Revert "Revert cri-dockerd changes"

This reverts commit c4a6669912. The change was originally reverted because it broke testing on Jammy. Jammy broke because it was attempting to install cri-o using the Bionic method via a PPA. This is no longer valid for newer Ubuntu, and Focal uses a different process too. We update the cri-o installation for Jammy to match Focal and make this method the default so that new Ubuntu releases default to modern installation methods. Bionic continues to install from a PPA. Additionally we bump the cri-o version from 1.15 to 1.24 to get a version that has packages for both Focal and Jammy. This new version requires we also install cri-o-runc separately as they don't seem to have proper package dependencies in place between these two packages. The crio systemd service fails to start without cri-o-runc installed. Change-Id: Ic29576e26be094744cc1b169a3c8f0bca814f089
2022-07-28 08:39:55 -07:00 · 2022-07-28 08:39:55 -07:00 · 300ee42863
parent 9101dd322c
commit 300ee42863
4 changed files with 92 additions and 55 deletions
--- a/roles/ensure-kubernetes/tasks/crio-Ubuntu-18.04.yaml
+++ b/roles/ensure-kubernetes/tasks/crio-Ubuntu-18.04.yaml
@ -0,0 +1,42 @@
+- name: Add project atomic PPA
+  apt_repository:
+    repo: ppa:projectatomic/ppa
+  become: true
+- name: Install packages
+  package:
+    name:
+      - cri-o-1.15
+      - containernetworking-plugins
+      - podman
+      - cri-tools
+    state: present
+  become: true
+- name: Fix conmon symlink
+  file:
+    src: /usr/bin/conmon
+    dest: /usr/libexec/crio/conmon
+    owner: root
+    group: root
+    state: link
+  become: true
+- name: Fix missing registries.conf
+  # See: https://github.com/containers/podman.io/issues/127
+  copy:
+    content: |
+      [registries.search]
+      registries = []
+      [registries.insecure]
+      registries = []
+      [registries.block]
+      registries = []
+    dest: /etc/containers/registries.conf
+    mode: 0644
+  become: true
+- name: Set crio cgroup driver
+  ini_file:
+    path: /etc/crio/crio.conf
+    section: crio.runtime
+    option: cgroup_manager
+    value: '"cgroupfs"'
+    mode: 0644
+  become: true
--- a/roles/ensure-kubernetes/tasks/crio-Ubuntu-20.04.yaml
+++ b/roles/ensure-kubernetes/tasks/crio-Ubuntu-20.04.yaml
@ -1,27 +0,0 @@
- name: Add all repositories
-  include_role:
-    name: ensure-package-repositories
-  vars:
-    repositories_keys:
-      - url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ ansible_distribution_version }}/Release.key"
-      - url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.16/xUbuntu_{{ ansible_distribution_version }}/Release.key"
-    repositories_list:
-      - repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ ansible_distribution_version }}/ /"
-      - repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.16/xUbuntu_{{ ansible_distribution_version }}/ /"
- name: Install packages
-  package:
-    name:
-      - cri-o-1.16
-      - containernetworking-plugins
-      - podman
-      - cri-tools
-    state: present
-  become: true
- name: Set crio cgroup driver
-  ini_file:
-    path: /etc/crio/crio.conf
-    section: crio.runtime
-    option: cgroup_manager
-    value: '"cgroupfs"'
-    mode: 0644
-  become: true
--- a/roles/ensure-kubernetes/tasks/crio-default.yaml
+++ b/roles/ensure-kubernetes/tasks/crio-default.yaml
@ -1,37 +1,23 @@
- name: Add project atomic PPA
-  apt_repository:
-    repo: ppa:projectatomic/ppa
-  become: true
+- name: Add all repositories
+  include_role:
+    name: ensure-package-repositories
+  vars:
+    repositories_keys:
+      - url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ ansible_distribution_version }}/Release.key"
+      - url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.24/xUbuntu_{{ ansible_distribution_version }}/Release.key"
+    repositories_list:
+      - repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ ansible_distribution_version }}/ /"
+      - repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.24/xUbuntu_{{ ansible_distribution_version }}/ /"
 - name: Install packages
  package:
    name:
-      - cri-o-1.15
+      - cri-o
+      - cri-o-runc
      - containernetworking-plugins
      - podman
      - cri-tools
    state: present
  become: true
- name: Fix conmon symlink
-  file:
-    src: /usr/bin/conmon
-    dest: /usr/libexec/crio/conmon
-    owner: root
-    group: root
-    state: link
-  become: true
- name: Fix missing registries.conf
-  # See: https://github.com/containers/podman.io/issues/127
-  copy:
-    content: |
-      [registries.search]
-      registries = []
-      [registries.insecure]
-      registries = []
-      [registries.block]
-      registries = []
-    dest: /etc/containers/registries.conf
-    mode: 0644
-  become: true
 - name: Set crio cgroup driver
  ini_file:
    path: /etc/crio/crio.conf
--- a/roles/ensure-kubernetes/tasks/minikube.yaml
+++ b/roles/ensure-kubernetes/tasks/minikube.yaml
@ -17,7 +17,8 @@
 # Ubuntu focal doesn't have cri-o-1.15 packages, per distro tasks is
 # required to install crio
 - name: Install crio
-  when: kubernetes_runtime == 'cri-o'
+  # Note this is required even for the docker runtime, as minikube only
+  # supports cri now.  See below for the docker wrapper
  include_tasks: "{{ zj_distro_os }}"
  with_first_found:
    - "crio-{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
@ -27,7 +28,6 @@

