diff --git a/cluster/gce/gci/configure.sh b/cluster/gce/gci/configure.sh index 663c26501d14..39425214b8cb 100644 --- a/cluster/gce/gci/configure.sh +++ b/cluster/gce/gci/configure.sh @@ -24,13 +24,13 @@ set -o nounset set -o pipefail ### Hardcoded constants -DEFAULT_CNI_VERSION="v0.8.7" -DEFAULT_CNI_HASH="8f2cbee3b5f94d59f919054dccfe99a8e3db5473b553d91da8af4763e811138533e05df4dbeab16b3f774852b4184a7994968f5e036a3f531ad1ac4620d10ede" -DEFAULT_NPD_VERSION="v0.8.5" -DEFAULT_NPD_HASH="3fbf97a38c06d8fcc8c46f956a6e90aa1b47cb42d50ddcfd1a644a7e624e42ee523db2f81e08fbfb21b80142d4bafdbedce16e8b62d2274a5b2b703a56d9c015" -DEFAULT_CRICTL_VERSION="v1.20.0" -DEFAULT_CRICTL_HASH="bf6e07c0834ead3cb17342fdd684723acd66d71dbad9a93a2c2001db0af647db124be732d9eaa58e3d0f36d7ab1026ab1380e1331e084810f1403e3656d1205d" -DEFAULT_MOUNTER_TAR_SHA="7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516" +DEFAULT_CNI_VERSION='v0.8.7' +DEFAULT_CNI_HASH='8f2cbee3b5f94d59f919054dccfe99a8e3db5473b553d91da8af4763e811138533e05df4dbeab16b3f774852b4184a7994968f5e036a3f531ad1ac4620d10ede' +DEFAULT_NPD_VERSION='v0.8.5' +DEFAULT_NPD_HASH='3fbf97a38c06d8fcc8c46f956a6e90aa1b47cb42d50ddcfd1a644a7e624e42ee523db2f81e08fbfb21b80142d4bafdbedce16e8b62d2274a5b2b703a56d9c015' +DEFAULT_CRICTL_VERSION='v1.20.0' +DEFAULT_CRICTL_HASH='bf6e07c0834ead3cb17342fdd684723acd66d71dbad9a93a2c2001db0af647db124be732d9eaa58e3d0f36d7ab1026ab1380e1331e084810f1403e3656d1205d' +DEFAULT_MOUNTER_TAR_SHA='7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516' ### # Use --retry-connrefused opt only if it's supported by curl. @@ -64,7 +64,7 @@ function download-kube-env { -o "${tmp_kube_env}" \ http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env # Convert the yaml format file into a shell-style file. - eval $(${PYTHON} -c ''' + eval "$(${PYTHON} -c ''' import pipes,sys,yaml # check version of python and call methods appropriate for that version if sys.version_info[0] < 3: @@ -73,7 +73,7 @@ else: items = yaml.load(sys.stdin, Loader=yaml.BaseLoader).items() for k, v in items: print("readonly {var}={value}".format(var=k, value=pipes.quote(str(v)))) -''' < "${tmp_kube_env}" > "${KUBE_HOME}/kube-env") +''' < "${tmp_kube_env}" > "${KUBE_HOME}/kube-env")" rm -f "${tmp_kube_env}" ) } @@ -108,7 +108,7 @@ function download-kube-master-certs { -o "${tmp_kube_master_certs}" \ http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-master-certs # Convert the yaml format file into a shell-style file. - eval $(${PYTHON} -c ''' + eval "$(${PYTHON} -c ''' import pipes,sys,yaml # check version of python and call methods appropriate for that version if sys.version_info[0] < 3: @@ -117,7 +117,7 @@ else: items = yaml.load(sys.stdin, Loader=yaml.BaseLoader).items() for k, v in items: print("readonly {var}={value}".format(var=k, value=pipes.quote(str(v)))) -''' < "${tmp_kube_master_certs}" > "${KUBE_HOME}/kube-master-certs") +''' < "${tmp_kube_master_certs}" > "${KUBE_HOME}/kube-master-certs")" rm -f "${tmp_kube_master_certs}" ) } @@ -153,9 +153,8 @@ function download-or-bust { local -r hash="$1" shift 1 - local -r urls=( $* ) while true; do - for url in "${urls[@]}"; do + for url in "$@"; do local file="${url##*/}" rm -f "${file}" # if the url belongs to GCS API we should use oauth2_token in the headers @@ -186,14 +185,14 @@ function is-preloaded { } function split-commas { - echo $1 | tr "," "\n" + echo -e "${1//,/'\n'}" } function remount-flexvolume-directory { local -r flexvolume_plugin_dir=$1 - mkdir -p $flexvolume_plugin_dir - mount --bind $flexvolume_plugin_dir $flexvolume_plugin_dir - mount -o remount,exec $flexvolume_plugin_dir + mkdir -p "$flexvolume_plugin_dir" + mount --bind "$flexvolume_plugin_dir" "$flexvolume_plugin_dir" + mount -o remount,exec "$flexvolume_plugin_dir" } function install-gci-mounter-tools { @@ -246,11 +245,10 @@ function install-node-problem-detector { } function install-cni-binaries { + local -r cni_version=${CNI_VERSION:-$DEFAULT_CNI_VERSION} if [[ -n "${CNI_VERSION:-}" ]]; then - local -r cni_version="${CNI_VERSION}" - local -r cni_hash="${CNI_HASH}" + local -r cni_hash="${CNI_HASH:-}" else - local -r cni_version="${DEFAULT_CNI_VERSION}" local -r cni_hash="${DEFAULT_CNI_HASH}" fi @@ -330,7 +328,10 @@ function install-kube-manifests { # Put kube-system pods manifests in ${KUBE_HOME}/kube-manifests/. local dst_dir="${KUBE_HOME}/kube-manifests" mkdir -p "${dst_dir}" - local -r manifests_tar_urls=( $(split-commas "${KUBE_MANIFESTS_TAR_URL}") ) + local manifests_tar_urls + while IFS= read -r url; do + manifests_tar_urls+=("$url") + done < <(split-commas "${KUBE_MANIFESTS_TAR_URL}") local -r manifests_tar="${manifests_tar_urls[0]##*/}" if [ -n "${KUBE_MANIFESTS_TAR_HASH:-}" ]; then local -r manifests_tar_hash="${KUBE_MANIFESTS_TAR_HASH}" @@ -350,10 +351,10 @@ function install-kube-manifests { tar xzf "${KUBE_HOME}/${manifests_tar}" -C "${dst_dir}" --overwrite local -r kube_addon_registry="${KUBE_ADDON_REGISTRY:-k8s.gcr.io}" if [[ "${kube_addon_registry}" != "k8s.gcr.io" ]]; then - find "${dst_dir}" -name \*.yaml -or -name \*.yaml.in | \ - xargs sed -ri "s@(image:\s.