2019-02-08 21:53:46 +00:00
#!/bin/sh
set -e
2021-05-19 22:50:34 +00:00
set -o noglob
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# Usage:
# curl ... | ENV_VAR=... sh -
# or
# ENV_VAR=... ./install.sh
#
# Example:
2019-10-25 04:51:58 +00:00
# Installing a server without traefik:
2020-05-03 16:26:59 +00:00
# curl ... | INSTALL_K3S_EXEC="--disable=traefik" sh -
2019-03-04 17:54:37 +00:00
# Installing an agent to point at a server:
2019-03-22 20:51:59 +00:00
# curl ... | K3S_TOKEN=xxx K3S_URL=https://server-url:6443 sh -
2019-03-04 17:54:37 +00:00
#
# Environment variables:
# - K3S_*
# Environment variables which begin with K3S_ will be preserved for the
# systemd service to use. Setting K3S_URL without explicitly setting
# a systemd exec command will default the command to "agent", and we
2022-12-05 22:01:01 +00:00
# enforce that K3S_TOKEN is also set.
2019-03-04 17:54:37 +00:00
#
# - INSTALL_K3S_SKIP_DOWNLOAD
# If set to true will not download k3s hash or binary.
#
2021-04-27 15:49:03 +00:00
# - INSTALL_K3S_FORCE_RESTART
# If set to true will always restart the K3s service
#
2019-07-19 23:44:22 +00:00
# - INSTALL_K3S_SYMLINK
# If set to 'skip' will not create symlinks, 'force' will overwrite,
# default will symlink if command does not exist in path.
2019-07-10 02:17:19 +00:00
#
2020-03-06 17:47:19 +00:00
# - INSTALL_K3S_SKIP_ENABLE
# If set to true will not enable or start k3s service.
#
2019-04-23 20:24:02 +00:00
# - INSTALL_K3S_SKIP_START
# If set to true will not start k3s service.
#
2019-03-04 17:54:37 +00:00
# - INSTALL_K3S_VERSION
2020-03-25 18:34:34 +00:00
# Version of k3s to download from github. Will attempt to download from the
# stable channel if not specified.
2019-03-04 17:54:37 +00:00
#
2019-12-23 21:50:54 +00:00
# - INSTALL_K3S_COMMIT
# Commit of k3s to download from temporary cloud storage.
# * (for developer & QA use)
#
2019-03-04 17:54:37 +00:00
# - INSTALL_K3S_BIN_DIR
# Directory to install k3s binary, links, and uninstall script to, or use
# /usr/local/bin as the default
#
2019-04-25 21:18:16 +00:00
# - INSTALL_K3S_BIN_DIR_READ_ONLY
# If set to true will not write files to INSTALL_K3S_BIN_DIR, forces
# setting INSTALL_K3S_SKIP_DOWNLOAD=true
#
2019-03-04 17:54:37 +00:00
# - INSTALL_K3S_SYSTEMD_DIR
# Directory to install systemd service and environment files to, or use
# /etc/systemd/system as the default
#
# - INSTALL_K3S_EXEC or script arguments
# Command with flags to use for launching k3s in the systemd service, if
# the command is not specified will default to "agent" if K3S_URL is set
# or "server" if not. The final systemd command resolves to a combination
# of EXEC and script args ($@).
#
# The following commands result in the same behavior:
2020-05-03 16:26:59 +00:00
# curl ... | INSTALL_K3S_EXEC="--disable=traefik" sh -s -
# curl ... | INSTALL_K3S_EXEC="server --disable=traefik" sh -s -
# curl ... | INSTALL_K3S_EXEC="server" sh -s - --disable=traefik
# curl ... | sh -s - server --disable=traefik
# curl ... | sh -s - --disable=traefik
2019-03-04 17:54:37 +00:00
#
# - INSTALL_K3S_NAME
# Name of systemd service to create, will default from the k3s exec command
# if not specified. If specified the name will be prefixed with 'k3s-'.
#
# - INSTALL_K3S_TYPE
# Type of systemd service to create, will default from the k3s exec command
# if not specified.
2020-03-27 23:28:04 +00:00
#
# - INSTALL_K3S_SELINUX_WARN
# If set to true will continue if k3s-selinux policy is not found.
2020-03-25 18:34:34 +00:00
#
2020-10-19 20:24:02 +00:00
# - INSTALL_K3S_SKIP_SELINUX_RPM
# If set to true will skip automatic installation of the k3s RPM.
#
2020-03-25 18:34:34 +00:00
# - INSTALL_K3S_CHANNEL_URL
# Channel URL for fetching k3s download URL.
# Defaults to 'https://update.k3s.io/v1-release/channels'.
#
# - INSTALL_K3S_CHANNEL
# Channel to use for fetching k3s download URL.
# Defaults to 'stable'.
2019-03-04 17:54:37 +00:00
2021-03-01 19:41:03 +00:00
GITHUB_URL = https://github.com/k3s-io/k3s/releases
2022-11-28 17:27:43 +00:00
STORAGE_URL = https://k3s-ci-builds.s3.amazonaws.com
2019-08-23 12:39:20 +00:00
DOWNLOADER =
2019-03-04 17:54:37 +00:00
# --- helper functions for logs ---
2019-02-08 21:53:46 +00:00
info( )
{
2019-08-23 13:11:25 +00:00
echo '[INFO] ' " $@ "
2019-02-08 21:53:46 +00:00
}
2020-03-27 23:28:04 +00:00
warn( )
{
echo '[WARN] ' " $@ " >& 2
}
2019-02-08 21:53:46 +00:00
fatal( )
{
2019-08-24 06:11:08 +00:00
echo '[ERROR] ' " $@ " >& 2
2019-02-08 21:53:46 +00:00
exit 1
}
2019-04-20 00:05:43 +00:00
# --- fatal if no systemd or openrc ---
verify_system( ) {
if [ -x /sbin/openrc-run ] ; then
HAS_OPENRC = true
return
fi
2021-10-29 16:47:37 +00:00
if [ -x /bin/systemctl ] || type systemctl > /dev/null 2>& 1; then
2019-04-20 00:05:43 +00:00
HAS_SYSTEMD = true
return
2019-03-04 17:54:37 +00:00
fi
2019-08-23 13:11:25 +00:00
fatal 'Can not find systemd or openrc to use as a process supervisor for k3s'
2019-03-04 17:54:37 +00:00
}
2019-03-01 18:01:43 +00:00
2019-06-15 23:57:40 +00:00
# --- add quotes to command arguments ---
quote( ) {
for arg in " $@ " ; do
2019-08-23 13:11:25 +00:00
printf '%s\n' " $arg " | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
2019-06-15 23:57:40 +00:00
done
}
# --- add indentation and trailing slash to quoted args ---
quote_indent( ) {
2019-08-23 13:11:25 +00:00
printf ' \\\n'
2019-06-15 23:57:40 +00:00
for arg in " $@ " ; do
2019-08-23 13:11:25 +00:00
printf '\t%s \\\n' " $( quote " $arg " ) "
2019-06-15 23:57:40 +00:00
done
}
# --- escape most punctuation characters, except quotes, forward slash, and space ---
escape( ) {
2019-08-23 13:11:25 +00:00
printf '%s' " $@ " | sed -e 's/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;'
2019-06-15 23:57:40 +00:00
}
# --- escape double quotes ---
escape_dq( ) {
2019-08-23 13:11:25 +00:00
printf '%s' " $@ " | sed -e 's/"/\\"/g'
2019-06-15 23:57:40 +00:00
}
2020-07-23 19:56:36 +00:00
# --- ensures $K3S_URL is empty or begins with https://, exiting fatally otherwise ---
verify_k3s_url( ) {
case " ${ K3S_URL } " in
"" )
; ;
https://*)
; ;
*)
fatal " Only https:// URLs are supported for K3S_URL (have ${ K3S_URL } ) "
; ;
esac
}
2019-03-04 17:54:37 +00:00
# --- define needed environment variables ---
setup_env( ) {
# --- use command args if passed or create default ---
case " $1 " in
# --- if we only have flags discover if command should be server or agent ---
( -*| "" )
if [ -z " ${ K3S_URL } " ] ; then
CMD_K3S = server
else
2022-12-05 22:01:01 +00:00
if [ -z " ${ K3S_TOKEN } " ] && [ -z " ${ K3S_TOKEN_FILE } " ] ; then
fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN or K3S_TOKEN_FILE is not defined."
