openstack/openstack-ansible-os_zun
Code Issues Proposed changes

Install kata containers from source

Browse Source 
At the moment there are no repositories exists for Ubuntu/Debian
to install kata from. The only options are snap or source installation.

To avoid using snap, we're fetching kata release from github and
proceeding with source installation.

With that we also update docker version to existing in the repos,
as otherwise it get's 23.0.0 installed, which fails to startup
due to removal of standalone mode support.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/883194
Change-Id: I3ee976062d9288536270f9b1d80750749174af22
This commit is contained in:
Dmitriy Rabotyagov 2023-04-13 13:59:03 +02:00 committed by Dmitriy Rabotyagov
parent bdbddd26cc
commit 51e347dcb9
6 changed files with 68 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
defaults/main.yml
View File

@ -84,8 +84,10 @@ zun_kuryr_log_dir: "/var/log/kuryr"
## Docker setup information
zun_docker_package_version: "{{ _zun_docker_package_version }}"
zun_containerd_package_version: "{{ _zun_containerd_package_version }}"
zun_kata_package_version: "{{ _zun_kata_package_version }}"
zun_kata_enabled: "{{ _zun_kata_enabled }}"
zun_kata_package_version: "3.1.0"
zun_kata_package_source: "https://github.com/kata-containers/kata-containers/releases/download/{{ zun_kata_package_version }}/kata-static-{{ zun_kata_package_version }}-x86_64.tar.xz"
zun_kata_package_checksum: sha256:452cc850e021539c14359d016aba18ddba128f59aa9ab637738296d9b5cd78a0
zun_kata_enabled: "True"
# Set a list of users that are permitted to execute the docker binary.
zun_docker_users:
@ -367,7 +369,7 @@ zun_docker_init_defaults:
Service:
ExecStart:
- ""
- "/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}{% if zun_kata_enabled %} --add-runtime kata=/usr/bin/kata-runtime{% endif %}"
- "/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['management_address'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}{% if zun_kata_enabled %} --add-runtime kata=/opt/kata/bin/kata-runtime{% endif %}"
## Tunable overrides for service unit files.
zun_api_paste_ini_overrides: {}

78
tasks/zun_compute.yml
View File

@ -31,15 +31,6 @@
- package: "containerd.io"
version: "{{ zun_containerd_package_version }}"
priority: 1000
- package: "kata-runtime"
version: "{{ zun_kata_package_version }}"
priority: 1000
- package: "kata-proxy"
version: "{{ zun_kata_package_version }}"
priority: 1000
- package: "kata-shim"
version: "{{ zun_kata_package_version }}"
priority: 1000
- name: Get apt gpg key
get_url:
@ -110,23 +101,60 @@
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}"
enablerepo: "{{ (ansible_facts['pkg_mgr'] == 'dnf') | ternary('extras', omit) }}"
- name: Ensure the containerd config directory exists
file:
path: "/etc/containerd"
state: "directory"
owner: "root"
group: "root"
mode: "0755"
- name: Install and configure katacontainers
when: zun_kata_enabled | bool
block:
- name: Download kata package
get_url:
url: "{{ zun_kata_package_source }}"
dest: "/opt/{{ zun_kata_package_source | basename }}"
mode: '0440'
checksum: "{{ zun_kata_package_checksum }}"
register: _kata_downloaded
- name: Configure containerd
template:
src: "config.toml.j2"
dest: "/etc/containerd/config.toml"
mode: "0644"
owner: "root"
group: "root"
notify:
- Restart containerd
- name: Unpack package
unarchive:
src: "/opt/{{ zun_kata_package_source | basename }}"
dest: /opt/
remote_src: True
owner: root
group: root
extra_opts:
- --strip-components=2
when: _kata_downloaded is changed
notify:
- Restart containerd
- name: Symlink kata binaries to PATH
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: link
with_items:
- src: /opt/kata/bin/containerd-shim-kata-v2
dest: /usr/local/bin/containerd-shim-kata-v2
- src: /opt/kata/bin/kata-collect-data.sh
dest: /usr/local/bin/kata-collect-data.sh
- src: /opt/kata/bin/kata-runtime
dest: /usr/local/bin/kata-runtime
- name: Ensure the containerd config directory exists
file:
path: "/etc/containerd"
state: "directory"
owner: "root"
group: "root"
mode: "0755"
- name: Configure containerd
template:
src: "config.toml.j2"
dest: "/etc/containerd/config.toml"
mode: "0644"
owner: "root"
group: "root"
notify:
- Restart containerd
- name: Ensure the Docker config directory exists
file:

46
vars/debian-11.yml
View File

@ -1,46 +0,0 @@
---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
_zun_docker_package_version: "5:20.10.6~*"
_zun_containerd_package_version: "1.4.4-1"
_zun_kata_package_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}"
# Kata packages are not currently available for Debian Bullseye
_zun_kata_enabled: False
zun_docker_repo:
- name: "docker-ce"
repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} stable"
gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg"
# Common apt packages
zun_distro_packages:
- ca-certificates
- curl
- git
- libsystemd-dev
- software-properties-common
zun_distro_compute_packages:
- containerd.io
- docker-ce-cli
- docker-ce
- pciutils
- numactl
- multipath-tools
zun_docker_groupname: docker
## APT Cache options
cache_timeout: 600

15
vars/debian.yml
View File

@ -13,21 +13,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
_zun_docker_package_version: "5:19.03.14~*"
_zun_containerd_package_version: "1.4.3-1"
_zun_kata_package_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}"
_zun_kata_enabled: True
zun_kata_repo_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('stable-1.12', 'stable-1.11') }}"
zun_kata_repo_distro: "{{ (ansible_facts['distribution'] | lower == 'ubuntu') | ternary('x', '') }}{{ ansible_facts['distribution'] | capitalize }}"
_zun_docker_package_version: "5:20.10.24~*"
_zun_containerd_package_version: "1.6.20-1"
zun_docker_repo:
- name: "docker-ce"
repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} stable"
gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg"
- name: "kata"
repo: "deb https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_facts['architecture'] }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_facts['distribution_version'] }}/ /"
gpg_uri: "https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_facts['architecture'] }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_facts['distribution_version'] }}/Release.key"
# Common apt packages
zun_distro_packages:
@ -44,9 +36,6 @@ zun_distro_compute_packages:
- pciutils
- numactl
- multipath-tools
- kata-runtime
- kata-proxy
- kata-shim
zun_docker_groupname: docker

14
vars/redhat.yml
View File

@ -13,20 +13,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
_zun_docker_package_version: "19.03.14-3"
_zun_containerd_package_version: "1.4.3-3.1"
_zun_kata_package_version: "1.11.3-1"
_zun_kata_enabled: True
_zun_docker_package_version: "20.10.24-3"
_zun_containerd_package_version: "1.6.20-3.1"
zun_docker_repo:
- name: "docker-ce"
description: Docker CE Stable
repo: "https://download.docker.com/linux/centos/{{ ansible_facts['distribution_major_version'] }}/$basearch/stable"
gpgkey: "https://download.docker.com/linux/centos/gpg"
- name: "kata"
description: Kata runtime
repo: "https://vault.centos.org/8.5.2111/virt/$basearch/kata-containers"
gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Official"
# Common yum packages
zun_distro_packages:
@ -41,8 +36,7 @@ zun_distro_compute_packages:
- pciutils
- numactl
- device-mapper-multipath
- "kata-runtime-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64"
- "kata-shim-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64"
# NOTE: This package is unavailable from the centos mirrors
# - "kata-proxy-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64"

12
zuul.d/project.yaml
View File

@ -21,13 +21,9 @@
- build-release-notes-jobs-python3
check:
jobs:
- openstack-ansible-deploy-aio_metal-centos-8-stream
- openstack-ansible-deploy-aio_metal-ubuntu-focal
- openstack-ansible-upgrade-aio_metal-centos-8-stream
- openstack-ansible-upgrade-aio_metal-ubuntu-focal
- openstack-ansible-deploy-aio_lxb_metal-centos-9-stream
- openstack-ansible-deploy-aio_lxb_metal-ubuntu-focal
gate:
jobs:
- openstack-ansible-deploy-aio_metal-centos-8-stream
- openstack-ansible-deploy-aio_metal-ubuntu-focal
- openstack-ansible-upgrade-aio_metal-centos-8-stream
- openstack-ansible-upgrade-aio_metal-ubuntu-focal
- openstack-ansible-deploy-aio_lxb_metal-centos-9-stream
- openstack-ansible-deploy-aio_lxb_metal-ubuntu-focal