diff --git a/roles/container-engine/cri-o/tasks/crictl.yml b/roles/container-engine/cri-o/tasks/crictl.yml
new file mode 100644
index 0000000000000000000000000000000000000000..60a9c91aacb42b0e8f6ca1cb689b6b58f4b6194a
--- /dev/null
+++ b/roles/container-engine/cri-o/tasks/crictl.yml
@@ -0,0 +1,27 @@
+---
+- name: crictl | Download crictl
+ include_tasks: "../../../download/tasks/download_file.yml"
+ vars:
+ download: "{{ download_defaults | combine(downloads.crictl) }}"
+
+- name: Install crictl config
+ template:
+ src: ../templates/crictl.yaml.j2
+ dest: /etc/crictl.yaml
+ owner: bin
+ mode: 0644
+
+- name: Copy crictl binary from download dir
+ synchronize:
+ src: "{{ local_release_dir }}/crictl"
+ dest: "{{ bin_dir }}/crictl"
+ compress: no
+ perms: yes
+ owner: no
+ group: no
+ delegate_to: "{{ inventory_hostname }}"
+
+- name: Install crictl completion
+ shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl"
+ ignore_errors: True
+ when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 7eab530fb9a5404062336f1bfbf49fa56b35d2e4..542588b25c3a988fea34cf1bd768aa05cbdef4ed 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -30,11 +30,7 @@
state: present
when: ansible_distribution in ["Ubuntu"]
-- name: Add CRI-O PPA
- apt_repository:
- repo: ppa:projectatomic/ppa
- state: present
- when: ansible_distribution in ["Ubuntu"]
+- include_tasks: "crictl.yml"
- name: Install crictl
unarchive:
@@ -76,6 +72,10 @@
owner: root
mode: 0755
+- name: Reload systemd daemon
+ systemd:
+ daemon_reload: yes
+
- name: Install cri-o service
service:
name: "{{ crio_service }}"
diff --git a/roles/container-engine/cri-o/templates/crictl.yaml.j2 b/roles/container-engine/cri-o/templates/crictl.yaml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..fbf691f8a03260bd88f307ea80b4bde7f794a29d
--- /dev/null
+++ b/roles/container-engine/cri-o/templates/crictl.yaml.j2
@@ -0,0 +1,4 @@
+runtime-endpoint: unix://{{ cri_socket }}
+image-endpoint: unix://{{ cri_socket }}
+timeout: 30
+debug: false
diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index 303a0b0792c1e18dd8c9bf5247b2b0315e95c691..6f49e94346c2aee02bd10f0d6ffdbf073a1e6f81 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -104,6 +104,8 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
# for the runtime.
{% if ansible_os_family == "ClearLinux" %}
seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
+{% elif ansible_distribution == "Ubuntu" %}
+seccomp_profile = ""
{% else %}
seccomp_profile = "/etc/crio/seccomp.json"
{% endif %}
@@ -216,8 +218,10 @@ ctr_stop_timeout = 0
# of trust of the workload.
[crio.runtime.runtimes.runc]
-{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" or ansible_distribution == "Ubuntu" %}
+{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
runtime_path = "/usr/bin/runc"
+{% elif ansible_distribution == "Ubuntu" %}
+ runtime_path = "/usr/lib/cri-o-runc/sbin/runc"
{% else %}
runtime_path = "/usr/sbin/runc"
{% endif %}
diff --git a/roles/container-engine/cri-o/vars/ubuntu.yml b/roles/container-engine/cri-o/vars/ubuntu.yml
index c02c638e1d7cfbacc7f7c57495763c485c9e1112..ba3eaff90d99aa239c8065cb7cf6a6de56611ef2 100644
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@@ -3,4 +3,4 @@ crio_packages:
- "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
crio_service: crio
-crio_conmon: /usr/lib/crio/bin/conmon
+crio_conmon: /usr/bin/conmon