├── .gitignore
├── extra_images.txt
├── images
    ├── .DS_Store
    ├── 1575422986361.png
    ├── 1575423438757.png
    ├── 1575423484594.png
    ├── 1575423553909.png
    └── 1575423570194.png
├── functions
    ├── .DS_Store
    ├── load_images.sh
    ├── k8s_node.sh
    ├── download_images.sh
    ├── setup_slb.sh
    ├── k8s_master.sh
    ├── base.sh
    ├── setup_ssl.sh
    ├── system.sh
    ├── download_packages.sh
    ├── install.sh
    └── init.sh
├── conf
    ├── keepalived
    │   ├── check_apiserver.sh
    │   └── keepalived.yaml
    └── haproxy
    │   └── haproxy.yaml
├── k8s_offline_package.sh
├── config.sh
├── kubeadm_install_k8s.sh
├── README.md
├── kubeadm_renew_certs.sh
└── LICENSE


/.gitignore:
--------------------------------------------------------------------------------
1 | # history
2 | .history
3 | 


--------------------------------------------------------------------------------
/extra_images.txt:
--------------------------------------------------------------------------------
1 | haproxy:2.9.6-alpine
2 | osixia/keepalived:2.0.17
3 | 


--------------------------------------------------------------------------------
/images/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/images/.DS_Store


--------------------------------------------------------------------------------
/functions/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/functions/.DS_Store


--------------------------------------------------------------------------------
/images/1575422986361.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/images/1575422986361.png


--------------------------------------------------------------------------------
/images/1575423438757.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/images/1575423438757.png


--------------------------------------------------------------------------------
/images/1575423484594.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/images/1575423484594.png


--------------------------------------------------------------------------------
/images/1575423553909.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/images/1575423553909.png


--------------------------------------------------------------------------------
/images/1575423570194.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ygqygq2/kubeadm-shell/HEAD/images/1575423570194.png


--------------------------------------------------------------------------------
/conf/keepalived/check_apiserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # if check error then repeat check for 12 times, else exit
 4 | err=0
 5 | for k in $(seq 1 12)
 6 | do
 7 |     check_code=$(curl -k https://localhost:6443)
 8 |     if [[ $check_code == "" ]]; then
 9 |         err=$(expr $err + 1)
10 |         sleep 5
11 |         continue
12 |     else
13 |         err=0
14 |         break
15 |     fi
16 | done
17 | 
18 | if [[ $err != "0" ]]; then
19 |     # if apiserver is down send SIG=1
20 |     echo 'apiserver error!'
21 |     exit 1
22 | else
23 |     # if apiserver is up send SIG=0
24 |     echo 'apiserver normal!'
25 |     exit 0
26 | fi
27 | 


--------------------------------------------------------------------------------
/conf/haproxy/haproxy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: haproxy
 5 |   namespace: kube-system
 6 | spec:
 7 |   containers:
 8 |   - image: haproxy:2.9.6-alpine
 9 |     name: haproxy
10 |     livenessProbe:
11 |       failureThreshold: 8
12 |       httpGet:
13 |         host: localhost
14 |         path: /healthz
15 |         port: 8443
16 |         scheme: HTTPS
17 |     volumeMounts:
18 |     - mountPath: /usr/local/etc/haproxy/haproxy.cfg
19 |       name: haproxyconf
20 |       readOnly: true
21 |   hostNetwork: true
22 |   volumes:
23 |   - hostPath:
24 |       path: /etc/haproxy/haproxy.cfg
25 |       type: FileOrCreate
26 |     name: haproxyconf
27 | status: {}
28 | 


--------------------------------------------------------------------------------
/conf/keepalived/keepalived.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   name: keepalived
 6 |   namespace: kube-system
 7 | spec:
 8 |   containers:
 9 |   - image: osixia/keepalived:2.0.17
10 |     name: keepalived
11 |     resources: {}
12 |     securityContext:
13 |       capabilities:
14 |         add:
15 |         - NET_ADMIN
16 |         - NET_BROADCAST
17 |         - NET_RAW
18 |     volumeMounts:
19 |     - mountPath: /usr/local/etc/keepalived/keepalived.conf
20 |       name: config
21 |     - mountPath: /etc/keepalived/check_apiserver.sh
22 |       name: check
23 |   hostNetwork: true
24 |   volumes:
25 |   - hostPath:
26 |       path: /etc/keepalived/keepalived.conf
27 |     name: config
28 |   - hostPath:
29 |       path: /etc/keepalived/check_apiserver.sh
30 |     name: check
31 | status: {}
32 | 


--------------------------------------------------------------------------------
/functions/load_images.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ##############################################################
 3 | # File Name: Load_Images.sh
 4 | # Version: V1.0
 5 | # Author: Chinge_Yang
 6 | # Blog: https://ygqygq2.blog.51cto.com
 7 | # Created Time : 2020-03-12 18:17:14
 8 | # Description:
 9 | ##############################################################
10 | 
11 | function Load_Images() {
12 |     if [ "$INSTALL_OFFLINE" != "true" ]; then
13 |         return 0
14 |     fi
15 | 
16 |     # 判断容器管理命令
17 |     case $INSTALL_CR in
18 |     docker)
19 |         cli_command="docker"
20 |         ;;
21 |     containerd)
22 |         cli_command="nerdctl --namespace=k8s.io"
23 |         ;;
24 |     *)
25 |         Red_Echo "不支持的 Container Runtime 类型"
26 |         exit 1
27 |         ;;
28 |     esac
29 | 
30 |     cd $IMAGES_DIR
31 |     local tar_files=$(ls *.tar)
32 |     for tar_file in ${tar_files[@]}; do
33 |         $cli_command load -i "$tar_file"
34 |     done
35 | }
36 | 


--------------------------------------------------------------------------------
/functions/k8s_node.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ##############################################################
 3 | # File Name: k8s_node.sh
 4 | # Version: V1.0
 5 | # Author: Chinge_Yang
 6 | # Blog: https://ygqygq2.blog.51cto.com
 7 | # Created Time : 2020-03-12 15:04:08
 8 | # Description:
 9 | ##############################################################
10 | 
11 | function Add_Node() {
12 |     Green_Echo "添加kubernetes节点[$HOSTNAME]"
13 |     User_Verify
14 |     # 配置kubelet
15 |     rsync -avz -e "${ssh_command}" root@${k8s_join_ip}:/etc/hosts /etc/hosts
16 |     rsync -avz -e "${ssh_command}" root@${k8s_join_ip}:/etc/sysconfig/kubelet /etc/sysconfig/kubelet
17 |     systemctl daemon-reload
18 |     systemctl enable kubelet && systemctl restart kubelet
19 | 
20 |     # 获取加入k8s节点命令
21 |     k8s_add_node_command=$($ssh_command root@$k8s_join_ip "kubeadm token create --print-join-command")
22 |     $k8s_add_node_command
23 |     echo '添加k8s node done! ' >>${install_log}
24 | }
25 | 


--------------------------------------------------------------------------------
/functions/download_images.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ##############################################################
 3 | # File Name: download_images.sh
 4 | # Version: V1.0
 5 | # Author: Chinge_Yang
 6 | # Blog: https://ygqygq2.blog.51cto.com
 7 | # Created Time : 2020-03-12 17:41:15
 8 | # Description:
 9 | ##############################################################
10 | 
11 | function Docker_Pull_Images() {
12 |     cat >/tmp/kubeadmcfg.yaml <<EOF
13 | apiVersion: kubeadm.k8s.io/v1beta3
14 | kind: ClusterConfiguration
15 | kubernetesVersion: ${KUBEVERSION}
16 | imageRepository: ${IMAGE_REPOSITORY}
17 | EOF
18 | 
19 |     # 判断容器管理命令
20 |     case $INSTALL_CR in
21 |     docker)
22 |         cli_command="docker"
23 |         ;;
24 |     containerd)
25 |         cli_command="nerdctl --namespace=k8s.io"
26 |         ;;
27 |     *)
28 |         Red_Echo "不支持的 Container Runtime 类型"
29 |         exit 1
30 |         ;;
31 |     esac
32 | 
33 |     local images=$(kubeadm config images list --config /tmp/kubeadmcfg.yaml; cat $SH_DIR/extra_images.txt)
34 |     for image in $images; do
35 |         image_file="$(echo $image| awk -F':|/' '{print $(NF-1)}').tar"
36 |         # 拉取k8s镜像
37 |         $cli_command pull $image
38 |         # 导出镜像
39 |         $cli_command save -o $image_file $image
40 |     done
41 | }
42 | 


--------------------------------------------------------------------------------
/k8s_offline_package.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ##############################################################
 3 | # File Name: k8s_offline_package.sh
 4 | # Version: V1.0
 5 | # Author: Chinge_Yang
 6 | # Blog: http://blog.csdn.net/ygqygq2
 7 | # Created Time : 2020-03-12 11:22:39
 8 | # Description: 在最小化安装的centos7下生成k8s离线安装包
 9 | ##############################################################
10 | 
11 | PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
12 | export PATH
13 | 
14 | # Check if user is root
15 | if [ $(id -u) != "0" ]; then
16 |     echo "Error: You must be root to run this script, please use root to run me."
17 |     exit 1
18 | fi
19 | ##############################################################
20 | 
21 | #获取脚本所存放目录
22 | cd $(dirname $0)
23 | SH_DIR=$(pwd)
24 | ME=$0
25 | PARAMETERS=$*
26 | PACKAGES_DIR=$SH_DIR/packages
27 | IMAGES_DIR=$SH_DIR/images
28 | GPG_DIR=$PACKAGES_DIR/gpg
29 | 
30 | [ ! -d "$GPG_DIR" ] && mkdir -p "$GPG_DIR"
31 | 
32 | . $SH_DIR/config.sh
33 | . $SH_DIR/functions/base.sh
34 | . $SH_DIR/functions/init.sh
35 | . $SH_DIR/functions/download_packages.sh
36 | . $SH_DIR/functions/download_images.sh
37 | 
38 | Get_Dist_Name
39 | Kill_PM
40 | Init_Install
41 | Download_Packages
42 | Docker_Pull_Images
43 | 
44 | # 执行完毕的时间
45 | Green_Echo "$HOSTNAME 本次执行花时:$SECONDS 秒"
46 | 


--------------------------------------------------------------------------------
/config.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ##############################################################
 3 | # File Name: config.sh
 4 | # Version: V1.0
 5 | # Author: Chinge_Yang
 6 | # Blog: https://ygqygq2.blog.51cto.com
 7 | # Created Time : 2020-03-12 11:39:56
 8 | # Description: 配置文件脚本
 9 | ##############################################################
10 | 
11 | ##############################################################
12 | ## 集群安装和证书更新相关共同需要的参数设置
13 | # 主机名:IP，需要执行脚本前设置
14 | server0="master1:10.37.129.11"
15 | server1="master2:10.37.129.12"
16 | server2="master3:10.37.129.13"
17 | ##############################################################
18 | ## 集群安装相关参数设置
19 | # 是否离线安装集群，true为离线安装
20 | INSTALL_OFFLINE="false"
21 | # 是否安装集群，false为添加节点，true为安装集群
22 | INSTALL_CLUSTER="true"
23 | # 是否安装Keepalived+HAproxy
24 | INSTALL_SLB="true"
25 | # 是否脚本生成CA证书
26 | GENERATE_CA="false"
27 | # 定义Kubernetes信息
28 | KUBEVERSION="v1.30.5"
29 | # 定义安装 Container runtimes: docker/containerd/crio
30 | INSTALL_CR="containerd"
31 | # docker 版本, INSTALL_CR="docker"时设置
32 | DOCKERVERSION="27.2.1"
33 | #
34 | KUBERNETES_CNI_VERSION=""
35 | IMAGE_REPOSITORY="registry.cn-hangzhou.aliyuncs.com/google_containers"
36 | # k8s master VIP（单节点为节点IP）
37 | k8s_master_vip="10.37.129.10"
38 | # K8S网段
39 | podSubnet="10.244.0.0/16"
40 | # kube-proxy转发模式，ipvs/iptables
41 | KUBE_PROXY_MODE="ipvs"
42 | # 可获取kubeadm join命令的节点IP
43 | k8s_join_ip=$k8s_master_vip
44 | ##############################################################
45 | ## 证书更新相关参数设置
46 | # 证书剩余天数自动更新
47 | expire_days="90"
48 | # 证书检查列表
49 | ca_certs_list=(
50 |     "/etc/kubernetes/pki/ca.crt"
51 |     "/etc/kubernetes/pki/etcd/ca.crt"
52 |     "/etc/kubernetes/pki/front-proxy-ca.crt"
53 |     )
54 | certs_list=(
55 |     "/etc/kubernetes/pki/apiserver.crt"
56 |     "/etc/kubernetes/pki/front-proxy-client.crt"
57 |     "/etc/kubernetes/pki/etcd/server.crt"
58 |     )
59 | ##############################################################
60 | i=0
61 | while true; do
62 |     tmp_server=$(eval echo \$server${i})
63 |     if [ ! -z "${tmp_server}" ]; then
64 |         NAMES=(${NAMES[@]} ${tmp_server%:*})
65 |         HOSTS=(${HOSTS[@]} ${tmp_server#*:})
66 |     else
67 |         break
68 |     fi
69 |     i=$(($i+1))
70 | done
71 | ##############################################################
72 | install_log=/root/install_log.txt
73 | ##############################################################
74 | 


--------------------------------------------------------------------------------
/functions/setup_slb.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # File Name: setup_slb.sh
  4 | # Version: V1.0
  5 | # Author: Chinge_Yang
  6 | # Blog: https://ygqygq2.blog.51cto.com
  7 | # Created Time : 2020-03-12 14:54:49
  8 | # Description:
  9 | ##############################################################
 10 | 
 11 | function Set_Slb() {
 12 |   # 设置keepalived+haproxy
 13 |   [ $INSTALL_SLB != "true" ] && return 0
 14 | 
 15 |   # 安装 haproxy
 16 |   [ ! -d /etc/haproxy ] && mkdir /etc/haproxy
 17 |   cat >/etc/haproxy/haproxy.cfg <<EOF
 18 | global
 19 |   log 127.0.0.1 local0 err
 20 |   maxconn 50000
 21 |   uid 99
 22 |   gid 99
 23 |   #daemon
 24 |   pidfile haproxy.pid
 25 | 
 26 | defaults
 27 |   mode http
 28 |   log 127.0.0.1 local0 err
 29 |   maxconn 50000
 30 |   retries 3
 31 |   timeout connect 5s
 32 |   timeout client 30s
 33 |   timeout server 30s
 34 |   timeout check 2s
 35 | 
 36 | listen admin_stats
 37 |   mode http
 38 |   bind 0.0.0.0:1080
 39 |   log 127.0.0.1 local0 err
 40 |   stats refresh 30s
 41 |   stats uri     /haproxy-status
 42 |   stats realm   Haproxy\ Statistics
 43 |   stats auth    admin:k8s
 44 |   stats hide-version
 45 |   stats admin if TRUE
 46 | 
 47 | frontend k8s-https
 48 |   bind 0.0.0.0:8443
 49 |   mode tcp
 50 |   #maxconn 50000
 51 |   default_backend k8s-https
 52 | 
 53 | backend k8s-https
 54 |   mode tcp
 55 |   balance roundrobin
 56 | $(for m in ${!NAMES[@]}; do echo "  server ${NAMES[m]} ${HOSTS[m]}:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3"; done)
 57 | 
 58 | EOF
 59 | 
 60 |   # 启动haproxy
 61 |   rsync -avz $SH_DIR/conf/haproxy/haproxy.yaml /etc/kubernetes/manifests/
 62 |   Return_Error_Exit "$cli_command 安装 haproxy"
 63 | 
 64 |   # 安装 keepalived
 65 |   [ ! -d /etc/keepalived ] && mkdir /etc/keepalived
 66 |   # 载入内核相关模块
 67 |   # lsmod | grep ip_vs
 68 |   modprobe ip_vs
 69 | 
 70 |   # 获取LVS网卡名
 71 |   subnet=$(echo $k8s_master_vip | awk -F '.' '{print $1"."$2"."$3"."}')
 72 |   network_card_name=$(ip route | egrep "^$subnet" | awk '{print $3}')
 73 | 
 74 |   # 启动keepalived
 75 |   cat >/etc/keepalived/keepalived.conf<<EOF
 76 | ! /etc/keepalived/keepalived.conf
 77 | ! Configuration File for keepalived
 78 | global_defs {
 79 |     router_id LVS_DEVEL
 80 | }
 81 | vrrp_script check_apiserver {
 82 |   script "/etc/keepalived/check_apiserver.sh"
 83 |   interval 3
 84 |   weight -2
 85 |   fall 10
 86 |   rise 2
 87 | }
 88 | 
 89 | vrrp_instance VI_1 {
 90 |     state $([ "$HOSTNAME" == "${NAMES[0]}" ] && echo "MASTER" || echo "BACKUP")
 91 |     interface ${network_card_name}
 92 |     virtual_router_id 60
 93 |     priority $([ "$HOSTNAME" == "${NAMES[0]}" ] && echo "101" || echo $((1 + RANDOM % 100)))
 94 |     authentication {
 95 |         auth_type PASS
 96 |         auth_pass k8s
 97 |     }
 98 |     virtual_ipaddress {
 99 |         ${k8s_master_vip}
100 |     }
101 |     track_script {
102 |         check_apiserver
103 |     }
104 | }
105 | EOF
106 |   rsync -avz $SH_DIR/conf/keepalived/check_apiserver.sh /etc/keepalived/
107 |   chmod a+x /etc/keepalived/check_apiserver.sh
108 |   rsync -avz $SH_DIR/conf/keepalived/keepalived.yaml /etc/kubernetes/manifests/
109 |   Return_Error_Exit "安装 keepalived"
110 |   echo '安装k8s keepalived haproxy done! ' >>${install_log}
111 | }
112 | 


