pre-install: General fixes in pre-install scripts

This PR adds general fixes in the pre-install scripts like removing tab spaces where they are not needed as well as improving the definition of the variables. Signed-off-by: Gabriela Cervantes <[email protected]>
confidential-containers · Feb 29, 2024 · 45ee8c5 · 45ee8c5
1 parent 016a7d4
commit 45ee8c5
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 45 deletions.
diff --git a/install/pre-install-payload/payload.sh b/install/pre-install-payload/payload.sh
@@ -26,7 +26,7 @@ supported_arches=(
 
 function setup_env_for_arch() {
 	case "$1" in
-		"linux/amd64") 
+		"linux/amd64")
 			kernel_arch="x86_64"
 			golang_arch="amd64"
 			;;
@@ -36,27 +36,28 @@ function setup_env_for_arch() {
 			;;
 		*) echo "$1 is not supported" >/dev/stderr && exit 1 ;;
 	esac
-
 }
 
 function purge_previous_manifests() {
-	manifest=${1}
-
+	local manifest
+	local sanitised_manifest
+	manifest="${1}"
 	# We need to sanitise the name by:
 	# * Replacing:
 	#   * '/' by '_'
 	#   * ':' by '-'
-	
+
 	sanitised_manifest="$(echo ${manifest} | sed 's|/|_|g' | sed 's|:|-|g')"
-	rm -rf ${HOME}/.docker/manifests/${sanitised_manifest} || true
+	rm -rf "${HOME}/.docker/manifests/${sanitised_manifest}" || true
 }
 
 function build_payload() {
 	pushd "${script_dir}"
+	local tag
 
 	tag=$(git rev-parse HEAD)
 
-	for arch in ${supported_arches[@]}; do
+	for arch in "${supported_arches[@]}"; do
 		setup_env_for_arch "${arch}"
 
 		echo "Building containerd payload image for ${arch}"
@@ -77,21 +78,21 @@ function build_payload() {
 		docker push "${registry}:${kernel_arch}-${tag}"
 	done
 
-	purge_previous_manifests ${registry}:${tag}
-	purge_previous_manifests ${registry}:latest
+	purge_previous_manifests "${registry}:${tag}"
+	purge_previous_manifests "${registry}:latest"
 
-	docker manifest create ${extra_docker_manifest_flags} \
-		${registry}:${tag} \
-		--amend ${registry}:x86_64-${tag} \
-		--amend ${registry}:s390x-${tag}
+	docker manifest create "${extra_docker_manifest_flags}" \
+		"${registry}:${tag}" \
+		--amend "${registry}":x86_64-"${tag}" \
+		--amend "${registry}":s390x-"${tag}"
 
-	docker manifest create ${extra_docker_manifest_flags} \
-		${registry}:latest \
-		--amend ${registry}:x86_64-${tag} \
-		--amend ${registry}:s390x-${tag}
+	docker manifest create "${extra_docker_manifest_flags}" \
+		"${registry}:latest" \
+		--amend "${registry}":x86_64-"${tag}" \
+		--amend "${registry}":s390x-"${tag}"
 
-	docker manifest push ${extra_docker_manifest_flags} ${registry}:${tag}
-	docker manifest push ${extra_docker_manifest_flags} ${registry}:latest
+	docker manifest push "${extra_docker_manifest_flags}" "${registry}:${tag}"
+	docker manifest push "${extra_docker_manifest_flags}" "${registry}:latest"
 
 	popd
 }

diff --git a/install/pre-install-payload/scripts/reqs-deploy.sh b/install/pre-install-payload/scripts/reqs-deploy.sh
@@ -29,12 +29,13 @@ function host_systemctl() {
 }
 
 function get_container_engine() {
-	local container_engine=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.nodeInfo.containerRuntimeVersion}' | awk -F '[:]' '{print $1}')
+	local container_engine
+	container_engine=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.nodeInfo.containerRuntimeVersion}' | awk -F '[:]' '{print $1}')
 	if [ "${container_engine}" != "containerd" ]; then
 		die "${container_engine} is not yet supported"
 	fi
 