2019-03-04 17:54:37 +00:00
fi
CMD_K3S = agent
fi
2019-02-08 21:53:46 +00:00
; ;
2019-03-04 17:54:37 +00:00
# --- command is provided ---
( *)
2019-08-23 13:11:25 +00:00
CMD_K3S = $1
2019-06-15 23:57:40 +00:00
shift
2019-02-08 21:53:46 +00:00
; ;
2019-03-04 17:54:37 +00:00
esac
2020-07-23 19:56:36 +00:00
verify_k3s_url
2019-06-15 23:57:40 +00:00
CMD_K3S_EXEC = " ${ CMD_K3S } $( quote_indent " $@ " ) "
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- use systemd name if defined or create default ---
if [ -n " ${ INSTALL_K3S_NAME } " ] ; then
2019-04-20 00:05:43 +00:00
SYSTEM_NAME = k3s-${ INSTALL_K3S_NAME }
2019-03-04 17:54:37 +00:00
else
2019-08-23 13:11:25 +00:00
if [ " ${ CMD_K3S } " = server ] ; then
2019-04-20 00:05:43 +00:00
SYSTEM_NAME = k3s
2019-03-04 17:54:37 +00:00
else
2019-04-20 00:05:43 +00:00
SYSTEM_NAME = k3s-${ CMD_K3S }
2019-03-04 17:54:37 +00:00
fi
fi
2019-06-15 23:57:40 +00:00
# --- check for invalid characters in system name ---
2019-08-23 13:11:25 +00:00
valid_chars = $( printf '%s' " ${ SYSTEM_NAME } " | sed -e 's/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;' )
2019-06-15 23:57:40 +00:00
if [ " ${ SYSTEM_NAME } " != " ${ valid_chars } " ] ; then
2019-08-23 13:11:25 +00:00
invalid_chars = $( printf '%s' " ${ valid_chars } " | sed -e 's/[^^]/ /g' )
2019-06-15 23:57:40 +00:00
fatal " Invalid characters for system name:
${ SYSTEM_NAME }
${ invalid_chars } "
fi
2019-05-01 21:14:25 +00:00
# --- use sudo if we are not already root ---
SUDO = sudo
2019-08-26 16:38:23 +00:00
if [ $( id -u) -eq 0 ] ; then
2019-05-01 21:14:25 +00:00
SUDO =
fi
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- use systemd type if defined or create default ---
if [ -n " ${ INSTALL_K3S_TYPE } " ] ; then
2019-08-23 13:11:25 +00:00
SYSTEMD_TYPE = ${ INSTALL_K3S_TYPE }
2019-03-04 17:54:37 +00:00
else
2022-07-13 00:03:25 +00:00
SYSTEMD_TYPE = notify
2019-03-04 17:54:37 +00:00
fi
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- use binary install directory if defined or create default ---
if [ -n " ${ INSTALL_K3S_BIN_DIR } " ] ; then
2019-08-23 13:11:25 +00:00
BIN_DIR = ${ INSTALL_K3S_BIN_DIR }
2019-03-04 17:54:37 +00:00
else
2020-12-05 05:30:51 +00:00
# --- use /usr/local/bin if root can write to it, otherwise use /opt/bin if it exists
2019-08-23 13:11:25 +00:00
BIN_DIR = /usr/local/bin
2020-12-05 05:30:51 +00:00
if ! $SUDO sh -c " touch ${ BIN_DIR } /k3s-ro-test && rm -rf ${ BIN_DIR } /k3s-ro-test " ; then
if [ -d /opt/bin ] ; then
BIN_DIR = /opt/bin
fi
fi
2019-03-04 17:54:37 +00:00
fi
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- use systemd directory if defined or create default ---
if [ -n " ${ INSTALL_K3S_SYSTEMD_DIR } " ] ; then
SYSTEMD_DIR = " ${ INSTALL_K3S_SYSTEMD_DIR } "
else
2019-08-23 13:11:25 +00:00
SYSTEMD_DIR = /etc/systemd/system
2019-03-04 17:54:37 +00:00
fi
2019-02-08 21:53:46 +00:00
2020-03-06 17:47:19 +00:00
# --- set related files from system name ---
SERVICE_K3S = ${ SYSTEM_NAME } .service
UNINSTALL_K3S_SH = ${ UNINSTALL_K3S_SH :- ${ BIN_DIR } / ${ SYSTEM_NAME } -uninstall.sh }
KILLALL_K3S_SH = ${ KILLALL_K3S_SH :- ${ BIN_DIR } /k3s-killall.sh }
2019-07-15 15:37:31 +00:00
# --- use service or environment location depending on systemd/openrc ---
2019-08-23 13:11:25 +00:00
if [ " ${ HAS_SYSTEMD } " = true ] ; then
2019-04-20 00:05:43 +00:00
FILE_K3S_SERVICE = ${ SYSTEMD_DIR } /${ SERVICE_K3S }
FILE_K3S_ENV = ${ SYSTEMD_DIR } /${ SERVICE_K3S } .env
2019-08-23 13:11:25 +00:00
elif [ " ${ HAS_OPENRC } " = true ] ; then
2019-04-20 00:05:43 +00:00
$SUDO mkdir -p /etc/rancher/k3s
FILE_K3S_SERVICE = /etc/init.d/${ SYSTEM_NAME }
FILE_K3S_ENV = /etc/rancher/k3s/${ SYSTEM_NAME } .env
fi
2019-05-01 21:14:25 +00:00
# --- get hash of config & exec for currently installed k3s ---
2019-08-23 08:19:40 +00:00
PRE_INSTALL_HASHES = $( get_installed_hashes)
2019-05-01 21:14:25 +00:00
# --- if bin directory is read only skip download ---
2019-08-23 13:11:25 +00:00
if [ " ${ INSTALL_K3S_BIN_DIR_READ_ONLY } " = true ] ; then
2019-04-25 21:18:16 +00:00
INSTALL_K3S_SKIP_DOWNLOAD = true
fi
2020-03-25 18:34:34 +00:00
# --- setup channel values
INSTALL_K3S_CHANNEL_URL = ${ INSTALL_K3S_CHANNEL_URL :- 'https://update.k3s.io/v1-release/channels' }
INSTALL_K3S_CHANNEL = ${ INSTALL_K3S_CHANNEL :- 'stable' }
2019-03-04 17:54:37 +00:00
}
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- check if skip download environment variable set ---
2022-09-13 18:12:41 +00:00
can_skip_download_binary( ) {
2022-09-13 18:30:04 +00:00
if [ " ${ INSTALL_K3S_SKIP_DOWNLOAD } " != true ] && [ " ${ INSTALL_K3S_SKIP_DOWNLOAD } " != binary ] ; then
2019-03-04 17:54:37 +00:00
return 1
fi
}
2022-09-13 18:12:41 +00:00
can_skip_download_selinux( ) {
2022-09-13 18:30:04 +00:00
if [ " ${ INSTALL_K3S_SKIP_DOWNLOAD } " != true ] && [ " ${ INSTALL_K3S_SKIP_DOWNLOAD } " != selinux ] ; then
2022-09-13 18:05:03 +00:00
return 1
fi
}
2020-12-22 20:35:58 +00:00
# --- verify an executable k3s binary is installed ---
2019-03-04 17:54:37 +00:00
verify_k3s_is_executable( ) {
if [ ! -x ${ BIN_DIR } /k3s ] ; then
fatal " Executable k3s binary not found at ${ BIN_DIR } /k3s "
fi
}
# --- set arch and suffix, fatal if architecture not supported ---
setup_verify_arch( ) {
