diff --git a/roles/container-engine/containerd-common/defaults/main.yml b/roles/container-engine/containerd-common/defaults/main.yml
index e1555e986d3ce9e3a181311811747bd645a6925b..3a85d7f05d4a8670baf128a3438429aa321ee95b 100644
--- a/roles/container-engine/containerd-common/defaults/main.yml
+++ b/roles/container-engine/containerd-common/defaults/main.yml
@@ -1,17 +1,17 @@
---
+# We keep these variables around to allow migration from package
+# manager controlled installs to direct download ones.
containerd_package: 'containerd.io'
+yum_repo_dir: /etc/yum.repos.d
+
+# Keep minimal repo information arround for cleanup
+containerd_repo_info:
+ repos:
-# Fedora docker-ce repo
-docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable'
-docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
-# CentOS/RedHat docker-ce repo
-docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable'
-docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg'
# Ubuntu docker-ce repo
-docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
-docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
-docker_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
+containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
+containerd_ubuntu_repo_component: "stable"
+
# Debian docker-ce repo
-docker_debian_repo_base_url: "https://download.docker.com/linux/debian"
-docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
-docker_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
+containerd_debian_repo_base_url: "https://download.docker.com/linux/debian"
+containerd_debian_repo_component: "stable"
diff --git a/roles/container-engine/containerd-common/tasks/main.yml b/roles/container-engine/containerd-common/tasks/main.yml
index 59eee3270f2857834110ef938f8e715122123142..cfd78f3a379025118665dd65412cd0ccff22d788 100644
--- a/roles/container-engine/containerd-common/tasks/main.yml
+++ b/roles/container-engine/containerd-common/tasks/main.yml
@@ -1,5 +1,17 @@
---
-- name: gather os specific variables
+- name: containerd-common | check if fedora coreos
+ stat:
+ path: /run/ostree-booted
+ get_attributes: no
+ get_checksum: no
+ get_mime: no
+ register: ostree
+
+- name: containerd-common | set is_ostree
+ set_fact:
+ is_ostree: "{{ ostree.stat.exists }}"
+
+- name: containerd-common | gather os specific variables
include_vars: "{{ item }}"
with_first_found:
- files:
diff --git a/roles/container-engine/containerd-common/vars/amazon.yml b/roles/container-engine/containerd-common/vars/amazon.yml
index 3ad56d4d4f441dbf6e6d0aa4da81538416649469..056816936062305eb703737482f75d165139ca30 100644
--- a/roles/container-engine/containerd-common/vars/amazon.yml
+++ b/roles/container-engine/containerd-common/vars/amazon.yml
@@ -1,10 +1,2 @@
---
containerd_package: containerd
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.2': "{{ containerd_package }}-1.3.2-1.amzn{{ ansible_distribution_major_version }}"
- '1.4.1': "{{ containerd_package }}-1.4.1-2.amzn{{ ansible_distribution_major_version }}"
- '1.4.4': "{{ containerd_package }}-1.4.4-1.amzn{{ ansible_distribution_major_version }}"
- '1.4.6': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}"
- 'stable': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}"
- 'edge': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/debian-stretch.yml b/roles/container-engine/containerd-common/vars/debian-stretch.yml
deleted file mode 100644
index b0a2584c798be5fb6d75c662c52eea3d2b7e919b..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd-common/vars/debian-stretch.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-containerd_version: 1.4.3
-
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.7': "{{ containerd_package }}=1.3.7-1"
- '1.3.9': "{{ containerd_package }}=1.3.9-1"
- '1.4.3': "{{ containerd_package }}=1.4.3-1"
- 'stable': "{{ containerd_package }}=1.4.3-1"
- 'edge': "{{ containerd_package }}=1.4.3-1"
diff --git a/roles/container-engine/containerd-common/vars/debian.yml b/roles/container-engine/containerd-common/vars/debian.yml
deleted file mode 100644
index 184eb8f10ed4ee01794d3ad43fb97446e5074ea7..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd-common/vars/debian.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.7': "{{ containerd_package }}=1.3.7-1"
- '1.3.9': "{{ containerd_package }}=1.3.9-1"
- '1.4.3': "{{ containerd_package }}=1.4.3-2"
- '1.4.4': "{{ containerd_package }}=1.4.4-1"
- '1.4.6': "{{ containerd_package }}=1.4.6-1"
- '1.4.9': "{{ containerd_package }}=1.4.9-1"
- 'stable': "{{ containerd_package }}=1.4.9-1"
- 'edge': "{{ containerd_package }}=1.4.9-1"
diff --git a/roles/container-engine/containerd-common/vars/fedora.yml b/roles/container-engine/containerd-common/vars/fedora.yml
deleted file mode 100644
index 011910adc8ff3ff08b43b340cf7354abb5e3d793..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd-common/vars/fedora.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}"
- '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
- '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}"
- '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
- '1.4.6': "{{ containerd_package }}-1.4.6-3.1.fc{{ ansible_distribution_major_version }}"
- '1.4.9': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
- 'stable': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
- 'edge': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/redhat.yml b/roles/container-engine/containerd-common/vars/redhat.yml
deleted file mode 100644