--------------------------------------------------------------------------------
/functions/k8s_master.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ##############################################################
 3 | # File Name: k8s_master.sh
 4 | # Version: V1.0
 5 | # Author: Chinge_Yang
 6 | # Blog: https://ygqygq2.blog.51cto.com
 7 | # Created Time : 2020-03-12 15:02:54
 8 | # Description:
 9 | ##############################################################
10 | 
11 | function Install_K8s() {
12 |     # 安装K8S集群
13 |     # 生成kubeadm 配置文件
14 |     for i in "${!HOSTS[@]}"; do
15 |         HOST=${HOSTS[$i]}
16 |         NAME=${NAMES[$i]}
17 |         mkdir -p /tmp/${HOST}
18 |         if [ $INSTALL_SLB != "true" ]; then
19 |             control_plane_port=6443
20 |         else
21 |             control_plane_port=8443
22 |         fi
23 | 
24 |         cat >/tmp/${HOST}/kubeadmcfg.yaml <<EOF
25 | apiVersion: kubeproxy.config.k8s.io/v1alpha1
26 | kind: KubeProxyConfiguration
27 | mode: "${KUBE_PROXY_MODE}"
28 | metricsBindAddress: 0.0.0.0:10249
29 | ---
30 | apiVersion: kubeadm.k8s.io/v1beta3
31 | kind: ClusterConfiguration
32 | kubernetesVersion: ${KUBEVERSION}
33 | imageRepository: ${IMAGE_REPOSITORY}
34 | controlPlaneEndpoint: "${k8s_master_vip}:${control_plane_port}"
35 | 
36 | apiServer:
37 |   extraArgs:
38 |     bind-address: 0.0.0.0
39 |   certSANs:
40 | $(for m in ${NAMES[@]}; do echo "    - \"${m}\""; done)
41 | $(for m in ${HOSTS[@]}; do echo "    - \"${m}\""; done)
42 |     - "${k8s_master_vip}"
43 |     - "127.0.0.1"
44 |     - "localhost"
45 | 
46 | controllerManager:
47 |   extraArgs:
48 |     bind-address: 0.0.0.0
49 | 
50 | scheduler:
51 |   extraArgs:
52 |     bind-address: 0.0.0.0
53 | 
54 | networking:
55 |   podSubnet: ${podSubnet}
56 | 
57 | EOF
58 |         echo '生成kubeadm配置 done! ' >>${install_log}
59 | 
60 |         # 同步配置文件
61 |         $ssh_command root@${HOST} "mkdir -p /etc/kubernetes"
62 |         rsync -avz -e "${ssh_command}" /tmp/${HOST}/kubeadmcfg.yaml root@${HOST}:/etc/kubernetes/
63 | 
64 |         # 设置kubelet启动额外参数
65 |         #echo 'KUBELET_EXTRA_ARGS=""' > /tmp/kubelet
66 |         #rsync -avz -e "${ssh_command}" /tmp/kubelet root@${HOST}:/etc/sysconfig/kubelet
67 | 
68 |         if [ "$INSTALL_OFFLINE" != "true" ]; then
69 |             # 提前拉取镜像
70 |             $ssh_command root@${HOST} "kubeadm config images pull --config /etc/kubernetes/kubeadmcfg.yaml"
71 |         fi
72 | 
73 |         # 添加环境变量
74 |         $ssh_command root@${HOST} "! grep KUBECONFIG /root/.bash_profile \
75 |             && echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> /root/.bash_profile"
76 | 
77 |         if [ $i -eq 0 ]; then
78 |             # 初始化
79 |             kubeadm init --config /etc/kubernetes/kubeadmcfg.yaml --upload-certs
80 |             Return_Error_Exit "kubeadm init"
81 |             sleep 60
82 |             [ ! -d $HOME/.kube ] && mkdir -p $HOME/.kube
83 |             ln -sf /etc/kubernetes/admin.conf $HOME/.kube/config
84 |             # chown $(id -u):$(id -g) $HOME/.kube/config
85 |         else
86 |             Yellow_Echo "以下操作失败后可手动在相应节点执行"
87 |             Green_Echo "节点 $HOST"
88 |             certificate_key=$(kubeadm init phase upload-certs --upload-certs | tail -1)
89 |             join_command=$(kubeadm token create --print-join-command)
90 |             echo "$join_command --control-plane --certificate-key $certificate_key"
91 |             $ssh_command root@${HOST} "$join_command --control-plane --certificate-key $certificate_key"
92 |         fi
93 | 
94 |     done
95 |     echo '安装k8s done! ' >>${install_log}
96 | }
97 | 


--------------------------------------------------------------------------------
/functions/base.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # File Name: functions/base.sh
  4 | # Version: V1.0
  5 | # Author: Chinge_Yang
  6 | # Blog: https://ygqygq2.blog.51cto.com
  7 | # Created Time : 2020-03-12 11:39:00
  8 | # Description:
  9 | ##############################################################
 10 | 
 11 | # 定义ssh参数
 12 | ssh_port="22"
 13 | ssh_parameters="-o StrictHostKeyChecking=no -o ConnectTimeout=60"
 14 | ssh_command="ssh ${ssh_parameters} -p ${ssh_port}"
 15 | scp_command="scp ${ssh_parameters} -P ${ssh_port}"
 16 | 
 17 | #定义输出颜色函数
 18 | function Red_Echo() {
 19 |     #用法:  Red_Echo "内容"
 20 |     local what="$*"
 21 |     echo -e "$(date +%F-%T) \e[1;31m ${what} \e[0m"
 22 | }
 23 | 
 24 | function Green_Echo() {
 25 |     #用法:  Green_Echo "内容"
 26 |     local what="$*"
 27 |     echo -e "$(date +%F-%T) \e[1;32m ${what} \e[0m"
 28 | }
 29 | 
 30 | function Yellow_Echo() {
 31 |     #用法:  Yellow_Echo "内容"
 32 |     local what="$*"
 33 |     echo -e "$(date +%F-%T) \e[1;33m ${what} \e[0m"
 34 | }
 35 | 
 36 | function Blue_Echo() {
 37 |     #用法:  Blue_Echo "内容"
 38 |     local what="$*"
 39 |     echo -e "$(date +%F-%T) \e[1;34m ${what} \e[0m"
 40 | }
 41 | 
 42 | function Twinkle_Echo() {
 43 |     #用法:  Twinkle_Echo $(Red_Echo "内容")  ,此处例子为红色闪烁输出
 44 |     local twinkle='\e[05m'
 45 |     local what="${twinkle} $*"
 46 |     echo -e "$(date +%F-%T) ${what}"
 47 | }
 48 | 
 49 | function Return_Echo() {
 50 |     if [ $? -eq 0 ]; then
 51 |         echo -n "$* " && Green_Echo "成功"
 52 |         return 0
 53 |     else
 54 |         echo -n "$* " && Red_Echo "失败"
 55 |         return 1
 56 |     fi
 57 | }
 58 | 
 59 | function Return_Error_Exit() {
 60 |     [ $? -eq 0 ] && local REVAL="0"
 61 |     local what=$*
 62 |     if [ "$REVAL" = "0" ]; then
 63 |         [ ! -z "$what" ] && { echo -n "$* " && Green_Echo "成功"; }
 64 |     else
 65 |         Red_Echo "$* 失败，脚本退出"
 66 |         exit 1
 67 |     fi
 68 | }
 69 | 
 70 | # 定义确认函数
 71 | function User_Verify() {
 72 |     while true; do
 73 |         echo ""
 74 |         read -p "是否确认?[Y/N]:" Y
 75 |         case $Y in
 76 |         [yY] | [yY][eE][sS])
 77 |             echo -e "answer:  \\033[20G [ \e[1;32m是\e[0m ] \033[0m"
 78 |             break
 79 |             ;;
 80 |         [nN] | [nN][oO])
 81 |             echo -e "answer:  \\033[20G [ \e[1;32m否\e[0m ] \033[0m"
 82 |             exit 1
 83 |             ;;
 84 |         *)
 85 |             continue
 86 |             ;;
 87 |         esac
 88 |     done
 89 | }
 90 | 
 91 | # 定义跳过函数
 92 | function User_Pass() {
 93 |     while true; do
 94 |         echo ""
 95 |         read -p "是否确认?[Y/N]:" Y
 96 |         case $Y in
 97 |         [yY] | [yY][eE][sS])
 98 |             echo -e "answer:  \\033[20G [ \e[1;32m是\e[0m ] \033[0m"
 99 |             break
100 |             ;;
101 |         [nN] | [nN][oO])
102 |             echo -e "answer:  \\033[20G [ \e[1;32m否\e[0m ] \033[0m"
103 |             return 1
104 |             ;;
105 |         *)
106 |             continue
107 |             ;;
108 |         esac
109 |     done
110 | }
111 | 
112 | function Init_Arch() {
113 |     ARCH=$(uname -m)
114 |     case $ARCH in
115 |     armv5*) ARCH="armv5" ;;
116 |     armv6*) ARCH="armv6" ;;
117 |     armv7*) ARCH="arm" ;;
118 |     aarch64) ARCH="arm64" ;;
119 |     x86) ARCH="386" ;;
120 |     x86_64) ARCH="amd64" ;;
121 |     i686) ARCH="386" ;;
122 |     i386) ARCH="386" ;;
123 |     esac
124 | }
125 | 


--------------------------------------------------------------------------------
/functions/setup_ssl.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # File Name: setup_ssl.sh
  4 | # Version: V1.0
  5 | # Author: Chinge_Yang
  6 | # Blog: https://ygqygq2.blog.51cto.com
  7 | # Created Time : 2020-03-12 15:00:46
  8 | # Description:
  9 | ##############################################################
 10 | 
 11 | function Install_Cfssl() {
 12 |   #  安装cfssl
 13 |   [ -f /usr/local/sbin/cfssl ] && Yellow_Echo "No need to install cfssl" && return 0
 14 |   wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 -O cfssl_linux_amd64
 15 |   wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 -O cfssljson_linux_amd64
 16 |   wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64 -O cfssl-certinfo_linux_amd64
 17 |   chmod +x cfssl_linux_amd64 cfssljson_linux_amd64 cfssl-certinfo_linux_amd64
 18 |   \mv cfssl_linux_amd64 /usr/local/sbin/cfssl
 19 |   \mv cfssljson_linux_amd64 /usr/local/sbin/cfssljson
 20 |   \mv cfssl-certinfo_linux_amd64 /usr/local/sbin/cfssl-certinfo
 21 |   echo '安装cfssl done! ' >>${install_log}
 22 | }
 23 | 
 24 | function Generate_Cert() {
 25 |   # 生成有效期为100年CA证书
 26 |   [ ! -d /etc/kubernetes/certs_tmp ] && mkdir -p /etc/kubernetes/certs_tmp
 27 |   cd /etc/kubernetes/certs_tmp
 28 |   cat >ca-config.json <<EOF
 29 | {
 30 |   "signing": {
 31 |     "default": {
 32 |       "expiry": "87600h"
 33 |     },
 34 |     "profiles": {
 35 |       "server": {
 36 |         "expiry": "87600h",
 37 |         "usages": [
 38 |           "signing",
 39 |           "key encipherment",
 40 |           "server auth"
 41 |         ]
 42 |       },
 43 |       "client": {
 44 |         "expiry": "87600h",
 45 |         "usages": [
 46 |           "signing",
 47 |           "key encipherment",
 48 |           "client auth"
 49 |         ]
 50 |       },
 51 |       "peer": {
 52 |         "expiry": "87600h",
 53 |         "usages": [
 54 |           "signing",
 55 |           "key encipherment",
 56 |           "client auth"
 57 |         ]
 58 |       }
 59 |     }
 60 |   }
 61 | }
 62 | EOF
 63 |   cat >ca-csr.json <<EOF
 64 | {
 65 |   "CN": "kubernetes",
 66 |   "key": {
 67 |     "algo": "rsa",
 68 |     "size": 2048
 69 |   },
 70 |   "names": [
 71 |     {
 72 |       "CN": "kubernetes"
 73 |     }
 74 |   ],
 75 |   "ca": {
 76 |     "expiry": "876000h"
 77 |   }
 78 | }
 79 | EOF
 80 |   cat >front-proxy-csr.json <<EOF
 81 | {
 82 |   "CN": "front-proxy-ca",
 83 |   "key": {
 84 |     "algo": "rsa",
 85 |     "size": 2048
 86 |   },
 87 |   "names": [
 88 |     {
 89 |       "CN": "front-proxy-ca"
 90 |     }
 91 |   ],
 92 |   "ca": {
 93 |     "expiry": "876000h"
 94 |   }
 95 | }
 96 | EOF
 97 | 
 98 |   cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
 99 |   cfssl gencert -initca front-proxy-csr.json | cfssljson -bare front-proxy-ca -
100 |   Return_Error_Exit "cfssl生成自定义CA"
101 |   [ -d /etc/kubernetes/pki ] && rsync -az /etc/kubernetes/pki/ /etc/kubernetes/pki-$(date +%F-%H-%M)/
102 |   mkdir -p /etc/kubernetes/pki/etcd
103 |   rsync -avz ca.pem /etc/kubernetes/pki/etcd/ca.crt
104 |   rsync -avz ca-key.pem /etc/kubernetes/pki/etcd/ca.key
105 |   rsync -avz ca.pem /etc/kubernetes/pki/ca.crt
106 |   rsync -avz ca-key.pem /etc/kubernetes/pki/ca.key
107 |   rsync -avz front-proxy-ca.pem /etc/kubernetes/pki/front-proxy-ca.crt
108 |   rsync -avz front-proxy-ca-key.pem /etc/kubernetes/pki/front-proxy-ca.key
109 | 
110 |   echo '安装k8s证书 done! ' >>${install_log}
111 | }
112 | 


