From 51e347dcb9905d8f6d1b85c38b72234fe8e49c94 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Thu, 13 Apr 2023 13:59:03 +0200 Subject: [PATCH] Install kata containers from source At the moment there are no repositories exists for Ubuntu/Debian to install kata from. The only options are snap or source installation. To avoid using snap, we're fetching kata release from github and proceeding with source installation. With that we also update docker version to existing in the repos, as otherwise it get's 23.0.0 installed, which fails to startup due to removal of standalone mode support. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/883194 Change-Id: I3ee976062d9288536270f9b1d80750749174af22 --- defaults/main.yml | 8 +++-- tasks/zun_compute.yml | 78 +++++++++++++++++++++++++++++-------------- vars/debian-11.yml | 46 ------------------------- vars/debian.yml | 15 ++------- vars/redhat.yml | 14 +++----- zuul.d/project.yaml | 12 +++---- 6 files changed, 68 insertions(+), 105 deletions(-) delete mode 100644 vars/debian-11.yml diff --git a/defaults/main.yml b/defaults/main.yml index f8a0005..e02a345 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -84,8 +84,10 @@ zun_kuryr_log_dir: "/var/log/kuryr" ## Docker setup information zun_docker_package_version: "{{ _zun_docker_package_version }}" zun_containerd_package_version: "{{ _zun_containerd_package_version }}" -zun_kata_package_version: "{{ _zun_kata_package_version }}" -zun_kata_enabled: "{{ _zun_kata_enabled }}" +zun_kata_package_version: "3.1.0" +zun_kata_package_source: "https://github.com/kata-containers/kata-containers/releases/download/{{ zun_kata_package_version }}/kata-static-{{ zun_kata_package_version }}-x86_64.tar.xz" +zun_kata_package_checksum: sha256:452cc850e021539c14359d016aba18ddba128f59aa9ab637738296d9b5cd78a0 +zun_kata_enabled: "True" # Set a list of users that are permitted to execute the docker binary. zun_docker_users: @@ -367,7 +369,7 @@ zun_docker_init_defaults: Service: ExecStart: - "" - - "/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}{% if zun_kata_enabled %} --add-runtime kata=/usr/bin/kata-runtime{% endif %}" + - "/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['management_address'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}{% if zun_kata_enabled %} --add-runtime kata=/opt/kata/bin/kata-runtime{% endif %}" ## Tunable overrides for service unit files. zun_api_paste_ini_overrides: {} diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml index 6e591a5..471eaf2 100644 --- a/tasks/zun_compute.yml +++ b/tasks/zun_compute.yml @@ -31,15 +31,6 @@ - package: "containerd.io" version: "{{ zun_containerd_package_version }}" priority: 1000 - - package: "kata-runtime" - version: "{{ zun_kata_package_version }}" - priority: 1000 - - package: "kata-proxy" - version: "{{ zun_kata_package_version }}" - priority: 1000 - - package: "kata-shim" - version: "{{ zun_kata_package_version }}" - priority: 1000 - name: Get apt gpg key get_url: @@ -110,23 +101,60 @@ cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}" enablerepo: "{{ (ansible_facts['pkg_mgr'] == 'dnf') | ternary('extras', omit) }}" -- name: Ensure the containerd config directory exists - file: - path: "/etc/containerd" - state: "directory" - owner: "root" - group: "root" - mode: "0755" +- name: Install and configure katacontainers + when: zun_kata_enabled | bool + block: + - name: Download kata package + get_url: + url: "{{ zun_kata_package_source }}" + dest: "/opt/{{ zun_kata_package_source | basename }}" + mode: '0440' + checksum: "{{ zun_kata_package_checksum }}" + register: _kata_downloaded -- name: Configure containerd - template: - src: "config.toml.j2" - dest: "/etc/containerd/config.toml" - mode: "0644" - owner: "root" - group: "root" - notify: - - Restart containerd + - name: Unpack package + unarchive: + src: "/opt/{{ zun_kata_package_source | basename }}" + dest: /opt/ + remote_src: True + owner: root + group: root + extra_opts: + - --strip-components=2 + when: _kata_downloaded is changed + notify: + - Restart containerd + + - name: Symlink kata binaries to PATH + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: link + with_items: + - src: /opt/kata/bin/containerd-shim-kata-v2 + dest: /usr/local/bin/containerd-shim-kata-v2 + - src: /opt/kata/bin/kata-collect-data.sh + dest: /usr/local/bin/kata-collect-data.sh + - src: /opt/kata/bin/kata-runtime + dest: /usr/local/bin/kata-runtime + + - name: Ensure the containerd config directory exists + file: + path: "/etc/containerd" + state: "directory" + owner: "root" + group: "root" + mode: "0755" + + - name: Configure containerd + template: + src: "config.toml.j2" + dest: "/etc/containerd/config.toml" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart containerd - name: Ensure the Docker config directory exists file: diff --git a/vars/debian-11.yml b/vars/debian-11.yml deleted file mode 100644 index 5c60382..0000000 --- a/vars/debian-11.