sealerio / basefs Goto Github PK

View Code? Open in Web Editor NEW

24.0 5.0 37.0 111.94 MB

One part of base ClusterImage, containing static file like config file and essential scripts

Shell 100.00%

basefs's People

Contributors

Stargazers

Watchers

basefs's Issues

auto build sealer ClusterImage using github action

Issue Description

Type: feature request

Describe what feature you want

move github action configs yaml from sealer repo to this basefs repo .and it could be triggered from issue comment.

Additional context

Add any other context or screenshots about the feature request here.

Reporting a vulnerability

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

/imagebuild --k8s-version=v1.25.0 --platform=arm64 推送不到 registry.cn-qingdao.aliyuncs.com

sealer search kubernetes 无生成的image

several issues in auto-build.sh when building containerd images

What happened:

Threr are several issues in auto-build.sh script when building containerd images:

function utils_get_distribution is not found in context/containerd/rootfs/scripts/containerd.sh
params --buildName does not work at all
docker and containerd tarballs are all named: docker.tar.gz
no /etc/containerd.service and tgz/containerd.tgz in rootfs for containerd images

docker.sh script not found

What happened:

sealer run my-k8s:1.28.4  \
	--user root \
	--passwd lih \
	--masters 10.3.8.15

2024-01-11 16:38:49 [INFO] [overlay.go:754] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled

2024-01-11 16:38:52 [INFO] [installer.go:233] start to create new cluster with image: docker.io/sealerio/kubernetes:v1.28.4

2024-01-11 16:38:55 [INFO] [installer.go:456] The cri is docker, cluster runtime type is kubernetes


2024-01-11 16:38:55 [INFO] [clusterfile.go:198] succeeded in saving clusterfile

bash: /var/lib/sealer/data/my-cluster/rootfs/scripts/docker.sh: No such file or directory


2024-01-11 16:38:56 [ERROR] [root.go:75] sealer-v0.11.0: failed to install docker: execute command(bash /var/lib/sealer/data/my-cluster/rootfs/scripts/docker.sh) on host (10.3.8.157): error(failed to execute command(export LocalRegistryDomain="sea.hub"; export LocalRegistryPort="5000"; export LocalRegistryURL="sea.hub:5000"; export PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin"; export RegistryDomain="sea.hub"; export RegistryPort="5000"; export RegistryURL="sea.hub:5000"; bash /var/lib/sealer/data/my-cluster/rootfs/scripts/docker.sh) on host(10.3.8.157): error(exit status 127))

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

# 1. build basefs with this command
[root@host157 basefs]# ./auto-build.sh --k8s-version=v1.28.4 --platform=amd64

# 2. install with sealer run 

It seems like auto-build.sh selected containerd as CRI, but sealer run still try to find scripts/docker.sh

Anything else we need to know?:

Environment:

sealer version (use sealer version): {"gitVersion":"v0.11.0","gitCommit":"f07e804","buildDate":"2023-07-25 02:51:08","goVersion":"go1.17.13","compiler":"gc","platform":"linux/amd64"}
Cloud provider or hardware configuration: vmware
OS (e.g: cat /etc/os-release): Anolis OS 8.8
Kernel (e.g. uname -a): Linux host157 5.10.134-13.an8.x86_64 #1 SMP Mon Jan 9 10:39:46 CST 2023 x86_64 x86_64 x86_64 GNU/Linux
Install tools:
Others:

Migrate from k8s.gcr.io to registry.k8s.io

Fixes kubernetes/k8s.io#4780

add build examples

use this repo , user can easily build a customize rootfs. we need add a build scripts here for example show.

install_libseccomp.sh 执行问题

请问 install_libseccomp.sh 会在何时被执行呢? 我看了下sealer的源码, 没有看到有执行此脚本的任务

Add more details about the rootfs introduction

Currently, the readme contains little information. Wish to add more details about the rootfs introduction, including what, why, who, when and some essential others.

[BUG] When we have docker-cli but there is no dockerd, sealer run will get a error

What happened:

Sometime we have dockercli but there is no dockerd.