--------------------------------------------------------------------------------
/kubeadm_install_k8s.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # File Name: kubeadm_install_k8s.sh
  4 | # Version: V1.0
  5 | # Author: Chinge_Yang
  6 | # Blog: http://ygqygq2.blog.51cto.com
  7 | # Created Time : 2018-10-22 22:57:11
  8 | # Description:
  9 | # 1. Kubeadm安装Kubernetes（3台master）
 10 | # 2. 需要在节点提前手动设置hostname
 11 | # 3. 脚本初始化时添加ssh key登录其它节点，可能需要用户按提示输入ssh密码
 12 | # 4. 安装集群在第一台master节点上执行此脚本；添加节点在节点上执行此脚本。
 13 | ##############################################################
 14 | 
 15 | PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
 16 | export PATH
 17 | 
 18 | # Check if user is root
 19 | if [ $(id -u) != "0" ]; then
 20 |     echo "Error: You must be root to run this script, please use root to run me."
 21 |     exit 1
 22 | fi
 23 | ##############################################################
 24 | 
 25 | #获取脚本所存放目录
 26 | cd $(dirname $0)
 27 | SH_DIR=$(pwd)
 28 | ME=$0
 29 | PARAMETERS=$*
 30 | PACKAGES_DIR=$SH_DIR/packages
 31 | IMAGES_DIR=$SH_DIR/images
 32 | GPG_DIR=$PACKAGES_DIR/gpg
 33 | [ ! -d $PACKAGES_DIR ] && mkdir $PACKAGES_DIR
 34 | 
 35 | . $SH_DIR/config.sh
 36 | . $SH_DIR/functions/base.sh
 37 | . $SH_DIR/functions/init.sh
 38 | . $SH_DIR/functions/install.sh
 39 | . $SH_DIR/functions/load_images.sh
 40 | . $SH_DIR/functions/system.sh
 41 | . $SH_DIR/functions/setup_ssl.sh
 42 | . $SH_DIR/functions/setup_slb.sh
 43 | . $SH_DIR/functions/k8s_master.sh
 44 | . $SH_DIR/functions/k8s_node.sh
 45 | 
 46 | Get_Dist_Name
 47 | Kill_PM
 48 | 
 49 | function Do_All() {
 50 |     if [ "$HOSTNAME" = "${NAMES[0]}" ]; then
 51 |         # 免交互生成ssh key
 52 |         [ ! -f ~/.ssh/id_rsa ] && ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
 53 |         chmod 0600 ~/.ssh/id_rsa
 54 |         for h in "${HOSTS[@]}"; do
 55 |             # 判断能否免密登录
 56 |             ssh ${ssh_parameters} -o PreferredAuthentications=publickey ${h} \
 57 |                 "ssh ${ssh_parameters} -o PreferredAuthentications=publickey ${h} 'pwd'" >/dev/null
 58 |             if [ $? -ne 0 ]; then
 59 |                 ssh-copy-id ${ssh_parameters} -p ${ssh_port} -i ~/.ssh/id_rsa -f root@${h}
 60 |                 Return_Error_Exit "${h} 添加ssh免密认证"
 61 |             fi
 62 |         done
 63 |     fi
 64 | 
 65 |     [ ! -d $SH_DIR/ ] && exit 1
 66 |     [ ! -d $PACKAGES_DIR/ ] && exit 1
 67 |     # 第一台master节点
 68 |     if [[ "$INSTALL_CLUSTER" != "false" && "$HOSTNAME" = "${NAMES[0]}" ]]; then
 69 |         check_running=$(ps aux | grep "/bin/bash $SH_DIR/$(basename $ME)" | grep -v grep)
 70 |         if [ -z "$check_running" ]; then # 为空表示非远程执行脚本
 71 |             for ((i = $((${#HOSTS[@]} - 1)); i >= 0; i--)); do
 72 |                 $ssh_command root@${HOSTS[$i]} "$PM install -y rsync"
 73 |                 $ssh_command root@${HOSTS[$i]} "mkdir -p $SH_DIR"
 74 |                 # 将脚本分发至master节点
 75 |                 rsync -avz -e "${ssh_command}" /etc/hosts root@${HOSTS[$i]}:/etc/hosts
 76 |                 rsync -avz -e "${ssh_command}" $SH_DIR/ root@${HOSTS[$i]}:$SH_DIR/
 77 |                 $ssh_command root@${HOSTS[$i]} "/bin/bash $SH_DIR/$(basename $ME)"
 78 |                 # github 下载安装包慢，同步下安装包
 79 |                 rsync -avz -e "${ssh_command}" root@${HOSTS[$i]}:${PACKAGES_DIR}/ ${PACKAGES_DIR}/
 80 |             done
 81 |         else
 82 |             # 准备yum源
 83 |             if [ "$INSTALL_OFFLINE" != "true" ]; then
 84 |                 Init_Install
 85 |             else
 86 |                 Offline_Init_Install
 87 |             fi
 88 |             # 系统优化
 89 |             System_Opt
 90 |             # 安装docker-ce等
 91 |             Install
 92 |             Init_K8s
 93 |             # 导入离线images
 94 |             Load_Images
 95 |             # 生成证书
 96 |             if [ "$GENERATE_CA" != "false" ]; then
 97 |                 # 安装证书工具
 98 |                 Install_Cfssl
 99 |                 # 生成ca证书
100 |                 Generate_Cert
101 |             fi
102 | 
103 |             Set_Slb
104 | 
105 |             # 安装Kubernetes
106 |             Install_K8s
107 |         fi
108 |     else # 其它节点
109 |         # 准备yum源
110 |         if [ "$INSTALL_OFFLINE" != "true" ]; then
111 |             Init_Install
112 |         else
113 |             Offline_Init_Install
114 |         fi
115 |         # 系统优化
116 |         System_Opt
117 |         # 安装docker-ce等
118 |         Install
119 |         Init_K8s
120 |         # 导入离线images
121 |         Load_Images
122 |         # 安装k8s，master节点设置lvs
123 |         if [ "$INSTALL_CLUSTER" != "false" ]; then
124 |             Set_Slb
125 |         else
126 |             # 注册Kubernetes节点
127 |             Add_Node
128 |         fi
129 |     fi
130 | }
131 | 
132 | Do_All
133 | # 执行完毕的时间
134 | Green_Echo "$HOSTNAME 本次安装花时:$SECONDS 秒"
135 | echo '完成安装 ' >>${install_log}
136 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # 1. 介绍
  2 | 
  3 | 仓库地址：[https://github.com/ygqygq2/kubeadm-shell](https://github.com/ygqygq2/kubeadm-shell)
  4 | 
  5 | 脚本实现功能：
  6 | - [x] 新建多master节点（至少3台，奇数）的高可用kubernetes集群；
  7 | - [x] 新建单master节点的kubernetes；
  8 | - [x] 添加work节点；
  9 | - [x] 支持离线安装，前提是在最小化安装的系统下执行`/bin/bash k8s_offline_package.sh`准备安装包；
 10 | 
 11 | >离线安装说明
 12 | >1. 离线安装已支持 docker 安装 kubernetes；
 13 | >2. 离线安装支持 containerd 安装 kubernetes；
 14 | >3. 因 crio 没有镜像管理功能，不支持离线安装；
 15 | 
 16 | 
 17 | # 2. 使用说明
 18 | * 系统：CentOS/Ubuntu（要求支持安装Kubernetes）
 19 | * 运行：请在 root 用户下使用`/bin/bash`运行
 20 | 
 21 | >**重要**
 22 | >使用时请将整个仓库文件一起打包上传至服务器。
 23 | 
 24 | ## 2.1 高可用集群安装
 25 | 
 26 | 提前关闭selinux（需要重启生效），master节点设置hostname，并添加hosts。
 27 | 
 28 | ![hosts设置](./images/1575422986361.png)
 29 | 
 30 | `config.sh`脚本修改，有需要添加更多master节点，添加`serverX`和修改`NAMES` `HOSTS`。
 31 | 
 32 | ```bash
 33 | ##############################################################
 34 | ## 集群安装和证书更新相关共同需要的参数设置
 35 | # 主机名:IP，需要执行脚本前设置
 36 | server0="master1:10.37.129.11"
 37 | server1="master2:10.37.129.12"
 38 | server2="master3:10.37.129.13"
 39 | ##############################################################
 40 | ## 集群安装相关参数设置
 41 | # 是否离线安装集群，true为离线安装
 42 | INSTALL_OFFLINE="false"
 43 | # 是否安装集群，false为添加节点，true为安装集群
 44 | INSTALL_CLUSTER="true"
 45 | # 是否安装Keepalived+HAproxy
 46 | INSTALL_SLB="true"
 47 | # 是否脚本生成CA证书
 48 | GENERATE_CA="false"
 49 | # 定义Kubernetes信息
 50 | KUBEVERSION="v1.17.0"
 51 | # 定义安装 Container runtimes: docker/containerd/crio
 52 | INSTALL_CR="docker"
 53 | # docker 版本, INSTALL_CR="docker"时设置
 54 | DOCKERVERSION="19.03.13"
 55 | #
 56 | KUBERNETES_CNI_VERSION=""
 57 | IMAGE_REPOSITORY="registry.cn-hangzhou.aliyuncs.com/google_containers"
 58 | # k8s master VIP（单节点为节点IP）
 59 | k8s_master_vip="10.37.129.10"
 60 | # K8S网段
 61 | podSubnet="10.244.0.0/16"
 62 | # 可获取kubeadm join命令的节点IP
 63 | k8s_join_ip=$k8s_master_vip
 64 | ##############################################################
 65 | ```
 66 | 
 67 | >**注意**：
 68 | >1. 在第一台master节点上执行此脚本；
 69 | >2. 脚本初始化时添加ssh key登录其它节点，可能需要用户按提示输入ssh密码；
 70 | >3. 脚本执行，需要注意脚本运行过程提示或报错；
 71 | 
 72 | ![enter description here](./images/1575423438757.png)
 73 | 
 74 | ![enter description here](./images/1575423484594.png)
 75 | 
 76 | 执行成功。
 77 | ![enter description here](./images/1575423553909.png)
 78 | 
 79 | ## 2.2 单master kubernetes安装
 80 | 
 81 | 提前关闭selinux（需要重启生效），master节点设置hostname，并添加hosts。`config.sh`配置：
 82 | 
 83 | ```bash
 84 | ##############################################################
 85 | ## 集群安装和证书更新相关共同需要的参数设置
 86 | # 主机名:IP，需要执行脚本前设置
 87 | server0="master1:10.37.129.11"
 88 | #server1="master2:10.37.129.12"
 89 | #server2="master3:10.37.129.13"
 90 | ##############################################################
 91 | ## 集群安装相关参数设置
 92 | # 是否离线安装集群，true为离线安装
 93 | INSTALL_OFFLINE="false"
 94 | # 是否安装集群，false为添加节点，true为安装集群
 95 | INSTALL_CLUSTER="true"
 96 | # 是否安装Keepalived+HAproxy
 97 | INSTALL_SLB="false"
 98 | # 是否脚本生成CA证书
 99 | GENERATE_CA="false"
100 | # 定义Kubernetes信息
101 | KUBEVERSION="v1.17.0"
102 | # 定义安装 Container runtimes: docker/containerd/crio
103 | INSTALL_CR="docker"
104 | # docker 版本, INSTALL_CR="docker"时设置
105 | DOCKERVERSION="19.03.13"
106 | #
107 | KUBERNETES_CNI_VERSION=""
108 | IMAGE_REPOSITORY="registry.cn-hangzhou.aliyuncs.com/google_containers"
109 | # k8s master VIP（单节点为节点IP）
110 | k8s_master_vip="10.37.129.11"
111 | # K8S网段
112 | podSubnet="10.244.0.0/16"
113 | # 可获取kubeadm join命令的节点IP
114 | k8s_join_ip=$k8s_master_vip
115 | ##############################################################
116 | ```
117 | 
118 | 其它说明同上。
119 | 
120 | ## 2.3 添加work节点至kubernetes集群
121 | 
122 | 提前关闭selinux（需要重启生效），work节点设置hostname，并添加hosts（最好所有kubernetes节点统一相同hosts内容）。
123 | 
124 | 关键地方设置，脚本使用ssh跳至master节点执行`kubeadm token create --print-join-command`获取添加节点命令，所以可修改`k8s_master_vip`或`k8s_join_ip`为能执行此命令的节点IP即可。
125 | 
126 | ```bash
127 | ##############################################################
128 | ## 集群安装和证书更新相关共同需要的参数设置
129 | # 主机名:IP，需要执行脚本前设置
130 | server0="master1:10.37.129.11"
131 | server1="master2:10.37.129.12"
132 | server2="master3:10.37.129.13"
133 | ##############################################################
134 | ## 集群安装相关参数设置
135 | # 是否离线安装集群，true为离线安装
136 | INSTALL_OFFLINE="false"
137 | # 是否安装集群，false为添加节点，true为安装集群
138 | INSTALL_CLUSTER="false"
139 | # 是否安装Keepalived+HAproxy
140 | INSTALL_SLB="false"
141 | # 是否脚本生成CA证书
142 | GENERATE_CA="false"
143 | # 定义Kubernetes信息
144 | KUBEVERSION="v1.17.0"
145 | # 定义安装 Container runtimes: docker/containerd/crio
146 | INSTALL_CR="docker"
147 | # docker 版本, INSTALL_CR="docker"时设置
148 | DOCKERVERSION="19.03.13"
149 | #
150 | KUBERNETES_CNI_VERSION=""
151 | IMAGE_REPOSITORY="registry.cn-hangzhou.aliyuncs.com/google_containers"
152 | # k8s master VIP（单节点为节点IP）
153 | k8s_master_vip="10.37.129.10"
154 | # K8S网段
155 | podSubnet="10.244.0.0/16"
156 | # 可获取kubeadm join命令的节点IP
157 | k8s_join_ip=$k8s_master_vip
158 | ##############################################################
159 | ```
160 | 
161 | ## 2.4 离线安装
162 | 前提：在最小化的CentOS7下，能正常解析和上网。    
163 | 
164 | 修改`config.sh`配置，`INSTALL_OFFLINE="true"`
165 | 
166 | ```bash
167 | # 是否离线安装集群，true为离线安装
168 | INSTALL_OFFLINE="true"
169 | ```
170 | 
171 | 执行脚本`k8s_offline_package.sh`，成功后整个`kubeadm-shell`目录即为一个离线安装包。
172 | # 3. 失败的节点`kubeadm reset`
173 | 安装过程中，如有节点失败，可使用`kubeadm reset`重置后，重新安装。
174 | 
175 | >**注意**
176 | >此命令非常危险，一定要确认是否在正确节点执行。
177 | 
178 | ![kubeadm reset](./images/1575423570194.png)
179 | 


--------------------------------------------------------------------------------
/functions/system.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # @Author      : Chinge Yang
  4 | # @Date        : 2020-03-12 12:06:56
  5 | # @LastEditTime: 2022-09-20 16:21:44
  6 | # @LastEditors : Chinge Yang
  7 | # @Description :
  8 | # @FilePath    : /kubeadm-shell/functions/system.sh
  9 | ##############################################################
 10 | 
 11 | function System_Opt() {
 12 |     Yellow_Echo "进行系统优化："
 13 |     # User_Pass
 14 |     # [ $? -eq 1 ] && return 1
 15 | 
 16 |     #修改SSH为允许用key登录
 17 |     mkdir -p /root/.ssh/
 18 |     chmod -R 700 /root/.ssh/
 19 | 
 20 |     # sed -i "s#PasswordAuthentication yes#PasswordAuthentication no#g"  /etc/ssh/sshd_config
 21 |     sed -i "s@#UseDNS yes@UseDNS no@" /etc/ssh/sshd_config
 22 |     sed -i 's/.*LogLevel.*/LogLevel DEBUG/g' /etc/ssh/sshd_config
 23 |     sed -i 's@#MaxStartups 10@MaxStartups 50@g' /etc/ssh/sshd_config
 24 |     # sed -i 's@#PermitRootLogin yes@PermitRootLogin no@g' /etc/ssh/sshd_config
 25 |     systemctl reload sshd
 26 |     echo '设置ssh done!' >>${install_log}
 27 | 
 28 |     # 关闭防火墙
 29 |     systemctl disable firewalld
 30 |     systemctl stop firewalld
 31 |     echo '关闭防火墙 done!' >>${install_log}
 32 | 
 33 |     #关闭，开启一些服务
 34 |     systemctl enable crond || systemctl enable cron
 35 |     systemctl start crond || systemctl start cron
 36 | 
 37 |     # 设置.bashrc
 38 |     if ! grep 'ulimit' /root/.bashrc >/dev/null; then
 39 |         cat >>/root/.bashrc <<EOF
 40 | ulimit -c unlimited
 41 | ulimit -n 40960
 42 | EOF
 43 |     fi
 44 |     echo '设置.bashrc done!' >>${install_log}
 45 | 
 46 |     #设置.bash_profile
 47 |     if ! grep 'redhat-release' /root/.bash_profile >/dev/null 2>&1; then
 48 |         cat >>/root/.bash_profile <<EOF
 49 | if [ -f ~/.bashrc ] ; then
 50 |     source ~/.bashrc
 51 | fi
 52 | echo '=========================================================='
 53 | if [ -f /etc/redhat-release ]; then
 54 |     cat /etc/redhat-release
 55 | else
 56 |     lsb_release -a
 57 | fi
 58 | echo '=========================================================='
 59 | EOF
 60 |     fi
 61 |     echo '设置.bash_profile done!' >>${install_log}
 62 | 
 63 |     # 修改系统语言
 64 |     echo 'LANG="en_US.UTF-8"' >/etc/locale.conf
 65 |     echo '设置系统语言 done!' >>${install_log}
 66 | 
 67 |     #修改最大的连接数为40960，重启之后就自动生效。
 68 |     ! grep "*                soft   nofile          40960" /etc/security/limits.conf >/dev/null &&
 69 |         echo '*                soft   nofile          40960' >>/etc/security/limits.conf
 70 | 
 71 |     ! grep "*                hard   nofile          40960" /etc/security/limits.conf >/dev/null &&
 72 |         echo '*                hard   nofile          40960' >>/etc/security/limits.conf
 73 |     ########################################
 74 |     [ -f /etc/bash.bashrc ] && BASHRC="/etc/bash.bashrc" || BASHRC="/etc/bashrc"
 75 |     ! grep 'HISTFILESIZE' ${BASHRC} >/dev/null && echo 'HISTFILESIZE=2000' >> ${BASHRC}
 76 |     ! grep 'HISTSIZE' ${BASHRC} >/dev/null && echo 'HISTSIZE=2000' >> ${BASHRC}
 77 |     ! grep 'HISTTIMEFORMAT="%Y%m%d-%H:%M:%S: "' ${BASHRC} >/dev/null && echo 'HISTTIMEFORMAT="%Y%m%d-%H:%M:%S: "' >> ${BASHRC}
 78 |     ! grep 'export HISTTIMEFORMAT' ${BASHRC} >/dev/null && echo 'export HISTTIMEFORMAT' >> ${BASHRC}
 79 |     ########################################
 80 | }
 81 | 
 82 | function Init_K8s() {
 83 |     # 配置转发相关参数，否则可能会出错
 84 |     cat <<EOF >/etc/sysctl.d/k8s.conf
 85 | net.bridge.bridge-nf-call-ip6tables = 1
 86 | net.bridge.bridge-nf-call-iptables = 1
 87 | vm.swappiness=0
 88 | net.ipv4.ip_forward = 1
 89 | net.ipv4.tcp_keepalive_time = 600
 90 | net.ipv4.tcp_keepalive_intvl = 30
 91 | net.ipv4.tcp_keepalive_probes = 10
 92 | vm.overcommit_memory = 0
 93 | net.ipv4.tcp_slow_start_after_idle = 0
 94 | EOF
 95 |     sysctl --system
 96 |     echo '设置开启转发内核参数 done! ' >>${install_log}
 97 | 
 98 |     # 加载ipvs相关内核模块
 99 |     # 如果重新开机，需要重新加载
100 |     modprobe ip_vs
101 |     modprobe ip_vs_rr
102 |     modprobe ip_vs_wrr
103 |     modprobe ip_vs_sh
104 |     modprobe nf_conntrack
105 |     modprobe br_netfilter
106 | 
107 |     $PM install -y ipvsadm
108 |     if [ "${DISTRO}" == "CentOS" ]; then
109 |         # 安装ipvsadm
110 |         echo '安装ipvsadm done!' >>${install_log}
111 |         # 配置开机生效模块文件，需要增加可执行权限
112 |         cat >/etc/sysconfig/modules/ipvs.modules <<EOF
113 | #! /bin/sh
114 | 
115 | modules=("ip_vs"
116 | "ip_vs_rr"
117 | "ip_vs_wrr"
118 | "ip_vs_sh"
119 | "nf_conntrack"
120 | "br_netfilter"
121 | )
122 | 
123 | for mod in \${modules[@]}; do
124 | /sbin/modinfo -F filename \$mod > /dev/null 2>&1
125 | if [ $? -eq 0 ]; then
126 | /sbin/modprobe \$mod
127 | fi
128 | done
129 | EOF
130 |         chmod a+x /etc/sysconfig/modules/ipvs.modules
131 |     else
132 |         cat > /etc/modules-load.d/ipvs.conf <<EOF
133 | ip_vs
134 | ip_vs_rr
135 | ip_vs_wrr
136 | ip_vs_sh
137 | nf_conntrack
138 | EOF
139 |     fi
140 |     echo '设置开机加载内核模块 done! ' >>${install_log}
141 | 
142 |     # 防火墙设置，否则可能不能转发
143 |     if ! command -v iptables > /dev/null; then
144 |         echo "iptables not found. Installing..."
145 |         $PM -y install iptables
146 |     fi
147 |     iptables -P FORWARD ACCEPT
148 | 
149 |     # 关闭交换分区，并永久注释
150 |     swapoff -a
151 |     swap_line=$(grep '^.*swap' /etc/fstab)
152 |     if [ ! -z "$swap_line" ]; then
153 |         sed -i "s@$swap_line@#$swap_line@g" /etc/fstab
154 |     fi
155 |     echo '关闭交换分区 done! ' >>${install_log}
156 | 
157 |     # 开启防火墙规则或者关闭防火墙
158 |     # firewall-cmd --add-rich-rule 'rule family=ipv4 source address=192.168.105.0/24 accept' # # 指定源IP（段），即时生效
159 |     # firewall-cmd --add-rich-rule 'rule family=ipv4 source address=192.168.105.0/24 accept' --permanent # 指定源IP（段），永久生效
160 | }
161 | 