 - name: Workaround missing 02-crio.conf
  # See: https://github.com/kubernetes/minikube/issues/13816
-  when: kubernetes_runtime == 'cri-o'
  block:
    - name: Add misisng crio.conf.d folder
      file:
@ -84,6 +84,41 @@
        extra_args: "--extra-config=kubelet.resolv-conf={{ ansible_user_dir }}/.minikube/k8s_resolv.conf"
  when: minikube_dns_resolvers|length>0

+# See https://github.com/kubernetes/minikube/issues/14410
+- name: Setup cri-dockerd
+  when: kubernetes_runtime == 'docker'
+  become: yes
+  block:
+    - name: Check for pre-existing cri-docker service
+      stat:
+        path: '/etc/system/cri-docker.service'
+      register: _cri_docker
+
+    - name: Install cri-docker
+      when: not _cri_docker.stat.exists
+      shell: |
+          set -x
+          VER=$(curl -s https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest|grep tag_name | cut -d '"' -f 4|sed 's/v//g')
+          DL=$(mktemp -d)
+          pushd ${DL}
+          wget https://github.com/Mirantis/cri-dockerd/releases/download/v${VER}/cri-dockerd-${VER}.amd64.tgz
+          tar xvf cri-dockerd-${VER}.amd64.tgz
+          mv cri-dockerd/cri-dockerd /usr/local/bin
+          wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/v${VER}/packaging/systemd/cri-docker.service
+          wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/v${VER}/packaging/systemd/cri-docker.socket
+          sudo mv cri-docker.socket cri-docker.service /etc/systemd/system/
+          sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
+          popd
+          rm -rf ${DL}
+          systemctl daemon-reload
+      args:
+        executable: '/bin/bash'
+
+    - name: Ensure cri-dockerd running
+      service:
+        name: cri-docker
+        state: started
+
 - name: Start Minikube
  become: yes
  command: >-
@ -95,6 +130,7 @@
    {% for _addon in ensure_kubernetes_minikube_addons %}
    --addons={{ _addon }}
    {% endfor %}
+    {{ '--network-plugin=cni' if kubernetes_runtime == 'cri-o' }}
  environment:
    MINIKUBE_WANTUPDATENOTIFICATION: false
    MINIKUBE_WANTREPORTERRORPROMPT: false