222 lines
7.3 KiB
Bash
222 lines
7.3 KiB
Bash
#!/bin/bash
|
|
|
|
# Dependencies:
|
|
#
|
|
# - functions
|
|
|
|
# stack.sh
|
|
# ---------
|
|
# - check_crio
|
|
# - install_crio
|
|
# - configure_crio
|
|
# - stop_crio
|
|
|
|
# Save trace setting
|
|
_XTRACE_DOCKER=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock}
|
|
CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)
|
|
|
|
# Functions
|
|
# ---------
|
|
|
|
function check_crio {
|
|
if is_ubuntu; then
|
|
dpkg -l | grep crio-o > /dev/null 2>&1
|
|
else
|
|
false
|
|
# TODO: CentOS/Fedora support.
|
|
fi
|
|
}
|
|
|
|
function install_crio {
|
|
if [[ -z "$os_PACKAGE" ]]; then
|
|
GetOSVersion
|
|
fi
|
|
|
|
local lsb_dist=${os_VENDOR,,}
|
|
local dist_version=${os_CODENAME}
|
|
local kubic_obs_project_key="2472d6d0d2f66af87aba8da34d64390375060aa4"
|
|
local os="x${os_VENDOR}_${os_RELEASE}"
|
|
if is_ubuntu; then
|
|
apt_get install apt-transport-https ca-certificates \
|
|
software-properties-common
|
|
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
|
|
--recv ${kubic_obs_project_key}
|
|
sudo apt-add-repository -y "deb https://download.opensuse.org/"`
|
|
`"repositories/devel:/kubic:/libcontainers:/stable/${os}/ /"
|
|
sudo apt-add-repository -y "deb http://download.opensuse.org/"`
|
|
`"repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/"`
|
|
`"${CRIO_VERSION}/${os}/ /"
|
|
|
|
# Installing podman and containerd will get us compatible versions of
|
|
# cri-o and runc. And we need podman to manage container images anyway.
|
|
apt_get install podman buildah cri-o-runc cri-o
|
|
sudo systemctl enable crio
|
|
elif is_fedora; then
|
|
if [[ "$lsb_dist" = "centos" ]]; then
|
|
sudo yum-config-manager \
|
|
--add-repo \
|
|
https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/
|
|
sudo yum-config-manager \
|
|
--add-repo \
|
|
https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/
|
|
fi
|
|
if [[ "${os_VENDOR}" == *'Stream' ]]; then
|
|
local stream="_Stream"
|
|
fi
|
|
# NOTE: All crio versions are not supported for Centos 8 stream
|
|
# because crio rpm is not present for some minor versions
|
|
sudo yum-config-manager \
|
|
--add-repo \
|
|
"https://download.opensuse.org/repositories/"`
|
|
`"devel:/kubic:/libcontainers:/stable:/cri-o:/${CRIO_VERSION}/"`
|
|
`"CentOS_${os_RELEASE}${stream}/"`
|
|
`"devel:kubic:libcontainers:stable:cri-o:${CRIO_VERSION}.repo"
|
|
|
|
yum_install cri-o podman buildah
|
|
fi
|
|
}
|
|
|
|
function configure_crio {
|
|
# After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
|
|
sudo systemctl stop crio.service || true
|
|
|
|
export CRIO_CONF="/etc/crio/crio.conf"
|
|
|
|
# We're wrapping values in \"<val>\" because that's the format cri-o wants.
|
|
iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
|
|
iniset -sudo ${CRIO_CONF} crio.image pause_image \"${CRIO_PAUSE_IMAGE}\"
|
|
iniset -sudo ${CRIO_CONF} crio.image pause_command \"${CRIO_PAUSE_COMMAND}\"
|
|
if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
|
|
# debug is way too verbose, info will be enough
|
|
iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\"