--------------------------------------------------------------------------------
/functions/download_packages.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # @Author      : Chinge Yang
  4 | # @Date        : 2022-09-20 15:56:29
  5 | # @LastEditTime: 2022-09-23 13:12:40
  6 | # @LastEditors : Chinge Yang
  7 | # @Description : 下载离线安装包
  8 | # @FilePath    : /kubeadm-shell/functions/download_packages.sh
  9 | ##############################################################
 10 | 
 11 | function Apt_Download() {
 12 |     local package="$1"
 13 |     apt download $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances $package | grep "^\w" | sort -u)
 14 | }
 15 | 
 16 | function Download_Packages() {
 17 |     if [ "$PM" == "yum" ]; then
 18 |         # 拉取镜像时需要kubeadm
 19 |         yum -y install kubernetes-cni${KUBERNETES_CNI_VERSION:+-$KUBERNETES_CNI_VERSION} \
 20 |             kubelet-${KUBEVERSION/v/} \
 21 |             kubeadm-${KUBEVERSION/v/} \
 22 |             kubectl-${KUBEVERSION/v/}
 23 | 
 24 |         # 时间同步
 25 |         local packages="bash \
 26 |             chrony \
 27 |             createrepo \
 28 |             curl \
 29 |             device-mapper-persistent-data \
 30 |             ethtool \
 31 |             hdparm \
 32 |             ipvsadm \
 33 |             lvm2 \
 34 |             ntpdate \
 35 |             openssh-clients \
 36 |             rsync \
 37 |             vim \
 38 |             wget \
 39 |             yum-utils"
 40 |         yum install --downloadonly --downloaddir=$PACKAGES_DIR "$packages"
 41 | 
 42 |         # kubeadm kubectl kubelet
 43 |         yum install --downloadonly --downloaddir=$PACKAGES_DIR \
 44 |             kubernetes-cni${KUBERNETES_CNI_VERSION:+-$KUBERNETES_CNI_VERSION} \
 45 |             kubelet-${KUBEVERSION/v/} \
 46 |             kubeadm-${KUBEVERSION/v/} \
 47 |             kubectl-${KUBEVERSION/v/}
 48 |         curl http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg -o $GPG_DIR/Aliyun-kubernetes-yum-key.gpg
 49 |         curl http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg -o $GPG_DIR/Aliyun-kubernetes-rpm-package-key.gpg
 50 |     elif [ "$PM" == "apt" ]; then
 51 |         chown _apt:root $PACKAGES_DIR
 52 |         apt -y install dpkg-dev apt-rdepends
 53 |         local packages="apt-transport-https \
 54 |         bash \
 55 |         chrony \
 56 |         ca-certificates \
 57 |         curl \
 58 |         ethtool \
 59 |         hdparm \
 60 |         ipvsadm \
 61 |         ntpdate \
 62 |         openssh-client \
 63 |         rsync \
 64 |         software-properties-common \
 65 |         vim \
 66 |         wget"
 67 |         cd $PACKAGES_DIR
 68 |         for package in $packages; do
 69 |             Apt_Download $package
 70 |             [ $? -ne 0 ] && Red_Echo "Download $package failed"
 71 |         done
 72 | 
 73 |         apt -y install kubeadm=${KUBEVERSION/v/}-00
 74 | 
 75 |         Apt_Download "kubernetes-cni \
 76 |             kubelet \
 77 |             kubeadm \
 78 |             kubectl"
 79 |         apt download "kubernetes-cni${KUBERNETES_CNI_VERSION:+=$KUBERNETES_CNI_VERSION'-00'} \
 80 |             kubelet=${KUBEVERSION/v/}-00 \
 81 |             kubeadm=${KUBEVERSION/v/}-00 \
 82 |             kubectl=${KUBEVERSION/v/}-00"
 83 |         # 删除多余的包
 84 |         ls kubeadm_* | grep -v ${KUBEVERSION/v/} | xargs rm -f
 85 |         ls kubectl_* | grep -v ${KUBEVERSION/v/} | xargs rm -f
 86 |         ls kubelet_* | grep -v ${KUBEVERSION/v/} | xargs rm -f
 87 |     else
 88 |         Red_Echo "当前系统不支持离线安装"
 89 |         return 1
 90 |     fi
 91 | 
 92 |     case $INSTALL_CR in
 93 |     containerd)
 94 |         if [ "$PM" == "yum" ]; then
 95 |             yum -y install containerd.io
 96 |             systemctl start containerd
 97 | 
 98 |             yum install --downloadonly --downloaddir=$PACKAGES_DIR \
 99 |                 containerd.io
100 |             curl https://mirrors.aliyun.com/docker-ce/linux/centos/gpg -o $GPG_DIR/Docker.gpg
101 |         elif [ "$PM" == "apt" ]; then
102 |             apt -y install containerd.io
103 |             systemctl start containerd
104 | 
105 |             apt download $(apt-rdepends containerd.io | grep -v "^ " | sed 's/debconf-2.0/debconf/g')
106 |         fi
107 | 
108 |         # 下载 cni-plugins
109 |         cd $PACKAGES_DIR
110 |         cni_plugins_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/containernetworking/plugins/releases/latest" |
111 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
112 |         wget https://github.com/containernetworking/plugins/releases/download/${cni_plugins_version}/cni-plugins-linux-${ARCH}-${cni_plugins_version}.tgz -O \
113 |             cni-plugins-linux-${ARCH}-latest.tgz || echo '下载 cni-plugins 失败! ' >>${install_log}
114 | 
115 |         # 下载 nerdctl
116 |         cd $PACKAGES_DIR
117 |         nerdctl_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/containerd/nerdctl/releases/latest" |
118 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
119 |         wget https://github.com/containerd/nerdctl/releases/download/${nerdctl_version}/nerdctl-${nerdctl_version/v/}-linux-amd64.tar.gz -O \
120 |             nerdctl-latest-linux-${ARCH}.tar.gz || echo '下载 nerdctl 失败! ' >>${install_log}
121 |         tar -zxvf $PACKAGES_DIR/nerdctl-latest-linux-${ARCH}.tar.gz -C /usr/local/bin/
122 |         ;;
123 |     docker)
124 |         if [ "$PM" == "yum" ]; then
125 |             # 因为要使用docker 导出镜像，安装 docker ce
126 |             yum -y install docker-ce-$DOCKERVERSION
127 |             systemctl start docker
128 | 
129 |             yum install --downloadonly --downloaddir=$PACKAGES_DIR \
130 |                 docker-ce-$DOCKERVERSION \
131 |                 docker-ce-cli-$DOCKERVERSION \
132 |                 curl https://mirrors.aliyun.com/docker-ce/linux/centos/gpg -o $GPG_DIR/Docker.gpg
133 |         elif [ "$PM" == "apt" ]; then
134 |             apt -y install docker-ce=${DOCKERVERSION}-00 docker-ce-cli=${DOCKERVERSION}-00
135 |             systemctl start docker
136 | 
137 |             apt download $(apt-rdepends docker-ce docker-ce-cli | grep -v "^ " | sed 's/debconf-2.0/debconf/g')
138 |             apt download docker-ce=${DOCKERVERSION}-00 docker-ce-cli=${DOCKERVERSION}-00
139 |         fi
140 | 
141 |         # 下载 cri-dockerd
142 |         cd $PACKAGES_DIR
143 |         if [ ! -f cri-dockerd-latest.amd64.tgz ]; then
144 |             cri_dockerd_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest" |
145 |                 grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
146 |             wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${cri_dockerd_version}/cri-dockerd-${cri_dockerd_version/v/}.${ARCH}.tgz -O \
147 |                 cri-dockerd-latest.${ARCH}.tgz || echo '下载 cri-dockerd 失败! ' >>${install_log}
148 |         fi
149 |         [ ! -d systemd ] && mkdir systemd
150 |         cd systemd
151 |         wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service -O \
152 |             cri-docker.service
153 |         wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket -O \
154 |             cri-docker.socket
155 |         ;;
156 |     ciro)
157 |         # ref https://kubernetes.io/docs/setup/production-environment/container-runtimes/#tab-cri-cri-o-installation-2
158 |         if [ "$PM" == "yum" ]; then
159 |             yum install --downloadonly --downloaddir=$PACKAGES_DIR \
160 |                 cri-o
161 |         elif [ "$PM" == "apt" ]; then
162 |             apt download $(apt-rdepends cri-o cri-o-runc | grep -v "^ " | sed 's/debconf-2.0/debconf/g')
163 |         fi
164 | 
165 |         # 下载 nerdctl
166 |         cd $PACKAGES_DIR
167 |         if [ ! -f crictl-latest-linux-amd64.tar.gz ]; then
168 |             crictl_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/kubernetes-sigs/cri-tools/releases/latest" |
169 |                 grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
170 |             wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${crictl_version}/crictl-${crictl_version}-linux-${ARCH}.tar.gz -O \
171 |                 crictl-latest-linux-${ARCH}.tar.gz || echo '下载 crictl 失败! ' >>${install_log}
172 |         fi
173 |         ;;
174 |     *)
175 |         Red_Echo "不支持的 Container Runtime 类型"
176 |         exit 1
177 |         ;;
178 |     esac
179 | 
180 |     # 生成 Ubuntu 软件包信息
181 |     if [ "$PM" == "apt" ]; then
182 |         cd $PACKAGES_DIR
183 |         dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
184 |     fi
185 | }
186 | 


--------------------------------------------------------------------------------
/kubeadm_renew_certs.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # File Name: kubeadm_renew_certs.sh
  4 | # Version: V1.0
  5 | # Author: Chinge_Yang
  6 | # Blog: http://blog.csdn.net/ygqygq2
  7 | # Created Time : 2020-02-17 10:34:39
  8 | # Description: 更新master节点证书
  9 | ##############################################################
 10 | 
 11 | PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
 12 | export PATH
 13 | 
 14 | # Check if user is root
 15 | if [ $(id -u) != "0" ]; then
 16 |     echo "Error: You must be root to run this script, please use root to run me."
 17 |     exit 1
 18 | fi
 19 | ##############################################################
 20 | 
 21 | #获取脚本所存放目录
 22 | cd $(dirname $0)
 23 | SH_DIR=$(pwd)
 24 | ME=$0
 25 | PARAMETERS=$*
 26 | 
 27 | . $SH_DIR/config.sh
 28 | . $SH_DIR/functions/base.sh
 29 | . $SH_DIR/functions/setup_ssl.sh
 30 | 
 31 | function Check_Certs_Expire() {
 32 |     # 检测域名或者证书过期剩余天数
 33 |     local domain=$1
 34 |     if [ -f "$domain" ]; then
 35 |         END_TIME=$(openssl x509 -noout -dates -in $domain | grep 'After' | awk -F '=' '{print $2}' | awk -F ' +' '{print $1,$2,$4 }')
 36 |     else
 37 |         END_TIME=$(echo | openssl s_client -servername $domain -connect $domain:443 2>/dev/null |
 38 |             openssl x509 -noout -dates | grep 'After' | awk -F '=' '{print $2}' | awk -F ' +' '{print $1,$2,$4 }')
 39 |     fi
 40 |     # 使用openssl获取域名的证书情况，然后获取其中的到期时间
 41 |     END_TIME1=$(date +%s -d "$END_TIME")  # 将日期转化为时间戳
 42 |     NOW_TIME=$(date +%s -d "$(date +%F)") # 将目前的日期也转化为时间戳
 43 | 
 44 |     LEFT_DAYS=$(($(($END_TIME1 - $NOW_TIME)) / (60 * 60 * 24))) # 到期时间减去目前时间再转化为天数
 45 | 
 46 |     if [ $LEFT_DAYS -lt "$expire_days" ]; then # 当到期时间小于多少天
 47 |         echo "$(date +%F) 证书 [$domain] 还有 [$LEFT_DAYS] 天过期"
 48 |         return 0
 49 |     else
 50 |         echo "$(date +%F) 证书 [$domain] 还有 [$LEFT_DAYS] 天过期"
 51 |         return 1
 52 |     fi
 53 | }
 54 | 
 55 | function Conf_Type() {
 56 |     result=1
 57 |     for cert in ${ca_certs_list[@]}; do
 58 |         Check_Certs_Expire $cert
 59 |         result=$(($result * $?))
 60 |     done
 61 |     if [ $result -eq 0 ]; then
 62 |         type=0 # 更新CA证书和其它所有证书
 63 |         Yellow_Echo "更新CA证书和其它所有证书"
 64 |     else
 65 |         for cert in ${certs_list[@]}; do
 66 |             Check_Certs_Expire $cert
 67 |             result=$(($result * $?))
 68 |         done
 69 |         if [ $result -eq 0 ]; then
 70 |             type=1 # 更新除CA所有证书
 71 |         else
 72 |             type=1
 73 |         fi
 74 |         Yellow_Echo "更新除CA所有证书"
 75 |     fi
 76 | }
 77 | 
 78 | function Renew_All_Certs() {
 79 |     # 续期除CA以外其它证书
 80 |     Yellow_Echo "主机名：$HOSTNAME"
 81 |     kubeadm certs check-expiration
 82 |     kubeadm certs renew all --config /etc/kubernetes/kubeadmcfg.yaml
 83 |     rm -f /var/lib/kubelet/pki/*
 84 |     systemctl restart kubelet
 85 |     rsync -avz /etc/kubernetes/manifests/ /etc/kubernetes/manifests.bak/
 86 |     rm -f /etc/kubernetes/manifests/*.yaml
 87 |     sleep 30
 88 |     rsync -avz /etc/kubernetes/manifests.bak/ /etc/kubernetes/manifests/
 89 | }
 90 | 
 91 | function Renew_Secret_Ca_Certs() {
 92 |     base64_encoded_ca="$(base64 -w0 /etc/kubernetes/pki/ca.crt)"
 93 | 
 94 |     for namespace in $(kubectl get ns --no-headers | awk '{print $1}'); do
 95 |         for token in $(kubectl get secrets --namespace "$namespace" --field-selector type=kubernetes.io/service-account-token -o name); do
 96 |             kubectl get $token --namespace "$namespace" -o yaml |
 97 |                 /bin/sed "s/\(ca.crt:\).*/\1 ${base64_encoded_ca}/" |
 98 |                 kubectl apply -f -
 99 |         done
100 |     done
101 | 
102 |     kubectl get cm/cluster-info --namespace kube-public -o yaml |
103 |         /bin/sed "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}/" |
104 |         kubectl apply -f -
105 | 
106 |     #  /bin/sed -i "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}/" kubelet.conf
107 |     #  /bin/sed -i "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}/" scheduler.conf
108 | }
109 | 
110 | function Renew_Ca_Certs() {
111 |     Yellow_Echo "主机名：$HOSTNAME"
112 |     # 备份
113 |     mkdir -p /etc/kubernetes/conf.bak
114 |     rsync -avz /etc/kubernetes/pki/ /etc/kubernetes/pki.bak/
115 |     rm -f /etc/kubernetes/pki/{apiserver*,front-proxy-client.*}
116 |     rm -f /etc/kubernetes/pki/etcd/{healthcheck-client.*,peer.*,server.*}
117 |     if [[ "$HOSTNAME" = "${NAMES[0]}" ]]; then
118 |         rm -f /etc/kubernetes/pki/{ca.*,front-proxy-ca.*}
119 |         rm -f /etc/kubernetes/pki/etcd/ca.*
120 |     fi
121 | 
122 |     # 生成证书
123 |     if [[ "$HOSTNAME" = "${NAMES[0]}" ]]; then
124 |         if [ "$GENERATE_CA" != "false" ]; then
125 |             # 安装证书工具
126 |             Install_Cfssl
127 |             # 生成ca证书
128 |             Generate_Cert
129 |         fi
130 |     fi
131 | 
132 |     # 生成证书和配置文件
133 |     echo "kubeadm init phase certs all --config /etc/kubernetes/kubeadmcfg.yaml"
134 |     kubeadm init phase certs all --config /etc/kubernetes/kubeadmcfg.yaml
135 | 
136 |     if [[ "$HOSTNAME" = "${NAMES[0]}" ]]; then
137 |         # 更新 secret 里的 ca 证书
138 |         Renew_Secret_Ca_Certs
139 |     fi
140 | 
141 |     # 备份删除配置文件
142 |     rsync -avz /etc/kubernetes/{admin.conf,kubelet.conf,controller-manager.conf,scheduler.conf} /etc/kubernetes/conf.bak/
143 |     rm -f /etc/kubernetes/{admin.conf,kubelet.conf,controller-manager.conf,scheduler.conf}
144 |     rm -f /var/lib/kubelet/pki/*
145 |     rsync -avz /etc/kubernetes/manifests/ /etc/kubernetes/manifests.bak/
146 |     rm -rf /etc/kubernetes/manifests/
147 | 
148 |     sleep 2
149 |     echo "kubeadm init phase kubelet-start --config /etc/kubernetes/kubeadmcfg.yaml"
150 |     kubeadm init phase kubelet-start --config /etc/kubernetes/kubeadmcfg.yaml
151 |     sleep 2
152 |     echo "kubeadm init phase kubeconfig kubelet --config /etc/kubernetes/kubeadmcfg.yaml"
153 |     kubeadm init phase kubeconfig kubelet --config /etc/kubernetes/kubeadmcfg.yaml
154 |     sleep 2
155 |     echo "systemctl restart kubelet"
156 |     systemctl restart kubelet
157 |     sleep 2
158 |     echo "kubeadm init phase kubeconfig all --config /etc/kubernetes/kubeadmcfg.yaml"
159 |     kubeadm init phase kubeconfig all --config /etc/kubernetes/kubeadmcfg.yaml
160 |     sleep 20
161 |     rsync -avz /etc/kubernetes/manifests.bak/ /etc/kubernetes/manifests/
162 | }
163 | 
164 | function Sync_Certs() {
165 |     # 将相关证书文件传至其他master节点
166 |     for ((i = $((${#HOSTS[@]} - 1)); i > 0; i--)); do
167 |         $ssh_command root@${HOSTS[$i]} "mkdir -p /etc/kubernetes/pki/etcd"
168 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/ca.crt root@${HOSTS[$i]}:/etc/kubernetes/pki/ca.crt
169 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/ca.key root@${HOSTS[$i]}:/etc/kubernetes/pki/ca.key
170 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/sa.key root@${HOSTS[$i]}:/etc/kubernetes/pki/sa.key
171 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/sa.pub root@${HOSTS[$i]}:/etc/kubernetes/pki/sa.pub
172 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/front-proxy-ca.crt root@${HOSTS[$i]}:/etc/kubernetes/pki/front-proxy-ca.crt
173 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/front-proxy-ca.key root@${HOSTS[$i]}:/etc/kubernetes/pki/front-proxy-ca.key
174 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/etcd/ca.crt root@${HOSTS[$i]}:/etc/kubernetes/pki/etcd/ca.crt
175 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/pki/etcd/ca.key root@${HOSTS[$i]}:/etc/kubernetes/pki/etcd/ca.key
176 |         rsync -avz -e "${ssh_command}" /etc/kubernetes/admin.conf root@${HOSTS[$i]}:/etc/kubernetes/admin.conf
177 |     done
178 | }
179 | 
180 | function Bootstrap_Kubelet() {
181 |     bootstrap_token=$(kubeadm token list | grep bootstrappers | sed -n '1p' | awk '{print $1}')
182 |     if [ -z "$bootstrap_token" ]; then
183 |         bootstrap_token=$(kubeadm token create)
184 |     fi
185 |     cat >/etc/kubernetes/bootstrap-kubelet.conf <<EOF
186 | apiVersion: v1
187 | clusters:
188 | - cluster:
189 |     certificate-authority-data: $base64_encoded_ca
190 |     server: https://${k8s_master_vip}:${control_plane_port}
191 |   name: kubernetes
192 | contexts:
193 | - context:
194 |     cluster: kubernetes
195 |     user: tls-bootstrap-token-user
196 |   name: tls-bootstrap-token-user@kubernetes
197 | current-context: tls-bootstrap-token-user@kubernetes
198 | kind: Config
199 | preferences: {}
200 | users:
201 | - name: tls-bootstrap-token-user
202 |   user:
203 |     token: $bootstrap_token
204 | EOF
205 | 
206 |     systemctl restart kubelet
207 | }
208 | 
209 | function Do_All() {
210 |     cd $SH_DIR
211 |     # 第一台master节点
212 |     if [[ "$HOSTNAME" = "${NAMES[0]}" ]]; then
213 |         check_running=$(ps aux | grep "/bin/bash $SH_DIR/$(basename $ME)" | grep -v grep)
214 |         if [ -z "$check_running" ]; then # 为空表示非远程执行脚本
215 |             Conf_Type
216 |             Yellow_Echo "仍要更新证书？"
217 |             User_Verify
218 |             case $type in
219 |             0)
220 |                 Renew_Ca_Certs
221 |                 Sync_Certs
222 |                 # 解决 kubelet 启动无法认证
223 |                 Bootstrap_Kubelet
224 |                 ;;
225 |             1)
226 |                 Renew_All_Certs
227 |                 ;;
228 |             *) ;;
229 |             esac
230 |             for ((i = 1; i <= $((${#HOSTS[@]} - 1)); i++)); do
231 |                 # 将脚本分发至master节点
232 |                 cd $SH_DIR
233 |                 $ssh_command root@${HOSTS[$i]} "mkdir -p $SH_DIR"
234 |                 rsync -avz -e "${ssh_command}" $SH_DIR/ root@${HOSTS[$i]}:$SH_DIR/
235 |                 sleep 10
236 |                 $ssh_command root@${HOSTS[$i]} "/bin/bash $SH_DIR/$(basename $ME)"
237 |             done
238 |         fi
239 |     else
240 |         Conf_Type
241 |         Yellow_Echo "仍要更新证书？"
242 |         User_Verify
243 |         case $type in
244 |         0)
245 |             Renew_Ca_Certs
246 |             # 解决 kubelet 启动无法认证
247 |             Bootstrap_Kubelet
248 |             ;;
249 |         1)
250 |             Renew_All_Certs
251 |             ;;
252 |         *) ;;
253 |         esac
254 |     fi
255 | }
256 | 
257 | Do_All
258 | # 执行完毕的时间
259 | Green_Echo "$HOSTNAME 本次执行花时:$SECONDS 秒"
260 | Green_Echo "请手动重启各 POD，先处理 master 相关，再处理其它 POD."
261 | 