2019-04-28 05:07:28 +00:00
if [ -z " $ARCH " ] ; then
2019-08-23 08:19:40 +00:00
ARCH = $( uname -m)
2019-04-28 05:07:28 +00:00
fi
2019-03-04 17:54:37 +00:00
case $ARCH in
amd64)
ARCH = amd64
SUFFIX =
; ;
x86_64)
ARCH = amd64
SUFFIX =
; ;
arm64)
ARCH = arm64
SUFFIX = -${ ARCH }
; ;
2022-04-15 16:41:40 +00:00
s390x)
ARCH = s390x
SUFFIX = -${ ARCH }
; ;
2019-03-04 17:54:37 +00:00
aarch64)
ARCH = arm64
SUFFIX = -${ ARCH }
; ;
arm*)
ARCH = arm
SUFFIX = -${ ARCH } hf
; ;
*)
fatal " Unsupported architecture $ARCH "
esac
}
2019-08-23 12:39:20 +00:00
# --- verify existence of network downloader executable ---
verify_downloader( ) {
# Return failure if it doesn't exist or is no executable
2021-03-30 07:15:02 +00:00
[ -x " $( command -v $1 ) " ] || return 1
2019-08-23 12:39:20 +00:00
# Set verified executable as our downloader program and return success
DOWNLOADER = $1
return 0
2019-03-04 17:54:37 +00:00
}
2020-12-22 20:35:58 +00:00
# --- create temporary directory and cleanup when done ---
2019-03-04 17:54:37 +00:00
setup_tmp( ) {
2019-08-23 08:19:40 +00:00
TMP_DIR = $( mktemp -d -t k3s-install.XXXXXXXXXX)
2019-03-04 17:54:37 +00:00
TMP_HASH = ${ TMP_DIR } /k3s.hash
TMP_BIN = ${ TMP_DIR } /k3s.bin
cleanup( ) {
code = $?
set +e
trap - EXIT
rm -rf ${ TMP_DIR }
exit $code
}
trap cleanup INT EXIT
}
2020-03-25 18:34:34 +00:00
# --- use desired k3s version if defined or find version from channel ---
2019-03-04 17:54:37 +00:00
get_release_version( ) {
2019-12-23 21:50:54 +00:00
if [ -n " ${ INSTALL_K3S_COMMIT } " ] ; then
VERSION_K3S = " commit ${ INSTALL_K3S_COMMIT } "
elif [ -n " ${ INSTALL_K3S_VERSION } " ] ; then
2019-08-23 13:11:25 +00:00
VERSION_K3S = ${ INSTALL_K3S_VERSION }
2019-03-04 17:54:37 +00:00
else
2020-03-25 18:34:34 +00:00
info " Finding release for channel ${ INSTALL_K3S_CHANNEL } "
version_url = " ${ INSTALL_K3S_CHANNEL_URL } / ${ INSTALL_K3S_CHANNEL } "
2019-08-23 12:39:20 +00:00
case $DOWNLOADER in
curl)
2020-03-25 18:34:34 +00:00
VERSION_K3S = $( curl -w '%{url_effective}' -L -s -S ${ version_url } -o /dev/null | sed -e 's|.*/||' )
2019-08-23 12:39:20 +00:00
; ;
wget)
2020-03-25 18:34:34 +00:00
VERSION_K3S = $( wget -SqO /dev/null ${ version_url } 2>& 1 | grep -i Location | sed -e 's|.*/||' )
2019-08-23 12:39:20 +00:00
; ;
*)
fatal " Incorrect downloader executable ' $DOWNLOADER ' "
; ;
esac
2019-03-04 17:54:37 +00:00
fi
info " Using ${ VERSION_K3S } as release "
}
2019-02-08 21:53:46 +00:00
2023-04-11 20:32:48 +00:00
# --- get k3s-selinux version ---
get_k3s_selinux_version( ) {
available_version = " k3s-selinux-1.2-2. ${ rpm_target } .noarch.rpm "
info "Finding available k3s-selinux versions"
# run verify_downloader in case it binary installation was skipped
verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
case $DOWNLOADER in
curl)
DOWNLOADER_OPTS = "-s"
; ;
wget)
DOWNLOADER_OPTS = "-q -O -"
; ;
*)
fatal " Incorrect downloader executable ' $DOWNLOADER ' "
; ;
esac
for i in { 1..3} ; do
set +e
if [ " ${ rpm_channel } " = "testing" ] ; then
version = $( timeout 5 ${ DOWNLOADER } ${ DOWNLOADER_OPTS } https://api.github.com/repos/k3s-io/k3s-selinux/releases | grep browser_download_url | awk '{ print $2 }' | grep -oE " [^\/]+ ${ rpm_target } \.noarch\.rpm " | head -n 1)
else
version = $( timeout 5 ${ DOWNLOADER } ${ DOWNLOADER_OPTS } https://api.github.com/repos/k3s-io/k3s-selinux/releases/latest | grep browser_download_url | awk '{ print $2 }' | grep -oE " [^\/]+ ${ rpm_target } \.noarch\.rpm " )
fi
set -e
if [ " ${ version } " != "" ] ; then
break
fi
sleep 1
done
if [ " ${ version } " = = "" ] ; then
warn " Failed to get available versions of k3s-selinux..defaulting to ${ available_version } "
return
fi
available_version = ${ version }
}
2019-09-03 06:12:22 +00:00
# --- download from github url ---
download( ) {
[ $# -eq 2 ] || fatal 'download needs exactly 2 arguments'
2019-08-23 12:39:20 +00:00
case $DOWNLOADER in
curl)
2019-09-03 06:12:22 +00:00
curl -o $1 -sfL $2
2019-08-23 12:39:20 +00:00
; ;
wget)
2019-09-03 06:12:22 +00:00
wget -qO $1 $2
2019-08-23 12:39:20 +00:00
; ;
*)
fatal " Incorrect executable ' $DOWNLOADER ' "
; ;
esac
2019-09-03 06:12:22 +00:00
2019-08-23 12:39:20 +00:00
# Abort if download command failed
2019-09-03 06:15:39 +00:00
[ $? -eq 0 ] || fatal 'Download failed'
2019-09-03 06:12:22 +00:00
}
2019-03-04 17:54:37 +00:00
# --- download hash from github url ---
download_hash( ) {
2019-12-23 21:50:54 +00:00
if [ -n " ${ INSTALL_K3S_COMMIT } " ] ; then
HASH_URL = ${ STORAGE_URL } /k3s${ SUFFIX } -${ INSTALL_K3S_COMMIT } .sha256sum
else
HASH_URL = ${ GITHUB_URL } /download/${ VERSION_K3S } /sha256sum-${ ARCH } .txt
fi
2019-03-04 17:54:37 +00:00
info " Downloading hash ${ HASH_URL } "
2019-09-03 06:12:22 +00:00
download ${ TMP_HASH } ${ HASH_URL }
2019-08-26 16:43:30 +00:00
HASH_EXPECTED = $( grep " k3s ${ SUFFIX } $" ${ TMP_HASH } )
2019-08-21 14:38:40 +00:00
HASH_EXPECTED = ${ HASH_EXPECTED %%[[ : blank : ]]* }
2019-03-04 17:54:37 +00:00
}
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- check hash against installed version ---
installed_hash_matches( ) {
if [ -x ${ BIN_DIR } /k3s ] ; then
2019-08-26 16:43:30 +00:00
