安装nerdctl和buildkitd脚本命令

#!/bin/bash

set -euo pipefail

检查是否以root权限运行

if "$(id -u)" -ne 0 ; then

echo "错误：请使用root权限或sudo运行本脚本" >&2

exit 1

fi

检测openEuler系统（兼容大小写）

detect_distribution() {

if -f /etc/os-release ; then

. /etc/os-release

匹配ID为openEuler（兼容大小写，如"openEuler"或"openeuler"）

if \[ "$ID" =\~ \^\[OopenEeuler$ ]]; then

echo "openeuler"

else

echo "unsupported"

fi

else

echo "unsupported"

fi

}

DISTRO=$(detect_distribution)

if \[ "$DISTRO" != "openeuler" ]; then

echo "错误：本脚本仅适用于openEuler系统" >&2

exit 1

fi

安装前置依赖（openEuler 25.03使用dnf）

install_dependencies() {

dnf update -y

dnf install -y \

curl \

gnupg \

ca-certificates \

jq \

tar \

gzip \

device-mapper-persistent-data \

lvm2 # 容器存储依赖

}

安装containerd（使用openEuler官方仓库）

install_containerd() {

安装最新稳定版containerd

dnf install -y containerd

优化containerd配置（适配openEuler 25.03的systemd和cgroupv2）

sed -i '/SystemdCgroup =/c\SystemdCgroup = true' /etc/containerd/config.toml

sed -i 's/cri\.containerd\.runtime\.v1\.linux/cri.containerd.untrusted-workload.v1.linux/g' /etc/containerd/config.toml # 启用非信任工作负载支持

重启并启用服务

systemctl daemon-reload

systemctl restart containerd

systemctl enable containerd

}

安装最新版nerdctl（适配openEuler架构）

install_nerdctl() {

获取最新稳定版（排除预发布）

LATEST_NERDCTL=$(curl -s https://api.github.com/repos/containerd/nerdctl/releases/latest | jq -r '.tag_name')

if \[ -z "$LATEST_NERDCTL" \|\| "$LATEST_NERDCTL" == "null" ]; then

echo "获取nerdctl最新版本失败，可能是网络问题" >&2

exit 1

fi

识别架构（支持x86_64/aarch64）

ARCH=(case (uname -m) in

x86_64) echo "amd64" ;;

aarch64) echo "arm64" ;;

*) echo "unsupported"; exit 1 ;;

esac)

echo "下载文件：https://github.com/containerd/nerdctl/releases/download/${LATEST_NERDCTL}/nerdctl-${LATEST_NERDCTL#v}-linux-${ARCH}.tar.gz"

下载并安装

curl -fsSL "https://github.com/containerd/nerdctl/releases/download/${LATEST_NERDCTL}/nerdctl-${LATEST_NERDCTL#v}-linux-${ARCH}.tar.gz" \

| tar -xz -C /usr/local/bin

验证安装

if ! command -v nerdctl &> /dev/null; then

echo "nerdctl安装失败" >&2

exit 1

fi

}

安装buildkit并配置systemd服务（适配openEuler）

install_buildkit() {

获取最新稳定版

LATEST_BUILDKIT=$(curl -s https://api.github.com/repos/moby/buildkit/releases/latest | jq -r '.tag_name')

if \[ -z "$LATEST_BUILDKIT" \|\| "$LATEST_BUILDKIT" == "null" ]; then

echo "获取buildkit最新版本失败，可能是网络问题" >&2

exit 1

fi

识别架构

ARCH=(case (uname -m) in

x86_64) echo "amd64" ;;

aarch64) echo "arm64" ;;

*) echo "unsupported"; exit 1 ;;

esac)

下载并安装

curl -fL "https://github.com/moby/buildkit/releases/download/${LATEST_BUILDKIT}/buildkit-${LATEST_BUILDKIT}.linux-${ARCH}.tar.gz" \

| tar -xz -C /usr/local

创建buildkitd服务文件（优化openEuler集成）

cat > /etc/systemd/system/buildkitd.service <<EOF

Unit

Description=BuildKit Daemon for openEuler 25.03

Documentation=https://github.com/moby/buildkit

After=network.target containerd.service

Requires=containerd.service

Service

Type=simple

ExecStart=/usr/local/bin/buildkitd \

--oci-worker=true \

--containerd-worker=true \

--containerd-worker-namespace=k8s.io \

--addr=unix:///run/buildkit/buildkitd.sock \

--oci-worker-snapshotter=overlayfs

Restart=on-failure

RestartSec=5

LimitNOFILE=1048576

Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Install

WantedBy=multi-user.target

EOF

启动服务并配置开机自启

systemctl daemon-reload

systemctl start buildkitd

systemctl enable buildkitd

}

主执行流程

echo "=== 检测到openEuler 25.03系统，开始安装 ==="

echo "=== 1/4 安装前置依赖 ==="

install_dependencies

echo "=== 2/4 安装并配置containerd ==="

install_containerd

echo "=== 3/4 安装最新版nerdctl ==="

install_nerdctl

echo "=== 4/4 安装并配置buildkit ==="

install_buildkit

echo "=== 安装验证 ==="

echo "nerdctl版本: $(nerdctl --version)"

echo "buildkitd状态: $(systemctl is-active buildkitd)"

echo "containerd状态: $(systemctl is-active containerd)"

echo "安装完成！nerdctl和buildkit已配置为开机启动"