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2018, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -_zun_docker_package_version: "5:20.10.6~*" -_zun_containerd_package_version: "1.4.4-1" -_zun_kata_package_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}" -# Kata packages are not currently available for Debian Bullseye -_zun_kata_enabled: False - -zun_docker_repo: - - name: "docker-ce" - repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} stable" - gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg" - -# Common apt packages -zun_distro_packages: - - ca-certificates - - curl - - git - - libsystemd-dev - - software-properties-common - -zun_distro_compute_packages: - - containerd.io - - docker-ce-cli - - docker-ce - - pciutils - - numactl - - multipath-tools - -zun_docker_groupname: docker - -## APT Cache options -cache_timeout: 600 diff --git a/vars/debian.yml b/vars/debian.yml index 9816361..4ae6dc4 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -13,21 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -_zun_docker_package_version: "5:19.03.14~*" -_zun_containerd_package_version: "1.4.3-1" -_zun_kata_package_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}" -_zun_kata_enabled: True - -zun_kata_repo_version: "{{ (ansible_facts['distribution_release'] | lower == 'focal') | ternary('stable-1.12', 'stable-1.11') }}" -zun_kata_repo_distro: "{{ (ansible_facts['distribution'] | lower == 'ubuntu') | ternary('x', '') }}{{ ansible_facts['distribution'] | capitalize }}" +_zun_docker_package_version: "5:20.10.24~*" +_zun_containerd_package_version: "1.6.20-1" zun_docker_repo: - name: "docker-ce" repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} stable" gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg" - - name: "kata" - repo: "deb https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_facts['architecture'] }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_facts['distribution_version'] }}/ /" - gpg_uri: "https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_facts['architecture'] }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_facts['distribution_version'] }}/Release.key" # Common apt packages zun_distro_packages: @@ -44,9 +36,6 @@ zun_distro_compute_packages: - pciutils - numactl - multipath-tools - - kata-runtime - - kata-proxy - - kata-shim zun_docker_groupname: docker diff --git a/vars/redhat.yml b/vars/redhat.yml index d10836b..0c1efa7 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -13,20 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -_zun_docker_package_version: "19.03.14-3" -_zun_containerd_package_version: "1.4.3-3.1" -_zun_kata_package_version: "1.11.3-1" -_zun_kata_enabled: True +_zun_docker_package_version: "20.10.24-3" +_zun_containerd_package_version: "1.6.20-3.1" zun_docker_repo: - name: "docker-ce" description: Docker CE Stable repo: "https://download.docker.com/linux/centos/{{ ansible_facts['distribution_major_version'] }}/$basearch/stable" gpgkey: "https://download.docker.com/linux/centos/gpg" - - name: "kata" - description: Kata runtime - repo: "https://vault.centos.org/8.5.2111/virt/$basearch/kata-containers" - gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Official" + # Common yum packages zun_distro_packages: @@ -41,8 +36,7 @@ zun_distro_compute_packages: - pciutils - numactl - device-mapper-multipath - - "kata-runtime-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64" - - "kata-shim-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64" + # NOTE: This package is unavailable from the centos mirrors # - "kata-proxy-{{ zun_kata_package_version }}.el{{ ansible_facts['distribution_major_version'] }}.x86_64" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 8f023d2..f210ce0 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -21,13 +21,9 @@ - build-release-notes-jobs-python3 check: jobs: - - openstack-ansible-deploy-aio_metal-centos-8-stream - - openstack-ansible-deploy-aio_metal-ubuntu-focal - - openstack-ansible-upgrade-aio_metal-centos-8-stream - - openstack-ansible-upgrade-aio_metal-ubuntu-focal + - openstack-ansible-deploy-aio_lxb_metal-centos-9-stream + - openstack-ansible-deploy-aio_lxb_metal-ubuntu-focal gate: jobs: - - openstack-ansible-deploy-aio_metal-centos-8-stream - - openstack-ansible-deploy-aio_metal-ubuntu-focal - - openstack-ansible-upgrade-aio_metal-centos-8-stream - - openstack-ansible-upgrade-aio_metal-ubuntu-focal + - openstack-ansible-deploy-aio_lxb_metal-centos-9-stream + - openstack-ansible-deploy-aio_lxb_metal-ubuntu-focal