALL_RKE2_SKIP_START}" = true ]; then - return - fi - - POST_INSTALL_HASHES=$(get_installed_hashes) - if [ "${PRE_INSTALL_HASHES}" = "${POST_INSTALL_HASHES}" ]; then - info "no change detected so skipping service start" - return - fi - - if [ "${HAS_SYSTEMD}" = true ]; then - systemd_start - fi - - if [ "${HAS_OPENRC}" = true ]; then - openrc_start - fi - return 0 -} - -# create_user creates a new -# user with the given name. -create_user() { - if [ -z "$1" ]; then - echo "error: no user given for creation" - exit 1 - fi - if [ -z "$2" ]; then - echo "error: no user description given" - exit 1 - fi - - if [ ! $(id -u $1 > /dev/null 2>&1; echo $?) ]; then - no_login=$(command -v nologin) - - if [ ! -z "${no_login}" ]; then - ${SUDO} useradd -r -d "${BASE_DIR}" -c "$2" -s "${no_login}" "$1" - else - ${SUDO} useradd -r -d "${BASE_DIR}" -c "$2" -s /bin/false "$1" - fi - else - info "$1 exists. moving on..." - fi -} - -# re-evaluate args to include env command -eval set -- $(escape "${INSTALL_RKE2_EXEC}") $(quote "$@") - -# setup_rke2_user creates the rke2 user and group, home -# directory, and sets necessary ownership. -setup_rke2_user() { - ${SUDO} mkdir -p "${BASE_DIR}" - create_user "$1" "RKE2 Service User" - ${SUDO} chown -R "$1":"$1" "$(dirname ${BASE_DIR})" - USING_RKE2_USER=1 -} - -# setup_etcd_user creates the etcd user, provides a description -# and adds it to the rke2 group if it exists. -setup_etcd_user() { - create_user "$1" "ETCD Service User" - if [ "$(id -u "rke2" 2>/dev/null)" = 1 ]; then - ${SUDO} usermod -a -G "${INSTALL_RKE2_USER}" "${INSTALL_RKE2_ETCD_USER}" - fi - USING_ETCD_USER=1 -} - -# update_kernel_params adjusts the necessary kernel parameters -# to allow RKE2 to run in CIS mode. -update_kernel_params() { - for param in vm.panic_on_oom=0 kernel.panic=10 kernel.panic_on_oops=1 kernel.keys.root_maxbytes=25000000 vm.overcommit_memory=1; do - ${SUDO} sysctl -w ${param} - # check if we've already written these values and only write them - # if we haven't previously. - if ! grep -Fxq ${param} /etc/sysctl.d/local.conf >/dev/null; then - echo ${param} | ${SUDO} tee -a /etc/sysctl.d/local.conf >/dev/null - fi - done -} - -# main -{ - verify_system - setup_env "$@" - - if [ "${INSTALL_RKE2_CIS_MODE}" = true ]; then - update_kernel_params - setup_etcd_user "etcd" - fi - - if [ "${INSTALL_RKE2_USER}" = true ]; then - setup_rke2_user "rke2" - fi - - if [ "${INSTALL_RKE2_ETCD_USER}" = true ] && [ ${USING_ETCD_USER} != 1 ] ; then - setup_etcd_user "etcd" - fi - - download_and_verify - setup_selinux - create_killall - create_uninstall - systemd_disable - create_env_file - create_service_file - service_enable_and_start - create_symlinks + case ${INSTALL_RKE2_METHOD-"installer"} in + yum | rpm | dnf) + do_rpm "${INSTALL_RKE2_CHANNEL-"testing"}" + ;; + installer) + do_installer "${INSTALL_RKE2_CHANNEL-"testing"}" + ;; + *) + fatal "unknown installation method: ${INSTALL_RKE2_METHOD}" + ;; + esac } +do_install exit 0 diff --git a/packaging b/packaging deleted file mode 160000 index 6d2390a3ce..0000000000 --- a/packaging +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 6d2390a3ce8d4b9fa316561bc1820af4a93e9285 diff --git a/scripts/build-charts b/scripts/build-charts deleted file mode 100755 index 27cc55d970..0000000000 --- a/scripts/build-charts +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bash -set -ex - -CHARTS_DIR=build/static/charts -MANIFEST_DIR=manifests -CHARTS="rke2-canal:v3.13.3 rke2-coredns:1.10.101 rke2-kube-proxy:v1.18.4 rke2-metrics-server:2.11.100 rke2-ingress-nginx:1.36.300" -CHARTS_REPO="https://rke2-charts.rancher.io" - -mkdir -p ${CHARTS_DIR} -for chart in ${CHARTS}; do - chart_name=$(echo "${chart}" | cut -d ":" -f 1) - chart_version=$(echo "${chart}" | cut -d ":" -f 2) - curl -sfL ${CHARTS_REPO}/"assets"/${chart_name}/${chart_name}-${chart_version}.tgz -o ${CHARTS_DIR}/${chart_name}-$chart_version.tgz - chart_content=$(base64 -w 0 ${CHARTS_DIR}/${chart_name}-${chart_version}.tgz) - sed -e "s|%{CHART_CONTENT}%|${chart_content}|g" ${MANIFEST_DIR}/${chart_name}.yml >${CHARTS_DIR}/${chart_name}-chart.yml - rm ${CHARTS_DIR}/${chart_name}-${chart_version}.tgz -done diff --git a/scripts/install-makeself b/scripts/install-makeself new file mode 100755 index 0000000000..7937ebe97d --- /dev/null +++ b/scripts/install-makeself @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -ex + +: "${MAKESELF_VERSION:=2.4.2}" + +mkdir -p build/makeself +if [ ! -e build/makeself/makeself.sh ]; then + curl -fsSL -o build/makeself.run https://github.com/megastep/makeself/releases/download/release-${MAKESELF_VERSION}/makeself-${MAKESELF_VERSION}.run + sh build/makeself.run --nox11 --target build/makeself +fi diff --git a/scripts/package b/scripts/package index efbf50a3a7..d848194e21 100755 --- a/scripts/package +++ b/scripts/package @@ -4,7 +4,7 @@ set -ex cd $(dirname $0)/.. source ./scripts/version.sh -mkdir -p dist/artifacts +mkdir -p dist/{artifacts,bundle} ./scripts/package-binary ./scripts/package-bundle ./scripts/package-images diff --git a/scripts/package-binary b/scripts/package-binary index a6cf5f15d5..e010ceb8fa 100755 --- a/scripts/package-binary +++ b/scripts/package-binary @@ -5,4 +5,6 @@ cd $(dirname $0)/.. source ./scripts/version.sh -cp bin/${PROG} dist/artifacts/${RELEASE} +mkdir -p dist/artifacts + +cp -f bin/${PROG} dist/artifacts/${RELEASE} diff --git a/scripts/package-bundle b/scripts/package-bundle index e7c9a05a09..ee9633e607 100755 --- a/scripts/package-bundle +++ b/scripts/package-bundle @@ -5,37 +5,37 @@ cd $(dirname $0)/.. source ./scripts/version.sh -if [ ! -d packaging/rpm ]; then - git submodule update --recursive --remote --init packaging -fi +mkdir -p dist/bundle/{bin,share} -find packaging -mkdir -p dist/bundle/{bin,etc/rancher/${PROG},usr/share/${PROG}/rpm} +### bundle underlay +rsync -a bundle/ dist/bundle/ ### bin/rke2 cp -f bin/${PROG} dist/bundle/bin/ -### etc/environment -cat << EOF > dist/bundle/etc/environment -KUBECONFIG=/etc/rancher/${PROG}/${PROG}.yaml -EOF - -### etc/rancher/rke2/README.md -cat << EOF > dist/bundle/etc/rancher/${PROG}/README.md -# RKE2 FILES - -- **\`${PROG}.yaml\`** - \`${PROG} server\` will place this KUBECONFIG on successful start-up. - -- **\`registries.yaml\`** - The \`k3s\` subsystem embedded in \`${PROG}\` will look for this file on all agents (i.e. including servers) as configuration - for custom/private registries a la https://rancher.com/docs/k3s/latest/en/installation/private-registry/ -EOF +### share/rke2/LICENSE +cp -vf LICENSE dist/bundle/share/${PROG}/LICENSE.txt -### usr/share/rke2/rpm -rsync -a packaging/rpm/ dist/bundle/usr/share/${PROG}/rpm/ +### (setup directory) +mkdir -p dist/artifacts -### +### (make the tarball) +if [ -z "${PACKAGE_SKIP_TARBALL}" ]; then + tar -czf dist/artifacts/${RELEASE}.tar.gz -C dist/bundle $(find dist/bundle -mindepth 1 -maxdepth 1 -type d -exec basename {} \;) +fi -mkdir -p dist/artifacts -tar -cvzf dist/artifacts/${RELEASE}.tar.gz -C dist/bundle . +### (make the self-installing tarball) +if [ -z "${PACKAGE_SKIP_INSTALLER}" ]; then + ./scripts/install-makeself + ./build/makeself/makeself.sh \ + --needroot \ + --nox11 \ + --sha256 \ + --target /usr/local \ + "dist/bundle" \ + "dist/artifacts/rke2-installer.${PLATFORM}.run" \ + "rke2 ${VERSION}" \ + "env" \ + INSTALL_RKE2_ROOT="." \ + "sh" "./share/${PROG}/scripts/${PROG}-install.sh" +fi