diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index 6bc0d72380eaeb22c60abd5a7992fcb75f8be728..ffbb0cfb26b280c3f9cd072aa2a5dad4651a48b7 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -2,6 +2,7 @@
crio_cgroup_manager: "{{ kubelet_cgroup_driver | default('systemd') }}"
crio_conmon: "{{ bin_dir }}/conmon"
+crio_libexec_dir: "/usr/libexec/crio"
crio_enable_metrics: false
crio_log_level: "info"
crio_metrics_port: "9090"
@@ -40,7 +41,7 @@ crio_required_version: "{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<m
# The crio_runtimes variable defines a list of OCI compatible runtimes.
crio_runtimes:
- name: runc
- path: "{{ bin_dir }}/runc"
+ path: "{{ crio_runtime_bin_dir }}/runc"
type: oci
root: /run/runc
@@ -58,7 +59,7 @@ kata_runtimes:
# crun is a fast and low-memory footprint OCI Container Runtime fully written in C.
crun_runtime:
name: crun
- path: "{{ bin_dir }}/crun"
+ path: "{{ crio_runtime_bin_dir }}/crun"
type: oci
root: /run/crun
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index bde2e075623471c9ae507960ab5f1e877d315160..cdcd1f41954e42e8dcb7ce94848c58ab684b9e8c 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -82,6 +82,23 @@
- "{{ crio_bin_files }}"
notify: Restart crio
+- name: Cri-o | create directory for libexec
+ file:
+ path: "{{ crio_libexec_dir }}"
+ state: directory
+ owner: root
+ mode: "0755"
+
+- name: Cri-o | copy libexec
+ copy:
+ src: "{{ local_release_dir }}/cri-o/bin/{{ item }}"
+ dest: "{{ crio_libexec_dir }}/{{ item }}"
+ mode: "0755"
+ remote_src: true
+ with_items:
+ - "{{ crio_libexec_files }}"
+ notify: Restart crio
+
- name: Cri-o | copy service file
copy:
src: "{{ local_release_dir }}/cri-o/contrib/crio.service"
diff --git a/roles/container-engine/cri-o/tasks/reset.yml b/roles/container-engine/cri-o/tasks/reset.yml
index 53d47143477727324087e7f42e1a33d712d21d81..7f573ead4b0282d4a2824cd0e63fd9ea45a66fa9 100644
--- a/roles/container-engine/cri-o/tasks/reset.yml
+++ b/roles/container-engine/cri-o/tasks/reset.yml
@@ -88,3 +88,11 @@
with_items: "{{ crio_bin_files }}"
tags:
- reset_crio
+
+- name: CRI-O | Remove CRI-O libexec
+ file:
+ name: "{{ item }}"
+ state: absent
+ with_items: "{{ crio_libexec_files }}"
+ tags:
+ - reset_crio
diff --git a/roles/container-engine/cri-o/vars/v1.28.yml b/roles/container-engine/cri-o/vars/v1.28.yml
index a6a8b673da8173b7e9d17f8c21975784eb49740b..865a12e92b8187c7cbd6892ed5c4836f0a79bb5f 100644
--- a/roles/container-engine/cri-o/vars/v1.28.yml
+++ b/roles/container-engine/cri-o/vars/v1.28.yml
@@ -1,4 +1,6 @@
---
+crio_runtime_bin_dir: "{{ bin_dir }}"
+
# cri-o binary files
crio_bin_files:
- conmon
diff --git a/roles/container-engine/cri-o/vars/v1.29.yml b/roles/container-engine/cri-o/vars/v1.29.yml
index ddf34c73f116c37745981059c1f960063fad981a..d8e6ccf22721b33129a73bf37ed6faca1c219c91 100644
--- a/roles/container-engine/cri-o/vars/v1.29.yml
+++ b/roles/container-engine/cri-o/vars/v1.29.yml
@@ -1,5 +1,6 @@
---
crio_conmon: "{{ bin_dir }}/crio-conmon"
+crio_runtime_bin_dir: "{{ bin_dir }}"
# cri-o binary files
crio_bin_files:
diff --git a/roles/container-engine/cri-o/vars/v1.31.yml b/roles/container-engine/cri-o/vars/v1.31.yml
index 2461109ccbfd6365864821796910e79e5dc7e10a..d84e00ef3dd860f133097a4ad5558abe152bc43e 100644
--- a/roles/container-engine/cri-o/vars/v1.31.yml
+++ b/roles/container-engine/cri-o/vars/v1.31.yml
@@ -1,13 +1,16 @@
---
-crio_conmon: "{{ bin_dir }}/conmon"
+crio_conmon: "{{ crio_libexec_dir }}/conmon"
+crio_runtime_bin_dir: "{{ crio_libexec_dir }}"
# cri-o binary files
crio_bin_files:
+ - crio
+ - pinns
+
+crio_libexec_files:
- conmon
- conmonrs
- crun
- runc
- - crio
- - pinns
crio_status_command: crio status
diff --git a/roles/container-engine/youki/tasks/main.yml b/roles/container-engine/youki/tasks/main.yml
index 86182a3663e975f70aada4b9bbc78414964d2a9b..7750c65b8d299f9992d4dffbb33aefee616c2049 100644
--- a/roles/container-engine/youki/tasks/main.yml
