diff --git a/.dockerignore b/.dockerignore index 5f31b7fd15e6..36131d37449b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,12 +1,7 @@ ./bin ./etc -./build/data -./build/data.tar.gz ./pkg/data/zz_generated_bindata.go -./package/data.tar.gz ./.vagrant ./.cache ./.dapper -./data-dir -./dist ./.trash-cache diff --git a/.drone.yml b/.drone.yml index 5d53717a09b7..c9bdfdcc267d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -59,6 +59,23 @@ steps: event: - tag +- name: rpm-publish + image: centos:7 + environment: + PRIVATE_KEY: + from_secret: private_key + PRIVATE_KEY_PASS_PHRASE: + from_secret: private_key_pass_phrase + AWS_S3_BUCKET: + from_secret: aws_s3_bucket + AWS_ACCESS_KEY_ID: + from_secret: aws_access_key_id + AWS_SECRET_ACCESS_KEY: + from_secret: aws_secret_access_key + commands: + - scripts/provision/generic/centos7/yum-install-rpm-tools + - scripts/package-rpm + - name: test image: rancher/dapper:v0.4.2 secrets: [ gcloud_auth ] @@ -154,6 +171,23 @@ steps: event: - tag +- name: rpm-publish + image: centos:7 + environment: + PRIVATE_KEY: + from_secret: private_key + PRIVATE_KEY_PASS_PHRASE: + from_secret: private_key_pass_phrase + AWS_S3_BUCKET: + from_secret: aws_s3_bucket + AWS_ACCESS_KEY_ID: + from_secret: aws_access_key_id + AWS_SECRET_ACCESS_KEY: + from_secret: aws_secret_access_key + commands: + - scripts/provision/generic/centos7/yum-install-rpm-tools + - scripts/package-rpm + - name: test image: rancher/dapper:v0.4.2 secrets: [ gcloud_auth ] @@ -323,6 +357,6 @@ volumes: - name: docker host: path: /var/run/docker.sock - + depends_on: - manifest \ No newline at end of file diff --git a/install.sh b/install.sh index d364e12d4e12..48bff4f8c5cb 100755 --- a/install.sh +++ b/install.sh @@ -26,6 +26,9 @@ set -e # If set to 'skip' will not create symlinks, 'force' will overwrite, # default will symlink if command does not exist in path. # +# - INSTALL_K3S_SKIP_ENABLE +# If set to true will not enable or start k3s service. +# # - INSTALL_K3S_SKIP_START # If set to true will not start k3s service. # @@ -166,11 +169,6 @@ setup_env() { ${invalid_chars}" fi - # --- set related files from system name --- - SERVICE_K3S=${SYSTEM_NAME}.service - UNINSTALL_K3S_SH=${SYSTEM_NAME}-uninstall.sh - KILLALL_K3S_SH=k3s-killall.sh - # --- use sudo if we are not already root --- SUDO=sudo if [ $(id -u) -eq 0 ]; then @@ -202,6 +200,11 @@ setup_env() { SYSTEMD_DIR=/etc/systemd/system fi + # --- set related files from system name --- + SERVICE_K3S=${SYSTEM_NAME}.service + UNINSTALL_K3S_SH=${UNINSTALL_K3S_SH:-${BIN_DIR}/${SYSTEM_NAME}-uninstall.sh} + KILLALL_K3S_SH=${KILLALL_K3S_SH:-${BIN_DIR}/k3s-killall.sh} + # --- use service or environment location depending on systemd/openrc --- if [ "${HAS_SYSTEMD}" = true ]; then FILE_K3S_SERVICE=${SYSTEMD_DIR}/${SERVICE_K3S} @@ -396,7 +399,7 @@ setup_binary() { $SUDO chown root:root ${TMP_BIN} $SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s - if command -v getenforce > /dev/null 2>&1; then + if command -v getenforce >/dev/null 2>&1; then if [ "Disabled" != $(getenforce) ]; then info 'SELinux is enabled, setting