aef3c9209b
In earlier version of cri-o (at least that been seen in 1.18) cri-o packages have default configuration stored as /etc/crio/crio.conf, with all the default values defined. Setting a value for the key means that was a need to actually change the default. In version up to 1.23 there was even no configuration stored at all, but starting from 1.24, all the default config options has been commented out, and only section names are not commented. Similar situation has been detected for registry configuration, but here it is even more difficult, as in recent version toml format has been used instead of ini. With this patch all of the cases has been covered. Change-Id: Ia1b3dee3979841e798cec11c02ba1412dccef6c2
209 lines
6.7 KiB
Bash
209 lines
6.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Dependencies:
|
|
#
|
|
# - functions
|
|
|
|
# stack.sh
|
|
# ---------
|
|
# - check_crio
|
|
# - install_crio
|
|
# - configure_crio
|
|
# - stop_crio
|
|
|
|
# Save trace setting
|
|
_XTRACE_DOCKER=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock}
|
|
CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)
|
|
|
|
# Functions
|
|
# ---------
|
|
|
|
function check_crio {
|
|
if is_ubuntu; then
|
|
dpkg -l | grep crio-o > /dev/null 2>&1
|
|
else
|
|
false
|
|
# TODO: CentOS/Fedora support.
|
|
fi
|
|
}
|
|
|
|
function install_crio {
|
|
if [[ -z "$os_PACKAGE" ]]; then
|
|
GetOSVersion
|
|
fi
|
|
|
|
local lsb_dist=${os_VENDOR,,}
|
|
local dist_version=${os_CODENAME}
|
|
local kubic_obs_project_key="2472d6d0d2f66af87aba8da34d64390375060aa4"
|
|
local os="x${os_VENDOR}_${os_RELEASE}"
|
|
if is_ubuntu; then
|
|
apt_get install apt-transport-https ca-certificates \
|
|
software-properties-common
|
|
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
|
|
--recv ${kubic_obs_project_key}
|
|
sudo apt-add-repository -y "deb https://download.opensuse.org/"`
|
|
`"repositories/devel:/kubic:/libcontainers:/stable/${os}/ /"
|
|
sudo apt-add-repository -y "deb http://download.opensuse.org/"`
|
|
`"repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/"`
|
|
`"${CRIO_VERSION}/${os}/ /"
|
|
|
|
# Installing podman and containerd will get us compatible versions of
|
|
# cri-o and runc. And we need podman to manage container images anyway.
|
|
apt_get install podman buildah cri-o-runc cri-o
|
|
elif is_fedora; then
|
|
if [[ "$lsb_dist" = "centos" ]]; then
|
|
sudo yum-config-manager \
|
|
--add-repo \
|
|
https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/
|
|
sudo yum-config-manager \
|
|
--add-repo \
|
|
https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/
|
|
fi
|
|
yum_install cri-o podman buildah
|
|
fi
|
|
}
|
|
|
|
function configure_crio {
|
|
# After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
|
|
sudo systemctl stop crio.service || true
|
|
|
|
export CRIO_CONF="/etc/crio/crio.conf"
|
|
|
|
# We're wrapping values in \"<val>\" because that's the format cri-o wants.
|
|
iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
|
|
iniset -sudo ${CRIO_CONF} crio.image pause_image \"${CRIO_PAUSE_IMAGE}\"
|
|
iniset -sudo ${CRIO_CONF} crio.image pause_command \"${CRIO_PAUSE_COMMAND}\"
|
|
if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
|
|
# debug is way too verbose, info will be enough
|
|
iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\"
|
|
fi
|
|
if is_ubuntu; then
|
|
local crio_minor=${CRIO_VERSION#*.}
|
|
# At least for 18.04 we need to set up /etc/containers/registries.conf
|
|
# with some initial content. That's another bug with that PPA.
|
|
local registries_conf
|
|
registries_conf="/etc/containers/registries.conf"
|
|
|
|
if [[ ! -f ${registries_conf} && $crio_minor -lt 24 ]]; then
|
|
sudo mkdir -p `dirname ${registries_conf}`
|
|
cat << EOF | sudo tee ${registries_conf}
|
|
[registries.search]
|
|
registries = ['docker.io']