--------------------------------------------------------------------------------
/functions/install.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | ##############################################################
  3 | # @Author      : Chinge Yang
  4 | # @Date        : 2022-09-21 16:56:07
  5 | # @LastEditTime: 2022-09-21 16:56:14
  6 | # @LastEditors : Chinge Yang
  7 | # @Description : 一些基础软件安装
  8 | # @FilePath    : /kubeadm-shell/functions/install.sh
  9 | ##############################################################
 10 | 
 11 | function Install_Docker() {
 12 |     # 安装 docker-ce 并启动
 13 |     Blue_Echo "[+] Installing docker-ce... "
 14 |     if [ "${PM}" = "apt" ]; then
 15 |         DOCKER_VERSION=$(apt-cache madison docker-ce | grep ${DOCKERVERSION} | head -n 1 | awk '{print $3}')
 16 |         if [ -z "$DOCKER_VERSION" ]; then
 17 |             Red_Echo "[-] 未找到指定版本的 Docker，请检查版本号!"
 18 |             exit 1
 19 |         fi
 20 |         $PM -y install docker-ce=$DOCKER_VERSION docker-ce-cli=$DOCKER_VERSION
 21 |     elif [ "${PM}" = "yum" ]; then
 22 |         $PM -y install docker-ce-$DOCKERVERSION docker-ce-cli-$DOCKERVERSION
 23 |     else
 24 |         Red_Echo "[-] 未知的包管理器, 请检查!"
 25 |         exit 1
 26 |     fi
 27 |     [ -f /etc/docker/daemon.json ] && \mv "/etc/docker/daemon.json" "/etc/docker/daemon.json-$(date +%F-%H-%M)"
 28 |     [ ! -d /etc/docker ] && mkdir /etc/docker
 29 |     cat >/etc/docker/daemon.json <<EOF
 30 | {
 31 |     "registry-mirrors": ["https://docker.m.daocloud.io"],
 32 |     "exec-opts": ["native.cgroupdriver=systemd"]
 33 | }
 34 | EOF
 35 |     systemctl enable docker && systemctl restart docker
 36 |     docker version | tee /tmp/docker-version.log
 37 |     cat /tmp/docker-version.log | grep -w $DOCKERVERSION
 38 |     if [ $? -ne 0 ]; then
 39 |         Yellow_Echo "docker版本未对应(可手动处理后选择[确认]继续)"
 40 |         User_Verify
 41 |     fi
 42 |     echo '安装docker ce done! ' >>${install_log}
 43 | 
 44 |     # kubernetes 1.24 移除对 docker ce 的支持，增加一层 cri-docker
 45 |     # 安装 cri-docker 并启动
 46 | 
 47 |     cd $PACKAGES_DIR
 48 |     if [ ! -f cri-dockerd-latest.${ARCH}.tgz ]; then
 49 |         cri_dockerd_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest" |
 50 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
 51 |         wget https://github.com/Mirantis/cri-dockerd/releases/download/${cri_dockerd_version}/cri-dockerd-${cri_dockerd_version/v/}.${ARCH}.tgz -O \
 52 |             cri-dockerd-latest.${ARCH}.tgz || echo '下载 cri-dockerd 失败! ' >>${install_log}
 53 |     fi
 54 |     tar -zxvf $PACKAGES_DIR/cri-dockerd-latest.${ARCH}.tgz -C /tmp/
 55 |     \mv /tmp/cri-dockerd/cri-dockerd /usr/local/bin/
 56 | 
 57 |     [ ! -d systemd ] && mkdir systemd
 58 |     cd systemd
 59 |     [ ! -f cri-docker.service ] && wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service -O \
 60 |         cri-docker.service echo '下载 cri-docker.service 失败! ' >>${install_log}
 61 |     [ ! -f cri-docker.socket ] && wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket -O \
 62 |         cri-docker.socket || echo '下载 cri-docker.socket 失败! ' >>${install_log}
 63 |     cp * /etc/systemd/system
 64 |     sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
 65 |     systemctl daemon-reload
 66 |     systemctl enable cri-docker.service
 67 |     systemctl enable --now cri-docker.socket
 68 |     systemctl start cri-docker
 69 |     echo '安装cri-dockerd done! ' >>${install_log}
 70 | }
 71 | 
 72 | function Install_Crictl() {
 73 |     # 安装 crictl
 74 |     Blue_Echo "[+] Installing crictl... "
 75 |     cd $PACKAGES_DIR
 76 |     if [ ! -f crictl-latest-linux-${ARCH}.tar.gz ]; then
 77 |         crictl_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/kubernetes-sigs/cri-tools/releases/latest" |
 78 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
 79 |         wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${crictl_version}/crictl-${crictl_version}-linux-${ARCH}.tar.gz -O \
 80 |             crictl-latest-linux-${ARCH}.tar.gz || echo '下载 crictl 失败! ' >>${install_log}
 81 |     fi
 82 |     tar -zxvf $PACKAGES_DIR/crictl-latest-linux-${ARCH}.tar.gz -C /usr/local/bin/
 83 | }
 84 | 
 85 | function Install_Containerd() {
 86 |     # 安装 containerd
 87 |     Blue_Echo "[+] Installing containerd... "
 88 |     $PM -y install containerd.io
 89 |     # 安装 nerdctl
 90 |     cd $PACKAGES_DIR
 91 |     if [ ! -f nerdctl-latest-linux-${ARCH}.tar.gz ]; then
 92 |         nerdctl_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/containerd/nerdctl/releases/latest" |
 93 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
 94 |         wget https://github.com/containerd/nerdctl/releases/download/${nerdctl_version}/nerdctl-${nerdctl_version/v/}-linux-${ARCH}.tar.gz -O \
 95 |             nerdctl-latest-linux-${ARCH}.tar.gz || echo '下载 nerdctl 失败! ' >>${install_log}
 96 |     fi
 97 |     tar -zxvf $PACKAGES_DIR/nerdctl-latest-linux-${ARCH}.tar.gz -C /usr/local/bin/
 98 |     cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
 99 | overlay
100 | br_netfilter
101 | EOF
102 | 
103 |     modprobe overlay
104 |     modprobe br_netfilter
105 | 
106 |     mkdir -p /etc/containerd
107 |     containerd config default | sudo tee /etc/containerd/config.toml
108 |     sed -i "s#k8s.gcr.io#${IMAGE_REPOSITORY}#g" /etc/containerd/config.toml
109 |     if ! grep -Eq docker.m.daocloud.io /etc/containerd/config.toml; then
110 |         sed -i '/registry.mirrors/a\ \ \ \ \ \ \ \ [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]\n\ \ \ \ \ \ \ \ \ \ endpoint = ["https://docker.m.daocloud.io", "https://registry-1.docker.io"]' /etc/containerd/config.toml
111 |     fi
112 |     sed -i 's#sandbox_image.*#sandbox_image = "ygqygq2/pause:3.9"#' /etc/containerd/config.toml
113 |     #sed -i '/containerd.runtimes.runc.options/a\ \ \ \ \ \ \ \ \ \ \ \ SystemdCgroup = true' /etc/containerd/config.toml
114 |     #sed -i "s#https://registry-1.docker.io#https://registry.cn-hangzhou.aliyuncs.com#g" /etc/containerd/config.toml
115 | 
116 |     cd $PACKAGES_DIR
117 |     if [ ! -f cni-plugins-linux-${ARCH}-latest.tgz ]; then
118 |         cni_plugins_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/containernetworking/plugins/releases/latest" |
119 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
120 |         wget https://github.com/containernetworking/plugins/releases/download/${cni_plugins_version}/cni-plugins-linux-${ARCH}-${cni_plugins_version}.tgz -O \
121 |             cni-plugins-linux-${ARCH}-latest.tgz || echo '下载 cni-plugins 失败! ' >>${install_log}
122 |     fi
123 |     [ ! -d /opt/cni/bin ] && mkdir -p /opt/cni/bin
124 |     tar Cxzvf /opt/cni/bin cni-plugins-linux-${ARCH}-latest.tgz
125 | 
126 |     systemctl restart containerd
127 |     systemctl enable containerd
128 | 
129 |     Install_Crictl
130 |     cat >/etc/crictl.yaml <<EOF
131 | runtime-endpoint: unix:///var/run/containerd/containerd.sock
132 | image-endpoint: unix:///var/run/containerd/containerd.sock
133 | timeout: 2
134 | debug: false
135 | pull-image-on-create: false
136 | EOF
137 |     echo '安装containerd done! ' >>${install_log}
138 | }
139 | 
140 | function Install_Crio() {
141 |     # 安装 crio, ref https://kubernetes.io/docs/setup/production-environment/container-runtimes/
142 |     Blue_Echo "[+] Installing crio... "
143 |     cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
144 | overlay
145 | br_netfilter
146 | EOF
147 | 
148 |     modprobe overlay
149 |     modprobe br_netfilter
150 | 
151 |     if [ "${DISTRO}" = "Ubuntu" ]; then
152 |         $PM -y install cri-o cri-o-runc
153 |     else
154 |         $PM install -y cri-o
155 |         if ! runc -v | grep libseccomp; then
156 |             \mv /usr/bin/runc /usr/bin/runc.bak
157 |         fi
158 |         # runc可能版本过旧，ref: https://github.com/opencontainers/runc/releases/latest
159 |         runc_version=$(wget -qO- -t5 -T10 "https://api.github.com/repos/opencontainers/runc/releases/latest" |
160 |             grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
161 |         wget https://github.com/opencontainers/runc/releases/download/$runc_version/runc.amd64 -O /usr/bin/runc || echo '下载 runc 失败! ' >>${install_log}
162 |         chmod a+x /usr/bin/runc
163 |     fi
164 | 
165 |     mkdir -p /etc/crio/crio.conf.d
166 |     cat >/etc/crio/crio.conf.d/cri-o-runc <<EOF
167 | [crio.runtime.runtimes.runc]
168 | runtime_path = ""
169 | runtime_type = "oci"
170 | runtime_root = "/run/runc"
171 | EOF
172 | 
173 |     if ! grep -Eq docker.m.daocloud.io /etc/containers/registries.conf; then
174 |         cat >>/etc/containers/registries.conf <<EOF
175 | [[registry]]
176 | location="docker.io"
177 | [[registry.mirror]]
178 | location="docker.m.daocloud.io"
179 | EOF
180 |     fi
181 | 
182 |     Install_Crictl
183 |     cat >/etc/crictl.yaml <<EOF
184 | runtime-endpoint: unix:///var/run/crio/crio.sock
185 | image-endpoint: unix:///var/run/crio/crio.sock
186 | timeout: 2
187 | debug: false
188 | pull-image-on-create: false
189 | EOF
190 |     sed -i 's@#pause_image.*@pause_image = "ygqygq2/pause:3.8"@' /etc/crio/crio.conf
191 |     sed -i "s#k8s.gcr.io#${IMAGE_REPOSITORY}#g" /etc/crio/crio.conf
192 |     systemctl daemon-reload
193 |     systemctl enable crio --now
194 |     echo '安装crio done! ' >>${install_log}
195 | }
196 | 
197 | function Install() {
198 |     # 判断安装容器类型
199 |     case $INSTALL_CR in
200 |     docker)
201 |         Install_Docker
202 |         ;;
203 |     containerd)
204 |         Install_Containerd
205 |         ;;
206 |     crio)
207 |         Install_Crio
208 |         ;;
209 |     *)
210 |         Install_Containerd
211 |         ;;
212 |     esac
213 | 
214 |     # 安装kubelet
215 |     if [ "${PM}" = "apt" ]; then
216 |         # 获取 kubectl、kubelet、kubeadm 的版本号
217 |         KUBE_VERSION=$(apt-cache madison kubeadm | grep ${KUBEVERSION} | head -n 1 | awk '{print $3}')
218 |         if [ -z "$KUBE_VERSION" ]; then
219 |             Red_Echo "[-] 未找到指定版本的 kubeadm，请检查版本号!"
220 |             exit 1
221 |         fi
222 | 
223 |         # 获取 kubernetes-cni 的版本号
224 |         if [ -n "${KUBERNETES_CNI_VERSION}" ]; then
225 |             CNI_VERSION=$(apt-cache madison kubernetes-cni | grep ${KUBERNETES_CNI_VERSION} | head -n 1 | awk '{print $3}')
226 |             if [ -z "$CNI_VERSION" ]; then
227 |                 Red_Echo "[-] 未找到指定版本的 kubernetes-cni，请检查版本号!"
228 |                 exit 1
229 |             fi
230 |         fi
231 | 
232 |         # 安装 kubectl、kubelet、kubeadm 和 kubernetes-cni
233 |         $PM -y install kubernetes-cni${CNI_VERSION:+=$CNI_VERSION} kubelet=$KUBE_VERSION kubeadm=$KUBE_VERSION kubectl=$KUBE_VERSION
234 |     elif [ "${PM}" = "yum" ]; then
235 |         KUBE_VERSION=${KUBEVERSION#v}
236 |         $PM -y install kubernetes-cni${KUBERNETES_CNI_VERSION:+-$KUBERNETES_CNI_VERSION}
237 |         $PM -y install kubelet-$KUBE_VERSION kubeadm-$KUBE_VERSION kubectl-$KUBE_VERSION
238 |     else
239 |         Red_Echo "[-] 未知的包管理器, 请检查!"
240 |         exit 1
241 |     fi
242 |     systemctl enable kubelet && systemctl start kubelet
243 |     echo '安装kubelet kubeadm kubectl done! ' >>${install_log}
244 | }
245 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     <one line to give the program's name and a brief idea of what it does.>
635 |     Copyright (C) <year>  <name of author>
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <https://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     <program>  Copyright (C) <year>  <name of author>
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <https://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <https://www.gnu.org/licenses/why-not-lgpl.html>.
675 | 


