From 09bccc97bab30673e810ed893df19936346aa7ea Mon Sep 17 00:00:00 2001
From: Maxime Guyot <Miouge1@users.noreply.github.com>
Date: Wed, 22 Apr 2020 15:09:52 +0200
Subject: [PATCH] Add CRI-O CI (#5460)
---
.gitlab-ci/packet.yml | 5 +++
.../container-engine/cri-o/defaults/main.yml | 2 +-
.../container-engine/cri-o/handlers/main.yml | 1 +
.../cri-o/molecule/default/molecule.yml | 31 +++++++++++++++++++
.../cri-o/molecule/default/playbook.yml | 7 +++++
.../cri-o/molecule/default/prepare.yml | 6 ++++
.../molecule/default/tests/test_default.py | 20 ++++++++++++
roles/container-engine/cri-o/tasks/crictl.yml | 14 +++++++--
roles/container-engine/cri-o/tasks/main.yaml | 10 +++++-
.../cri-o/templates/crio.conf.j2 | 2 --
roles/container-engine/cri-o/vars/fedora.yml | 3 +-
roles/container-engine/cri-o/vars/ubuntu.yml | 4 +--
tests/files/packet_ubuntu18-crio.yml | 14 +++++++++
13 files changed, 109 insertions(+), 10 deletions(-)
create mode 100644 roles/container-engine/cri-o/molecule/default/molecule.yml
create mode 100644 roles/container-engine/cri-o/molecule/default/playbook.yml
create mode 100644 roles/container-engine/cri-o/molecule/default/prepare.yml
create mode 100644 roles/container-engine/cri-o/molecule/default/tests/test_default.py
create mode 100644 tests/files/packet_ubuntu18-crio.yml
diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml
index a844be132..927c0aaa5 100644
--- a/.gitlab-ci/packet.yml
+++ b/.gitlab-ci/packet.yml
@@ -27,6 +27,11 @@ packet_centos7-flannel-containerd-addons-ha:
stage: deploy-part2
when: on_success
+packet_ubuntu18-crio:
+ extends: .packet
+ stage: deploy-part2
+ when: on_success
+
# ### MANUAL JOBS
packet_centos7-weave-upgrade-ha:
diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index dd75ec4fe..429168ecf 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -5,4 +5,4 @@ crio_seccomp_profile: "/etc/crio/seccomp.json"
crio_cgroup_manager: "{{ kubelet_cgroup_driver | default('cgroupfs') }}"
-crio_runc_path: "/usr/sbin/runc"
+crio_runc_path: "/usr/sbin/runc"
\ No newline at end of file
diff --git a/roles/container-engine/cri-o/handlers/main.yml b/roles/container-engine/cri-o/handlers/main.yml
index 957e8e400..8bc936b45 100644
--- a/roles/container-engine/cri-o/handlers/main.yml
+++ b/roles/container-engine/cri-o/handlers/main.yml
@@ -13,3 +13,4 @@
service:
name: crio
state: restarted
+ enabled: yes
diff --git a/roles/container-engine/cri-o/molecule/default/molecule.yml b/roles/container-engine/cri-o/molecule/default/molecule.yml
new file mode 100644
index 000000000..d544f57fb
--- /dev/null
+++ b/roles/container-engine/cri-o/molecule/default/molecule.yml
@@ -0,0 +1,31 @@
+---
+driver:
+ name: vagrant
+ provider:
+ name: libvirt
+lint:
+ name: yamllint
+ options:
+ config-file: ../../../.yamllint
+platforms:
+ - name: kubespray-crio
+ box: generic/ubuntu1804
+ cpus: 2
+ memory: 1024
+ groups:
+ - kube-master
+provisioner:
+ name: ansible
+ env:
+ ANSIBLE_ROLES_PATH: ../../../../
+ config_options:
+ defaults:
+ callback_whitelist: profile_tasks
+ lint:
+ name: ansible-lint
+ options:
+ c: ../../../.ansible-lint
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/roles/container-engine/cri-o/molecule/default/playbook.yml b/roles/container-engine/cri-o/molecule/default/playbook.yml
new file mode 100644
index 000000000..fdb8fb600
--- /dev/null
+++ b/roles/container-engine/cri-o/molecule/default/playbook.yml
@@ -0,0 +1,7 @@
+---
+- name: Converge
+ hosts: all
+ become: true
+ roles:
+ - role: kubespray-defaults
+ - role: cri-o
diff --git a/roles/container-engine/cri-o/molecule/default/prepare.yml b/roles/container-engine/cri-o/molecule/default/prepare.yml
new file mode 100644
index 000000000..1afc51a04
--- /dev/null
+++ b/roles/container-engine/cri-o/molecule/default/prepare.yml
@@ -0,0 +1,6 @@
+---
+- name: Prepare
+ hosts: all
+ gather_facts: False
+ roles:
+ - role: bootstrap-os