|
|
EOF
|
|
else
|
|
# If there is a config file, that means, we are probably on the
|
|
# newer version of crio/container/podman, which basically means
|
|
# we cannot mix [registries.search] registries filled with
|
|
# something and unqualified-search-registries setting which appear
|
|
# on sysregistry v2 config syntax. And because it's a TOML now, we
|
|
# cannot rely on iniset, but directly change the file.
|
|
|
|
local rname='unqualified-search-registries'
|
|
local rval='["docker.io", "quay.io"]'
|
|
if [[ ! -f ${registries_conf} ]]; then
|
|
cat << EOF | sudo tee ${registries_conf}
|
|
unqualified-search-registries = ["docker.io", "quay.io"]
|
|
EOF
|
|
elif grep -wq "^${rname}" "${registries_conf}"; then
|
|
sudo sed -i -e \
|
|
"s/^${rname}.*$/${rname} = ${rval}/" "${registries_conf}"
|
|
else
|
|
sudo sed -i "1s/^/${rname} = ${rval}\n/" "${registries_conf}"
|
|
fi
|
|
fi
|
|
# CRI-O from kubic repo have placed runc in different place, not even
|
|
# in path, just to not conflict with runc package from official repo.
|
|
# We need to change it.
|
|
iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \
|
|
\"/usr/lib/cri-o-runc/sbin/runc\"
|
|
|
|
if [ -n "${CNI_CONF_DIR}" ]; then
|
|
iniset -sudo ${CRIO_CONF} crio.network network_dir \
|
|
\"${CNI_CONF_DIR}\"
|
|
fi
|
|
if [ -n "${CNI_PLUGIN_DIR}" ]; then
|
|
iniset -sudo ${CRIO_CONF} crio.network plugin_dir \
|
|
\"${CNI_PLUGIN_DIR}\"
|
|
fi
|
|
# By default CRI-O doesn't allow ICMP between containers, although it
|
|
# is ususally expected for testing purposes.
|
|
if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then
|
|
if grep -wq '^default_sysctls' ${CRIO_CONF}; then
|
|
export CRIO_KEY="default_sysctls"
|
|
export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]'
|
|
_update_config
|
|
else
|
|
iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \
|
|
'[ "net.ipv4.ping_group_range=0 2147483647", ]'
|
|
fi
|
|
fi
|
|
elif is_fedora; then
|
|
local lsb_dist=${os_VENDOR,,}
|
|
|
|
if [[ "$lsb_dist" = "centos" ]]; then
|
|
# CentOS packages are putting runc binary in different place...
|
|
iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\"
|
|
|
|
# CentOS version seems to only work with cgroupfs...
|
|
iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\"
|
|
fi
|
|
fi
|
|
|
|
sudo systemctl --no-block restart crio.service
|
|
}
|
|
|
|
function stop_crio {
|
|
sudo systemctl stop crio.service || true
|
|
}
|
|
|
|
function _update_config {
|
|
sudo -E python3 - <<EOF
|
|
"""
|
|
Update provided by CRIO_KEY key list in crio configuration in a form of:
|
|
|
|
some_key = [ some,
|
|
value
|
|
]
|
|
|
|
or just an empty list:
|
|
|
|
some_key = [
|
|
]
|
|
|
|
with the CRIO_VAL value.
|
|
|
|
Note, CRIO_VAL must include square brackets.
|
|
|
|
"""
|
|
import os
|
|
import re
|
|
|
|
crio_key = os.environ.get('CRIO_KEY')
|
|
crio_val = os.environ.get('CRIO_VAL')
|
|
crio_conf = os.environ.get('CRIO_CONF')
|
|
|
|
pat = re.compile(rf'{crio_key}\s*=\s*\[[^\]]*\]', flags=re.S | re.M)
|
|
|
|
with open(crio_conf) as fobj:
|
|
conf = fobj.read()
|
|
|
|
with open(crio_conf, 'w') as fobj:
|
|
search = pat.search(conf)
|
|
if search:
|
|
start, end = search.span()
|
|
conf = conf[:start] + f'{crio_key} = {crio_val}' + conf[end:]
|
|
fobj.write(conf)
|
|
|
|
EOF
|
|
}
|
|
|
|
# Restore xtrace
|
|
$_XTRACE_DOCKER
|