index 58edb8ba341d68a717ace1c35da4109f8fc4468e..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd-common/vars/redhat.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}"
- '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
- '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}"
- '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
- '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el{{ ansible_distribution_major_version }}"
- '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
- 'stable': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
- 'edge': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/suse.yml b/roles/container-engine/containerd-common/vars/suse.yml
new file mode 100644
index 0000000000000000000000000000000000000000..056816936062305eb703737482f75d165139ca30
--- /dev/null
+++ b/roles/container-engine/containerd-common/vars/suse.yml
@@ -0,0 +1,2 @@
+---
+containerd_package: containerd
diff --git a/roles/container-engine/containerd-common/vars/ubuntu-16.yml b/roles/container-engine/containerd-common/vars/ubuntu-16.yml
deleted file mode 100644
index 2832884e526d7832036675ace72b2bf74afa71a6..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd-common/vars/ubuntu-16.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.7': "{{ containerd_package }}=1.3.7-1"
- '1.3.9': "{{ containerd_package }}=1.3.9-1"
- '1.4.3': "{{ containerd_package }}=1.4.3-2"
- '1.4.4': "{{ containerd_package }}=1.4.4-1"
- '1.4.6': "{{ containerd_package }}=1.4.6-1"
- 'stable': "{{ containerd_package }}=1.4.6-1"
- 'edge': "{{ containerd_package }}=1.4.6-1"
diff --git a/roles/container-engine/containerd-common/vars/ubuntu.yml b/roles/container-engine/containerd-common/vars/ubuntu.yml
deleted file mode 100644
index 184eb8f10ed4ee01794d3ad43fb97446e5074ea7..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd-common/vars/ubuntu.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-containerd_versioned_pkg:
- 'latest': "{{ containerd_package }}"
- '1.3.7': "{{ containerd_package }}=1.3.7-1"
- '1.3.9': "{{ containerd_package }}=1.3.9-1"
- '1.4.3': "{{ containerd_package }}=1.4.3-2"
- '1.4.4': "{{ containerd_package }}=1.4.4-1"
- '1.4.6': "{{ containerd_package }}=1.4.6-1"
- '1.4.9': "{{ containerd_package }}=1.4.9-1"
- 'stable': "{{ containerd_package }}=1.4.9-1"
- 'edge': "{{ containerd_package }}=1.4.9-1"
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 0e0bb0d50787fd6105ce8ea7447020c961115b6c..bfab4aaa8151fb633445b901ed6fc54b6dc08331 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -1,6 +1,7 @@
---
containerd_storage_dir: "/var/lib/containerd"
containerd_state_dir: "/run/containerd"
+containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
containerd_oom_score: 0
containerd_default_runtime: "runc"
@@ -35,39 +36,6 @@ containerd_max_container_log_line_size: -1
containerd_cfg_dir: /etc/containerd
-# Path to runc binary
-runc_binary: /usr/bin/runc
-
-yum_repo_dir: /etc/yum.repos.d
-
-# Optional values for containerd apt repo
-containerd_package_info:
- pkgs:
-
-containerd_repo_key_info:
- repo_keys:
-
-containerd_repo_info:
- repos:
-
-# Ubuntu docker-ce repo
-containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
-containerd_ubuntu_repo_gpgkey: "https://download.docker.com/linux/ubuntu/gpg"
-containerd_ubuntu_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
-containerd_ubuntu_repo_component: "stable"
-
-# Debian docker-ce repo
-containerd_debian_repo_base_url: "https://download.docker.com/linux/debian"
-containerd_debian_repo_gpgkey: "https://download.docker.com/linux/debian/gpg"
-containerd_debian_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
-containerd_debian_repo_component: "stable"
-
-# Fedora docker-ce repo
-containerd_fedora_repo_base_url: "https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable"
-containerd_fedora_repo_gpgkey: "https://download.docker.com/linux/fedora/gpg"
-containerd_fedora_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
-containerd_fedora_repo_component: "stable"
-
# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
containerd_extra_args: ''
diff --git a/roles/container-engine/containerd/meta/main.yml b/roles/container-engine/containerd/meta/main.yml
index 1a53ba7d6ec3aadb7dc27f42a2d6bf5bd22a1998..5629567722a538eb827c7cc10c75d48de7fa8f95 100644
--- a/roles/container-engine/containerd/meta/main.yml
+++ b/roles/container-engine/containerd/meta/main.yml
@@ -1,3 +1,5 @@
---
dependencies:
- role: container-engine/containerd-common
+ - role: container-engine/runc
+ - role: container-engine/crictl
diff --git a/roles/container-engine/containerd/molecule/default/converge.yml b/roles/container-engine/containerd/molecule/default/converge.yml
index 26ff82a9ebb826d646bee380e547b32551afebdd..7847871e28b55237838e16c72ffe339f8840048c 100644
--- a/roles/container-engine/containerd/molecule/default/converge.yml
+++ b/roles/container-engine/containerd/molecule/default/converge.yml
@@ -2,6 +2,8 @@
- name: Converge
hosts: all
become: true
+ vars:
+ container_manager: containerd
roles:
- role: kubespray-defaults
- role: container-engine/containerd
diff --git a/roles/container-engine/containerd/molecule/default/molecule.yml b/roles/container-engine/containerd/molecule/default/molecule.yml
index 48f7b5dd027ec2266ca51eb25ae9a5098430caed..f285da1cb0070e32fad74614676afaf7b0ec32d4 100644
--- a/roles/container-engine/containerd/molecule/default/molecule.yml
+++ b/roles/container-engine/containerd/molecule/default/molecule.yml
@@ -7,12 +7,30 @@ lint: |
set -e
yamllint -c ../../../.yamllint .