HASH_INSTALLED = $( sha256sum ${ BIN_DIR } /k3s)
2019-08-21 14:38:40 +00:00
HASH_INSTALLED = ${ HASH_INSTALLED %%[[ : blank : ]]* }
2019-03-04 17:54:37 +00:00
if [ " ${ HASH_EXPECTED } " = " ${ HASH_INSTALLED } " ] ; then
return
fi
fi
return 1
}
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- download binary from github url ---
download_binary( ) {
2019-12-23 21:50:54 +00:00
if [ -n " ${ INSTALL_K3S_COMMIT } " ] ; then
BIN_URL = ${ STORAGE_URL } /k3s${ SUFFIX } -${ INSTALL_K3S_COMMIT }
else
BIN_URL = ${ GITHUB_URL } /download/${ VERSION_K3S } /k3s${ SUFFIX }
fi
2019-03-04 17:54:37 +00:00
info " Downloading binary ${ BIN_URL } "
2019-09-03 06:12:22 +00:00
download ${ TMP_BIN } ${ BIN_URL }
2019-03-04 17:54:37 +00:00
}
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- verify downloaded binary hash ---
verify_binary( ) {
info "Verifying binary download"
2019-08-26 16:43:30 +00:00
HASH_BIN = $( sha256sum ${ TMP_BIN } )
2019-08-21 14:38:40 +00:00
HASH_BIN = ${ HASH_BIN %%[[ : blank : ]]* }
2019-03-04 17:54:37 +00:00
if [ " ${ HASH_EXPECTED } " != " ${ HASH_BIN } " ] ; then
fatal " Download sha256 does not match ${ HASH_EXPECTED } , got ${ HASH_BIN } "
2019-02-08 21:53:46 +00:00
fi
2019-03-04 17:54:37 +00:00
}
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- setup permissions and move binary to system directory ---
setup_binary( ) {
chmod 755 ${ TMP_BIN }
info " Installing k3s to ${ BIN_DIR } /k3s "
$SUDO chown root:root ${ TMP_BIN }
$SUDO mv -f ${ TMP_BIN } ${ BIN_DIR } /k3s
2020-03-27 23:28:04 +00:00
}
2019-03-22 20:51:59 +00:00
2020-03-27 23:28:04 +00:00
# --- setup selinux policy ---
setup_selinux( ) {
2020-11-16 21:57:07 +00:00
case ${ INSTALL_K3S_CHANNEL } in
*testing)
rpm_channel = testing
; ;
*latest)
rpm_channel = latest
; ;
*)
rpm_channel = stable
; ;
esac
2020-10-19 20:24:02 +00:00
rpm_site = "rpm.rancher.io"
2020-11-16 21:57:07 +00:00
if [ " ${ rpm_channel } " = "testing" ] ; then
rpm_site = "rpm-testing.rancher.io"
2020-10-19 20:24:02 +00:00
fi
2021-07-30 11:56:59 +00:00
[ -r /etc/os-release ] && . /etc/os-release
2023-02-06 19:27:12 +00:00
if [ ` expr " ${ ID_LIKE } " : ".*suse.*" ` != 0 ] ; then
2021-10-29 16:47:37 +00:00
rpm_target = sle
rpm_site_infix = microos
package_installer = zypper
2023-10-03 21:40:35 +00:00
if [ " ${ ID_LIKE :- } " = suse ] && ( [ " ${ VARIANT_ID :- } " = sle-micro ] || [ " ${ ID :- } " = sle-micro ] ) ; then
2023-04-06 21:44:07 +00:00
rpm_target = sle
rpm_site_infix = slemicro
package_installer = zypper
fi
2023-06-02 04:59:58 +00:00
elif [ " ${ ID_LIKE :- } " = coreos ] || [ " ${ VARIANT_ID :- } " = coreos ] ; then
rpm_target = coreos
rpm_site_infix = coreos
package_installer = rpm-ostree
2021-10-29 16:47:37 +00:00
elif [ " ${ VERSION_ID %%.* } " = "7" ] ; then
rpm_target = el7
rpm_site_infix = centos/7
package_installer = yum
2023-06-01 22:59:26 +00:00
elif [ " ${ VERSION_ID %%.* } " = "8" ] || [ " ${ VERSION_ID %%.* } " -gt "36" ] ; then
2023-05-30 22:51:23 +00:00
rpm_target = el8
rpm_site_infix = centos/8
package_installer = yum
2021-03-17 15:18:51 +00:00
else
2023-05-30 22:51:23 +00:00
rpm_target = el9
rpm_site_infix = centos/9
2021-10-29 16:47:37 +00:00
package_installer = yum
2021-03-17 15:18:51 +00:00
fi
2023-04-06 21:44:07 +00:00
if [ " ${ package_installer } " = "rpm-ostree" ] && [ -x /bin/yum ] ; then
package_installer = yum
fi
2021-10-29 16:47:37 +00:00
if [ " ${ package_installer } " = "yum" ] && [ -x /usr/bin/dnf ] ; then
package_installer = dnf
2020-03-27 23:28:04 +00:00
fi
2021-10-29 16:47:37 +00:00
policy_hint = " please install:
${ package_installer } install -y container-selinux
2023-04-06 21:44:07 +00:00
${ package_installer } install -y https://${ rpm_site } /k3s/${ rpm_channel } /common/${ rpm_site_infix } /noarch/${ available_version }
2021-10-29 16:47:37 +00:00
"
2022-09-13 18:12:41 +00:00
if [ " $INSTALL_K3S_SKIP_SELINUX_RPM " = true ] || can_skip_download_selinux || [ ! -d /usr/share/selinux ] ; then
2020-10-19 20:24:02 +00:00
info "Skipping installation of SELinux RPM"
2024-01-02 20:30:07 +00:00
return
2021-10-29 16:47:37 +00:00
fi
2024-01-02 20:30:07 +00:00
get_k3s_selinux_version
install_selinux_rpm ${ rpm_site } ${ rpm_channel } ${ rpm_target } ${ rpm_site_infix }
2021-10-29 16:47:37 +00:00
policy_error = fatal
2021-11-08 23:26:21 +00:00
if [ " $INSTALL_K3S_SELINUX_WARN " = true ] || [ " ${ ID_LIKE :- } " = coreos ] || [ " ${ VARIANT_ID :- } " = coreos ] ; then
2021-10-29 16:47:37 +00:00
policy_error = warn
2020-10-19 20:24:02 +00:00
fi
2020-03-27 23:28:04 +00:00
if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${ BIN_DIR } /k3s >/dev/null 2>& 1; then
2020-04-13 04:13:50 +00:00
if $SUDO grep '^\s*SELINUX=enforcing' /etc/selinux/config >/dev/null 2>& 1; then
2020-03-27 23:28:04 +00:00
$policy_error " Failed to apply container_runtime_exec_t to ${ BIN_DIR } /k3s, ${ policy_hint } "
fi
2021-11-08 23:26:21 +00:00
elif [ ! -f /usr/share/selinux/packages/k3s.pp ] ; then
2023-05-30 22:51:23 +00:00
if [ -x /usr/sbin/transactional-update ] || [ " ${ ID_LIKE :- } " = coreos ] || [ " ${ VARIANT_ID :- } " = coreos ] ; then
2021-11-08 23:26:21 +00:00
warn "Please reboot your machine to activate the changes and avoid data loss."