+++ b/roles/container-engine/youki/tasks/main.yml
@@ -6,7 +6,7 @@
- name: Youki | Copy youki binary from download dir
copy:
- src: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-{{ youki_version }}/youki"
+ src: "{{ local_release_dir }}/youki"
dest: "{{ youki_bin_dir }}/youki"
mode: "0755"
remote_src: true
diff --git a/roles/kubespray-defaults/defaults/main/checksums.yml b/roles/kubespray-defaults/defaults/main/checksums.yml
index 5bf3204088a822fa8ba68f62bdaa95944a9a039d..41cf204be63d77262a0a2ad75408b449cce9cb3b 100644
--- a/roles/kubespray-defaults/defaults/main/checksums.yml
+++ b/roles/kubespray-defaults/defaults/main/checksums.yml
@@ -900,37 +900,37 @@ crun_checksums:
1.9.2: 0
youki_checksums:
arm:
+ 0.4.1: 0
+ 0.4.0: 0
0.3.2: 0
0.3.1: 0
0.3.0: 0
0.2.0: 0
0.1.0: 0
- 0.0.5: 0
- 0.0.4: 0
arm64:
+ 0.4.1: 0
+ 0.4.0: 0
0.3.2: 0
0.3.1: 0
0.3.0: 0
0.2.0: 0
0.1.0: 0
- 0.0.5: 0
- 0.0.4: 0
amd64:
- 0.3.2: 0
- 0.3.1: 0
+ 0.4.1: 6504a43c28710d2cb3dd6535ae9222c0570e954a799a787ccf5e5d611996bf11
+ 0.4.0: a9fb31c7388ed786a2a1b6361cf4aaa7c3e3b62be4c3d36dc15331416a3d6290
+ 0.3.2: fe80475ad6e727a50f7c0b89e26e4632dd55e477c99bbca192ad1d5fee065377
+ 0.3.1: 8a92304312982246d5ad9c00da367868dcc4d331fd992ca89dada8eff9cbdeaf
0.3.0: 741ba3cd85d768bebba02598cedcf3b15a2160e4d6ce33a3d5c4e1b3080f9c1c
0.2.0: b268689a91db07feebfd41d5806b10c7d051fbcbf7efb15076e2228763ac0762
0.1.0: f00677e9674215b44f140f0c0f4b79b0001c72c073d2c5bb514b7a9dcb13bdbc
- 0.0.5: 8504f4c35a24b96782b9e0feb7813aba4e7262c55a39b8368e94c80c9a4ec564
- 0.0.4: c213376393cb16462ef56586e68fef9ec5b5dd80787e7152f911d7cfd72d952e
ppc64le:
+ 0.4.1: 0
+ 0.4.0: 0
0.3.2: 0
0.3.1: 0
0.3.0: 0
0.2.0: 0
0.1.0: 0
- 0.0.5: 0
- 0.0.4: 0
kata_containers_binary_checksums:
arm:
3.2.0: 0
diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml
index 5425f7351481f86879cf51126f7b9092e3eef63f..afd41debc9551db8fe805619dcc98eeeff24dbaf 100644
--- a/roles/kubespray-defaults/defaults/main/download.yml
+++ b/roles/kubespray-defaults/defaults/main/download.yml
@@ -77,7 +77,7 @@ image_arch: "{{ host_architecture | default('amd64') }}"
crun_version: 1.14.4
runc_version: v1.1.14
kata_containers_version: 3.1.3
-youki_version: 0.1.0
+youki_version: 0.4.1
gvisor_version: 20240305
containerd_version: 1.7.22
cri_dockerd_version: 0.3.11
@@ -188,7 +188,7 @@ crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_
helm_download_url: "{{ get_helm_url }}/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
runc_download_url: "{{ github_url }}/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
crun_download_url: "{{ github_url }}/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
-youki_download_url: "{{ github_url }}/containers/youki/releases/download/v{{ youki_version }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
+youki_download_url: "{{ github_url }}/containers/youki/releases/download/v{{ youki_version }}/youki-{{ youki_version }}-{{ ansible_architecture }}-musl.tar.gz"
kata_containers_download_url: "{{ github_url }}/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
# gVisor only supports amd64 and uses x86_64 to in the download link
gvisor_runsc_download_url: "{{ storage_googleapis_url }}/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc"
@@ -524,7 +524,7 @@ downloads:
file: true
enabled: "{{ container_manager == 'crio' }}"
version: "{{ crio_version }}"
- dest: "{{ local_release_dir }}/cri-o.{{ image_arch }}.{{ crio_version }}tar.gz"
+ dest: "{{ local_release_dir }}/cri-o.{{ image_arch }}.{{ crio_version }}.tar.gz"
sha256: "{{ crio_archive_checksum }}"
url: "{{ crio_download_url }}"
unarchive: true
@@ -565,7 +565,7 @@ downloads:
file: true
enabled: "{{ youki_enabled }}"
version: "{{ youki_version }}"
- dest: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
+ dest: "{{ local_release_dir }}/youki-{{ youki_version }}-{{ ansible_architecture }}.tar.gz"
sha256: "{{ youki_archive_checksum }}"
url: "{{ youki_download_url }}"
unarchive: true