--------------------------------------------------------------------------------
/functions/init.sh:
--------------------------------------------------------------------------------
   1 | #!/usr/bin/env bash
   2 | ##############################################################
   3 | # @Author      : Chinge Yang
   4 | # @Date        : 2022-09-20 15:56:30
   5 | # @LastEditTime: 2022-09-20 17:16:22
   6 | # @LastEditors : Chinge Yang
   7 | # @Description : 初始化函数
   8 | # @FilePath    : /kubeadm-shell/functions/init.sh
   9 | ##############################################################
  10 | 
  11 | function Ready_Local_Repo() {
  12 |     if [ "$PM" == "yum" ]; then
  13 |         rpm -ivh $PACKAGES_DIR/deltarpm-*.rpm
  14 |         rpm -ivh $PACKAGES_DIR/libxml2-python-*.rpm
  15 |         rpm -ivh $PACKAGES_DIR/python-deltarpm-*.rpm
  16 |         rpm -ivh $PACKAGES_DIR/createrepo-*.rpm
  17 | 
  18 |         createrepo $PACKAGES_DIR
  19 | 
  20 |         # 备份现有源
  21 |         [ ! -d /etc/yum.repos.d/bak/ ] && {
  22 |             mkdir /etc/yum.repos.d/bak/
  23 |             mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
  24 |         }
  25 | 
  26 |         cat >/etc/yum.repos.d/CentOS-Media.repo <<EOF
  27 | [c7-media]
  28 | name=CentOS-$releasever - Media
  29 | baseurl=file://$PACKAGES_DIR
  30 | gpgcheck=0
  31 | enabled=1
  32 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  33 |        file://$GPG_DIR/Docker.gpg
  34 |        file://$GPG_DIR/Aliyun-kubernetes-yum-key.gpg
  35 |        file://$GPG_DIR/Aliyun-kubernetes-rpm-package-key.gpg
  36 | EOF
  37 |     elif [ "$PM" == "apt" ]; then
  38 |         # 备份现有源
  39 |         [ ! -d /etc/apt/sources.list.d/bak/ ] && {
  40 |             mkdir /etc/apt/bak/
  41 |             mv /etc/apt/sources.list /etc/apt/bak/
  42 |             mv /etc/apt/sources.list.d/*.list /etc/apt/bak/
  43 |         }
  44 | 
  45 |         cat >/etc/apt/sources.list.d/local.list <<EOF
  46 | deb [trusted=yes] file:$PACKAGES_DIR ./
  47 | EOF
  48 |         apt -y update
  49 |     else
  50 |         Red_Echo "当前系统不支持离线安装"
  51 |         return 1
  52 |     fi
  53 | }
  54 | 
  55 | Install_LSB() {
  56 |     echo "[+] Installing lsb..."
  57 |     if [ "$PM" = "yum" ]; then
  58 |         yum -y install redhat-lsb
  59 |     elif [ "$PM" = "apt" ]; then
  60 |         apt-get update
  61 |         apt-get --no-install-recommends install -y lsb-release
  62 |     fi
  63 | }
  64 | 
  65 | Get_Dist_Version() {
  66 |     if command -v lsb_release >/dev/null 2>&1; then
  67 |         DISTRO_Version=$(lsb_release -sr)
  68 |     elif [ -f /etc/lsb-release ]; then
  69 |         . /etc/lsb-release
  70 |         DISTRO_Version="$DISTRIB_RELEASE"
  71 |     elif [ -f /etc/os-release ]; then
  72 |         . /etc/os-release
  73 |         DISTRO_Version="$VERSION_ID"
  74 |     fi
  75 |     if [[ "${DISTRO}" = "" || "${DISTRO_Version}" = "" ]]; then
  76 |         if command -v python2 >/dev/null 2>&1; then
  77 |             DISTRO_Version=$(python2 -c 'import platform; print platform.linux_distribution()[1]')
  78 |         elif command -v python3 >/dev/null 2>&1; then
  79 |             DISTRO_Version=$(python3 -c 'import distro; print(distro.linux_distribution()[1])' || python3 -c 'import platform; print(platform.linux_distribution()[1])')
  80 |         else
  81 |             Install_LSB
  82 |             DISTRO_Version=$(lsb_release -rs)
  83 |         fi
  84 |     fi
  85 |     printf -v "${DISTRO}_Version" '%s' "${DISTRO_Version}"
  86 | }
  87 | 
  88 | Get_Dist_Name() {
  89 |     if grep -Eqi "CentOS" /etc/issue || grep -Eq "CentOS" /etc/*-release; then
  90 |         DISTRO='CentOS'
  91 |         PM='yum'
  92 |         if grep -Eq "CentOS Stream" /etc/*-release; then
  93 |             isCentosStream='y'
  94 |         fi
  95 |     elif grep -Eqi "Alibaba" /etc/issue || grep -Eq "Alibaba Cloud Linux" /etc/*-release; then
  96 |         DISTRO='Alibaba'
  97 |         PM='yum'
  98 |     elif grep -Eqi "Aliyun" /etc/issue || grep -Eq "Aliyun Linux" /etc/*-release; then
  99 |         DISTRO='Aliyun'
 100 |         PM='yum'
 101 |     elif grep -Eqi "Amazon Linux" /etc/issue || grep -Eq "Amazon Linux" /etc/*-release; then
 102 |         DISTRO='Amazon'
 103 |         PM='yum'
 104 |     elif grep -Eqi "Fedora" /etc/issue || grep -Eq "Fedora" /etc/*-release; then
 105 |         DISTRO='Fedora'
 106 |         PM='yum'
 107 |     elif grep -Eqi "Oracle Linux" /etc/issue || grep -Eq "Oracle Linux" /etc/*-release; then
 108 |         DISTRO='Oracle'
 109 |         PM='yum'
 110 |     elif grep -Eqi "Red Hat Enterprise Linux" /etc/issue || grep -Eq "Red Hat Enterprise Linux" /etc/*-release; then
 111 |         DISTRO='RHEL'
 112 |         PM='yum'
 113 |     elif grep -Eqi "rockylinux" /etc/issue || grep -Eq "Rocky Linux" /etc/*-release; then
 114 |         DISTRO='Rocky'
 115 |         PM='yum'
 116 |     elif grep -Eqi "almalinux" /etc/issue || grep -Eq "AlmaLinux" /etc/*-release; then
 117 |         DISTRO='Alma'
 118 |         PM='yum'
 119 |     elif grep -Eqi "openEuler" /etc/issue || grep -Eq "openEuler" /etc/*-release; then
 120 |         DISTRO='openEuler'
 121 |         PM='yum'
 122 |     elif grep -Eqi "Anolis OS" /etc/issue || grep -Eq "Anolis OS" /etc/*-release; then
 123 |         DISTRO='Anolis'
 124 |         PM='yum'
 125 |     elif grep -Eqi "Kylin Linux Advanced Server" /etc/issue || grep -Eq "Kylin Linux Advanced Server" /etc/*-release; then
 126 |         DISTRO='Kylin'
 127 |         PM='yum'
 128 |     elif grep -Eqi "Debian" /etc/issue || grep -Eq "Debian" /etc/*-release; then
 129 |         DISTRO='Debian'
 130 |         PM='apt'
 131 |     elif grep -Eqi "Ubuntu" /etc/issue || grep -Eq "Ubuntu" /etc/*-release; then
 132 |         DISTRO='Ubuntu'
 133 |         PM='apt'
 134 |     elif grep -Eqi "Raspbian" /etc/issue || grep -Eq "Raspbian" /etc/*-release; then
 135 |         DISTRO='Raspbian'
 136 |         PM='apt'
 137 |     elif grep -Eqi "Deepin" /etc/issue || grep -Eq "Deepin" /etc/*-release; then
 138 |         DISTRO='Deepin'
 139 |         PM='apt'
 140 |     elif grep -Eqi "Mint" /etc/issue || grep -Eq "Mint" /etc/*-release; then
 141 |         DISTRO='Mint'
 142 |         PM='apt'
 143 |     elif grep -Eqi "Kali" /etc/issue || grep -Eq "Kali" /etc/*-release; then
 144 |         DISTRO='Kali'
 145 |         PM='apt'
 146 |     elif grep -Eqi "UnionTech OS" /etc/issue || grep -Eq "UnionTech OS" /etc/*-release; then
 147 |         DISTRO='UOS'
 148 |         if command -v apt >/dev/null 2>&1; then
 149 |             PM='apt'
 150 |         elif command -v yum >/dev/null 2>&1; then
 151 |             PM='yum'
 152 |         fi
 153 |     elif grep -Eqi "Kylin Linux Desktop" /etc/issue || grep -Eq "Kylin Linux Desktop" /etc/*-release; then
 154 |         DISTRO='Kylin'
 155 |         PM='yum'
 156 |     else
 157 |         DISTRO='unknow'
 158 |     fi
 159 |     Get_OS_Bit
 160 | }
 161 | 
 162 | Get_RHEL_Version() {
 163 |     Get_Dist_Name
 164 |     if [ "${DISTRO}" = "RHEL" ] || [ "${DISTRO}" = "CentOS" ]; then
 165 |         if grep -Eqi "release 5." /etc/redhat-release; then
 166 |             echo "Current Version: $DISTRO Ver 5"
 167 |             RHEL_Ver='5'
 168 |         elif grep -Eqi "release 6." /etc/redhat-release; then
 169 |             echo "Current Version: $DISTRO Ver 6"
 170 |             RHEL_Ver='6'
 171 |         elif grep -Eqi "release 7." /etc/redhat-release; then
 172 |             echo "Current Version: $DISTRO Ver 7"
 173 |             RHEL_Ver='7'
 174 |         elif grep -Eqi "release 8." /etc/redhat-release; then
 175 |             echo "Current Version: $DISTRO Ver 8"
 176 |             RHEL_Ver='8'
 177 |         fi
 178 |         RHEL_Version="$(cat /etc/redhat-release | sed 's/.*release\ //' | sed 's/\ .*//')"
 179 |     fi
 180 | }
 181 | 
 182 | Get_OS_Bit() {
 183 |     Init_Arch
 184 |     # if [[ $(getconf WORD_BIT) = '32' && $(getconf LONG_BIT) = '64' ]]; then
 185 |     #     Is_64bit='y'
 186 |     #     ARCH='x86_64'
 187 |     # else
 188 |     #     Is_64bit='n'
 189 |     #     ARCH='i386'
 190 |     # fi
 191 | 
 192 |     # if uname -m | grep -Eqi "arm|aarch64"; then
 193 |     #     Is_ARM='y'
 194 |     #     if uname -m | grep -Eqi "armv7|armv6"; then
 195 |     #         ARCH='armhf'
 196 |     #     elif uname -m | grep -Eqi "aarch64"; then
 197 |     #         ARCH='aarch64'
 198 |     #     else
 199 |     #         ARCH='arm'
 200 |     #     fi
 201 |     # fi
 202 | }
 203 | 
 204 | function Set_Timezone() {
 205 |     Blue_Echo "Setting timezone..."
 206 |     rm -rf /etc/localtime
 207 |     ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 208 | }
 209 | 
 210 | function Set_Chrony() {
 211 |     #设置chrony服务
 212 |     ntpdate ntp1.aliyun.com
 213 |     cat >/etc/chrony.conf <<EOF
 214 | server ntp1.aliyun.com iburst
 215 | server time1.cloud.tencent.com iburst
 216 | server ntp.myhuaweicloud.com iburst
 217 | server pool.ntp.org iburst
 218 | stratumweight 0
 219 | driftfile /var/lib/chrony/drift
 220 | rtcsync
 221 | makestep 10 3
 222 | bindcmdaddress 127.0.0.1
 223 | bindcmdaddress ::1
 224 | keyfile /etc/chrony.keys
 225 | commandkey 1
 226 | generatecommandkey
 227 | noclientlog
 228 | logchange 0.5
 229 | logdir /var/log/chrony
 230 | EOF
 231 |     [ -f /etc/chrony/chrony.conf ] && ln -sf /etc/chrony.conf /etc/chrony/chrony.conf
 232 | }
 233 | 
 234 | function CentOS_InstallNTP() {
 235 |     Blue_Echo "[+] Installing chrony..."
 236 |     yum install -y ntpdate chrony
 237 |     Set_Chrony
 238 |     systemctl start chronyd
 239 |     systemctl enable chronyd
 240 |     date
 241 |     echo '设置时区，同步时间 done! ' >>${install_log}
 242 | }
 243 | 
 244 | function Deb_InstallNTP() {
 245 |     apt-get update -y
 246 |     [[ $? -ne 0 ]] && apt-get update --allow-releaseinfo-change -y
 247 |     Blue_Echo "[+] Installing chrony..."
 248 |     apt-get install -y ntpdate chrony
 249 |     Set_Chrony
 250 |     systemctl start chrony
 251 |     systemctl enable chrony
 252 |     date
 253 |     echo '设置时区，同步时间 done! ' >>${install_log}
 254 | }
 255 | 
 256 | function CentOS_RemoveAMP() {
 257 |     Blue_Echo "[-] Yum remove packages..."
 258 |     rpm -qa | grep httpd
 259 |     rpm -e httpd httpd-tools --nodeps
 260 |     yum -y remove httpd*
 261 |     yum clean all
 262 | }
 263 | 
 264 | function Deb_RemoveAMP() {
 265 |     Blue_Echo "[-] apt-get remove packages..."
 266 |     apt-get update -y
 267 |     [[ $? -ne 0 ]] && apt-get update --allow-releaseinfo-change -y
 268 |     for removepackages in apache2-doc; do apt-get purge -y $removepackages; done
 269 |     dpkg -P apache2-doc
 270 |     apt-get autoremove -y && apt-get clean
 271 | }
 272 | 
 273 | function Disable_Selinux() {
 274 |     if [ -s /etc/selinux/config ]; then
 275 |         setenforce 0
 276 |         sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 277 |     fi
 278 | }
 279 | 
 280 | function Xen_Hwcap_Setting() {
 281 |     if [ -s /etc/ld.so.conf.d/libc6-xen.conf ]; then
 282 |         sed -i 's/hwcap 1 nosegneg/hwcap 0 nosegneg/g' /etc/ld.so.conf.d/libc6-xen.conf
 283 |     fi
 284 | }
 285 | 
 286 | function Check_Hosts() {
 287 |     if grep -Eqi '^127.0.0.1[[:space:]]*localhost' /etc/hosts; then
 288 |         echo "Hosts: ok."
 289 |     else
 290 |         echo "127.0.0.1 localhost.localdomain localhost" >>/etc/hosts
 291 |     fi
 292 | 
 293 |     pingresult=$(ping -c1 www.baidu.com 2>&1)
 294 |     echo "${pingresult}"
 295 |     if echo "${pingresult}" | grep -q "unknown host"; then
 296 |         echo "DNS...fail"
 297 |         echo "Writing nameserver to /etc/resolv.conf ..."
 298 |         echo -e "nameserver 208.67.220.220\nnameserver 114.114.114.114" >/etc/resolv.conf
 299 |         echo '添加DNS done!' >>${install_log}
 300 |     else
 301 |         echo "DNS...ok"
 302 |     fi
 303 | }
 304 | 
 305 | function RHEL_Modify_Source() {
 306 |     Get_RHEL_Version
 307 |     if [ "${RHELRepo}" = "local" ]; then
 308 |         echo "DO NOT change RHEL repository, use the repository you set."
 309 |     else
 310 |         echo "RHEL ${RHEL_Ver} will use aliyun centos repository..."
 311 |         if [ ! -s "/etc/yum.repos.d/Centos-${RHEL_Ver}.repo" ]; then
 312 |             if command -v curl >/dev/null 2>&1; then
 313 |                 curl http://mirrors.aliyun.com/repo/Centos-${RHEL_Ver}.repo -o /etc/yum.repos.d/Centos-${RHEL_Ver}.repo
 314 |             else
 315 |                 wget --prefer-family=IPv4 http://mirrors.aliyun.com/repo/Centos-${RHEL_Ver}.repo -O /etc/yum.repos.d/Centos-${RHEL_Ver}.repo
 316 |             fi
 317 |         fi
 318 |         if echo "${RHEL_Version}" | grep -Eqi "^6"; then
 319 |             sed -i "s#centos/\$releasever#centos-vault/\$releasever#g" /etc/yum.repos.d/Centos-${RHEL_Ver}.repo
 320 |             sed -i "s/\$releasever/${RHEL_Version}/g" /etc/yum.repos.d/Centos-${RHEL_Ver}.repo
 321 |         elif echo "${RHEL_Version}" | grep -Eqi "^7"; then
 322 |             sed -i "s/\$releasever/7/g" /etc/yum.repos.d/Centos-${RHEL_Ver}.repo
 323 |         elif echo "${RHEL_Version}" | grep -Eqi "^8"; then
 324 |             sed -i "s#centos/\$releasever#centos-vault/8.5.2111#g" /etc/yum.repos.d/Centos-${RHEL_Ver}.repo
 325 |         fi
 326 |         yum clean all
 327 |         yum makecache
 328 |     fi
 329 |     sed -i "s/^enabled[ ]*=[ ]*1/enabled=0/" /etc/yum/pluginconf.d/subscription-manager.conf
 330 | }
 331 | 
 332 | function Ubuntu_Modify_Source() {
 333 |     if [ "${country}" = "CN" ]; then
 334 |         OldReleasesURL='http://mirrors.aliyun.com/oldubuntu-releases/ubuntu/'
 335 |     else
 336 |         OldReleasesURL='http://old-releases.ubuntu.com/ubuntu/'
 337 |     fi
 338 |     CodeName=''
 339 |     if grep -Eqi "10.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^10.10'; then
 340 |         CodeName='maverick'
 341 |     elif grep -Eqi "11.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^11.04'; then
 342 |         CodeName='natty'
 343 |     elif  grep -Eqi "11.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^11.10'; then
 344 |         CodeName='oneiric'
 345 |     elif grep -Eqi "12.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^12.10'; then
 346 |         CodeName='quantal'
 347 |     elif grep -Eqi "13.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^13.04'; then
 348 |         CodeName='raring'
 349 |     elif grep -Eqi "13.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^13.10'; then
 350 |         CodeName='saucy'
 351 |     elif grep -Eqi "10.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^10.04'; then
 352 |         CodeName='lucid'
 353 |     elif grep -Eqi "14.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^14.10'; then
 354 |         CodeName='utopic'
 355 |     elif grep -Eqi "15.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^15.04'; then
 356 |         CodeName='vivid'
 357 |     elif grep -Eqi "12.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^12.04'; then
 358 |         CodeName='precise'
 359 |     elif grep -Eqi "15.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^15.10'; then
 360 |         CodeName='wily'
 361 |     elif grep -Eqi "16.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^16.10'; then
 362 |         CodeName='yakkety'
 363 |     elif grep -Eqi "14.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^14.04'; then
 364 |         Ubuntu_Deadline trusty
 365 |     elif grep -Eqi "17.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^17.04'; then