|
|
fi
|
|
if is_ubuntu; then
|
|
local crio_minor=${CRIO_VERSION#*.}
|
|
# At least for 18.04 we need to set up /etc/containers/registries.conf
|
|
# with some initial content. That's another bug with that PPA.
|
|
local registries_conf
|
|
registries_conf="/etc/containers/registries.conf"
|
|
|
|
if [[ ! -f ${registries_conf} && $crio_minor -lt 24 ]]; then
|
|
sudo mkdir -p `dirname ${registries_conf}`
|
|
cat << EOF | sudo tee ${registries_conf}
|
|
[registries.search]
|
|
registries = ['docker.io']
|
|
EOF
|
|
else
|
|
# If there is a config file, that means, we are probably on the
|
|
# newer version of crio/container/podman, which basically means
|
|
# we cannot mix [registries.search] registries filled with
|
|
# something and unqualified-search-registries setting which appear
|
|
# on sysregistry v2 config syntax. And because it's a TOML now, we
|
|
# cannot rely on iniset, but directly change the file.
|
|
|
|
local rname='unqualified-search-registries'
|
|
local rval='["docker.io", "quay.io"]'
|
|
if [[ ! -f ${registries_conf} ]]; then
|
|
cat << EOF | sudo tee ${registries_conf}
|
|
unqualified-search-registries = ["docker.io", "quay.io"]
|
|
EOF
|
|
elif grep -wq "^${rname}" "${registries_conf}"; then
|
|
sudo sed -i -e \
|
|
"s/^${rname}.*$/${rname} = ${rval}/" "${registries_conf}"
|
|
else
|
|
sudo sed -i "1s/^/${rname} = ${rval}\n/" "${registries_conf}"
|
|
fi
|
|
fi
|
|
# CRI-O from kubic repo have placed runc in different place, not even
|
|
# in path, just to not conflict with runc package from official repo.
|
|
# We need to change it.
|
|
iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \
|
|
\"/usr/lib/cri-o-runc/sbin/runc\"
|
|
|
|
if [ -n "${CNI_CONF_DIR}" ]; then
|
|
iniset -sudo ${CRIO_CONF} crio.network network_dir \
|
|
\"${CNI_CONF_DIR}\"
|
|
fi
|
|
if [ -n "${CNI_PLUGIN_DIR}" ]; then
|
|
iniset -sudo ${CRIO_CONF} crio.network plugin_dir \
|
|
\"${CNI_PLUGIN_DIR}\"
|
|
fi
|
|
# By default CRI-O doesn't allow ICMP between containers, although it
|
|
# is ususally expected for testing purposes.
|
|
if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then
|
|
if grep -wq '^default_sysctls' ${CRIO_CONF}; then
|
|
export CRIO_KEY="default_sysctls"
|
|
export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]'
|
|
_update_config
|
|
else
|
|
iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \
|
|
'[ "net.ipv4.ping_group_range=0 2147483647", ]'
|
|
fi
|
|
fi
|
|
elif is_fedora; then
|
|
local lsb_dist=${os_VENDOR,,}
|
|
|
|
if [[ "$lsb_dist" = "centos" ]]; then
|
|
# CentOS packages are putting runc binary in different place...
|
|
iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\"
|
|
|
|
# CentOS version seems to only work with cgroupfs...
|
|
iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\"
|
|
fi
|
|
fi
|
|
|
|
sudo systemctl --no-block restart crio.service
|
|
}
|
|
|
|
function stop_crio {
|
|
sudo systemctl stop crio.service || true
|
|
}
|
|
|
|
function _update_config {
|
|
sudo -E python3 - <<EOF
|
|
"""
|
|
Update provided by CRIO_KEY key list in crio configuration in a form of:
|
|
|
|
some_key = [ some,
|
|
value
|
|
]
|
|
|
|
or just an empty list:
|
|
|
|
some_key = [
|
|
]
|
|
|
|
with the CRIO_VAL value.
|
|
|
|
Note, CRIO_VAL must include square brackets.
|
|
|
|
"""
|
|
import os
|
|
import re
|
|
|
|
crio_key = os.environ.get('CRIO_KEY')
|
|
crio_val = os.environ.get('CRIO_VAL')
|
|
crio_conf = os.environ.get('CRIO_CONF')
|
|
|
|
pat = re.compile(rf'{crio_key}\s*=\s*\[[^\]]*\]', flags=re.S | re.M)
|
|
|
|
with open(crio_conf) as fobj:
|
|
conf = fobj.read()
|
|
|
|
with open(crio_conf, 'w') as fobj:
|
|
search = pat.search(conf)
|
|
if search:
|
|
start, end = search.span()
|
|
conf = conf[:start] + f'{crio_key} = {crio_val}' + conf[end:]
|
|
fobj.write(conf)
|
|
|
|
EOF
|
|
}
|
|
|
|
# Restore xtrace
|
|
$_XTRACE_DOCKER
|