Skip to content

Commit

Permalink
Enable containerd to deploy vanilla containerd package (kubernetes-si…
Browse files Browse the repository at this point in the history 
…gs#4951)

* Enable containerd to deploy vanilla containerd package

Fixes kubeadm references to CRI socket for containerd
Fixes download role cache feature to work with containerd

Change-Id: I2ab8f0031107e2f0d1a85c39b4beb66f08509a01

* use containerd for flannel-addons job

Change-Id: Ied375c7d65e64a625ffbd995ff16f2374067dee6

* add containerd vars

Change-Id: Ib9a8a04e501c481a86235413cbec63f3672baf91

* fixup vars

Change-Id: Ibea64e4b18405a578b52a13da100384582aa24c2

* more fixes

* fix rh repo

Change-Id: I00575a77cfb7b81d6095db5d918a52023c8f13ba

* Adjust helm host install for containerd
  • Loading branch information
@mattymo @k8s-ci-robot
mattymo authored and k8s-ci-robot committed Jul 11, 2019
1 parent a038d62 commit 2930774
Show file tree
Hide file tree
Showing 24 changed files with 408 additions and 68 deletions.
32 changes: 32 additions & 0 deletions roles/container-engine/containerd/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,35 @@ containerd_config:
registries:
"docker.io": "https://registry-1.docker.io"
max_container_log_line_size: -1

containerd_version: '1.2.6'
containerd_package: 'containerd.io'

containerd_cfg_dir: /etc/containerd

# Path to runc binray
runc_binary: /usr/sbin/runc


yum_repo_dir: /etc/yum.repos.d
yum_conf: /etc/yum.conf
containerd_yum_conf: /etc/yum_containerd.conf

# Optional values for containerd apt repo
containerd_package_info:
pkgs:

containerd_repo_key_info:
repo_keys:

containerd_repo_info:
repos:

extras_rh_repo_base_url: "http://mirror.centos.org/centos/$releasever/extras/$basearch/"
extras_rh_repo_gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7"

# Ubuntu docker-ce repo
containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
containerd_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
containerd_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
containerd_ubuntu_repo_component: 'stable'
18 changes: 7 additions & 11 deletions roles/container-engine/containerd/handlers/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,19 @@
- name: restart containerd
command: /bin/true
notify:
- Containerd | reload containerd
- Containerd | pause while containerd restarts
- Containerd | restart containerd
- Containerd | wait for containerd

- name: Containerd | reload containerd
service:
- name: Containerd | restart containerd
systemd:
name: containerd
state: restarted

- name: Containerd | pause while containerd restarts
pause:
seconds: 5
prompt: "Waiting for containerd restart"
enabled: yes
daemon-reload: yes

- name: Containerd | wait for containerd
command: "{{ containerd_bin_dir }}/ctr images ls -q"
register: containerd_ready
retries: 10
delay: 5
retries: 8
delay: 4
until: containerd_ready.rc == 0
106 changes: 106 additions & 0 deletions roles/container-engine/containerd/tasks/containerd_repo.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
---
- name: ensure containerd repository public key is installed
action: "{{ containerd_repo_key_info.pkg_key }}"
args:
id: "{{ item }}"
url: "{{ containerd_repo_key_info.url }}"
state: present
register: keyserver_task_result
until: keyserver_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ containerd_repo_key_info.repo_keys }}"
when:
- ansible_os_family in ['Ubuntu', 'Debian']
- not is_atomic

- name: ensure containerd repository is enabled
action: "{{ containerd_repo_info.pkg_repo }}"
args:
repo: "{{ item }}"
state: present
with_items: "{{ containerd_repo_info.repos }}"
when:
- ansible_os_family in ['Ubuntu', 'Debian']
- not is_atomic
- containerd_repo_info.repos|length > 0

# This is required to ensure any apt upgrade will not break kubernetes
- name: Set containerd pin priority to apt_preferences on Debian family
template:
src: "apt_preferences.d/debian_containerd.j2"
dest: "/etc/apt/preferences.d/containerd"
owner: "root"
mode: 0644
when:
- ansible_os_family in ['Ubuntu', 'Debian']
- not is_atomic