platforms:
- - name: ubuntu18
- box: generic/ubuntu1804
- cpus: 2
+ - name: ubuntu20
+ box: generic/ubuntu2004
+ cpus: 1
memory: 1024
groups:
- kube_control_plane
+ - kube_node
+ - k8s_cluster
+ - name: debian11
+ box: generic/debian11
+ cpus: 1
+ memory: 1024
+ groups:
+ - kube_control_plane
+ - kube_node
+ - k8s_cluster
+ - name: centos8
+ box: generic/centos8
+ cpus: 1
+ memory: 1024
+ groups:
+ - kube_control_plane
+ - kube_node
+ - k8s_cluster
provisioner:
name: ansible
env:
diff --git a/roles/container-engine/containerd/molecule/default/prepare.yml b/roles/container-engine/containerd/molecule/default/prepare.yml
index 1afc51a047c4041820d283ed8cc474407213ef86..aef05228d802638a5b4ff54a47e8b714f534e0f5 100644
--- a/roles/container-engine/containerd/molecule/default/prepare.yml
+++ b/roles/container-engine/containerd/molecule/default/prepare.yml
@@ -2,5 +2,10 @@
- name: Prepare
hosts: all
gather_facts: False
+ become: true
+ vars:
+ ignore_assert_errors: true
roles:
+ - role: kubespray-defaults
- role: bootstrap-os
+ - { role: kubernetes/preinstall, tags: ["bootstrap-os"] }
diff --git a/roles/container-engine/containerd/tasks/containerd_repo.yml b/roles/container-engine/containerd/tasks/containerd_repo.yml
deleted file mode 100644
index b26bc84c75a4b5dee5be47299964d381300a23fe..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/tasks/containerd_repo.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-- name: ensure containerd repository public key is installed
- apt_key:
- id: "{{ item }}"
- url: "{{ containerd_repo_key_info.url }}"
- state: present
- register: keyserver_task_result
- until: keyserver_task_result is succeeded
- retries: 4
- delay: "{{ retry_stagger | d(3) }}"
- with_items: "{{ containerd_repo_key_info.repo_keys }}"
- environment: "{{ proxy_env }}"
- when: ansible_pkg_mgr == 'apt'
-
-- name: ensure containerd repository is enabled
- apt_repository:
- repo: "{{ item }}"
- state: present
- with_items: "{{ containerd_repo_info.repos }}"
- when: ansible_pkg_mgr == 'apt'
-
-- name: Configure containerd repository on Fedora
- template:
- src: "fedora_containerd.repo.j2"
- dest: "{{ yum_repo_dir }}/containerd.repo"
- mode: 0644
- when: ansible_distribution == "Fedora"
-
-- name: Configure containerd repository on RedHat/OracleLinux/CentOS/AlmaLinux
- template:
- src: "rh_containerd.repo.j2"
- dest: "{{ yum_repo_dir }}/containerd.repo"
- mode: 0644
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution not in ["Fedora", "Amazon"]
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index a7479199c663506be7844a0c0118f4469e85583c..4a76a192acbf8f5959fdf2062920dd4dc540a957 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -1,41 +1,10 @@
---
-- name: check if fedora coreos
- stat:
- path: /run/ostree-booted
- get_attributes: no
- get_checksum: no
- get_mime: no
- register: ostree
-
-- name: set is_ostree
- set_fact:
- is_ostree: "{{ ostree.stat.exists }}"
-
- name: Fail containerd setup if distribution is not supported
fail:
msg: "{{ ansible_distribution }} is not supported by containerd."
when:
- not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux", "Rocky", "Amazon", "Flatcar", "Flatcar Container Linux by Kinvolk"]
-- name: gather os specific variables
- include_vars: "{{ item }}"
- with_first_found:
- - files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
- paths:
- - ../vars
- skip: true
- tags:
- - facts
-
- name: disable unified_cgroup_hierarchy in Fedora 31+
command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
when:
@@ -52,32 +21,71 @@
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
-- include_tasks: containerd_repo.yml
- when: not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
+- name: containerd | Remove any package manager controlled containerd package
+ package:
+ name: "{{ containerd_package }}"
+ state: absent
+ when:
+ - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
-- name: Create containerd service systemd directory if it doesn't exist
+- name: containerd | Remove containerd repository
file:
- path: /etc/systemd/system/containerd.service.d
- state: directory
+ path: "{{ yum_repo_dir }}/containerd.repo"
+ state: absent
+ when:
+ - ansible_os_family in ['RedHat']
+
+- name: containerd | Remove containerd repository
+ apt_repository:
+ repo: "{{ item }}"
+ state: absent
+ with_items: "{{ containerd_repo_info.repos }}"
+ when: ansible_pkg_mgr == 'apt'
+
+- name: containerd | Download containerd
+ include_tasks: "../../../download/tasks/download_file.yml"
+ vars:
+ download: "{{ download_defaults | combine(downloads.containerd) }}"
+
+- name: containerd | Unpack containerd archive
+ unarchive:
+ src: "{{ downloads.containerd.dest }}"
+ dest: "{{ containerd_bin_dir }}"
mode: 0755
+ remote_src: yes
+ extra_opts:
+ - --strip-components=1
+ notify: restart containerd
-- name: Write containerd proxy drop-in
+- name: containerd | Generate systemd service for containerd
template:
- src: http-proxy.conf.j2
- dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
+ src: containerd.service.j2
+ dest: /etc/systemd/system/containerd.service
mode: 0644
notify: restart containerd
- when: http_proxy is defined or https_proxy is defined
-- name: ensure containerd config directory
+- name: containerd | Ensure containerd directories exist
file:
- dest: "{{ containerd_cfg_dir }}"
+ dest: "{{ item }}"
state: directory
mode: 0755
owner: root
group: root
+ with_items:
+ - "{{ containerd_systemd_dir }}"
+ - "{{ containerd_cfg_dir }}"
+ - "{{ containerd_storage_dir }}"
+ - "{{ containerd_state_dir }}"