 366 |         CodeName='zesty'
 367 |     elif grep -Eqi "17.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^17.10'; then
 368 |         CodeName='artful'
 369 |     elif grep -Eqi "16.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^16.04'; then
 370 |         Ubuntu_Deadline xenial
 371 |     elif grep -Eqi "16.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^16.10'; then
 372 |         CodeName='yakkety'
 373 |     elif grep -Eqi "18.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^18.04'; then
 374 |         Ubuntu_Deadline bionic
 375 |     elif grep -Eqi "18.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^18.10'; then
 376 |         CodeName='cosmic'
 377 |     elif grep -Eqi "19.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^19.04'; then
 378 |         CodeName='disco'
 379 |     elif grep -Eqi "19.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^19.10'; then
 380 |         CodeName='eoan'
 381 |     elif grep -Eqi "20.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^20.10'; then
 382 |         CodeName='groovy'
 383 |     elif grep -Eqi "21.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^21.04'; then
 384 |         CodeName='hirsute'
 385 |     elif grep -Eqi "21.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^21.10'; then
 386 |         CodeName='impish'
 387 |     elif grep -Eqi "22.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^22.10'; then
 388 |         CodeName='kinetic'
 389 |     elif grep -Eqi "23.04" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^23.04'; then
 390 |         CodeName='lunar'
 391 |     elif grep -Eqi "23.10" /etc/*-release || echo "${Ubuntu_Version}" | grep -Eqi '^23.10'; then
 392 |         Ubuntu_Deadline mantic
 393 |     fi
 394 |     if [ "${CodeName}" != "" ]; then
 395 |         \cp /etc/apt/sources.list /etc/apt/sources.list.$(date +"%Y%m%d")
 396 |         cat >/etc/apt/sources.list <<EOF
 397 | deb ${OldReleasesURL} ${CodeName} main restricted universe multiverse
 398 | deb ${OldReleasesURL} ${CodeName}-security main restricted universe multiverse
 399 | deb ${OldReleasesURL} ${CodeName}-updates main restricted universe multiverse
 400 | deb ${OldReleasesURL} ${CodeName}-proposed main restricted universe multiverse
 401 | deb ${OldReleasesURL} ${CodeName}-backports main restricted universe multiverse
 402 | deb-src ${OldReleasesURL} ${CodeName} main restricted universe multiverse
 403 | deb-src ${OldReleasesURL} ${CodeName}-security main restricted universe multiverse
 404 | deb-src ${OldReleasesURL} ${CodeName}-updates main restricted universe multiverse
 405 | deb-src ${OldReleasesURL} ${CodeName}-proposed main restricted universe multiverse
 406 | deb-src ${OldReleasesURL} ${CodeName}-backports main restricted universe multiverse
 407 | EOF
 408 |     fi
 409 | }
 410 | 
 411 | function Check_Old_Releases_URL() {
 412 |     OR_Status=$(wget --spider --server-response ${OldReleasesURL}/dists/$1/Release 2>&1 | awk '/^  HTTP/{print $2}')
 413 |     if [ "${OR_Status}" = "200" ]; then
 414 |         echo "Ubuntu old-releases status: ${OR_Status}"
 415 |         CodeName="$1"
 416 |     fi
 417 | }
 418 | 
 419 | function Ubuntu_Deadline()
 420 | {
 421 |     trusty_deadline=`date -d "2024-4-30 00:00:00" +%s`
 422 |     xenial_deadline=`date -d "2026-4-30 00:00:00" +%s`
 423 |     bionic_deadline=`date -d "2028-7-30 00:00:00" +%s`
 424 |     mantic_deadline=`date -d "2024-7-30 00:00:00" +%s`
 425 |     cur_time=`date  +%s`
 426 |     case "$1" in
 427 |         trusty)
 428 |             if [ ${cur_time} -gt ${trusty_deadline} ]; then
 429 |                 echo "${cur_time} > ${trusty_deadline}"
 430 |                 Check_Old_Releases_URL trusty
 431 |             fi
 432 |             ;;
 433 |         xenial)
 434 |             if [ ${cur_time} -gt ${xenial_deadline} ]; then
 435 |                 echo "${cur_time} > ${xenial_deadline}"
 436 |                 Check_Old_Releases_URL xenial
 437 |             fi
 438 |             ;;
 439 |         bionic)
 440 |             if [ ${cur_time} -gt ${bionic_deadline} ]; then
 441 |                 echo "${cur_time} > ${bionic_deadline}"
 442 |                 Check_Old_Releases_URL bionic
 443 |             fi
 444 |             ;;
 445 |         mantic)
 446 |             if [ ${cur_time} -gt ${mantic_deadline} ]; then
 447 |                 echo "${cur_time} > ${mantic_deadline}"
 448 |                 Check_Old_Releases_URL mantic
 449 |             fi
 450 |             ;;
 451 |     esac
 452 | }
 453 | 
 454 | function CentOS_Modify_Source() {
 455 |     Get_RHEL_Version
 456 |     if echo "${CentOS_Version}" | grep -Eqi "^6"; then
 457 |         Yellow_Echo "CentOS 6 is now end of life, use vault repository."
 458 |         local repo_url="https://mirrors.aliyun.com/repo/Centos-vault-6.10.repo"
 459 |     elif  echo "${CentOS_Version}" | grep -Eqi "^7"; then
 460 |         local repo_url="https://mirrors.aliyun.com/repo/Centos-7.repo"
 461 |     elif echo "${CentOS_Version}" | grep -Eqi "^8" && [ "${isCentosStream}" != "y" ]; then
 462 |         Yellow_Echo "CentOS 8 is now end of life, use vault repository."
 463 |         local repo_url="https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo"
 464 |     fi
 465 | 
 466 |     mkdir /etc/yum.repos.d/bak
 467 |     mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
 468 |     curl -o /etc/yum.repos.d/CentOS-Base.repo "$repo_url"
 469 | }
 470 | 
 471 | function Ubuntu_Docker_Source() {
 472 |     if [ ! -f /usr/share/keyrings/docker-archive-keyring.gpg ]; then
 473 |         curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 474 |     fi
 475 |     echo "deb [arch=${ARCH} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 476 |     apt-get -y update
 477 | }
 478 | 
 479 | function RHEL_Docker_Source() {
 480 |     yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
 481 |     curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/centos/gpg | tee /etc/pki/rpm-gpg/RPM-GPG-KEY-docker-ce
 482 |     rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-docker-ce
 483 | }
 484 | 
 485 | function Ubuntu_Kubernetes_Source() {
 486 |     if [ ! -f /etc/apt/keyrings/kubernetes-apt-keyring.gpg ]; then
 487 |     curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/${KUBEVERSION%.*}/deb/Release.key | \
 488 |         gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
 489 |     fi
 490 |     echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/${KUBEVERSION%.*}/deb/ /" | \
 491 |         tee /etc/apt/sources.list.d/kubernetes.list
 492 |     apt-get -y update
 493 | }
 494 | 
 495 | function RHEL_Kubernetes_Source() {
 496 |     cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
 497 | [kubernetes]
 498 | name=Kubernetes
 499 | baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/${KUBEVERSION%.*}/rpm/
 500 | enabled=1
 501 | gpgcheck=0
 502 | gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/${KUBEVERSION%.*}/rpm/repodata/repomd.xml.key
 503 | EOF
 504 |     rpm --import https://mirrors.aliyun.com/kubernetes-new/core/stable/${KUBEVERSION%.*}/rpm/repodata/repomd.xml.key
 505 | }
 506 | 
 507 | function Ubuntu_Crio_Source() {
 508 |     # ref: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/
 509 |     local tmp_VERSION=${KUBEVERSION#*v}
 510 |     local VERSION=${tmp_VERSION%.*}
 511 |     echo 'deb http://deb.debian.org/debian buster-backports main' >/etc/apt/sources.list.d/backports.list
 512 |     apt update -y
 513 |     apt install -y -t buster-backports libseccomp2 || apt update -y -t buster-backports libseccomp2
 514 | 
 515 |     echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" \
 516 |         >/etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
 517 |     echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" \
 518 |         >/etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
 519 | 
 520 |     mkdir -p /usr/share/keyrings
 521 |     curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
 522 |     curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
 523 | 
 524 |     apt-get update -y
 525 |     apt-get install -y cri-o cri-o-runc
 526 | }
 527 | 
 528 | function RHEL_Crio_Source() {
 529 |     # ref https://kubernetes.io/docs/setup/production-environment/container-runtimes/#tab-cri-cri-o-installation-2
 530 |     OS="${DISTRO}_${RHEL_Ver}"
 531 |     local tmp_VERSION=${KUBEVERSION#*v}
 532 |     local VERSION=${tmp_VERSION%.*}
 533 |     curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo \
 534 |         https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
 535 |     curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo \
 536 |         https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
 537 |     sed -i 's@gpgcheck=1@gpgcheck=0@g' /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
 538 | }
 539 | 
 540 | function Modify_Source() {
 541 |     if [ "${DISTRO}" = "RHEL" ]; then
 542 |         RHEL_Modify_Source
 543 |         RHEL_Kubernetes_Source
 544 |     elif [ "${DISTRO}" = "Ubuntu" ]; then
 545 |         Ubuntu_Modify_Source
 546 |         Ubuntu_Kubernetes_Source
 547 |     elif [ "${DISTRO}" = "CentOS" ]; then
 548 |         CentOS_Modify_Source
 549 |         RHEL_Kubernetes_Source
 550 |     fi
 551 | 
 552 |     # 判断 container runtime 类型
 553 |     case $INSTALL_CR in
 554 |     docker | containerd)
 555 |         if [ "${DISTRO}" = "Ubuntu" ]; then
 556 |             Ubuntu_Docker_Source
 557 |         else
 558 |             RHEL_Docker_Source
 559 |         fi
 560 |         ;;
 561 |     crio)
 562 |         if [ "${DISTRO}" = "Ubuntu" ]; then
 563 |             Ubuntu_Crio_Source
 564 |         else
 565 |             RHEL_Crio_Source
 566 |         fi
 567 |         ;;
 568 |     *)
 569 |         Red_Echo "不支持的 Container Runtime 类型"
 570 |         exit 1
 571 |         ;;
 572 |     esac
 573 | 
 574 |     echo '添加包管理源 done!' >>${install_log}
 575 | }
 576 | 
 577 | function Check_PowerTools() {
 578 |     if ! yum -v repolist all | grep "PowerTools"; then
 579 |         Red_Echo "PowerTools repository not found!"
 580 |     fi
 581 |     repo_id=$(yum repolist all | grep -Ei "PowerTools" | head -n 1 | awk '{print $1}')
 582 | }
 583 | 
 584 | function Check_Codeready() {
 585 |     repo_id=$(yum repolist all | grep -E "CodeReady" | head -n 1 | awk '{print $1}')
 586 |     [ -z "${repo_id}" ] && repo_id="ol8_codeready_builder"
 587 | }
 588 | 
 589 | function CentOS_Dependent() {
 590 |     if [ -s /etc/yum.conf ]; then
 591 |         \cp /etc/yum.conf /etc/yum.conf.tmp
 592 |         sed -i 's:exclude=.*:exclude=:g' /etc/yum.conf
 593 |     fi
 594 | 
 595 |     Blue_Echo "[+] Yum installing dependent packages..."
 596 |     for packages in bash openssh-clients wget rsync yum-utils vim; do yum -y install $packages; done
 597 | 
 598 |     yum -y update nss
 599 | 
 600 |     if echo "${CentOS_Version}" | grep -Eqi "^8" || echo "${RHEL_Version}" | grep -Eqi "^8" || echo "${Rocky_Version}" | grep -Eqi "^8" || echo "${Alma_Version}" | grep -Eqi "^8" || echo "${Anolis_Version}" | grep -Eqi "^8"; then
 601 |         Check_PowerTools
 602 |         if [ "${repo_id}" != "" ]; then
 603 |             echo "Installing packages in PowerTools repository..."
 604 |             for c8packages in rpcgen re2c oniguruma-devel; do dnf --enablerepo=${repo_id} install ${c8packages} -y; done
 605 |         fi
 606 |         dnf install libarchive -y
 607 | 
 608 |         dnf install gcc-toolset-10 -y
 609 |     fi
 610 | 
 611 |     if echo "${CentOS_Version}" | grep -Eqi "^9" || echo "${Alma_Version}" | grep -Eqi "^9" || echo "${Rocky_Version}" | grep -Eqi "^9"; then
 612 |         for cs9packages in oniguruma-devel libzip-devel libtirpc-devel libxcrypt-compat; do dnf --enablerepo=crb install ${cs9packages} -y; done
 613 |     fi
 614 | 
 615 |     if [ "${DISTRO}" = "Oracle" ] && echo "${Oracle_Version}" | grep -Eqi "^8"; then
 616 |         Check_Codeready
 617 |         for o8packages in rpcgen re2c oniguruma-devel; do dnf --enablerepo=${repo_id} install ${o8packages} -y; done
 618 |         dnf install libarchive -y
 619 |     fi
 620 | 
 621 |     if echo "${CentOS_Version}" | grep -Eqi "^7" || echo "${RHEL_Version}" | grep -Eqi "^7" || echo "${Aliyun_Version}" | grep -Eqi "^2" || echo "${Alibaba_Version}" | grep -Eqi "^2" || echo "${Oracle_Version}" | grep -Eqi "^7"; then
 622 |         if [ "${DISTRO}" = "Oracle" ]; then
 623 |             yum -y remove oracle-epel-release
 624 |             yum -y install oracle-epel-release
 625 |             yum -y --enablerepo=*EPEL* install oniguruma-devel
 626 |         else
 627 |             yum -y remove epel-release
 628 |             yum -y install epel-release
 629 |             if [ "${country}" = "CN" ]; then
 630 |                 sed -e 's!^metalink=!#metalink=!g' \
 631 |                     -e 's!^#baseurl=!baseurl=!g' \
 632 |                     -e 's!//download\.fedoraproject\.org/pub!//mirrors.aliyun.com!g' \
 633 |                     -e 's!//download\.example/pub!//mirrors.aliyun.com!g' \
 634 |                     -i /etc/yum.repos.d/epel*.repo
 635 |             fi
 636 |         fi
 637 |         yum -y install oniguruma oniguruma-devel
 638 |     fi
 639 | 
 640 |     if [ "${DISTRO}" = "Fedora" ] || echo "${CentOS_Version}" | grep -Eqi "^9" || echo "${Alma_Version}" | grep -Eqi "^9" || echo "${Rocky_Version}" | grep -Eqi "^9"; then
 641 |         dnf install chkconfig -y
 642 |     fi
 643 | 
 644 |     if [ "${DISTRO}" = "UOS" ]; then
 645 |         Check_PowerTools
 646 |         if [ "${repo_id}" != "" ]; then
 647 |             echo "Installing packages in PowerTools repository..."
 648 |             for uospackages in rpcgen re2c oniguruma-devel; do dnf --enablerepo=${repo_id} install ${uospackages} -y; done
 649 |         fi
 650 |     fi
 651 | 
 652 |     if [ -s /etc/yum.conf.tmp ]; then
 653 |         mv -f /etc/yum.conf.tmp /etc/yum.conf
 654 |     fi
 655 | }
 656 | 
 657 | function Deb_Dependent() {
 658 |     Blue_Echo "[+] Apt-get installing dependent packages..."
 659 |     apt-get update -y
 660 |     [[ $? -ne 0 ]] && apt-get update --allow-releaseinfo-change -y
 661 |     apt-get autoremove -y
 662 |     apt-get -fy install
 663 |     export DEBIAN_FRONTEND=noninteractive
 664 |     apt-get --no-install-recommends install -y build-essential gcc g++ make
 665 |     for packages in bash openssh-client wget rsync apt-transport-https ca-certificates curl software-properties-common vim; do apt-get --no-install-recommends install -y $packages; done
 666 | }
 667 | 
 668 | function Check_System() {
 669 |     # clear
 670 |     printf "Checking system config now......\n"
 671 | 
 672 |     SUCCESS="\e[1;32m检测正常\e[0m"
 673 |     FAILURE="\e[1;31m检测异常\e[0m"
 674 |     UNKNOWN="\e[1;31m未检测到\e[0m"
 675 |     UPGRADE="\e[1;31m自动修改\e[0m"
 676 | 
 677 |     #检查CPU型号
 678 |     CPUNAME=$(awk -F ': ' '/model name/ {print $NF}' /proc/cpuinfo | uniq | sed 's/[ ]\{3\}//g')
 679 |     [[ -n "$CPUNAME" ]] && CPUNAMEACK="$SUCCESS" || CPUNAMEACK="$UNKNOWN"
 680 | 
 681 |     #检查物理CPU个数
 682 |     CPUNUMBER=$(grep 'physical id' /proc/cpuinfo | sort -u | wc -l)
 683 |     [[ "$CPUNUMBER" -ge "1" ]] && CPUNUMBERACK="$SUCCESS" || CPUNUMBERACK="$FAILURE"
 684 | 
 685 |     #检查CPU核心数
 686 |     CPUCORE=$(grep 'core id' /proc/cpuinfo | sort -u | wc -l)
 687 |     [[ "$CPUCORE" -ge "1" ]] && CPUCOREACK="$SUCCESS" || CPUCOREACK="$FAILURE"
 688 | 
 689 |     #检查线程数
 690 |     CPUPROCESSOR=$(grep 'processor' /proc/cpuinfo | sort -u | wc -l)