-	echo "$container_engine"	
+	echo "$container_engine"
 }
 
 function set_container_engine() {
@@ -44,13 +45,14 @@ function set_container_engine() {
 }
 
 function install_containerd_artefacts() {
-	flavour=${1}
+	local flavour
+	flavour="${1}"
 
 	echo "Copying ${flavour} containerd-for-cc artifacts onto host"
 
 
-	install -D -m 755 ${artifacts_dir}/opt/confidential-containers/bin/${flavour}-containerd /opt/confidential-containers/bin/containerd
-	install -D -m 644 ${artifacts_dir}/etc/systemd/system/containerd.service.d/containerd-for-cc-override.conf /etc/systemd/system/containerd.service.d/containerd-for-cc-override.conf
+	install -D -m 755 "${artifacts_dir}"/opt/confidential-containers/bin/"${flavour}"-containerd /opt/confidential-containers/bin/containerd
+	install -D -m 644 "${artifacts_dir}"/etc/systemd/system/containerd.service.d/containerd-for-cc-override.conf /etc/systemd/system/containerd.service.d/containerd-for-cc-override.conf
 }
 
 function install_coco_containerd_artefacts() {
@@ -68,12 +70,12 @@ function install_vfio_gpu_containerd_artefacts() {
 function install_nydus_snapshotter_artefacts() {
 	echo "Copying nydus-snapshotter artifacts onto host"
 
-	install -D -m 755 ${artifacts_dir}/opt/confidential-containers/bin/containerd-nydus-grpc /opt/confidential-containers/bin/containerd-nydus-grpc
-	install -D -m 755 ${artifacts_dir}/opt/confidential-containers/bin/nydus-overlayfs /opt/confidential-containers/bin/nydus-overlayfs
+	install -D -m 755 "${artifacts_dir}"/opt/confidential-containers/bin/containerd-nydus-grpc /opt/confidential-containers/bin/containerd-nydus-grpc
+	install -D -m 755 "${artifacts_dir}"/opt/confidential-containers/bin/nydus-overlayfs /opt/confidential-containers/bin/nydus-overlayfs
 	ln -sf /opt/confidential-containers/bin/nydus-overlayfs /usr/local/bin/nydus-overlayfs
 
-	install -D -m 644 ${artifacts_dir}/opt/confidential-containers/share/nydus-snapshotter/config-coco-guest-pulling.toml /opt/confidential-containers/share/nydus-snapshotter/config-coco-guest-pulling.toml
-	install -D -m 644 ${artifacts_dir}/etc/systemd/system/nydus-snapshotter.service /etc/systemd/system/nydus-snapshotter.service
+	install -D -m 644 "${artifacts_dir}"/opt/confidential-containers/share/nydus-snapshotter/config-coco-guest-pulling.toml /opt/confidential-containers/share/nydus-snapshotter/config-coco-guest-pulling.toml
+	install -D -m 644 "${artifacts_dir}"/etc/systemd/system/nydus-snapshotter.service /etc/systemd/system/nydus-snapshotter.service
 
 	host_systemctl daemon-reload
 	host_systemctl enable nydus-snapshotter.service
@@ -105,12 +107,12 @@ function uninstall_containerd_artefacts() {
 	echo "Removing containerd-for-cc artifacts from host"
 
 	echo "Removing the systemd drop-in file"
-	rm -f /etc/systemd/system/${container_engine}.service.d/${container_engine}-for-cc-override.conf
+	rm -f /etc/systemd/system/"${container_engine}".service.d/"${container_engine}"-for-cc-override.conf
 	echo "Removing the systemd drop-in file's directory, if empty"
-	if [ -d /etc/systemd/system/${container_engine}.service.d ]; then
-		rmdir --ignore-fail-on-non-empty /etc/systemd/system/${container_engine}.service.d
+	if [ -d /etc/systemd/system/"${container_engine}".service.d ]; then
+		rmdir --ignore-fail-on-non-empty /etc/systemd/system/"${container_engine}".service.d
 	fi
-	
+
 	restart_systemd_service
 
 	echo "Removing the containerd binary"
@@ -124,7 +126,7 @@ function uninstall_containerd_artefacts() {
 function uninstall_nydus_snapshotter_artefacts() {
 	if host_systemctl list-units | grep -q nydus-snapshotter; then
 		for i in `host_ctr -n k8s.io snapshot --snapshotter nydus list | grep -v KEY | cut -d' ' -f1`; do
-			host_ctr -n k8s.io snapshot --snapshotter nydus rm $i || true
+			host_ctr -n k8s.io snapshot --snapshotter nydus rm "$i" || true
 		done
 
