diff --git a/defaults/main.yml b/defaults/main.yml index f8a0005..e02a345 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -84,8 +84,10 @@ zun_kuryr_log_dir: "/var/log/kuryr" ## Docker setup information zun_docker_package_version: "{{ _zun_docker_package_version }}" zun_containerd_package_version: "{{ _zun_containerd_package_version }}" -zun_kata_package_version: "{{ _zun_kata_package_version }}" -zun_kata_enabled: "{{ _zun_kata_enabled }}" +zun_kata_package_version: "3.1.0" +zun_kata_package_source: "https://github.com/kata-containers/kata-containers/releases/download/{{ zun_kata_package_version }}/kata-static-{{ zun_kata_package_version }}-x86_64.tar.xz" +zun_kata_package_checksum: sha256:452cc850e021539c14359d016aba18ddba128f59aa9ab637738296d9b5cd78a0 +zun_kata_enabled: "True" # Set a list of users that are permitted to execute the docker binary. zun_docker_users: @@ -367,7 +369,7 @@ zun_docker_init_defaults: Service: ExecStart: - "" - - "/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}{% if zun_kata_enabled %} --add-runtime kata=/usr/bin/kata-runtime{% endif %}" + - "/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['management_address'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}{% if zun_kata_enabled %} --add-runtime kata=/opt/kata/bin/kata-runtime{% endif %}" ## Tunable overrides for service unit files. zun_api_paste_ini_overrides: {} diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml index 6e591a5..471eaf2 100644 --- a/tasks/zun_compute.yml +++ b/tasks/zun_compute.yml @@ -31,15 +31,6 @@ - package: "containerd.io" version: "{{ zun_containerd_package_version }}" priority: 1000 - - package: "kata-runtime" - version: "{{ zun_kata_package_version }}" - priority: 1000 - - package: "kata-proxy" - version: "{{ zun_kata_package_version }}" - priority: 1000 - - package: "kata-shim" - version: "{{ zun_kata_package_version }}" - priority: 1000 - name: Get apt gpg key get_url: @@ -110,23 +101,60 @@ cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}" enablerepo: "{{ (ansible_facts['pkg_mgr'] == 'dnf') | ternary('extras', omit) }}" -- name: Ensure the containerd config directory exists - file: - path: "/etc/containerd" - state: "directory" - owner: "root" - group: "root" - mode: "0755" +- name: Install and configure katacontainers + when: zun_kata_enabled | bool + block: + - name: Download kata package + get_url: + url: "{{ zun_kata_package_source }}" + dest: "/opt/{{ zun_kata_package_source | basename }}" + mode: '0440' + checksum: "{{ zun_kata_package_checksum }}" + register: _kata_downloaded -- name: Configure containerd - template: - src: "config.toml.j2" - dest: "/etc/containerd/config.toml" - mode: "0644" - owner: "root" - group: "root" - notify: - - Restart containerd + - name: Unpack package + unarchive: + src: "/opt/{{ zun_kata_package_source | basename }}" + dest: /opt/ + remote_src: True + owner: root + group: root + extra_opts: + - --strip-components=2 + when: _kata_downloaded is changed + notify: + - Restart containerd + + - name: Symlink kata binaries to PATH + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: link + with_items: + - src: /opt/kata/bin/containerd-shim-kata-v2 + dest: /usr/local/bin/containerd-shim-kata-v2 + - src: /opt/kata/bin/kata-collect-data.sh + dest: /usr/local/bin/kata-collect-data.sh + - src: /opt/kata/bin/kata-runtime + dest: /usr/local/bin/kata-runtime + + - name: Ensure the containerd config directory exists + file: + path: "/etc/containerd" + state: "directory" + owner: "root" + group: "root" + mode: "0755" + + - name: Configure containerd + template: + src: "config.toml.j2" + dest: "/etc/containerd/config.toml" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart containerd - name: Ensure the Docker config directory exists file: diff --git a/vars/debian-11.yml b/vars/debian-11.yml deleted file mode 100644 index 5c60382..0000000 --- a/vars/debian-11.