-- name: Copy containerd config file
+- name: containerd | Write containerd proxy drop-in
+ template:
+ src: http-proxy.conf.j2
+ dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
+ mode: 0644
+ notify: restart containerd
+ when: http_proxy is defined or https_proxy is defined
+
+- name: containerd | Copy containerd config file
template:
src: config.toml.j2
dest: "{{ containerd_cfg_dir }}/config.toml"
@@ -85,49 +93,12 @@
mode: 0640
notify: restart containerd
-# This is required to ensure any apt upgrade will not break kubernetes
-- name: Set containerd pin priority to apt_preferences on Debian family
- copy:
- content: |
- Package: {{ containerd_package }}
- Pin: version {{ containerd_version }}*
- Pin-Priority: 1001
- dest: "/etc/apt/preferences.d/containerd"
- owner: "root"
- mode: 0644
- when: ansible_pkg_mgr == 'apt'
-
-- name: ensure containerd packages are installed
- package:
- name: "{{ containerd_package_info.pkgs }}"
- state: present
- module_defaults:
- apt:
- update_cache: true
- dnf:
- enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}"
- yum:
- enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}"
- zypper:
- update_cache: true
- register: containerd_task_result
- until: containerd_task_result is succeeded
- retries: 4
- delay: "{{ retry_stagger | d(3) }}"
- notify: restart containerd
- when:
- - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
- - containerd_package_info.pkgs|length > 0
-
-- include_role: # noqa unnamed-task
- name: container-engine/crictl
-
# you can sometimes end up in a state where everything is installed
# but containerd was not started / enabled
-- name: flush handlers
+- name: containerd | Flush handlers
meta: flush_handlers
-- name: ensure containerd is started and enabled
+- name: containerd | Ensure containerd is started and enabled
service:
name: containerd
enabled: yes
diff --git a/roles/container-engine/containerd/templates/containerd.service.j2 b/roles/container-engine/containerd/templates/containerd.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..09f9a3b2a32ff33802ae49f51c3690bf2781b355
--- /dev/null
+++ b/roles/container-engine/containerd/templates/containerd.service.j2
@@ -0,0 +1,40 @@
+# Copyright The containerd Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[Unit]
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target local-fs.target
+
+[Service]
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart={{ containerd_bin_dir }}/containerd
+
+Type=notify
+Delegate=yes
+KillMode=process
+Restart=always
+RestartSec=5
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+LimitNOFILE=infinity
+# Comment TasksMax if your systemd version does not supports it.
+# Only systemd 226 and above support this version.
+TasksMax=infinity
+OOMScoreAdjust=-999
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/container-engine/containerd/templates/fedora_containerd.repo.j2 b/roles/container-engine/containerd/templates/fedora_containerd.repo.j2
deleted file mode 100644
index 8422664a6d8012ad0546cb00ef41c5f829dedede..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/templates/fedora_containerd.repo.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-[docker-ce]
-name=Docker-CE Repository
-baseurl={{ containerd_fedora_repo_base_url }}
-enabled=0
-gpgcheck={{ '1' if containerd_fedora_repo_gpgkey else '0' }}
-gpgkey={{ containerd_fedora_repo_gpgkey }}
-{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
diff --git a/roles/container-engine/containerd/templates/rh_containerd.repo.j2 b/roles/container-engine/containerd/templates/rh_containerd.repo.j2
deleted file mode 100644
index 178bbc2cd7f8efbe0b13fcdf42e22cce18ac624e..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/templates/rh_containerd.repo.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-[docker-ce]
-name=Docker-CE Repository
-baseurl={{ docker_rh_repo_base_url }}
-enabled=0
-gpgcheck={{ '1' if docker_rh_repo_gpgkey else '0' }}
-keepcache={{ docker_rpm_keepcache | default('1') }}
-gpgkey={{ docker_rh_repo_gpgkey }}
-{% if http_proxy is defined %}
-proxy={{ http_proxy }}
-{% endif %}
diff --git a/roles/container-engine/containerd/vars/amazon.yml b/roles/container-engine/containerd/vars/amazon.yml
deleted file mode 100644
index 28235ec73fdfb53aadd148c4f6d1cf5b949b7a38..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/vars/amazon.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-containerd_package_info:
- enablerepo: "amzn2extra-docker"
- pkgs:
- - "{{ containerd_versioned_pkg[containerd_version | string] }}"
diff --git a/roles/container-engine/containerd/vars/debian.yml b/roles/container-engine/containerd/vars/debian.yml
index 7b73083daccc43f99f0d83075216eeb42aff28b0..99dc4a50c95230a594cd5613f57585916fc2762c 100644
--- a/roles/container-engine/containerd/vars/debian.yml
+++ b/roles/container-engine/containerd/vars/debian.yml
@@ -1,13 +1,4 @@
---
-containerd_package_info:
- pkgs:
- - "{{ containerd_versioned_pkg[containerd_version | string] }}"
-
-containerd_repo_key_info:
- url: '{{ containerd_debian_repo_gpgkey }}'
- repo_keys:
- - '{{ containerd_debian_repo_repokey }}'
-
containerd_repo_info:
repos:
- >
diff --git a/roles/container-engine/containerd/vars/fedora.yml b/roles/container-engine/containerd/vars/fedora.yml
deleted file mode 100644
index e51f2c89c317a3a629638dbc5e629df03e14ed2c..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/vars/fedora.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-containerd_package_info:
- enablerepo: "docker-ce"
- pkgs:
- - "{{ containerd_versioned_pkg[containerd_version | string] }}"
diff --git a/roles/container-engine/containerd/vars/redhat.yml b/roles/container-engine/containerd/vars/redhat.yml
deleted file mode 100644
index e51f2c89c317a3a629638dbc5e629df03e14ed2c..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/vars/redhat.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-containerd_package_info:
- enablerepo: "docker-ce"
- pkgs:
- - "{{ containerd_versioned_pkg[containerd_version | string] }}"
diff --git a/roles/container-engine/containerd/vars/suse.yml b/roles/container-engine/containerd/vars/suse.yml
deleted file mode 100644
index fb45f9ca8f16d8861c166636672842e421bd2429..0000000000000000000000000000000000000000
--- a/roles/container-engine/containerd/vars/suse.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# docker-ce containerd.io does not contain daemon
-containerd_package: containerd
-
-containerd_package_info:
- pkgs:
- - "{{ containerd_package }}"
diff --git a/roles/container-engine/containerd/vars/ubuntu.yml b/roles/container-engine/containerd/vars/ubuntu.yml
index a43797e65215f2eedade15cc5a8b516a2e27d2f4..ccce96d0e7c6913edd3698c04954e9367e5ea867 100644
--- a/roles/container-engine/containerd/vars/ubuntu.yml
+++ b/roles/container-engine/containerd/vars/ubuntu.yml
@@ -1,13 +1,4 @@
---
-containerd_package_info:
- pkgs:
- - "{{ containerd_versioned_pkg[containerd_version | string] }}"
-
-containerd_repo_key_info:
- url: '{{ containerd_ubuntu_repo_gpgkey }}'
- repo_keys:
- - '{{ containerd_ubuntu_repo_repokey }}'
-
containerd_repo_info:
repos:
- >
diff --git a/roles/container-engine/docker/defaults/main.yml b/roles/container-engine/docker/defaults/main.yml
index d4d7e53b2f352869f714cd217ae3cc09f501f1c7..91227f91e79328169e156d4c484771f7860a3da9 100644
--- a/roles/container-engine/docker/defaults/main.yml
+++ b/roles/container-engine/docker/defaults/main.yml
@@ -13,8 +13,6 @@ docker_repo_info:
docker_cgroup_driver: systemd
-yum_repo_dir: /etc/yum.repos.d
-
docker_bin_dir: "/usr/bin"
# flag to enable/disable docker cleanup
@@ -41,3 +39,26 @@ docker_remove_packages_apt:
- docker
- docker-engine
- docker.io
+
+# Docker specific repos should be part of the docker role not containerd-common anymore
+# Optional values for containerd apt repo
+containerd_package_info:
+ pkgs:
+
+# Fedora docker-ce repo
+docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable'
+docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
+
+# CentOS/RedHat docker-ce repo
+docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable'
+docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg'
+
+# Ubuntu docker-ce repo
+docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
+docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
+docker_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
+
+# Debian docker-ce repo
+docker_debian_repo_base_url: "https://download.docker.com/linux/debian"
+docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
+docker_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
diff --git a/roles/container-engine/docker/vars/debian-stretch.yml b/roles/container-engine/docker/vars/debian-stretch.yml
index 2b111ea0a4dbeddf8a9bc2c34a69a6711fad8a06..3616c64e00e58cf91c4774140fa481d1d319280a 100644
--- a/roles/container-engine/docker/vars/debian-stretch.yml
+++ b/roles/container-engine/docker/vars/debian-stretch.yml
@@ -1,4 +1,13 @@
---
+# containerd versions are only relevant for docker
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}=1.3.7-1"
+ '1.3.9': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-1"
+ 'stable': "{{ containerd_package }}=1.4.3-1"
+ 'edge': "{{ containerd_package }}=1.4.3-1"
+
docker_version: 19.03
docker_cli_version: 19.03
diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml
index 94dd107ba26c38f1c157656ecaa347391cae3579..3b0c784bbdd32f46944f5d2e59d3978052367f64 100644
--- a/roles/container-engine/docker/vars/debian.yml
+++ b/roles/container-engine/docker/vars/debian.yml
@@ -1,4 +1,16 @@
---
+# containerd package info is only relevant for docker
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}=1.3.7-1"
+ '1.3.9': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-2"
+ '1.4.4': "{{ containerd_package }}=1.4.4-1"
+ '1.4.6': "{{ containerd_package }}=1.4.6-1"
+ '1.4.9': "{{ containerd_package }}=1.4.9-1"
+ 'stable': "{{ containerd_package }}=1.4.9-1"
+ 'edge': "{{ containerd_package }}=1.4.9-1"
+
# https://download.docker.com/linux/debian/
docker_versioned_pkg:
'latest': docker-ce
diff --git a/roles/container-engine/docker/vars/fedora.yml b/roles/container-engine/docker/vars/fedora.yml
index 7d6ea81dde90e32acc2ebb661da16875dafb8f9e..df5d3597da68bc15261816199ca0648fe840be2d 100644
--- a/roles/container-engine/docker/vars/fedora.yml
+++ b/roles/container-engine/docker/vars/fedora.yml
@@ -1,4 +1,16 @@
---
+# containerd versions are only relevant for docker
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}"
+ '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
+ '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}"
+ '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
+ '1.4.6': "{{ containerd_package }}-1.4.6-3.1.fc{{ ansible_distribution_major_version }}"
+ '1.4.9': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
+ 'stable': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
+ 'edge': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
+
# https://docs.docker.com/install/linux/docker-ce/fedora/
# https://download.docker.com/linux/fedora/<fedora-version>/x86_64/stable/Packages/
docker_versioned_pkg:
diff --git a/roles/container-engine/docker/vars/redhat.yml b/roles/container-engine/docker/vars/redhat.yml
index ebe4a77f49c67b10bbb8dd02d6d38ce3c26ee344..8cc897cda794a348f5c29c97ac9530be344a4709 100644
--- a/roles/container-engine/docker/vars/redhat.yml
+++ b/roles/container-engine/docker/vars/redhat.yml
@@ -1,4 +1,16 @@
---
+# containerd versions are only relevant for docker
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}"
+ '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
+ '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}"
+ '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
+ '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el{{ ansible_distribution_major_version }}"
+ '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
+ 'stable': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
+ 'edge': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
+
# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
# https://download.docker.com/linux/centos/<centos_version>>/x86_64/stable/Packages/
# or do 'yum --showduplicates list docker-engine'
diff --git a/roles/container-engine/docker/vars/ubuntu-16.yml b/roles/container-engine/docker/vars/ubuntu-16.yml
index f37413820b4c38e5a784e6372004931be8e5e068..54046cbe23d4def929d382caf2b58ae3552b45b5 100644
--- a/roles/container-engine/docker/vars/ubuntu-16.yml
+++ b/roles/container-engine/docker/vars/ubuntu-16.yml
@@ -1,4 +1,15 @@
---
+# containerd versions are only relevant for docker
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}=1.3.7-1"
+ '1.3.9': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-2"
+ '1.4.4': "{{ containerd_package }}=1.4.4-1"
+ '1.4.6': "{{ containerd_package }}=1.4.6-1"
+ 'stable': "{{ containerd_package }}=1.4.6-1"
+ 'edge': "{{ containerd_package }}=1.4.6-1"
+
# https://download.docker.com/linux/ubuntu/
docker_versioned_pkg:
'latest': docker-ce
diff --git a/roles/container-engine/docker/vars/ubuntu.yml b/roles/container-engine/docker/vars/ubuntu.yml
index a4dfb6c9a120444d68cb1d113313086fc674a2b0..0fdc778e31fabbe0f3c03c2de70e0f22a719201b 100644
--- a/roles/container-engine/docker/vars/ubuntu.yml
+++ b/roles/container-engine/docker/vars/ubuntu.yml
@@ -1,4 +1,16 @@
---
+# containerd versions are only relevant for docker
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}=1.3.7-1"
+ '1.3.9': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-2"
+ '1.4.4': "{{ containerd_package }}=1.4.4-1"
+ '1.4.6': "{{ containerd_package }}=1.4.6-1"
+ '1.4.9': "{{ containerd_package }}=1.4.9-1"
+ 'stable': "{{ containerd_package }}=1.4.9-1"
+ 'edge': "{{ containerd_package }}=1.4.9-1"
+
# https://download.docker.com/linux/ubuntu/
docker_versioned_pkg:
'latest': docker-ce
diff --git a/roles/container-engine/runc/defaults/main.yml b/roles/container-engine/runc/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9c2fafffdf6648259d704922f082b4e14973a3bd
--- /dev/null
+++ b/roles/container-engine/runc/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+runc_bin_dir: /usr/bin/
+
+runc_package_name: runc
diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..be1014d7924ddac49281252e1dc48e4da22d58ec
--- /dev/null
+++ b/roles/container-engine/runc/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: runc | Uninstall runc package managed by package manager
+ package:
+ name: "{{ runc_package_name }}"
+ state: absent
+
+- name: runc | Download runc binary
+ include_tasks: "../../../download/tasks/download_file.yml"
+ vars:
+ download: "{{ download_defaults | combine(downloads.runc) }}"
+
+- name: Copy runc binary from download dir
+ copy:
+ src: "{{ downloads.runc.dest }}"
+ dest: "{{ runc_bin_dir }}/runc"
+ mode: 0755
+ remote_src: true
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 394a19e3395991cfd6a338de4af4100450b06bd7..37428e043abda979b2b056aff9d5e11631a93d7e 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -52,6 +52,7 @@ image_arch: "{{host_architecture | default('amd64')}}"
kubeadm_version: "{{ kube_version }}"
etcd_version: v3.5.0
crun_version: 1.2
+runc_version: v1.0.2
kata_containers_version: 2.2.0
gvisor_version: 20210921
@@ -110,6 +111,7 @@ calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/dow
calico_crds_download_url: "https://github.com/projectcalico/calico/archive/{{ calico_version }}.tar.gz"
crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
+runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
# gVisor only supports amd64 and uses x86_64 to in the download link
@@ -117,6 +119,7 @@ gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/relea
gvisor_containerd_shim_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/containerd-shim-runsc-v1"
nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz"
+containerd_download_url: "https://github.com/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
crictl_checksums:
arm:
@@ -375,6 +378,14 @@ helm_archive_checksums:
arm64:
v3.7.0: 03bf55435b4ebef739f862334bdfbf7b7eed714b94340a22298c485b6626aaca
+runc_checksums:
+ arm:
+ v1.0.2: 0
+ arm64:
+ v1.0.2: 0
+ amd64:
+ v1.0.2: 44d1ba01a286aaf0b31b4be9c6abc20deab0653d44ecb0d93b4d0d20eac3e0b6
+
crun_checksums:
arm: 0
amd64:
@@ -436,6 +447,21 @@ nerdctl_archive_checksums:
amd64:
0.12.1: 868dc5997c3edb0bd06f75012e71c2b15ee0885b83bad191fbe2a1d6d5f4f2ac
+# TODO(cristicalin): remove compatibility entries once debian9 and ubuntu16 jobs are dropped or docker is dropped
+containerd_archive_checksums:
+ arm:
+ latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy
+ 1.4.9: 0
+ 1.5.5: 0
+ arm64:
+ latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy
+ 1.4.9: 0
+ 1.5.5: 0
+ amd64:
+ latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy
+ 1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b
+ 1.5.5: 8efc527ffb772a82021800f0151374a3113ed2439922497ff08f2596a70f10f1
+
etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
@@ -445,12 +471,14 @@ calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl
calico_crds_archive_checksum: "{{ calico_crds_archive_checksums[calico_version] }}"
crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
+runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}"
crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}"
gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}"
nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}"
krew_archive_checksum: "{{ krew_archive_checksums[krew_version] }}"
+containerd_archive_checksum: "{{ containerd_archive_checksums[image_arch][containerd_version] }}"
# Containers
# In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@@ -737,6 +765,19 @@ downloads:
groups:
- k8s_cluster
+ runc:
+ file: true
+ enabled: "{{ container_manager == 'containerd' }}"
+ version: "{{ runc_version }}"
+ dest: "{{ local_release_dir }}/runc"
+ sha256: "{{ runc_binary_checksum }}"
+ url: "{{ runc_download_url }}"
+ unarchive: false
+ owner: "root"
+ mode: "0755"
+ groups:
+ - k8s_cluster
+
kata_containers:
enabled: "{{ kata_containers_enabled }}"
file: true
@@ -750,6 +791,19 @@ downloads:
groups:
- k8s_cluster
+ containerd:
+ enabled: "{{ container_manager == 'containerd' }}"
+ file: true
+ version: "{{ containerd_version }}"
+ dest: "{{ local_release_dir }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
+ sha256: "{{ containerd_archive_checksum }}"
+ url: "{{ containerd_download_url }}"
+ unarchive: false
+ owner: "root"
+ mode: "0755"
+ groups:
+ - k8s_cluster
+
gvisor_runsc:
enabled: "{{ gvisor_enabled }}"
file: true
diff --git a/roles/kubernetes/preinstall/vars/amazon.yml b/roles/kubernetes/preinstall/vars/amazon.yml
new file mode 100644
index 0000000000000000000000000000000000000000..09c645f510d020eae49e208d906627aba09a5731
--- /dev/null
+++ b/roles/kubernetes/preinstall/vars/amazon.yml
@@ -0,0 +1,7 @@
+---
+required_pkgs:
+ - libselinux-python
+ - device-mapper-libs
+ - nss
+ - conntrack-tools
+ - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml
index 479f120cb5103e459cef38d77f8277566f01070d..2a5b6c75d09c2c813502b8cdc994f1e95bc0d162 100644
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@@ -4,3 +4,5 @@ required_pkgs:
- device-mapper-libs
- nss
- conntrack
+ - container-selinux
+ - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/debian-11.yml b/roles/kubernetes/preinstall/vars/debian-11.yml
index 0006296fd960e4707bd97ff5342918c502dbf4a5..59cbc5a370ec7088eaedcf0798e9b7d10e60af42 100644
--- a/roles/kubernetes/preinstall/vars/debian-11.yml
+++ b/roles/kubernetes/preinstall/vars/debian-11.yml
@@ -7,3 +7,4 @@ required_pkgs:
- conntrack
- iptables
- apparmor
+ - libseccomp2
diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml
index e5422b71a2b1455a1105c0d0131fb47c4330106e..51a280237811e0d8bc1b30efd77bc2fef0b12ccc 100644
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@@ -6,3 +6,4 @@ required_pkgs:
- software-properties-common
- conntrack
- apparmor
+ - libseccomp2
diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml
index 9c91d6aeacc50293654fa06354ba072faed7435a..40d269dc431e52ae187759f920aea6693a496bdd 100644
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@@ -3,3 +3,5 @@ required_pkgs:
- libselinux-python3
- device-mapper-libs
- conntrack
+ - container-selinux
+ - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml
index 479f120cb5103e459cef38d77f8277566f01070d..2a5b6c75d09c2c813502b8cdc994f1e95bc0d162 100644
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@@ -4,3 +4,5 @@ required_pkgs:
- device-mapper-libs
- nss
- conntrack
+ - container-selinux
+ - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/suse.yml b/roles/kubernetes/preinstall/vars/suse.yml
index 8293cfd480e78c267df985b654437604f5bf38c6..d089ac1501292bcb8be47607981e6fc069f3c9b9 100644
--- a/roles/kubernetes/preinstall/vars/suse.yml
+++ b/roles/kubernetes/preinstall/vars/suse.yml
@@ -2,3 +2,4 @@
required_pkgs:
- device-mapper
- conntrack-tools
+ - libseccomp2
diff --git a/roles/kubernetes/preinstall/vars/ubuntu.yml b/roles/kubernetes/preinstall/vars/ubuntu.yml
index 480b57a221f35c8721d6aac55e639966c68a59bb..ed8084ff902c927a4a9ce1c1540f6e5e64dab315 100644
--- a/roles/kubernetes/preinstall/vars/ubuntu.yml
+++ b/roles/kubernetes/preinstall/vars/ubuntu.yml
@@ -6,3 +6,4 @@ required_pkgs:
- software-properties-common
- conntrack
- apparmor
+ - libseccomp2
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 11f6a8165d9f52461eee12ca2311957c6c2a1b22..283462bc874cd986f705ec752d1af4b88dce5e9d 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -169,6 +169,25 @@
tags:
- services
+- name: reset | remove containerd
+ when: container_manager == 'containerd'
+ block:
+ - name: reset | stop containerd service
+ service:
+ name: containerd
+ state: stopped
+ failed_when: false
+ tags:
+ - services
+
+ - name: reset | remove containerd service
+ file:
+ path: /etc/systemd/system/containerd.service
+ state: absent
+ register: services_removed
+ tags:
+ - services
+
- name: reset | gather mounted kubelet dirs # noqa 301
shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac
args:
@@ -279,6 +298,7 @@
- "{{ bin_dir }}/etcd"
- "{{ bin_dir }}/etcd-events"
- "{{ bin_dir }}/etcdctl"