else
2020-03-27 23:28:04 +00:00
$policy_error " Failed to find the k3s-selinux policy, ${ policy_hint } "
2019-03-22 20:51:59 +00:00
fi
fi
2019-03-04 17:54:37 +00:00
}
2020-10-19 20:24:02 +00:00
install_selinux_rpm( ) {
2023-04-06 21:44:07 +00:00
if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/fedora-release ] || [ " ${ ID_LIKE %%[ ]* } " = "suse" ] ; then
2021-10-29 16:47:37 +00:00
repodir = /etc/yum.repos.d
if [ -d /etc/zypp/repos.d ] ; then
repodir = /etc/zypp/repos.d
fi
2021-05-19 22:50:34 +00:00
set +o noglob
2021-10-29 16:47:37 +00:00
$SUDO rm -f ${ repodir } /rancher-k3s-common*.repo
2021-05-19 22:50:34 +00:00
set -o noglob
2021-10-29 16:47:37 +00:00
if [ -r /etc/redhat-release ] && [ " ${ 3 } " = "el7" ] ; then
$SUDO yum install -y yum-utils
$SUDO yum-config-manager --enable rhel-7-server-extras-rpms
2020-10-19 20:24:02 +00:00
fi
2021-10-29 16:47:37 +00:00
$SUDO tee ${ repodir } /rancher-k3s-common.repo >/dev/null << EOF
2020-11-16 21:57:07 +00:00
[ rancher-k3s-common-${ 2 } ]
name = Rancher K3s Common ( ${ 2 } )
2021-10-29 16:47:37 +00:00
baseurl = https://${ 1 } /k3s/${ 2 } /common/${ 4 } /noarch
2020-10-19 20:24:02 +00:00
enabled = 1
gpgcheck = 1
2021-10-29 16:47:37 +00:00
repo_gpgcheck = 0
2020-10-19 20:24:02 +00:00
gpgkey = https://${ 1 } /public.key
EOF
2021-10-29 16:47:37 +00:00
case ${ 3 } in
sle)
rpm_installer = "zypper --gpg-auto-import-keys"
2021-11-05 15:39:45 +00:00
if [ " ${ TRANSACTIONAL_UPDATE =false } " != "true" ] && [ -x /usr/sbin/transactional-update ] ; then
2023-05-30 22:51:23 +00:00
transactional_update_run = "transactional-update --no-selfupdate -d run"
2021-10-29 16:47:37 +00:00
rpm_installer = " transactional-update --no-selfupdate -d run ${ rpm_installer } "
: " ${ INSTALL_K3S_SKIP_START : =true } "
fi
2023-05-30 22:51:23 +00:00
# create the /var/lib/rpm-state in SLE systems to fix the prein selinux macro
${ transactional_update_run } mkdir -p /var/lib/rpm-state
2021-10-29 16:47:37 +00:00
; ;
2023-04-06 21:44:07 +00:00
coreos)
2023-07-31 21:10:19 +00:00
rpm_installer = "rpm-ostree --idempotent"
2023-04-06 21:44:07 +00:00
# rpm_install_extra_args="--apply-live"
: " ${ INSTALL_K3S_SKIP_START : =true } "
; ;
2021-10-29 16:47:37 +00:00
*)
rpm_installer = "yum"
; ;
esac
2021-11-08 23:26:21 +00:00
if [ " ${ rpm_installer } " = "yum" ] && [ -x /usr/bin/dnf ] ; then
rpm_installer = dnf
2023-05-30 22:51:23 +00:00
fi
if rpm -q --quiet k3s-selinux; then
# remove k3s-selinux module before upgrade to allow container-selinux to upgrade safely
if check_available_upgrades container-selinux ${ 3 } && check_available_upgrades k3s-selinux ${ 3 } ; then
MODULE_PRIORITY = $( $SUDO semodule --list= full | grep k3s | cut -f1 -d" " )
if [ -n " ${ MODULE_PRIORITY } " ] ; then
$SUDO semodule -X $MODULE_PRIORITY -r k3s || true
fi
fi
2021-11-08 23:26:21 +00:00
fi
2021-10-29 16:47:37 +00:00
# shellcheck disable=SC2086
$SUDO ${ rpm_installer } install -y "k3s-selinux"
2020-10-19 20:24:02 +00:00
fi
return
}
2023-05-30 22:51:23 +00:00
check_available_upgrades( ) {
set +e
case ${ 2 } in
sle)
available_upgrades = $( $SUDO zypper -q -t -s 11 se -s -u --type package $1 | tail -n 1 | grep -v "No matching" | awk '{print $3}' )
; ;
coreos)
# currently rpm-ostree does not support search functionality https://github.com/coreos/rpm-ostree/issues/1877
; ;
*)
available_upgrades = $( $SUDO yum -q --refresh list $1 --upgrades | tail -n 1 | awk '{print $2}' )
; ;
esac
set -e
if [ -n " ${ available_upgrades } " ] ; then
return 0
fi
return 1
}
2019-03-04 17:54:37 +00:00
# --- download and verify k3s ---
download_and_verify( ) {
2022-09-13 18:12:41 +00:00
if can_skip_download_binary; then
2019-08-23 13:11:25 +00:00
info 'Skipping k3s download and verify'
2019-03-04 17:54:37 +00:00
verify_k3s_is_executable
return
fi
setup_verify_arch
2019-08-23 12:39:20 +00:00
verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
2019-03-04 17:54:37 +00:00
setup_tmp
get_release_version
download_hash
if installed_hash_matches; then
2019-08-23 13:11:25 +00:00
info 'Skipping binary downloaded, installed k3s matches hash'
2019-03-04 17:54:37 +00:00
return
fi
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
download_binary
verify_binary
setup_binary
}
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
# --- add additional utility links ---
create_symlinks( ) {
2019-08-23 13:11:25 +00:00
[ " ${ INSTALL_K3S_BIN_DIR_READ_ONLY } " = true ] && return
[ " ${ INSTALL_K3S_SYMLINK } " = skip ] && return
2019-07-19 23:44:22 +00:00
for cmd in kubectl crictl ctr; do
2019-08-23 13:11:25 +00:00
if [ ! -e ${ BIN_DIR } /${ cmd } ] || [ " ${ INSTALL_K3S_SYMLINK } " = force ] ; then
2021-03-30 07:15:02 +00:00
which_cmd = $( command -v ${ cmd } 2>/dev/null || true )
2019-08-23 13:11:25 +00:00
if [ -z " ${ which_cmd } " ] || [ " ${ INSTALL_K3S_SYMLINK } " = force ] ; then
2019-07-19 23:44:22 +00:00
info " Creating ${ BIN_DIR } / ${ cmd } symlink to k3s "
$SUDO ln -sf k3s ${ BIN_DIR } /${ cmd }
else
