From ccbcad9741488c312aae0b825637f39d0c8ca7b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fredrik=20L=C3=B6nnegren?= <fredrik.lonnegren@gmail.com>
Date: Thu, 19 Dec 2019 13:37:57 +0100
Subject: [PATCH] Ubuntu CRI-O (#5426)

* Fix crictl

* Reload systemd daemon before enabling service

* Typo

* Add crictl template

* Remove seccomp.json for ubuntu

* Set runtime path of runc for ubuntu

* Change path to conmon
---
 roles/container-engine/cri-o/tasks/crictl.yml | 27 +++++++++++++++++++
 roles/container-engine/cri-o/tasks/main.yaml  | 10 +++----
 .../cri-o/templates/crictl.yaml.j2            |  4 +++
 .../cri-o/templates/crio.conf.j2              |  6 ++++-
 roles/container-engine/cri-o/vars/ubuntu.yml  |  2 +-
 5 files changed, 42 insertions(+), 7 deletions(-)
 create mode 100644 roles/container-engine/cri-o/tasks/crictl.yml
 create mode 100644 roles/container-engine/cri-o/templates/crictl.yaml.j2

diff --git a/roles/container-engine/cri-o/tasks/crictl.yml b/roles/container-engine/cri-o/tasks/crictl.yml
new file mode 100644
index 000000000..60a9c91aa
--- /dev/null
+++ b/roles/container-engine/cri-o/tasks/crictl.yml
@@ -0,0 +1,27 @@
+---
+- name: crictl | Download crictl
+  include_tasks: "../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.crictl) }}"
+
+- name: Install crictl config
+  template:
+    src: ../templates/crictl.yaml.j2
+    dest: /etc/crictl.yaml
+    owner: bin
+    mode: 0644
+
+- name: Copy crictl binary from download dir
+  synchronize:
+    src: "{{ local_release_dir }}/crictl"
+    dest: "{{ bin_dir }}/crictl"
+    compress: no
+    perms: yes
+    owner: no
+    group: no
+  delegate_to: "{{ inventory_hostname }}"
+
+- name: Install crictl completion
+  shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl"
+  ignore_errors: True
+  when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 7eab530fb..542588b25 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -30,11 +30,7 @@
     state: present
   when: ansible_distribution in ["Ubuntu"]
 
-- name: Add CRI-O PPA
-  apt_repository:
-    repo: ppa:projectatomic/ppa
-    state: present
-  when: ansible_distribution in ["Ubuntu"]
+- include_tasks: "crictl.yml"
 
 - name: Install crictl
   unarchive:
@@ -76,6 +72,10 @@
     owner: root
     mode: 0755
 
+- name: Reload systemd daemon
+  systemd:
+    daemon_reload: yes
+
 - name: Install cri-o service
   service:
     name: "{{ crio_service }}"
diff --git a/roles/container-engine/cri-o/templates/crictl.yaml.j2 b/roles/container-engine/cri-o/templates/crictl.yaml.j2
new file mode 100644
index 000000000..fbf691f8a
--- /dev/null
+++ b/roles/container-engine/cri-o/templates/crictl.yaml.j2
@@ -0,0 +1,4 @@
+runtime-endpoint: unix://{{ cri_socket }}
+image-endpoint: unix://{{ cri_socket }}
+timeout: 30
+debug: false
diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index 303a0b079..6f49e9434 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -104,6 +104,8 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
 # for the runtime.
 {% if ansible_os_family == "ClearLinux" %}
 seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
+{% elif ansible_distribution == "Ubuntu" %}
+seccomp_profile = ""
 {% else %}
 seccomp_profile = "/etc/crio/seccomp.json"
 {% endif %}
@@ -216,8 +218,10 @@ ctr_stop_timeout = 0
   # of trust of the workload.
   
   [crio.runtime.runtimes.runc]
-{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" or ansible_distribution == "Ubuntu" %}
+{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
   runtime_path = "/usr/bin/runc"
+{% elif ansible_distribution == "Ubuntu" %}
+  runtime_path = "/usr/lib/cri-o-runc/sbin/runc"
 {% else %}
   runtime_path = "/usr/sbin/runc"
 {% endif %}
diff --git a/roles/container-engine/cri-o/vars/ubuntu.yml b/roles/container-engine/cri-o/vars/ubuntu.yml
index c02c638e1..ba3eaff90 100644
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@@ -3,4 +3,4 @@ crio_packages:
   - "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
 
 crio_service: crio
-crio_conmon: /usr/lib/crio/bin/conmon
+crio_conmon: /usr/bin/conmon