- name: ensure containerd repository public key is installed
action: "{{ containerd_repo_key_info.pkg_key }}"
args:
id: "{{ item }}"
url: "{{ containerd_repo_key_info.url }}"
state: present
register: keyserver_task_result
until: keyserver_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ containerd_repo_key_info.repo_keys }}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)

- name: ensure containerd repository is enabled
action: "{{ containerd_repo_info.pkg_repo }}"
args:
repo: "{{ item }}"
state: present
with_items: "{{ containerd_repo_info.repos }}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (containerd_repo_info.repos|length > 0)

- name: Configure containerd repository on Fedora
template:
src: "fedora_containerd.repo.j2"
dest: "{{ yum_repo_dir }}/containerd.repo"
when: ansible_distribution == "Fedora" and not is_atomic

- name: Configure containerd repository on RedHat/CentOS
template:
src: "rh_containerd.repo.j2"
dest: "{{ yum_repo_dir }}/containerd.repo"
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic

- name: check if container-selinux is available
yum:
list: "container-selinux"
register: yum_result
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic

- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
yum_repository:
name: extras
description: "CentOS-7 - Extras"
state: present
baseurl: "{{ extras_rh_repo_base_url }}"
file: "extras"
gpgcheck: yes
gpgkey: "{{ extras_rh_repo_gpgkey }}"
keepcache: "{{ containerd_rpm_keepcache | default('1') }}"
proxy: " {{ http_proxy | default('_none_') }}"
when:
- ansible_distribution in ["CentOS","RedHat"] and not is_atomic
- yum_result.results | length == 0

- name: Copy yum.conf for editing
copy:
src: "{{ yum_conf }}"
dest: "{{ containerd_yum_conf }}"
remote_src: yes
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic

- name: Edit copy of yum.conf to set obsoletes=0
lineinfile:
path: "{{ containerd_yum_conf }}"
state: present
regexp: '^obsoletes='
line: 'obsoletes=0'
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
2 changes: 1 addition & 1 deletion roles/container-engine/containerd/tasks/crictl.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- name: crictl | Download crictl
include_tasks: "roles/download/tasks/download_file.yml"
include_tasks: "../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.crictl) }}"

Expand Down
134 changes: 108 additions & 26 deletions roles/container-engine/containerd/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,27 +5,119 @@
when:
- not ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]

- name: Install Docker
include_role:
name: container-engine/docker
- name: gather os specific variables
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
- "{{ ansible_os_family|lower }}.yml"
- defaults.yml
paths:
- ../vars
skip: true
tags:
- facts

- name: Install config.toml
- include_tasks: containerd_repo.yml

- name: ensure containerd config directory
file:
dest: "{{ containerd_cfg_dir }}"
state: directory
mode: 0755
owner: root
group: root

- name: Copy containerd config file
template:
src: config.toml.j2
dest: /etc/containerd/config.toml
owner: bin
dest: "{{ containerd_cfg_dir }}/config.toml"
owner: "root"
mode: 0644
notify: restart containerd

- name: Stop and disabled Docker
systemd:
name: docker
state: stopped
enabled: no

- name: Restart containerd
systemd:
name: containerd
state: restarted
- name: ensure containerd repository public key is installed
action: "{{ containerd_repo_key_info.pkg_key }}"
args:
id: "{{ item }}"
url: "{{ containerd_repo_key_info.url }}"
state: present
register: keyserver_task_result
until: keyserver_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ containerd_repo_key_info.repo_keys }}"
when:
- ansible_os_family in ['Ubuntu', 'Debian']
- not is_atomic

- name: ensure containerd repository is enabled
action: "{{ containerd_repo_info.pkg_repo }}"
args:
repo: "{{ item }}"
state: present
with_items: "{{ containerd_repo_info.repos }}"
when:
- ansible_os_family in ['Ubuntu', 'Debian']
- not is_atomic
- containerd_repo_info.repos|length > 0