diff --git a/roles/container-engine/cri-o/molecule/default/tests/test_default.py b/roles/container-engine/cri-o/molecule/default/tests/test_default.py
new file mode 100644
index 000000000..1f01b5ab5
--- /dev/null
+++ b/roles/container-engine/cri-o/molecule/default/tests/test_default.py
@@ -0,0 +1,20 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_service(host):
+ svc = host.service("crio")
+ assert svc.is_running
+ assert svc.is_enabled
+
+
+def test_run(host):
+ path = "unix:///var/run/crio/crio.sock"
+ with host.sudo():
+ cmd = host.command("crictl --runtime-endpoint " + path + " version")
+ assert cmd.rc == 0
+ assert "RuntimeName: cri-o" in cmd.stdout
diff --git a/roles/container-engine/cri-o/tasks/crictl.yml b/roles/container-engine/cri-o/tasks/crictl.yml
index 60a9c91aa..fd6a4c348 100644
--- a/roles/container-engine/cri-o/tasks/crictl.yml
+++ b/roles/container-engine/cri-o/tasks/crictl.yml
@@ -21,7 +21,15 @@
group: no
delegate_to: "{{ inventory_hostname }}"
-- name: Install crictl completion
- shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl"
- ignore_errors: True
+- name: Get crictl completion
+ shell: "{{ bin_dir }}/crictl completion"
when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
+ changed_when: False
+ register: cri_completion
+
+- name: Install crictl completion
+ copy:
+ dest: /etc/bash_completion.d/crictl
+ content: "{{ cri_completion.stdout }}"
+ become: True
+ when: cri_completion is defined
\ No newline at end of file
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 08de0c99d..c6ed04088 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -101,6 +101,14 @@
- is_ostree
- not need_bootstrap_crio.stat.exists
+- name: Remove example CNI configs
+ file:
+ path: "/etc/cni/net.d/{{ item }}"
+ state: absent
+ loop:
+ - 100-crio-bridge.conf
+ - 200-loopback.conf
+
- name: Install cri-o config
template:
src: crio.conf.j2
@@ -126,4 +134,4 @@
src: http-proxy.conf.j2
dest: /etc/systemd/system/crio.service.d/http-proxy.conf
notify: restart crio
- when: http_proxy is defined or https_proxy is defined
+ when: http_proxy is defined or https_proxy is defined
\ No newline at end of file
diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index f632f563b..977cbbf74 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -281,7 +281,5 @@ network_dir = "/etc/cni/net.d/"
# Paths to directories where CNI plugin binaries are located.
plugin_dirs = [
"/usr/libexec/cni",
-{% if ansible_os_family == "ClearLinux" or is_ostree %}
"/opt/cni/bin/",
-{% endif %}
]
diff --git a/roles/container-engine/cri-o/vars/fedora.yml b/roles/container-engine/cri-o/vars/fedora.yml
index f7927a29a..a2a6ad286 100644
--- a/roles/container-engine/cri-o/vars/fedora.yml
+++ b/roles/container-engine/cri-o/vars/fedora.yml
@@ -4,4 +4,5 @@ crio_packages:
- cri-tools
crio_conmon: /usr/libexec/crio/conmon
-crio_seccomp_profile: ""
+crio_runc_path: "/usr/bin/runc"
+crio_seccomp_profile: ""
\ No newline at end of file
diff --git a/roles/container-engine/cri-o/vars/ubuntu.yml b/roles/container-engine/cri-o/vars/ubuntu.yml
index 689c07f53..bed9659ab 100644
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@@ -1,7 +1,7 @@
---
crio_packages:
- - "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
+ - "cri-o-1.15"
-crio_conmon: /usr/libexec/podman/conmon
+crio_conmon: /usr/bin/conmon
crio_seccomp_profile: ""
crio_runc_path: /usr/lib/cri-o-runc/sbin/runc
diff --git a/tests/files/packet_ubuntu18-crio.yml b/tests/files/packet_ubuntu18-crio.yml
new file mode 100644
index 000000000..e2ba42220
--- /dev/null
+++ b/tests/files/packet_ubuntu18-crio.yml
@@ -0,0 +1,14 @@
+---
+# Instance settings
+cloud_image: ubuntu-1804
+mode: default
+
+# Kubespray settings
+deploy_netchecker: true
+dns_min_replicas: 1
+container_manager: crio
+
+# CRI-O requirements
+download_container: false
+etcd_deployment_type: host
+kubelet_deployment_type: host
--
GitLab