+ - "{{ bin_dir }}/etcdctl.sh"
- "{{ bin_dir }}/kubernetes-scripts"
- "{{ bin_dir }}/kubectl"
- "{{ bin_dir }}/kubeadm"
@@ -310,6 +330,26 @@
tags:
- files
+- name: reset | remove containerd binary files
+ file:
+ path: "{{ containerd_bin_dir }}/{{ item }}"
+ state: absent
+ with_items:
+ - containerd
+ - containerd-shim
+ - containerd-shim-runc-v1
+ - containerd-shim-runc-v2
+ - containerd-stress
+ - crictl
+ - critest
+ - ctd-decoder
+ - ctr
+ - runc
+ ignore_errors: true # noqa ignore-errors
+ when: container_manager == 'containerd'
+ tags:
+ - files
+
- name: reset | remove dns settings from dhclient.conf
blockinfile:
path: "{{ item }}"
diff --git a/tests/files/packet_debian9-calico-upgrade-once.yml b/tests/files/packet_debian9-calico-upgrade-once.yml
index f0d5a80f4ad60b2339765ad530fc33f35e53554a..9e4fa1b553c526dec79a6ab5319603e98e91d337 100644
--- a/tests/files/packet_debian9-calico-upgrade-once.yml
+++ b/tests/files/packet_debian9-calico-upgrade-once.yml
@@ -8,3 +8,6 @@ kube_network_plugin: calico
deploy_netchecker: true
dns_min_replicas: 1
download_run_once: true
+
+# Make docker happy
+containerd_version: latest
diff --git a/tests/files/packet_debian9-calico-upgrade.yml b/tests/files/packet_debian9-calico-upgrade.yml
index ca5ef121622e92db5fd5b3ebeb914cbe782b9b5e..dd02770246f8caba55f68a45a0ee8a90c3530acb 100644
--- a/tests/files/packet_debian9-calico-upgrade.yml
+++ b/tests/files/packet_debian9-calico-upgrade.yml
@@ -7,3 +7,6 @@ mode: default
kube_network_plugin: calico
deploy_netchecker: true
dns_min_replicas: 1
+
+# Make docker happy
+containerd_version: latest
diff --git a/tests/files/packet_debian9-macvlan.yml b/tests/files/packet_debian9-macvlan.yml
index 7a80202f650bc1dd5596756a67f3f6ae407fa9d8..9a481b2b9390abdfae25980f9ac068ef15725f80 100644
--- a/tests/files/packet_debian9-macvlan.yml
+++ b/tests/files/packet_debian9-macvlan.yml
@@ -12,3 +12,6 @@ kube_proxy_masquerade_all: true
macvlan_interface: "eth0"
auto_renew_certificates: true
+
+# Make docker happy
+containerd_version: latest
diff --git a/tests/files/packet_fedora34-kube-ovn-containerd.yml b/tests/files/packet_fedora34-kube-ovn-containerd.yml
index 77d1a711dc9dd3f8dc74df2bcc594ef10bce333e..f3a26624597a04b889fc02aa60e1dfee70ab6164 100644
--- a/tests/files/packet_fedora34-kube-ovn-containerd.yml
+++ b/tests/files/packet_fedora34-kube-ovn-containerd.yml
@@ -5,7 +5,6 @@ mode: default
# Kubespray settings
container_manager: containerd
-containerd_version: latest
etcd_deployment_type: host
deploy_netchecker: true
dns_min_replicas: 1
diff --git a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
index 94261c50b7af582259c4eda2b2b0b21a87cc9874..9861b350210dfb0abc2a2274753a5e46d88305b8 100644
--- a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
+++ b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
@@ -9,5 +9,5 @@ kube_network_plugin: canal
deploy_netchecker: true
dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
-containerd_version: 1.4.6
+# Make docker jobs happy
+containerd_version: latest
diff --git a/tests/files/packet_ubuntu16-canal-sep.yml b/tests/files/packet_ubuntu16-canal-sep.yml
index d4bfc053592bc4a509e9aa641aea32ca18cb9306..44df4f948cc9c766f520ac87e384498ebf1eba0c 100644
--- a/tests/files/packet_ubuntu16-canal-sep.yml
+++ b/tests/files/packet_ubuntu16-canal-sep.yml
@@ -9,5 +9,5 @@ kube_network_plugin: canal
deploy_netchecker: true
dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
-containerd_version: 1.4.6
+# Make docker jobs happy
+containerd_version: latest
diff --git a/tests/files/packet_ubuntu16-flannel-ha.yml b/tests/files/packet_ubuntu16-flannel-ha.yml
index 7c6160922e86cc936fe78883a0a50c03becf4128..5f3b19d9becbf75acd95444a1ddb6192b5cff78e 100644
--- a/tests/files/packet_ubuntu16-flannel-ha.yml
+++ b/tests/files/packet_ubuntu16-flannel-ha.yml
@@ -11,5 +11,5 @@ skip_non_kubeadm_warning: true
deploy_netchecker: true
dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
-containerd_version: 1.4.6
+# Make docker jobs happy
+containerd_version: latest
diff --git a/tests/files/packet_ubuntu16-kube-router-sep.yml b/tests/files/packet_ubuntu16-kube-router-sep.yml
index 5ec5767562ca9cd7b5ea8503cc5977a8d41d7758..e923834aa4e1f5f4bdf91ae2dbbf78b987ed613a 100644
--- a/tests/files/packet_ubuntu16-kube-router-sep.yml
+++ b/tests/files/packet_ubuntu16-kube-router-sep.yml
@@ -9,5 +9,5 @@ kube_network_plugin: kube-router
deploy_netchecker: true
dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
-containerd_version: 1.4.6
+# Make docker jobs happy
+containerd_version: latest
diff --git a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml
index 97ea810d17fa482256a8476fe1bdc6342558c941..043639ad9e16e16df078e6df3b12cf4373f0ad56 100644
--- a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml
+++ b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml
@@ -11,5 +11,5 @@ dns_min_replicas: 1
kube_router_run_service_proxy: true
-# Ubuntu 16 packages for containerd are limited to 1.4.6
-containerd_version: 1.4.6
+# Make docker jobs happy
+containerd_version: latest
diff --git a/tests/files/packet_ubuntu16-weave-sep.yml b/tests/files/packet_ubuntu16-weave-sep.yml
index b06c75e8719ce2400995c2789f8d795eefc8054c..e424a6cc847a9c0148f8d3f65486f7096dc4da1d 100644
--- a/tests/files/packet_ubuntu16-weave-sep.yml
+++ b/tests/files/packet_ubuntu16-weave-sep.yml
@@ -10,5 +10,5 @@ dns_min_replicas: 1
auto_renew_certificates: true
-# Ubuntu 16 packages for containerd are limited to 1.4.6
-containerd_version: 1.4.6
+# Make docker jobs happy
+containerd_version: latest