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2018, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -_zun_docker_package_version: "5:20.10.6~*" -_zun_containerd_package_version: "1.4.4-1" -_zun_kata_package_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}" -# Kata packages are not currently available for Debian Bullseye -_zun_kata_enabled: False - -zun_docker_repo: - - name: "docker-ce" - repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} stable" - gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg" - -# Common apt packages -zun_distro_packages: - - ca-certificates - - curl - - git - - libsystemd-dev - - software-properties-common - -zun_distro_compute_packages: - - containerd.io - - docker-ce-cli - - docker-ce - - pciutils - - numactl - - multipath-tools - -zun_docker_groupname: docker - -## APT Cache options -cache_timeout: 600 diff --git a/vars/debian.yml b/vars/debian.yml index 9816361..4ae6dc4 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -13,21 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -_zun_docker_package_version: "5:19.03.14~*" -_zun_containerd_package_version: "1.4.3-1" -_zun_kata_package_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}" -_zun_kata_enabled: True - -zun_kata_repo_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('stable-1.12', 'stable-1.11') }}" -zun_kata_repo_distro: "{{ (ansible_facts['distribution'] | lower == 'ubuntu') | ternary('x', '') }}{{ ansible_facts['distribution'] | capitalize }}" +_zun_docker_package_version: "5:20.10.24~*" +_zun_containerd_package_version: "1.6.20-1" zun_docker_repo: - name: "docker-ce" repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} stable" gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg" - - name: "kata" - repo: "deb https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_facts['architecture'] }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_facts['distribution_version'] }}/ /" - gpg_uri: "https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_facts['architecture'] }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_facts['distribution_version'] }}/Release.key" # Common apt packages zun_distro_packages: @@ -44,9 +36,6 @@ zun_distro_compute_packages: - pciutils - numactl - multipath-tools - - kata-runtime - - kata-proxy - - kata-shim zun_docker_groupname: docker diff --git a/vars/redhat.yml b/vars/redhat.yml index d10836b..0c1efa7 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -13,20 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -_zun_docker_package_version: "19.03.14-3" -_zun_containerd_package_version: "1.4.3-3.1" -_zun_kata_package_version: "1.11.3-1" -_zun_kata_enabled: True +_zun_docker_package_version: "20.10.24-3" +_zun_containerd_package_version: "1.6.20-3.1" zun_docker_repo: - name: "docker-ce" description: Docker CE Stable repo: "https://download.docker.com/linux/centos/{{ ansible_facts['distribution_major_version'] }}/$basearch/stable" gpgkey: "https://download.docker.com/linux/centos/gpg" - - name: "kata" - description: Kata runtime - repo: "https://vault.centos.org/8.5.2111/virt/$basearch/kata-containers" - gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Official" + # Common yum packages zun_distro_packages: @@ -41,8 +36,7 @@ zun_distro_compute_packages: - pciutils - numactl - device-mapper-multipath - - "kata-runtime-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64" - - "kata-shim-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64" + # NOTE: This package is unavailable from the centos mirrors # - "kata-proxy-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 8f023d2..f210ce0 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -21,13 +21,9 @@ - build-release-notes-jobs-python3 check: jobs: - - openstack-ansible-deploy-aio_metal-centos-8-stream - - openstack-ansible-deploy-aio_metal-ubuntu-focal - - openstack-ansible-upgrade-aio_metal-centos-8-stream - - openstack-ansible-upgrade-aio_metal-ubuntu-focal + - openstack-ansible-deploy-aio_lxb_metal-centos-9-stream + - openstack-ansible-deploy-aio_lxb_metal-ubuntu-focal gate: jobs: - - openstack-ansible-deploy-aio_metal-centos-8-stream - - openstack-ansible-deploy-aio_metal-ubuntu-focal - - openstack-ansible-upgrade-aio_metal-centos-8-stream - - openstack-ansible-upgrade-aio_metal-ubuntu-focal + - openstack-ansible-deploy-aio_lxb_metal-centos-9-stream + - openstack-ansible-deploy-aio_lxb_metal-ubuntu-focal