info " Skipping ${ BIN_DIR } / ${ cmd } symlink to k3s, command exists in PATH at ${ which_cmd } "
fi
else
info " Skipping ${ BIN_DIR } / ${ cmd } symlink to k3s, already exists "
fi
done
2019-03-04 17:54:37 +00:00
}
2019-05-01 21:14:25 +00:00
# --- create killall script ---
create_killall( ) {
2019-08-23 13:11:25 +00:00
[ " ${ INSTALL_K3S_BIN_DIR_READ_ONLY } " = true ] && return
2020-03-06 17:47:19 +00:00
info " Creating killall script ${ KILLALL_K3S_SH } "
$SUDO tee ${ KILLALL_K3S_SH } >/dev/null << \E OF
2019-05-01 21:14:25 +00:00
#!/bin/sh
2019-08-26 16:38:23 +00:00
[ $( id -u) -eq 0 ] || exec sudo $0 $@
2019-05-01 21:14:25 +00:00
for bin in /var/lib/rancher/k3s/data/**/bin/; do
2020-03-06 17:47:19 +00:00
[ -d $bin ] && export PATH = $PATH :$bin :$bin /aux
2019-05-01 21:14:25 +00:00
done
2019-10-26 23:13:59 +00:00
set -x
2019-05-01 21:14:25 +00:00
for service in /etc/systemd/system/k3s*.service; do
[ -s $service ] && systemctl stop $( basename $service )
done
for service in /etc/init.d/k3s*; do
[ -x $service ] && $service stop
done
2019-10-26 23:13:59 +00:00
pschildren( ) {
ps -e -o ppid = -o pid = | \
sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \
grep -w " ^ $1 " | \
cut -f2
}
2019-05-01 21:14:25 +00:00
pstree( ) {
for pid in $@ ; do
echo $pid
2019-10-26 23:13:59 +00:00
for child in $( pschildren $pid ) ; do
pstree $child
2019-09-03 05:51:33 +00:00
done
2019-05-01 21:14:25 +00:00
done
}
killtree( ) {
2019-10-26 23:13:59 +00:00
kill -9 $(
{ set +x; } 2>/dev/null;
pstree $@ ;
set -x;
) 2>/dev/null
2019-05-01 21:14:25 +00:00
}
2023-06-14 09:56:42 +00:00
remove_interfaces( ) {
# Delete network interface(s) that match 'master cni0'
ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do
iface = ${ iface %%@* }
[ -z " $iface " ] || ip link delete $iface
done
# Delete cni related interfaces
ip link delete cni0
ip link delete flannel.1
ip link delete flannel-v6.1
ip link delete kube-ipvs0
ip link delete flannel-wg
ip link delete flannel-wg-v6
# Restart tailscale
if [ -n " $( command -v tailscale) " ] ; then
tailscale set --advertise-routes=
fi
}
2019-10-15 17:49:28 +00:00
getshims( ) {
2020-03-06 17:47:19 +00:00
ps -e -o pid = -o args = | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1
2019-10-15 17:49:28 +00:00
}
killtree $( { set +x; } 2>/dev/null; getshims; set -x)
2019-05-01 21:14:25 +00:00
2020-12-05 03:17:10 +00:00
do_unmount_and_remove( ) {
2021-07-30 13:41:47 +00:00
set +x
while read -r _ path _; do
case " $path " in $1 *) echo " $path " ; ; esac
2023-10-30 08:11:43 +00:00
done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount -f "$0" && rm -rf "$0"'
2021-07-30 13:41:47 +00:00
set -x
2019-05-01 21:14:25 +00:00
}
2020-12-05 03:17:10 +00:00
do_unmount_and_remove '/run/k3s'
do_unmount_and_remove '/var/lib/rancher/k3s'
do_unmount_and_remove '/var/lib/kubelet/pods'
2021-05-03 22:05:20 +00:00
do_unmount_and_remove '/var/lib/kubelet/plugins'
2020-12-05 03:17:10 +00:00
do_unmount_and_remove '/run/netns/cni-'
# Remove CNI namespaces
ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete
2019-05-01 21:14:25 +00:00
2023-06-14 09:56:42 +00:00
remove_interfaces
2019-05-01 21:14:25 +00:00
rm -rf /var/lib/cni/
2022-10-31 10:02:12 +00:00
iptables-save | grep -v KUBE- | grep -v CNI- | grep -iv flannel | iptables-restore
ip6tables-save | grep -v KUBE- | grep -v CNI- | grep -iv flannel | ip6tables-restore
2019-05-01 21:14:25 +00:00
EOF
2020-03-06 17:47:19 +00:00
$SUDO chmod 755 ${ KILLALL_K3S_SH }
$SUDO chown root:root ${ KILLALL_K3S_SH }
2019-05-01 21:14:25 +00:00
}
2019-03-04 17:54:37 +00:00
# --- create uninstall script ---
create_uninstall( ) {
2019-08-23 13:11:25 +00:00
[ " ${ INSTALL_K3S_BIN_DIR_READ_ONLY } " = true ] && return
2020-03-06 17:47:19 +00:00
info " Creating uninstall script ${ UNINSTALL_K3S_SH } "
$SUDO tee ${ UNINSTALL_K3S_SH } >/dev/null << EOF
2019-03-04 17:54:37 +00:00
#!/bin/sh
set -x
2019-08-26 16:38:23 +00:00
[ \$ ( id -u) -eq 0 ] || exec sudo \$ 0 \$ @
2019-05-01 21:14:25 +00:00
2020-03-06 17:47:19 +00:00
${ KILLALL_K3S_SH }
2019-05-01 21:14:25 +00:00
2021-03-30 07:15:02 +00:00
if command -v systemctl; then
2019-04-20 00:05:43 +00:00
systemctl disable ${ SYSTEM_NAME }
systemctl reset-failed ${ SYSTEM_NAME }
systemctl daemon-reload
fi
2021-03-30 07:15:02 +00:00
if command -v rc-update; then
2019-05-01 21:14:25 +00:00
rc-update delete ${ SYSTEM_NAME } default
fi
2019-04-20 00:05:43 +00:00
rm -f ${ FILE_K3S_SERVICE }
rm -f ${ FILE_K3S_ENV }
2019-02-08 21:53:46 +00:00
2019-03-04 17:54:37 +00:00
remove_uninstall( ) {
2020-03-06 17:47:19 +00:00
rm -f ${ UNINSTALL_K3S_SH }
2019-03-04 17:54:37 +00:00
}
trap remove_uninstall EXIT
2019-04-20 00:05:43 +00:00
if ( ls ${ SYSTEMD_DIR } /k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>& 1; then
2019-08-23 13:11:25 +00:00
set +x; echo 'Additional k3s services installed, skipping uninstall of k3s' ; set -x
2019-03-04 17:54:37 +00:00
exit
fi
2019-07-19 23:44:22 +00:00
for cmd in kubectl crictl ctr; do
if [ -L ${ BIN_DIR } /\$ cmd ] ; then
