From b0484fe3e5cc32b16134e139bba2cc5d2b40ffcf Mon Sep 17 00:00:00 2001
From: spaced <spaced.wombat@gmail.com>
Date: Wed, 22 Apr 2020 22:29:45 +0200
Subject: [PATCH] Ubuntu crio repo (#5994)

* declare kubic repo for ubuntu

* do not install crictl twice

* move fedora repo modular tasks to crio_repo file

* move centos repo tasks to crio_repo

* declare crio version matrix for ubuntu

* update documentation crio support for ubuntu
---
 README.md                                     |  2 +-
 .../container-engine/cri-o/defaults/main.yml  |  2 +-
 .../cri-o/tasks/crio_repo.yml                 | 34 +++++++++++++++++
 roles/container-engine/cri-o/tasks/main.yaml  | 37 +------------------
 roles/container-engine/cri-o/vars/ubuntu.yml  |  7 +++-
 5 files changed, 44 insertions(+), 38 deletions(-)
 create mode 100644 roles/container-engine/cri-o/tasks/crio_repo.yml

diff --git a/README.md b/README.md
index db3799fba..284bd5b7b 100644
--- a/README.md
+++ b/README.md
@@ -118,7 +118,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [etcd](https://github.com/coreos/etcd) v3.3.12
   - [docker](https://www.docker.com/) v18.06 (see note)
   - [containerd](https://containerd.io/) v1.2.13
-  - [cri-o](http://cri-o.io/) v1.14.0 (experimental: see [CRI-O Note](docs/cri-o.md). Only on centos based OS)
+  - [cri-o](http://cri-o.io/) v1.17 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
   - [cni-plugins](https://github.com/containernetworking/plugins) v0.8.5
   - [calico](https://github.com/projectcalico/calico) v3.13.2
diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index 429168ecf..dd75ec4fe 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -5,4 +5,4 @@ crio_seccomp_profile: "/etc/crio/seccomp.json"
 
 crio_cgroup_manager: "{{ kubelet_cgroup_driver | default('cgroupfs') }}"
 
-crio_runc_path: "/usr/sbin/runc"
\ No newline at end of file
+crio_runc_path: "/usr/sbin/runc"
diff --git a/roles/container-engine/cri-o/tasks/crio_repo.yml b/roles/container-engine/cri-o/tasks/crio_repo.yml
new file mode 100644
index 000000000..9518e00ec
--- /dev/null
+++ b/roles/container-engine/cri-o/tasks/crio_repo.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Add CRI-O kubic repo key
+  apt_key:
+    url: "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/Release.key"
+    state: present
+  when: ansible_distribution in ["Ubuntu"]
+
+- name: Add CRI-O kubic repo
+  apt_repository:
+    repo: "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/ /"
+    state: present
+    filename: devel:kubic:libcontainers:stable
+  when: ansible_distribution in ["Ubuntu"]
+
+- name: Add CRI-O OpenShift Origin repository
+  yum_repository:
+    name: origin
+    description: OpenShift Origin Repo
+    baseurl: "{{ crio_rhel_repo_base_url }}"
+    gpgcheck: no
+  when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
+
+- name: Enable modular repos for crio
+  ini_file:
+    path: "/etc/yum.repos.d/{{ item }}.repo"
+    section: "{{ item }}"
+    option: enabled
+    value: 1
+  become: true
+  when: ansible_distribution in ["Fedora"]
+  loop:
+    - "fedora-updates-modular"
+    - "fedora-modular"
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index c6ed04088..6ffc259e4 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -27,28 +27,9 @@
   tags:
     - facts
 
-- name: Add OpenShift Origin repository
-  yum_repository:
-    name: origin
-    description: OpenShift Origin Repo
-    baseurl: "{{ crio_rhel_repo_base_url }}"
-    gpgcheck: no
-  when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
-
-- name: Add CRI-O PPA
-  apt_repository:
-    repo: ppa:projectatomic/ppa
-    state: present
-  when: ansible_distribution in ["Ubuntu"]
-
-- include_tasks: "crictl.yml"
+- import_tasks: "crio_repo.yml"
 
-- name: Install crictl
-  unarchive:
-    src: "{{ local_release_dir }}/crictl-{{ crictl_version }}-linux-{{ image_arch }}.tar.gz"
-    dest: "/usr/local/bin"
-    mode: 0755
-    remote_src: yes
+- import_tasks: "crictl.yml"
 
 - name: Make sure needed folders exist in the system
   with_items:
@@ -73,20 +54,6 @@
   register: need_bootstrap_crio
   when: is_ostree
 
-- name: Enable modular repos for crio
-  ini_file:
-    path: "/etc/yum.repos.d/{{ item }}.repo"
-    section: "{{ item }}"
-    option: enabled
-    value: 1
-  become: true
-  when:
-    - is_ostree
-    - not need_bootstrap_crio.stat.exists
-  loop:
-    - "fedora-updates-modular"
-    - "fedora-modular"
-
 - name: Install cri-o packages with osttree
   command: "rpm-ostree install {{ crio_packages|join(' ') }}"
   when:
diff --git a/roles/container-engine/cri-o/vars/ubuntu.yml b/roles/container-engine/cri-o/vars/ubuntu.yml
index bed9659ab..3bccbe3ef 100644
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@@ -1,6 +1,11 @@
 ---
+crio_kubic_versions:
+  "1.18": "1.17"
+  "1.17": "1.17"
+  "1.16": "1.16"
+
 crio_packages:
-  - "cri-o-1.15"
+  - "cri-o-{{ crio_kubic_versions[ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') ] | default('1.17') }}"
 
 crio_conmon: /usr/bin/conmon
 crio_seccomp_profile: ""
-- 
GitLab