permissions' if ! $SUDO semanage fcontext -l | grep "${BIN_DIR}/k3s" > /dev/null 2>&1; then @@ -439,7 +442,7 @@ create_symlinks() { for cmd in kubectl crictl ctr; do if [ ! -e ${BIN_DIR}/${cmd} ] || [ "${INSTALL_K3S_SYMLINK}" = force ]; then - which_cmd=$(which ${cmd} || true) + which_cmd=$(which ${cmd} 2>/dev/null || true) if [ -z "${which_cmd}" ] || [ "${INSTALL_K3S_SYMLINK}" = force ]; then info "Creating ${BIN_DIR}/${cmd} symlink to k3s" $SUDO ln -sf k3s ${BIN_DIR}/${cmd} @@ -455,13 +458,13 @@ create_symlinks() { # --- create killall script --- create_killall() { [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return - info "Creating killall script ${BIN_DIR}/${KILLALL_K3S_SH}" - $SUDO tee ${BIN_DIR}/${KILLALL_K3S_SH} >/dev/null << \EOF + info "Creating killall script ${KILLALL_K3S_SH}" + $SUDO tee ${KILLALL_K3S_SH} >/dev/null << \EOF #!/bin/sh [ $(id -u) -eq 0 ] || exec sudo $0 $@ for bin in /var/lib/rancher/k3s/data/**/bin/; do - [ -d $bin ] && export PATH=$bin:$PATH + [ -d $bin ] && export PATH=$PATH:$bin:$bin/aux done set -x @@ -499,7 +502,7 @@ killtree() { } getshims() { - lsof | sed -e 's/^[^0-9]*//g; s/ */\t/g' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 | sort -n -u + ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 } killtree $({ set +x; } 2>/dev/null; getshims; set -x) @@ -534,20 +537,20 @@ ip link delete flannel.1 rm -rf /var/lib/cni/ iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore EOF - $SUDO chmod 755 ${BIN_DIR}/${KILLALL_K3S_SH} - $SUDO chown root:root ${BIN_DIR}/${KILLALL_K3S_SH} + $SUDO chmod 755 ${KILLALL_K3S_SH} + $SUDO chown root:root ${KILLALL_K3S_SH} } # --- create uninstall script --- create_uninstall() { [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return - info "Creating uninstall script ${BIN_DIR}/${UNINSTALL_K3S_SH}" - $SUDO tee ${BIN_DIR}/${UNINSTALL_K3S_SH} >/dev/null << EOF + info "Creating uninstall script ${UNINSTALL_K3S_SH}" + $SUDO tee ${UNINSTALL_K3S_SH} >/dev/null << EOF #!/bin/sh set -x [ \$(id -u) -eq 0 ] || exec sudo \$0 \$@ -${BIN_DIR}/${KILLALL_K3S_SH} +${KILLALL_K3S_SH} if which systemctl; then systemctl disable ${SYSTEM_NAME} @@ -562,7 +565,7 @@ rm -f ${FILE_K3S_SERVICE} rm -f ${FILE_K3S_ENV} remove_uninstall() { - rm -f ${BIN_DIR}/${UNINSTALL_K3S_SH} + rm -f ${UNINSTALL_K3S_SH} } trap remove_uninstall EXIT @@ -581,10 +584,10 @@ rm -rf /etc/rancher/k3s rm -rf /var/lib/rancher/k3s rm -rf /var/lib/kubelet rm -f ${BIN_DIR}/k3s -rm -f ${BIN_DIR}/${KILLALL_K3S_SH} +rm -f ${KILLALL_K3S_SH} EOF - $SUDO chmod 755 ${BIN_DIR}/${UNINSTALL_K3S_SH} - $SUDO chown root:root ${BIN_DIR}/${UNINSTALL_K3S_SH} + $SUDO chmod 755 ${UNINSTALL_K3S_SH} + $SUDO chown root:root ${UNINSTALL_K3S_SH} } # --- disable current service if loaded -- @@ -718,6 +721,8 @@ openrc_start() { # --- startup systemd or openrc service --- service_enable_and_start() { + [ "${INSTALL_K3S_SKIP_ENABLE}" = true ] && return + [ "${HAS_SYSTEMD}" = true ] && systemd_enable [ "${HAS_OPENRC}" = true ] && openrc_enable diff --git a/package/k3s.spec b/package/k3s.spec new file mode 100644 index 000000000000..686888ebcb5d --- /dev/null +++ b/package/k3s.spec @@ -0,0 +1,57 @@ +# vim: sw=4:ts=4:et + +%define install_path /usr/bin +%define util_path %{_datadir}/k3s +%define install_sh %{util_path}/.install.sh +%define uninstall_sh %{util_path}/.uninstall.sh + +Name: k3s +Version: %{k3s_version} +Release: %{k3s_release}%{?dist} +Summary: Lightweight Kubernetes + +Group: System Environment/Base +License: ASL 2.0 +URL: http://k3s.io + +BuildRequires: systemd +Requires(post): k3s-selinux >= %{k3s_policyver} + +%description +The certified Kubernetes distribution built for IoT & Edge computing. + +%install +install -d %{buildroot}%{install_path} +install dist/artifacts/%{k3s_binary} %{buildroot}%{install_path}/k3s +install -d %{buildroot}%{util_path} +install install.sh %{buildroot}%{install_sh} + +%post +# do not run install script on upgrade +echo post-install args: $@ +if [ $1 == 1 ]; then + INSTALL_K3S_BIN_DIR=%{install_path} \ + INSTALL_K3S_SKIP_DOWNLOAD=true \ + INSTALL_K3S_SKIP_ENABLE=true \ + UNINSTALL_K3S_SH=%{uninstall_sh} \ + %{install_sh} +fi +%systemd_post k3s.service +exit 0 + +%postun +echo post-uninstall args: $@ +# do not run uninstall script on upgrade +if [ $1 == 0 ]; then + %{uninstall_sh} + rm -rf %{util_path} +fi +exit 0 + +%files +%{install_path}/k3s +%{install_sh} + +%changelog +* Mon Mar 2 2020 Erik Wilson 0.1-1 +- Initial version diff --git a/scripts/package-rpm b/scripts/package-rpm new file mode 100755 index 000000000000..487c794e78a1 --- /dev/null +++ b/scripts/package-rpm @@ -0,0 +1,78 @@ +#!/bin/bash +set -e -x + +cd $(dirname $0)/.. + +ARCH=${DRONE_STAGE_ARCH:-$(arch)} +. ./scripts/version.sh + +if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(\-[^\+]*)?\+k3s.+$ ]]; then + echo "k3s version $VERSION does not match regex for rpm upload" + exit 0 +fi + +TMPDIR=$(mktemp -d) +cleanup() { + exit_code=$? + trap - EXIT INT + rm -rf ${TMPDIR} + exit ${exit_code} +} +trap cleanup EXIT INT + +export HOME=${TMPDIR} + +BIN_SUFFIX="" +if [ ${ARCH} = aarch64 ] || [ ${ARCH} = arm64 ]; then + BIN_SUFFIX="-arm64" +elif [ ${ARCH} = armv7l ] || [ ${ARCH} = arm ]; then + BIN_SUFFIX="-armhf" +fi + +# capture version of k3s +k3s_version=$(sed -E -e 's/^v([^-+]*).*$/\1/' <<< $VERSION) +# capture pre-release and metadata information of k3s +k3s_release=$(sed -E -e 's/\+k3s/+/; s/\+/-/g; s/^[^-]*//; s/^--/dev-/; s/-+/./g; s/^\.+//; s/\.+$//;' <<< $VERSION) +# k3s-selinux policy version needed for functionality +k3s_policyver=0.1-1 + +rpmbuild \ + --define "k3s_version ${k3s_version}" \ + --define "k3s_release ${k3s_release}" \ + --define "k3s_policyver ${k3s_policyver}" \ + --define "k3s_binary k3s${BIN_SUFFIX}" \ + --define "_sourcedir ${PWD}" \ + --define "_specdir ${PWD}" \ + --define "_builddir ${PWD}" \ + --define "_srcrpmdir ${PWD}" \ + --define "_rpmdir ${PWD}/dist/rpm" \ + --define "_buildrootdir ${PWD}/.rpm-build" \ + -bb package/k3s.spec + +if ! grep "BEGIN PGP PRIVATE KEY BLOCK" <<<"$PRIVATE_KEY"; then + echo "PRIVATE_KEY not defined, skipping rpm sign and upload" + exit 0 +fi + +cat <<\EOF >~/.rpmmacros +%_signature gpg +%_gpg_name ci@rancher.com +EOF +gpg --import - <<<"$PRIVATE_KEY" + +expect <public.key +gpg --armor --export-secret-key ci@rancher.com >private.key diff --git a/scripts/provision/generic/centos7/yum-install-rpm-tools b/scripts/provision/generic/centos7/yum-install-rpm-tools new file mode 100755 index 000000000000..2abc5ff335d4 --- /dev/null +++ b/scripts/provision/generic/centos7/yum-install-rpm-tools @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e -x + +yum install -y git expect yum-utils rpm-build rpm-sign python-deltarpm epel-release +yum install -y python2-pip +pip install git+git://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e diff --git a/scripts/provision/vagrant b/scripts/provision/vagrant index 631acf41bca1..84cb28bd5291 100755 --- a/scripts/provision/vagrant +++ b/scripts/provision/vagrant @@ -42,9 +42,9 @@ rm -rf .cache/go-build || true # --- Set color prompt sed -i 's|:/bin/ash$|:/bin/bash|g' /etc/passwd -cat </etc/profile.d/color.sh +cat <<\EOF >/etc/profile.d/color.sh alias ls='ls --color=auto' -export PS1='\033[31m[ \033[90m\D{%F %T}\033[31m ]\n\[\033[36m\]\u\[\033[m\]🐮\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ ' +export PS1='\033[31m[ \033[90m\D{%F 🐮 %T}\033[31m ]\n\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h\[\033[35m\]:\[\033[33;1m\]\w\[\033[m\]\$ ' EOF # --- Setup install script from docker run commands @@ -79,7 +79,6 @@ download_go() { curl -sL https://storage.googleapis.com/golang/go${goversion}.linux-${ARCH}.tar.gz | tar -xzf - -C /usr/local } - # --- Utility function to download dqlite download_dqlite() { dqliteURL="https://github.com/$(grep dqlite-build Dockerfile.dapper | sed -e 's/^.*--from=\([^ ]*\).*$/\1/' -e 's|:|/releases/download/|')/dqlite-$ARCH.tgz" @@ -89,7 +88,7 @@ download_dqlite() { fi mkdir -p /usr/src/ echo "Downloading DQLITE from $dqliteURL" - curl -sfL $dqliteURL -o /usr/src/dqlite.tgz + curl -sL $dqliteURL -o /usr/src/dqlite.tgz } # --- Run vagrant provision script if available diff --git a/scripts/version.sh b/scripts/version.sh index 7d6817b22651..1ff94f4c71f4 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -1,20 +1,25 @@ #!/bin/bash +ARCH=${ARCH:-$(go env GOARCH)} +SUFFIX="-${ARCH}" +GIT_TAG=$DRONE_TAG TREE_STATE=clean -if [ -n "$(git status --porcelain --untracked-files=no)" ]; then - DIRTY="-dirty" - TREE_STATE=dirty -fi +COMMIT=$DRONE_COMMIT -COMMIT=$(git log -n3 --pretty=format:"%H %ae" | grep -v ' drone@localhost$' | cut -f1 -d\ | head -1) -if [ -z "${COMMIT}" ]; then - COMMIT=$(git rev-parse HEAD) -fi - -GIT_TAG=${DRONE_TAG:-$(git tag -l --contains HEAD | head -n 1)} +if [ -d .git ]; then + if [ -z "$GIT_TAG" ]; then + GIT_TAG=$(git tag -l --contains HEAD | head -n 1) + fi + if [ -n "$(git status --porcelain --untracked-files=no)" ]; then + DIRTY="-dirty" + TREE_STATE=dirty + fi -ARCH=$(go env GOARCH) -SUFFIX="-${ARCH}" + COMMIT=$(git log -n3 --pretty=format:"%H %ae" | grep -v ' drone@localhost$' | cut -f1 -d\ | head -1) + if [ -z "${COMMIT}" ]; then + COMMIT=$(git rev-parse HEAD || true) + fi +fi VERSION_CONTAINERD=$(grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}') if [ -z "$VERSION_CONTAINERD" ]; then