*)k8s.gcr.io@\1${kube_addon_registry}@" - find "${dst_dir}" -name \*.manifest -or -name \*.json | \ - xargs sed -ri "s@(image\":\s+\")k8s.gcr.io@\1${kube_addon_registry}@" + find "${dst_dir}" \(-name '*.yaml' -or -name '*.yaml.in'\) -print0 | \ + xargs -0 sed -ri "s@(image:\s.*)k8s.gcr.io@\1${kube_addon_registry}@" + find "${dst_dir}" \(-name '*.manifest' -or -name '*.json'\) -print0 | \ + xargs -0 sed -ri "s@(image\":\s+\")k8s.gcr.io@\1${kube_addon_registry}@" fi cp "${dst_dir}/kubernetes/gci-trusty/gci-configure-helper.sh" "${KUBE_BIN}/configure-helper.sh" cp "${dst_dir}/kubernetes/gci-trusty/configure-kubeapiserver.sh" "${KUBE_BIN}/configure-kubeapiserver.sh" @@ -386,6 +387,8 @@ function try-load-docker-image { load_image_command="${LOAD_IMAGE_COMMAND:-}" fi + # Deliberately word split load_image_command + # shellcheck disable=SC2086 until timeout 30 ${load_image_command} "${img}"; do if [[ "${attempt_num}" == "${max_attempts}" ]]; then echo "Fail to load docker image file ${img} using ${load_image_command} after ${max_attempts} retries. Exit!!" @@ -436,7 +439,7 @@ function install-docker { release=$(lsb_release -cs) # Add the Docker apt-repository - curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg \ + curl -fsSL "https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg" \ | apt-key add - add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \ @@ -444,7 +447,7 @@ function install-docker { # Install Docker apt-get update && \ - apt-get install -y --no-install-recommends ${GCI_DOCKER_VERSION:-"docker-ce=5:19.03.*"} + apt-get install -y --no-install-recommends "${GCI_DOCKER_VERSION:-"docker-ce=5:19.03.*"}" rm -rf /var/lib/apt/lists/* } @@ -477,7 +480,7 @@ function install-containerd-ubuntu { release=$(lsb_release -cs) # Add the Docker apt-repository (as we install containerd from there) - curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg \ + curl -fsSL "https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg" \ | apt-key add - add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \ @@ -490,13 +493,13 @@ function install-containerd-ubuntu { # Override to latest versions of containerd and runc systemctl stop containerd - if [[ ! -z "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" ]]; then + if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" ]]; then # containerd versions have slightly different url(s), so try both ( curl -fsSL "https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}-linux-amd64.tar.gz" || \ curl -fsSL "https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}.linux-amd64.tar.gz" ) \ | tar --overwrite -xzv -C /usr/ fi - if [[ ! -z "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then + if [[ -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then curl -fsSL "https://github.com/opencontainers/runc/releases/download/${UBUNTU_INSTALL_RUNC_VERSION}/runc.amd64" --output /usr/sbin/runc && chmod 755 /usr/sbin/runc fi sudo systemctl start containerd @@ -515,7 +518,7 @@ function ensure-container-runtime { docker version elif [[ "${container_runtime}" == "containerd" ]]; then # Install containerd/runc if requested - if [[ ! -z "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || ! -z "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then + if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then install-containerd-ubuntu fi # Verify presence and print versions of ctr, containerd, runc @@ -543,7 +546,10 @@ function ensure-container-runtime { # and places them into suitable directories. Files are placed in /home/kubernetes. function install-kube-binary-config { cd "${KUBE_HOME}" - local -r server_binary_tar_urls=( $(split-commas "${SERVER_BINARY_TAR_URL}") ) + local server_binary_tar_urls + while IFS= read -r url; do + server_binary_tar_urls+=("$url") + done < <(split-commas "${SERVER_BINARY_TAR_URL}") local -r server_binary_tar="${server_binary_tar_urls[0]##*/}" if [[ -n "${SERVER_BINARY_TAR_HASH:-}" ]]; then local -r server_binary_tar_hash="${SERVER_BINARY_TAR_HASH}" @@ -640,7 +646,7 @@ else exit 2 fi fi -echo "Version : " $(${PYTHON} -V 2>&1) +echo "Version : $(${PYTHON} -V 2>&1)" # download and source kube-env download-kube-env diff --git a/hack/.shellcheck_failures b/hack/.shellcheck_failures index 3a363fe23345..e69de29bb2d1 100644 --- a/hack/.shellcheck_failures +++ b/hack/.shellcheck_failures @@ -1 +0,0 @@ -./cluster/gce/gci/configure.sh