 		remove_nydus_snapshotter_from_containerd
@@ -145,7 +147,7 @@ function uninstall_nydus_snapshotter_artefacts() {
 	# directory
 	rm -rf /opt/confidential-containers/share
 	rm -rf /var/lib/containerd-nydus/*
-}	
+}
 
 function uninstall_artifacts() {
 	if [ "${INSTALL_NYDUS_SNAPSHOTTER}" = "true" ]; then
@@ -166,7 +168,7 @@ function restart_systemd_service() {
 function configure_nydus_snapshotter_for_containerd() {
 	echo "configure nydus snapshotter for containerd"
 
-	containerd_imports_path="/etc/containerd/config.toml.d"
+	local containerd_imports_path="/etc/containerd/config.toml.d"
 
 	echo "Create ${containerd_imports_path}"
 	mkdir -p "${containerd_imports_path}"
@@ -179,10 +181,10 @@ function configure_nydus_snapshotter_for_containerd() {
     address = "/run/containerd-nydus/containerd-nydus-grpc.sock"
 EOF
 	if grep -q "^imports = " "$containerd_config"; then
-		sed -i -e "s|^imports = \[\(.*\)\]|imports = [\"${containerd_imports_path}/nydus-snapshotter.toml\", \1]|g" ${containerd_config}
-		sed -i -e "s|, ]|]|g" ${containerd_config}
+		sed -i -e "s|^imports = \[\(.*\)\]|imports = [\"${containerd_imports_path}/nydus-snapshotter.toml\", \1]|g" "${containerd_config}"
+		sed -i -e "s|, ]|]|g" "${containerd_config}"
 	else
-		sed -i -e "1s|^|imports = [\"${containerd_imports_path}/nydus-snapshotter.toml\"]\n|" ${containerd_config}
+		sed -i -e "1s|^|imports = [\"${containerd_imports_path}/nydus-snapshotter.toml\"]\n|" "${containerd_config}"
 	fi
 
 	# Annotations should be passed down to the remote snapshotter in order to
@@ -207,19 +209,19 @@ EOF
 function remove_nydus_snapshotter_from_containerd() {
 	echo "Remove nydus snapshotter from containerd"
 
-	containerd_imports_path="/etc/containerd/config.toml.d"
+	local containerd_imports_path="/etc/containerd/config.toml.d"
 
 	rm -f "${containerd_imports_path}/nydus-snapshotter.toml"
-	sed -i -e "s|\"${containerd_imports_path}/nydus-snapshotter.toml\"||g" ${containerd_config}
-	sed -i -e "s|, ]|]|g" ${containerd_config}
+	sed -i -e "s|\"${containerd_imports_path}/nydus-snapshotter.toml\"||g" "${containerd_config}"
+	sed -i -e "s|, ]|]|g" "${containerd_config}"
 
 	if grep -q "${snapshot_annotations_marker}" "${containerd_config}"; then
 		sed -i '/'"${snapshot_annotations_marker}"'/d' \
 			"${containerd_config}"
 		sed -i '/disable_snapshot_annotations = false/d' \
 			"${containerd_config}"
 	else
-		sed -i -e "s|disable_snapshot_annotations = false|disable_snapshot_annotations = true|" ${containerd_config}
+		sed -i -e "s|disable_snapshot_annotations = false|disable_snapshot_annotations = true|" "${containerd_config}"
 	fi
 }
 
@@ -247,12 +249,13 @@ function main() {
 	echo "INSTALL_NYDUS_SNAPSHOTTER: ${INSTALL_NYDUS_SNAPSHOTTER}"
 
 	# script requires that user is root
-	local euid=$(id -u)
-	if [ ${euid} -ne 0 ]; then
+	local euid
+	euid=$(id -u)
+	if [ "${euid}" -ne 0 ]; then
 		die "This script must be run as root"
 	fi
 
-	local action=${1:-}
+	local action="${1:-}"
 	if [ -z "${action}" ]; then
 		print_help && die ""
 	fi