# This is required to ensure any apt upgrade will not break kubernetes
- name: Set containerd pin priority to apt_preferences on Debian family
template:
src: "apt_preferences.d/debian_containerd.j2"
dest: "/etc/apt/preferences.d/containerd"
owner: "root"
mode: 0644
when:
- ansible_os_family in ['Ubuntu', 'Debian']
- not is_atomic

- name: ensure containerd packages are installed
action: "{{ containerd_package_info.pkg_mgr }}"
args:
pkg: "{{ item.name }}"
force: "{{ item.force | default(omit) }}"
conf_file: "{{ item.yum_conf | default(omit) }}"
state: present
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
register: containerd_task_result
until: containerd_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ containerd_package_info.pkgs }}"
notify: restart containerd
when:
- not is_atomic
- containerd_package_info.pkgs|length > 0
ignore_errors: true

- name: Check if runc is installed
stat:
path: /usr/sbin/runc
register: runc_stat

- name: Install runc package if necessary
action: "{{ containerd_package_info.pkg_mgr }}"
args:
pkg: runc
state: present
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
register: runc_task_result
until: runc_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
notify: restart containerd
when:
- not is_atomic
- not runc_stat.stat.exists

- name: Install crictl config
template:
Expand All @@ -35,16 +127,6 @@
mode: 0644

- name: Install crictl completion
shell: /usr/local/bin/crictl completion >/etc/bash_completion.d/crictl
shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl"
ignore_errors: True
when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]

- name: Enable containerd
systemd:
name: containerd.service
state: started
enabled: yes
daemon-reload: yes

- name: flush handlers so we can wait for containerd to come up
meta: flush_handlers
3 changes: 3 additions & 0 deletions roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Package: {{ containerd_package }}
Pin: version {{ containerd_version }}.*
Pin-Priority: 1001
2 changes: 1 addition & 1 deletion roles/container-engine/containerd/templates/config.toml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ disabled_plugins = ["restart"]

[plugins.linux]
shim = "/usr/bin/containerd-shim"
runtime = "/usr/sbin/runc"
runtime = "{{ runc_binary }}"

[plugins.cri]
stream_server_address = "127.0.0.1"
Expand Down
17 changes: 17 additions & 0 deletions roles/container-engine/containerd/templates/rh_containerd.repo.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[docker-ce]
name=Docker-CE Repository
baseurl={{ docker_rh_repo_base_url }}
enabled=1
gpgcheck=1
keepcache={{ docker_rpm_keepcache | default('1') }}
gpgkey={{ docker_rh_repo_gpgkey }}
{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}

[docker-engine]
name=Docker-Engine Repository
baseurl={{ dockerproject_rh_repo_base_url }}
enabled=1
gpgcheck=1
keepcache={{ docker_rpm_keepcache | default('1') }}
gpgkey={{ dockerproject_rh_repo_gpgkey }}
{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
28 changes: 28 additions & 0 deletions roles/container-engine/containerd/vars/redhat.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---

containerd_versioned_pkg:
'latest': "{{ containerd_package }}"
'1.2.4': "{{ containerd_package }}-1.2.4-3.1.el7"
'1.2.5': "{{ containerd_package }}-1.2.5-3.1.el7"
'1.2.6': "{{ containerd_package }}-1.2.6-3.3.el7"
'stable': "{{ containerd_package }}-1.2.6-3.3.el7"
'edge': "{{ containerd_package }}-1.2.6-3.3.el7"

containerd_package_info:
pkg_mgr: yum
pkgs:
- name: "{{ containerd_versioned_pkg[containerd_version | string] }}"

containerd_pkgs:
- name: "{{ containerd_versioned_pkg[containerd_version | string] }}"
yum_conf: "{{ containerd_yum_conf }}"

containerd_repo_key_info:
pkg_key: ''
repo_keys: []

containerd_repo_info:
pkg_repo: ''
repos: []

runc_binary: /bin/runc
Loading

0 comments on commit 2930774

Please sign in to comment.