rm -f ${ BIN_DIR } /\$ cmd
fi
done
2019-03-04 17:54:37 +00:00
rm -rf /etc/rancher/k3s
2020-08-07 18:13:04 +00:00
rm -rf /run/k3s
rm -rf /run/flannel
2019-03-04 17:54:37 +00:00
rm -rf /var/lib/rancher/k3s
2019-10-18 02:11:27 +00:00
rm -rf /var/lib/kubelet
2019-03-04 17:54:37 +00:00
rm -f ${ BIN_DIR } /k3s
2020-03-06 17:47:19 +00:00
rm -f ${ KILLALL_K3S_SH }
2020-11-16 21:57:07 +00:00
2020-11-17 17:08:38 +00:00
if type yum >/dev/null 2>& 1; then
2020-11-16 21:57:07 +00:00
yum remove -y k3s-selinux
rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
2023-04-06 21:44:07 +00:00
elif type rpm-ostree >/dev/null 2>& 1; then
rpm-ostree uninstall k3s-selinux
rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
2021-11-08 23:26:21 +00:00
elif type zypper >/dev/null 2>& 1; then
uninstall_cmd = "zypper remove -y k3s-selinux"
if [ "\${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ] ; then
uninstall_cmd = "transactional-update --no-selfupdate -d run \$uninstall_cmd"
fi
\$ uninstall_cmd
rm -f /etc/zypp/repos.d/rancher-k3s-common*.repo
2020-11-16 21:57:07 +00:00
fi
2019-03-04 17:54:37 +00:00
EOF
2020-03-06 17:47:19 +00:00
$SUDO chmod 755 ${ UNINSTALL_K3S_SH }
$SUDO chown root:root ${ UNINSTALL_K3S_SH }
2019-03-04 17:54:37 +00:00
}
# --- disable current service if loaded --
systemd_disable( ) {
2021-03-16 22:41:51 +00:00
$SUDO systemctl disable ${ SYSTEM_NAME } >/dev/null 2>& 1 || true
2019-03-04 17:54:37 +00:00
$SUDO rm -f /etc/systemd/system/${ SERVICE_K3S } || true
$SUDO rm -f /etc/systemd/system/${ SERVICE_K3S } .env || true
}
# --- capture current env and create file containing k3s_ variables ---
create_env_file( ) {
2019-04-20 00:05:43 +00:00
info " env: Creating environment file ${ FILE_K3S_ENV } "
2021-05-19 22:50:34 +00:00
$SUDO touch ${ FILE_K3S_ENV }
$SUDO chmod 0600 ${ FILE_K3S_ENV }
2021-10-22 17:45:39 +00:00
sh -c export | while read x v; do echo $v ; done | grep -E '^(K3S|CONTAINERD)_' | $SUDO tee ${ FILE_K3S_ENV } >/dev/null
sh -c export | while read x v; do echo $v ; done | grep -Ei '^(NO|HTTP|HTTPS)_PROXY' | $SUDO tee -a ${ FILE_K3S_ENV } >/dev/null
2019-03-04 17:54:37 +00:00
}
2019-04-20 00:05:43 +00:00
# --- write systemd service file ---
create_systemd_service_file( ) {
info " systemd: Creating service file ${ FILE_K3S_SERVICE } "
$SUDO tee ${ FILE_K3S_SERVICE } >/dev/null << EOF
2019-02-08 21:53:46 +00:00
[ Unit]
Description = Lightweight Kubernetes
Documentation = https://k3s.io
2019-10-26 20:11:50 +00:00
Wants = network-online.target
2020-09-26 08:42:17 +00:00
After = network-online.target
2019-10-26 20:11:50 +00:00
[ Install]
WantedBy = multi-user.target
2019-02-08 21:53:46 +00:00
[ Service]
2019-03-04 17:54:37 +00:00
Type = ${ SYSTEMD_TYPE }
2021-05-14 20:51:15 +00:00
EnvironmentFile = -/etc/default/%N
EnvironmentFile = -/etc/sysconfig/%N
EnvironmentFile = -${ FILE_K3S_ENV }
2019-02-08 21:53:46 +00:00
KillMode = process
Delegate = yes
2020-05-03 07:27:54 +00:00
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE = 1048576
2019-02-08 21:53:46 +00:00
LimitNPROC = infinity
LimitCORE = infinity
TasksMax = infinity
2019-04-17 18:27:03 +00:00
TimeoutStartSec = 0
2019-05-08 00:54:40 +00:00
Restart = always
2019-07-22 22:03:36 +00:00
RestartSec = 5s
2021-06-16 09:37:04 +00:00
ExecStartPre = /bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
2019-10-26 20:11:50 +00:00
ExecStartPre = -/sbin/modprobe br_netfilter
ExecStartPre = -/sbin/modprobe overlay
ExecStart = ${ BIN_DIR } /k3s \\
${ CMD_K3S_EXEC }
2019-10-26 23:18:45 +00:00
2019-02-08 21:53:46 +00:00
EOF
2019-03-04 17:54:37 +00:00
}
2019-02-08 21:53:46 +00:00
2019-04-20 00:05:43 +00:00
# --- write openrc service file ---
create_openrc_service_file( ) {
LOG_FILE = /var/log/${ SYSTEM_NAME } .log
info " openrc: Creating service file ${ FILE_K3S_SERVICE } "
$SUDO tee ${ FILE_K3S_SERVICE } >/dev/null << EOF
#!/sbin/openrc-run
depend( ) {
2019-09-17 17:08:07 +00:00
after network-online
2020-01-26 18:28:36 +00:00
want cgroups
2019-04-20 00:05:43 +00:00
}
start_pre( ) {
rm -f /tmp/k3s.*
}
supervisor = supervise-daemon
2019-08-23 13:11:25 +00:00
name = ${ SYSTEM_NAME }
2019-04-24 18:45:05 +00:00
command = " ${ BIN_DIR } /k3s "
2019-06-15 23:57:40 +00:00
command_args = " $( escape_dq " ${ CMD_K3S_EXEC } " )
>>${ LOG_FILE } 2>& 1"
2019-08-23 13:11:25 +00:00
output_log = ${ LOG_FILE }
error_log = ${ LOG_FILE }
2019-08-08 06:07:16 +00:00
2019-04-20 00:05:43 +00:00
pidfile = " /var/run/ ${ SYSTEM_NAME } .pid "
respawn_delay = 5
Always keep restarting k3s process by openrc
When for some reason, k3s crashes, and can't startup again, e.g. when
the data backend is not available (dqlite crashed, database server is
offline, ...), on openrc systems, supervise-daemon will try to restart
it, as per supervise-daemon(8):
respawn-max:
Sets the maximum number of times a daemon will be respawned during
a respawn period. If a daemon dies more than this number of times
during a respawn period, will give up trying to respawn it and exit.