❯ ./sealer run my-kube:v1.22.15 -m 172.16.0.10 -p xx
2023-05-18 22:11:40 [INFO] [run.go:252] start to create new cluster with image: my-kube:v1.22.15

2023-05-18 22:11:43 [INFO] [installer.go:456] The cri is docker, cluster runtime type is kubernetes


+ set -e
+++ dirname /var/lib/sealer/data/my-cluster/rootfs/scripts/docker.sh
++ cd /var/lib/sealer/data/my-cluster/rootfs/scripts
++ pwd
+ scripts_path=/var/lib/sealer/data/my-cluster/rootfs/scripts
+ image_dir=/var/lib/sealer/data/my-cluster/rootfs/scripts/../images
+ DOCKER_VERSION=19.03.15
+ storage=/var/lib/docker
+ mkdir -p /var/lib/docker
+ utils_command_exists docker
+ command -v docker
+ disable_selinux
+ '[' -s /etc/selinux/config ']'
+ systemctl daemon-reload
+ systemctl restart docker.service
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.
Usage:
  sealer run [flags]

Examples:

run cluster by Clusterfile:
  sealer run -f Clusterfile
run cluster by CLI flags:
  sealer run docker.io/sealerio/kubernetes:v1-22-15-sealerio-2 -m 172.16.130.21 -n 172.16.130.22 -p 'Sealer123'
run app image:
  sealer run localhost/nginx:v1


Flags:
  -f, --Clusterfile string   Clusterfile path to run a Kubernetes cluster
      --apps strings         override default AppNames of sealer image
      --cmds strings         override default LaunchCmds of sealer image
  -e, --env strings          set custom environment variables
  -h, --help                 help for run
      --ignore-cache         whether ignore cache when distribute sealer image, default is false.
  -m, --masters string       set count or IPList to masters
      --mode string          load images to the specified registry in advance (default "apply")
  -n, --nodes string         set count or IPList to nodes
  -p, --passwd string        set cloud provider or baremetal server password
      --pk string            set baremetal server private key (default "/root/.ssh/id_rsa")
      --pk-passwd string     set baremetal server private key password
      --port uint16          set the sshd service port number for the server (default port: 22) (default 22)
  -u, --user string          set baremetal server username (default "root")

Global Flags:
      --color string               set the log color mode, the possible values can be [never always] (default "always")
      --config string              config file of sealer tool (default is $HOME/.sealer.json)
  -d, --debug                      turn on debug mode
      --hide-path                  hide the log path
      --hide-time                  hide the log time
      --log-to-file                write log message to disk (default true)
  -q, --quiet                      silence the usage when fail
      --remote-logger-url string   remote logger url, if not empty, will send log to this url
      --task-name string           task name which will embedded in the remote logger header, only valid when --remote-logger-url is set

2023-05-18 22:11:44 [ERROR] [root.go:75] sealer-unknown: failed to install docker: execute command(bash /var/lib/sealer/data/my-cluster/rootfs/scripts/docker.sh) on host (172.16.0.10): error(failed to execute command(export LocalRegistryDomain="sea.hub"; export LocalRegistryPort="5000"; export LocalRegistryURL="sea.hub:5000"; export RegistryDomain="sea.hub"; export RegistryPort="5000"; export RegistryURL="sea.hub:5000"; bash /var/lib/sealer/data/my-cluster/rootfs/scripts/docker.sh) on host(172.16.0.10): error(exit status 1))

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

sealer version (use sealer version):
Cloud provider or hardware configuration:
OS (e.g: cat /etc/os-release):
Kernel (e.g. uname -a):
Install tools:
Others:

auto-build cri image can't run

What happened:

I build a cri image with auto-build : ./auto-build.sh --k8s-version=v1.24.0 -c=containerd --push false
Then I run with Clusterfile:

apiVersion: sealer.io/v2
kind: Cluster
metadata:
  creationTimestamp: null
  name: my-cluster
spec:
  containerRuntime:
    type: containerd
  env:
  - LocalRegistryDomain=sea.hub
  - LocalRegistryPort=5000
  - LocalRegistryURL=sea.hub:5000
  - RegistryDomain=sea.hub
  - RegistryPort=5000
  - RegistryURL=sea.hub:5000
  - ContainerRuntime=containerd
  hosts:
  - ips:
    - xxxx
    roles:
    - master
    ssh: {}
  image: localhost/containerdcluster:v1
  registry:
    localRegistry:
      cert: {}
      domain: sea.hub
      ha: true
      insecure: false
      port: 5000
  ssh:
    passwd: xxxx
    pk: /root/.ssh/id_rsa
    port: "22"
    user: root
status: {}

it report an error:

[ERROR] [root.go:75] sealer-unknown: failed to install containerd: execute command(ContainerRuntime="containerd" LocalRegistryDomain="sea.hub" LocalRegistryPort="5000" LocalRegistryURL="sea.hub:5000" RegistryDomain="sea.hub" RegistryPort="5000" RegistryURL="sea.hub:5000" && bash /var/lib/sealer/data/my-cluster/rootfs/scripts/containerd.sh) on host (172.16.158.197): error(failed to execute command(ContainerRuntime="containerd" LocalRegistryDomain="sea.hub" LocalRegistryPort="5000" LocalRegistryURL="sea.hub:5000" RegistryDomain="sea.hub" RegistryPort="5000" RegistryURL="sea.hub:5000" && bash /var/lib/sealer/data/my-cluster/rootfs/scripts/containerd.sh) on host(172.16.158.197): error(exit status 2))

when I run containerd.sh, it report:

+ tar zxvf '../cri/cri-*.tar.gz' -C /
tar (child): ../cri/cri-*.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

What you expected to happen:

run successfully

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

sealer version (use sealer version):
Cloud provider or hardware configuration:
OS (e.g: cat /etc/os-release):
Kernel (e.g. uname -a):
Install tools:
Others:

[BUG] cri为containerd时,构建的镜像无法使用

What happened:

感觉没有测试过cri为containerd的场景, 在download.sh中我看到无论是那种cri下载的文件都是docker.tar.gz

basefs/context/download.sh

Lines 111 to 113 in e02ef96

    
           echo "download cri with ${cri}" 
        
           wget -q "${cri_tarball_amd64_url}" && mv "${cri_tarball_amd64}" "amd64/cri/docker.tar.gz" 
        
           wget -q "${cri_tarball_arm64_url}" && mv "${cri_tarball_arm64}" "arm64/cri/docker.tar.gz"

在containerd.sh中containerd.tgz文件明显不存在

basefs/context/containerd/rootfs/scripts/containerd.sh

Line 32 in e02ef96

tar -zxvf "${scripts_path}"/../tgz/containerd.tgz -C /

其他的问题暂时没有细看, 想问下镜像仓库里发布的镜像真的是基于此脚本打包的吗?

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

sealer version (use sealer version):
Cloud provider or hardware configuration:
OS (e.g: cat /etc/os-release):
Kernel (e.g. uname -a):
Install tools:
Others:

自动构建的镜像不支持1.25版本的部分参数

What happened:

使用自动构建出的1.25.1的k8s集群镜像启动集群失败

What you expected to happen:

使用自动构建出的1.25版本的镜像可以使用sealer一键部署成功

Anything else we need to know?:

Environment:

[root@worker02 tmp]# sealer  version
{"gitVersion":"v0.8.6","gitCommit":"884513e","buildDate":"2022-07-12 02:58:54","goVersion":"go1.16.15","compiler":"gc","platform":"linux/amd64"}
ESXI 虚拟机环境

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Kernel (e.g. uname -a):

Linux worker02 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Install tools:
sealer
Others:

crictl logs <kube-apiserver id>

Error: invalid argument "TTLAfterFinished=true,EphemeralContainers=true" for "--feature-gates" flag: unrecognized feature gate: TTLAfterFinished

rename rootfs project with a new name rootfs-base

Just now, I talked with @fanux about the correctness of this project naming.

In sealer, currently there is two kinds of rootfs:

First, all ClusterImage will be downloaded and mounted locally, the moutpoint is call rootfs
Second, this project is called rootfs, which contains quite plenty of static files, like docker, containerd scripts, and docker.tar and so on.

Since, we think that the first one is more proper to be called rootfs, then we need to change this project name.

Maybe rootfs-base ?

@sealerio/sealer-maintainers

[question] Why do kubeadm.yml.tmpl and kubeadm.yml exist together

Why do kubeadm.yml.tmpl and kubeadm.yml exist together, and when will kubeadm.yml.tmpl be used in sealer?

	echo "download cri with ${cri}"
	wget -q "${cri_tarball_amd64_url}" && mv "${cri_tarball_amd64}" "amd64/cri/docker.tar.gz"
	wget -q "${cri_tarball_arm64_url}" && mv "${cri_tarball_arm64}" "arm64/cri/docker.tar.gz"

sealerio / basefs Goto Github PK

basefs's People

Contributors

Stargazers

Watchers

Forkers

basefs's Issues

Issue Description

Describe what feature you want

Additional context

What happened:

What happened:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

What happened:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

What happened:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

What happened:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

What happened:

What you expected to happen:

Anything else we need to know?:

Environment:

Recommend Projects

Recommend Topics

Recommend Org