 691 |     [[ "$CPUPROCESSOR" -ge "1" ]] && CPUPROCESSORACK="$SUCCESS" || CPUPROCESSORACK="$FAILURE"
 692 | 
 693 |     #检查内存大小
 694 |     MEMSIZE=$(awk '/MemTotal/{print ($2/1024/1024)"GB"}' /proc/meminfo)
 695 |     [[ $(echo ${MEMSIZE%G*} | awk '{if($0>=4)print $0}') ]] && MEMSIZEACK="$SUCCESS" || MEMSIZEACK="$FAILURE"
 696 | 
 697 |     function CHECK_DISK_SIZE() {
 698 |         #检查硬盘大小
 699 |         DSKSIZE=($(parted -l 2>/dev/null | grep Disk | grep '/dev/' | grep -v mapper | awk '{print $2 $3}'))
 700 |         for DS in "${DSKSIZE[@]}"; do
 701 |             [[ $(echo ${DSKSIZE%G*} | awk -F':' '{if($2>=50)print $2}') ]] && DSKSIZEACK="$SUCCESS" || DSKSIZEACK="$FAILURE"
 702 |             printf "$DSKSIZEACK	硬盘大小:			$DS\n"
 703 |         done
 704 |     }
 705 | 
 706 |     #检查根分区可用大小
 707 |     DSKFREE=$(df -h / | awk 'END{print $(NF-2)}')
 708 |     [[ $(echo ${DSKFREE%G*} | awk '{if($0>=50)print $0}') ]] && DSKFREEACK="$SUCCESS" || DSKFREEACK="$FAILURE"
 709 | 
 710 |     function CHECK_NETWORK_CARD() {
 711 |         #获取网卡名
 712 |         IFCFGS=($(cat /proc/net/dev | awk '{i++; if(i>2){print $1}}' | sed 's/^[\t]*//g' | sed 's/[:]*$//g' | grep -E -v "lo|.old"))
 713 |         $PM -y install ethtool >/dev/null 2>&1
 714 |         for IFCFG in ${IFCFGS[@]}; do
 715 |             #检查网卡类型,暂时不检测
 716 |             ETHTYPE=$(ethtool -i $IFCFG | awk '/driver:/{print $NF}')
 717 |             [[ "$ETHTYPE" = "XXXX" ]] && ETHTYPEACK="$SUCCESS" || ETHTYPEACK="$FAILURE"
 718 |             ETHTYPEACK="$SUCCESS"
 719 | 
 720 |             #检查网卡驱动版本,暂时不检测
 721 |             DRIVERS=$(ethtool -i $IFCFG | awk '{if($1=="version:") print $NF}')
 722 |             [[ "$DRIVERS" = "XXXX" ]] && DRIVERSACK="$SUCCESS" || DRIVERSACK="$UPGRADE"
 723 |             DRIVERSACK="$SUCCESS"
 724 | 
 725 |             #检查网卡速率
 726 |             ETHRATE=$(ethtool $IFCFG | awk '/Speed:/{print $NF}')
 727 |             if [[ "$ETHRATE" =~ ^[0-9]+Mb/s$ ]]; then
 728 |                 [[ "${ETHRATE/"Mb/s"/}" -ge "1000" ]] && ETHRATEACK="$SUCCESS" || ETHRATEACK="$FAILURE"
 729 |             else
 730 |                 ETHRATEACK="$UNKNOWN"
 731 |             fi
 732 | 
 733 |             printf "$ETHTYPEACK	${IFCFG}网卡类型:			$ETHTYPE\n"
 734 |             printf "$DRIVERSACK	${IFCFG}网卡驱动版本:				$DRIVERS\n"
 735 |             printf "$ETHRATEACK	${IFCFG}网卡速率:			$ETHRATE\n"
 736 |         done
 737 |     }
 738 | 
 739 |     #检查服务器生产厂家
 740 |     SEROEMS=$(dmidecode | grep -A4 "System Information" | awk -F': ' '/Manufacturer/{print $NF}')
 741 |     [[ -n "$SEROEMS" ]] && SEROEMSACK="$SUCCESS" || SEROEMSACK="$UNKNOWN"
 742 | 
 743 |     #检查服务器型号
 744 |     SERTYPE=$(dmidecode | grep -A4 "System Information" | awk -F': ' '/Product/{print $NF}')
 745 |     [[ -n "$SERTYPE" ]] && SERTYPEACK="$SUCCESS" || SERTYPEACK="$UNKNOWN"
 746 | 
 747 |     #检查服务器序列号
 748 |     SERSNUM=$(dmidecode | grep -A4 "System Information" | awk -F': ' '/Serial Number/{print $NF}')
 749 |     [[ -n "$SERSNUM" ]] && SERSNUMACK="$SUCCESS" || SERSNUMACK="$UNKNOWN"
 750 | 
 751 |     #检查IP个数
 752 |     IPADDRN=$(ip a | grep -v "inet6" | awk '/inet/{print $2}' | awk '{print $1}' |
 753 |         egrep -v '^127\.' | awk -F/ '{print $1}' | wc -l)
 754 |     [[ $IPADDRN -ge 1 ]] && IPADDRS=($(ip a | grep -v "inet6" |
 755 |         awk '/inet/{print $2}' | awk '{print $1}' | egrep -v '^127\.' | awk -F/ '{print $1}'))
 756 |     [[ $IPADDRN -ge 1 ]] && IPADDRP=$(echo ${IPADDRS[*]} | sed 's/[ ]/,/g')
 757 |     [[ $IPADDRN -ge 1 ]] && IPADDRNACK="$SUCCESS" || IPADDRNACK="$FAILURE"
 758 | 
 759 |     #检查操作系统版本
 760 |     [[ $(echo "$DISTRO" | grep -E 'CentOS|RHEL|Ubuntu') ]] && OSVERSIACK="$SUCCESS" || OSVERSIACK="$FAILURE"
 761 | 
 762 |     #检查操作系统类型
 763 |     OSTYPES=$(uname -i)
 764 |     [[ $OSTYPES = "x86_64" ]] && OSTYPESACK="$SUCCESS" || OSTYPESACK="$FAILURE"
 765 | 
 766 |     #检查系统运行等级
 767 |     OSLEVEL=$(runlevel)
 768 |     [[ "$OSLEVEL" =~ 3|5 ]] && OSLEVELACK="$SUCCESS" || OSLEVELACK="$FAILURE"
 769 | 
 770 |     function CHECK_DISK_SPEED() {
 771 |         Twinkle_Echo $(Yellow_Echo "Will check disk speed ......")
 772 |         User_Pass
 773 |         [ $? -eq 1 ] && return 1
 774 |         $PM -y install hdparm >/dev/null 2>&1 # 先安装测试工具
 775 |         #检查硬盘读写速率
 776 |         DISKHW=($(hdparm -Tt $(fdisk -l | grep -i -A1 device | awk 'END{print $1}') | awk '{if(NR==3||NR==4)print $(NF-1),$NF}'))
 777 |         #Timing cached reads
 778 |         CACHEHW=$(echo ${DISKHW[*]} | awk '{print $1,$2}')
 779 |         [[ $(echo $CACHEHW | awk '{if($1>3000)print $0}') ]] && CACHEHWACK="$SUCCESS" || CACHEHWACK="$FAILURE"
 780 |         #Timing buffered disk reads
 781 |         BUFFRHW=$(echo ${DISKHW[*]} | awk '{print $3,$4}')
 782 |         [[ $(echo $BUFFRHW | awk '{if($1>100)print $0}') ]] && BUFFRHWACK="$SUCCESS" || BUFFRHWACK="$FAILURE"
 783 | 
 784 |         printf "$CACHEHWACK	硬盘cache读写速率:			$CACHEHW\n"
 785 |         printf "$BUFFRHWACK	硬盘buffer读写速率:			$BUFFRHW\n"
 786 |     }
 787 | 
 788 |     #检查时区
 789 |     OSZONES=$(date +%Z)
 790 |     [[ "$OSZONES" = "CST" ]] && OSZONESACK="$SUCCESS" || OSZONESACK="$UPGRADE"
 791 | 
 792 |     #检查DNS配置
 793 |     $PM -y install bind-utils || $PM -y install bind9-utils
 794 |     DNS=($(awk '{if($1=="nameserver") print $2}' /etc/resolv.conf))
 795 |     DNSCONF=$(echo ${DNS[*]} | sed 's/[ ]/,/g')
 796 |     [[ $(grep "\<nameserver\>" /etc/resolv.conf) ]] && DNSCONFACK="$SUCCESS" || DNSCONFACK="$FAILURE"
 797 |     if [[ $(nslookup www.baidu.com | grep -A5 answer | awk '{if($1=="Address:") print $2}') ]]; then
 798 |         DNSRESO=($(nslookup www.baidu.com | grep -A5 answer | awk '{if($1=="Address:") print $2}'))
 799 |         DNSRESU=$(echo ${DNSRESO[*]} | sed 's/[ ]/,/g')
 800 |         DNSRESOACK="$SUCCESS"
 801 |     else
 802 |         DNSRESU="未知"
 803 |         DNSRESOACK="$FAILURE"
 804 |     fi
 805 | 
 806 |     #检查SElinux状态
 807 |     if command -v sestatus >/dev/null 2>&1; then
 808 |         SELINUX=$(sestatus | awk -F':' '{if($1=="SELinux status") print $2}' | xargs echo)
 809 |         if [[ $SELINUX = disabled ]]; then
 810 |             SELINUXACK="$SUCCESS"
 811 |         else
 812 |             SELINUXACK="$FAILURE"
 813 |             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 814 |         fi
 815 |     else
 816 |         SELINUX="未知"
 817 |         SELINUXACK="$SUCCESS"
 818 |     fi
 819 |     HOSTNAME=$(hostname)
 820 |     if [[ $HOSTNAME != "localhost.localdomain" ]]; then
 821 |         HostNameCK="$SUCCESS"
 822 |     else
 823 |         HostNameCK="$FAILURE"
 824 |     fi
 825 | 
 826 |     #打印结果
 827 |     printf "\n"
 828 |     printf "检测结果如下：\n"
 829 |     printf "===========================================================================\n"
 830 |     printf "$CPUNAMEACK	CPU型号:			$CPUNAME\n"
 831 |     printf "$CPUNUMBERACK	CPU个数:			$CPUNUMBER\n"
 832 |     printf "$CPUCOREACK	CPU核心数:			$CPUCORE\n"
 833 |     printf "$CPUPROCESSORACK	CPU进程数:			$CPUPROCESSOR\n"
 834 |     printf "$MEMSIZEACK	内存大小:			$MEMSIZE\n"
 835 |     CHECK_DISK_SIZE
 836 |     printf "$DSKFREEACK	根分区可用大小:			$DSKFREE\n"
 837 |     printf "$SEROEMSACK	服务器生产厂家:			$SEROEMS\n"
 838 |     printf "$SERTYPEACK	服务器型号:			$SERTYPE\n"
 839 |     printf "$SERSNUMACK	服务器序列号:			$SERSNUM\n"
 840 |     CHECK_NETWORK_CARD
 841 |     printf "$IPADDRNACK	配置网卡IP数:			$IPADDRN个 $IPADDRP \n"
 842 |     printf "$OSVERSIACK	操作系统版本:			$OSVERSI\n"
 843 |     printf "$OSTYPESACK	操作系统类型:			$OSTYPES\n"
 844 |     printf "$OSLEVELACK	系统运行等级:			$OSLEVEL\n"
 845 |     printf "$OSZONESACK	系统时区:			$OSZONES\n"
 846 |     printf "$DNSCONFACK	DNS配置:			$DNSCONF\n"
 847 |     printf "$DNSRESOACK	DNS解析结果:			$DNSRESU\n"
 848 |     printf "$SELINUXACK	SElinux状态:			$SELINUX\n"
 849 |     printf "$HostNameCK	主机名检测:			$HOSTNAME\n"
 850 |     # CHECK_DISK_SPEED
 851 |     printf "\n"
 852 |     [[ $SELINUX = disabled ]] || printf "%30s\e[1;32mSElinux状态已修改,请重启系统使其生效.\e[0m\n"
 853 |     printf "%35s\e[1;32mUbuntu 默认未安装 SElinux.\e[0m\n"
 854 |     printf "===========================================================================\n"
 855 |     printf "系统分区情况如下:\n\n"
 856 |     df -hPT -xtmpfs
 857 |     printf "\n"
 858 |     [[ $(df -hPT -xtmpfs | grep -A1 Filesystem | awk 'END{print $1}' | wc -L) -gt 9 ]] && printf "%30s\033[1;32m提示:存在LVM分区\033[0m\n"
 859 |     printf "===========================================================================\n"
 860 |     sleep 15
 861 | }
 862 | 
 863 | Make_Install() {
 864 |     make -j $(grep 'processor' /proc/cpuinfo | wc -l)
 865 |     if [ $? -ne 0 ]; then
 866 |         make
 867 |     fi
 868 |     make install
 869 | }
 870 | 
 871 | Kill_PM() {
 872 |     if ps aux | grep -E "yum|dnf" | grep -qv "grep"; then
 873 |         kill -9 $(ps -ef | grep -E "yum|dnf" | grep -v grep | awk '{print $2}')
 874 |         if [ -s /var/run/yum.pid ]; then
 875 |             rm -f /var/run/yum.pid
 876 |         fi
 877 |     elif ps aux | grep -E "apt-get|dpkg|apt" | grep -qv "grep"; then
 878 |         kill -9 $(ps -ef | grep -E "apt-get|apt|dpkg" | grep -v grep | awk '{print $2}')
 879 |         if [[ -s /var/lib/dpkg/lock-frontend || -s /var/lib/dpkg/lock ]]; then
 880 |             rm -f /var/lib/dpkg/lock-frontend
 881 |             rm -f /var/lib/dpkg/lock
 882 |             dpkg --configure -a
 883 |         fi
 884 |     fi
 885 | }
 886 | 
 887 | Download_Files() {
 888 |     local URL=$1
 889 |     local FileName=$2
 890 |     if [ -s "${FileName}" ]; then
 891 |         echo "${FileName} [found]"
 892 |     else
 893 |         echo "Notice: ${FileName} not found!!!download now..."
 894 |         wget -c --progress=bar:force --prefer-family=IPv4 --no-check-certificate ${URL} -O ${FileName}
 895 |     fi
 896 | }
 897 | 
 898 | Tar_Cd() {
 899 |     local FileName=$1
 900 |     local DirName=$2
 901 |     cd ${SH_DIR}/src
 902 |     [[ -d "${DirName}" ]] && rm -rf ${DirName}
 903 |     echo "Uncompress ${FileName}..."
 904 |     tar zxf ${FileName}
 905 |     if [ -n "${DirName}" ]; then
 906 |         echo "cd ${DirName}..."
 907 |         cd ${DirName}
 908 |     fi
 909 | }
 910 | 
 911 | Tarj_Cd() {
 912 |     local FileName=$1
 913 |     local DirName=$2
 914 |     cd ${SH_DIR}/src
 915 |     [[ -d "${DirName}" ]] && rm -rf ${DirName}
 916 |     echo "Uncompress ${FileName}..."
 917 |     tar jxf ${FileName}
 918 |     if [ -n "${DirName}" ]; then
 919 |         echo "cd ${DirName}..."
 920 |         cd ${DirName}
 921 |     fi
 922 | }
 923 | 
 924 | TarJ_Cd() {
 925 |     local FileName=$1
 926 |     local DirName=$2
 927 |     cd ${SH_DIR}/src
 928 |     [[ -d "${DirName}" ]] && rm -rf ${DirName}
 929 |     echo "Uncompress ${FileName}..."
 930 |     tar Jxf ${FileName}
 931 |     if [ -n "${DirName}" ]; then
 932 |         echo "cd ${DirName}..."
 933 |         cd ${DirName}
 934 |     fi
 935 | }
 936 | 
 937 | Print_Sys_Info() {
 938 |     eval echo "${DISTRO} \${${DISTRO}_Version}"
 939 |     cat /etc/issue
 940 |     cat /etc/*-release
 941 |     uname -a
 942 |     MemTotal=$(free -m | grep Mem | awk '{print  $2}')
 943 |     echo "Memory is: ${MemTotal} MB "
 944 |     df -h
 945 |     Check_Openssl
 946 |     Check_WSL
 947 |     Get_Country
 948 |     echo "Server Location: ${country}"
 949 | }
 950 | 
 951 | StartUp() {
 952 |     init_name=$1
 953 |     echo "Add ${init_name} service at system startup..."
 954 |     if [ "${isWSL}" != "y" ] && command -v systemctl >/dev/null 2>&1 && [[ -s /etc/systemd/system/${init_name}.service || -s /lib/systemd/system/${init_name}.service || -s /usr/lib/systemd/system/${init_name}.service ]]; then
 955 |         systemctl daemon-reload
 956 |         systemctl enable ${init_name}.service
 957 |     else
 958 |         if [ "$PM" = "yum" ]; then
 959 |             chkconfig --add ${init_name}
 960 |             chkconfig ${init_name} on
 961 |         elif [ "$PM" = "apt" ]; then
 962 |             update-rc.d -f ${init_name} defaults
 963 |         fi
 964 |     fi
 965 | }
 966 | 
 967 | Remove_StartUp() {
 968 |     init_name=$1
 969 |     echo "Removing ${init_name} service at system startup..."
 970 |     if [ "${isWSL}" != "y" ] && command -v systemctl >/dev/null 2>&1 && [[ -s /etc/systemd/system/${init_name}.service || -s /lib/systemd/system/${init_name}.service || -s /usr/lib/systemd/system/${init_name}.service ]]; then
 971 |         systemctl disable ${init_name}.service
 972 |     else
 973 |         if [ "$PM" = "yum" ]; then
 974 |             chkconfig ${init_name} off
 975 |             chkconfig --del ${init_name}
 976 |         elif [ "$PM" = "apt" ]; then
 977 |             update-rc.d -f ${init_name} remove
 978 |         fi
 979 |     fi
 980 | }
 981 | 
 982 | Get_Country() {
 983 |     if command -v curl >/dev/null 2>&1; then
 984 |         country=$(curl -sSk --connect-timeout 30 -m 60 http://ip.vpszt.com/country)
 985 |         if [ $? -ne 0 ]; then
 986 |             country=$(curl -sSk --connect-timeout 30 -m 60 https://ip.vpser.net/country)
 987 |         fi
 988 |     else
 989 |         country=$(wget --timeout=5 --no-check-certificate -q -O - http://ip.vpszt.com/country)
 990 |     fi
 991 | }
 992 | 
 993 | Check_Mirror() {
 994 |     if ! command -v curl >/dev/null 2>&1; then
 995 |         if [ "$PM" = "yum" ]; then
 996 |             yum install -y curl
 997 |         elif [ "$PM" = "apt" ]; then
 998 |             export DEBIAN_FRONTEND=noninteractive
 999 |             apt-get update
1000 |             apt-get upgrade
1001 |             apt-get install -y curl
1002 |         fi
1003 |     fi
1004 | }
1005 | 
1006 | StartOrStop() {
1007 |     local action=$1
1008 |     local service=$2
1009 |     if [ "${isWSL}" = "n" ] && command -v systemctl >/dev/null 2>&1 && [[ -s /etc/systemd/system/${service}.service ]]; then
1010 |         systemctl ${action} ${service}.service
1011 |     else
1012 |         /etc/init.d/${service} ${action}
1013 |     fi
1014 | }
1015 | 
1016 | Check_WSL() {
1017 |     if [[ "$(</proc/sys/kernel/osrelease)" == *[Mm]icrosoft* ]]; then
1018 |         echo "running on WSL"
1019 |         isWSL="y"
1020 |     else
1021 |         isWSL="n"
1022 |     fi
1023 | }
1024 | 
1025 | Check_Openssl() {
1026 |     if ! command -v openssl >/dev/null 2>&1; then
1027 |         Blue_Echo "[+] Installing openssl..."
1028 |         if [ "${PM}" = "yum" ]; then
1029 |             yum install -y openssl
1030 |         elif [ "${PM}" = "apt" ]; then
1031 |             apt-get update -y
1032 |             [[ $? -ne 0 ]] && apt-get update --allow-releaseinfo-change -y
1033 |             apt-get install -y openssl
1034 |         fi
1035 |     fi
1036 |     openssl version
1037 |     if openssl version | grep -Eqi "OpenSSL 3.*"; then
1038 |         isOpenSSL3='y'
1039 |     fi
1040 | }
1041 | 
1042 | function Init_Install() {
1043 |     Get_Dist_Version
1044 |     Check_Mirror
1045 |     Set_Timezone
1046 |     Disable_Selinux
1047 |     Print_Sys_Info
1048 |     Check_Hosts
1049 |     Check_System
1050 |     if [ "$PM" = "yum" ]; then
1051 |         CentOS_Dependent
1052 |         CentOS_InstallNTP
1053 |         # CentOS_RemoveAMP
1054 |     elif [ "$PM" = "apt" ]; then
1055 |         Deb_Dependent
1056 |         Deb_InstallNTP
1057 |         Xen_Hwcap_Setting
1058 |         # Deb_RemoveAMP
1059 |     fi
1060 |     Modify_Source
1061 | }
1062 | 
1063 | function Offline_Init_Install() {
1064 |     Get_Dist_Version
1065 |     Set_Timezone
1066 |     Disable_Selinux
1067 |     Ready_Local_Repo
1068 |     Check_System
1069 | }
1070 | 


--------------------------------------------------------------------------------