The default is 10, and 0 means unlimited.
Setting respawn-max to 0, makes sure a k3s process on openrc systems will
keep trying to come online, even if the database backend is offline for a
longer period of time.
This aligns the openrc service configuration with the systemd
configuration, which has
Restart=always
RestartSec=5s
2020-06-19 08:47:59 +00:00
respawn_max = 0
2019-04-20 00:05:43 +00:00
set -o allexport
2023-04-11 20:32:48 +00:00
if [ -f /etc/environment ] ; then . /etc/environment; fi
if [ -f ${ FILE_K3S_ENV } ] ; then . ${ FILE_K3S_ENV } ; fi
2019-04-20 00:05:43 +00:00
set +o allexport
EOF
$SUDO chmod 0755 ${ FILE_K3S_SERVICE }
$SUDO tee /etc/logrotate.d/${ SYSTEM_NAME } >/dev/null << EOF
${ LOG_FILE } {
missingok
notifempty
copytruncate
}
EOF
}
# --- write systemd or openrc service file ---
create_service_file( ) {
2023-10-31 20:54:09 +00:00
[ " ${ HAS_SYSTEMD } " = true ] && create_systemd_service_file && restore_systemd_service_file_context
2019-08-23 13:11:25 +00:00
[ " ${ HAS_OPENRC } " = true ] && create_openrc_service_file
2019-04-27 05:13:38 +00:00
return 0
2019-04-25 17:06:22 +00:00
}
2023-10-31 20:54:09 +00:00
restore_systemd_service_file_context( ) {
2023-11-15 22:11:25 +00:00
$SUDO restorecon -R -i ${ FILE_K3S_SERVICE } 2>/dev/null || true
$SUDO restorecon -R -i ${ FILE_K3S_ENV } 2>/dev/null || true
2023-10-31 20:54:09 +00:00
}
2019-04-25 17:06:22 +00:00
# --- get hashes of the current k3s bin and service files
get_installed_hashes( ) {
2019-05-01 21:14:25 +00:00
$SUDO sha256sum ${ BIN_DIR } /k3s ${ FILE_K3S_SERVICE } ${ FILE_K3S_ENV } 2>& 1 || true
2019-04-20 00:05:43 +00:00
}
2019-03-04 17:54:37 +00:00
# --- enable and start systemd service ---
2019-04-25 17:06:22 +00:00
systemd_enable( ) {
2019-04-20 00:05:43 +00:00
info " systemd: Enabling ${ SYSTEM_NAME } unit "
$SUDO systemctl enable ${ FILE_K3S_SERVICE } >/dev/null
2019-02-08 21:53:46 +00:00
$SUDO systemctl daemon-reload >/dev/null
2019-04-25 17:06:22 +00:00
}
2019-02-08 21:53:46 +00:00
2019-04-25 17:06:22 +00:00
systemd_start( ) {
2019-04-20 00:05:43 +00:00
info " systemd: Starting ${ SYSTEM_NAME } "
$SUDO systemctl restart ${ SYSTEM_NAME }
}
# --- enable and start openrc service ---
2019-04-25 17:06:22 +00:00
openrc_enable( ) {
2019-04-20 00:05:43 +00:00
info " openrc: Enabling ${ SYSTEM_NAME } service for default runlevel "
$SUDO rc-update add ${ SYSTEM_NAME } default >/dev/null
2019-04-25 17:06:22 +00:00
}
2019-04-20 00:05:43 +00:00
2019-04-25 17:06:22 +00:00
openrc_start( ) {
2019-04-20 00:05:43 +00:00
info " openrc: Starting ${ SYSTEM_NAME } "
$SUDO ${ FILE_K3S_SERVICE } restart
}
2023-11-07 01:04:03 +00:00
has_working_xtables( ) {
if command -v " $1 -save " 1> /dev/null && command -v " $1 -restore " 1> /dev/null; then
if $SUDO $1 -save 2>/dev/null | grep -q '^-A CNI-HOSTPORT-MASQ -j MASQUERADE$' ; then
warn " Host $1 -save/ $1 -restore tools are incompatible with existing rules "
else
return 0
fi
else
info " Host $1 -save/ $1 -restore tools not found "
fi
return 1
}
2019-04-20 00:05:43 +00:00
# --- startup systemd or openrc service ---
service_enable_and_start( ) {
2021-09-01 19:28:15 +00:00
if [ -f "/proc/cgroups" ] && [ " $( grep memory /proc/cgroups | while read -r n n n enabled; do echo $enabled ; done ) " -eq 0 ] ;
then
info 'Failed to find memory cgroup, you may need to add "cgroup_memory=1 cgroup_enable=memory" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)'
fi
2020-03-06 17:47:19 +00:00
[ " ${ INSTALL_K3S_SKIP_ENABLE } " = true ] && return
2019-08-23 13:11:25 +00:00
[ " ${ HAS_SYSTEMD } " = true ] && systemd_enable
[ " ${ HAS_OPENRC } " = true ] && openrc_enable
2019-04-25 17:06:22 +00:00
2019-08-23 13:11:25 +00:00
[ " ${ INSTALL_K3S_SKIP_START } " = true ] && return
2019-04-25 17:06:22 +00:00
2019-08-23 08:19:40 +00:00
POST_INSTALL_HASHES = $( get_installed_hashes)
2021-04-27 15:49:03 +00:00
if [ " ${ PRE_INSTALL_HASHES } " = " ${ POST_INSTALL_HASHES } " ] && [ " ${ INSTALL_K3S_FORCE_RESTART } " != true ] ; then
2019-08-23 13:11:25 +00:00
info 'No change detected so skipping service start'
2019-04-25 17:06:22 +00:00
return
2019-04-20 00:05:43 +00:00
fi
2019-04-25 17:06:22 +00:00
2023-11-07 01:04:03 +00:00
for XTABLES in iptables ip6tables; do
if has_working_xtables ${ XTABLES } ; then
$SUDO ${ XTABLES } -save 2>/dev/null | grep -v KUBE- | grep -iv flannel | $SUDO ${ XTABLES } -restore
fi
done
2023-04-12 09:17:36 +00:00
2019-08-23 13:11:25 +00:00
[ " ${ HAS_SYSTEMD } " = true ] && systemd_start
[ " ${ HAS_OPENRC } " = true ] && openrc_start
2019-04-27 05:13:38 +00:00
return 0
2019-03-04 17:54:37 +00:00
}
2019-06-15 23:57:40 +00:00
# --- re-evaluate args to include env command ---
eval set -- $( escape " ${ INSTALL_K3S_EXEC } " ) $( quote " $@ " )
2019-03-04 17:54:37 +00:00
# --- run the install process --
{
2019-04-20 00:05:43 +00:00
verify_system
2019-06-15 23:57:40 +00:00
setup_env " $@ "
2019-03-04 17:54:37 +00:00
download_and_verify
2020-03-27 23:28:04 +00:00
setup_selinux
2019-03-04 17:54:37 +00:00
create_symlinks
2019-05-01 21:14:25 +00:00
create_killall
2019-03-04 17:54:37 +00:00
create_uninstall
systemd_disable
create_env_file
create_service_file
2019-04-20 00:05:43 +00:00
service_enable_and_start
2019-03-04 17:54:37 +00:00
}
2023-10-03 21:40:35 +00:00