diff --git a/roles/container-engine/containerd-common/defaults/main.yml b/roles/container-engine/containerd-common/defaults/main.yml index e1555e986..3a85d7f05 100644 --- a/roles/container-engine/containerd-common/defaults/main.yml +++ b/roles/container-engine/containerd-common/defaults/main.yml @@ -1,17 +1,17 @@ --- +# We keep these variables around to allow migration from package +# manager controlled installs to direct download ones. containerd_package: 'containerd.io' +yum_repo_dir: /etc/yum.repos.d + +# Keep minimal repo information arround for cleanup +containerd_repo_info: + repos: -# Fedora docker-ce repo -docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable' -docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg' -# CentOS/RedHat docker-ce repo -docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable' -docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg' # Ubuntu docker-ce repo -docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu" -docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg' -docker_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' +containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu" +containerd_ubuntu_repo_component: "stable" + # Debian docker-ce repo -docker_debian_repo_base_url: "https://download.docker.com/linux/debian" -docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg' -docker_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' +containerd_debian_repo_base_url: "https://download.docker.com/linux/debian" +containerd_debian_repo_component: "stable" diff --git a/roles/container-engine/containerd-common/tasks/main.yml b/roles/container-engine/containerd-common/tasks/main.yml index 59eee3270..cfd78f3a3 100644 --- a/roles/container-engine/containerd-common/tasks/main.yml +++ b/roles/container-engine/containerd-common/tasks/main.yml @@ -1,5 +1,17 @@ --- -- name: gather os specific variables +- name: containerd-common | check if fedora coreos + stat: + path: /run/ostree-booted + get_attributes: no + get_checksum: no + get_mime: no + register: ostree + +- name: containerd-common | set is_ostree + set_fact: + is_ostree: "{{ ostree.stat.exists }}" + +- name: containerd-common | gather os specific variables include_vars: "{{ item }}" with_first_found: - files: diff --git a/roles/container-engine/containerd-common/vars/amazon.yml b/roles/container-engine/containerd-common/vars/amazon.yml index 3ad56d4d4..056816936 100644 --- a/roles/container-engine/containerd-common/vars/amazon.yml +++ b/roles/container-engine/containerd-common/vars/amazon.yml @@ -1,10 +1,2 @@ --- containerd_package: containerd -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.2': "{{ containerd_package }}-1.3.2-1.amzn{{ ansible_distribution_major_version }}" - '1.4.1': "{{ containerd_package }}-1.4.1-2.amzn{{ ansible_distribution_major_version }}" - '1.4.4': "{{ containerd_package }}-1.4.4-1.amzn{{ ansible_distribution_major_version }}" - '1.4.6': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}" - 'stable': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}" - 'edge': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}" diff --git a/roles/container-engine/containerd-common/vars/debian-stretch.yml b/roles/container-engine/containerd-common/vars/debian-stretch.yml deleted file mode 100644 index b0a2584c7..000000000 --- a/roles/container-engine/containerd-common/vars/debian-stretch.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -containerd_version: 1.4.3 - -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.7': "{{ containerd_package }}=1.3.7-1" - '1.3.9': "{{ containerd_package }}=1.3.9-1" - '1.4.3': "{{ containerd_package }}=1.4.3-1" - 'stable': "{{ containerd_package }}=1.4.3-1" - 'edge': "{{ containerd_package }}=1.4.3-1" diff --git a/roles/container-engine/containerd-common/vars/debian.yml b/roles/container-engine/containerd-common/vars/debian.yml deleted file mode 100644 index 184eb8f10..000000000 --- a/roles/container-engine/containerd-common/vars/debian.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.7': "{{ containerd_package }}=1.3.7-1" - '1.3.9': "{{ containerd_package }}=1.3.9-1" - '1.4.3': "{{ containerd_package }}=1.4.3-2" - '1.4.4': "{{ containerd_package }}=1.4.4-1" - '1.4.6': "{{ containerd_package }}=1.4.6-1" - '1.4.9': "{{ containerd_package }}=1.4.9-1" - 'stable': "{{ containerd_package }}=1.4.9-1" - 'edge': "{{ containerd_package }}=1.4.9-1" diff --git a/roles/container-engine/containerd-common/vars/fedora.yml b/roles/container-engine/containerd-common/vars/fedora.yml deleted file mode 100644 index 011910adc..000000000 --- a/roles/container-engine/containerd-common/vars/fedora.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}" - '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}" - '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}" - '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}" - '1.4.6': "{{ containerd_package }}-1.4.6-3.1.fc{{ ansible_distribution_major_version }}" - '1.4.9': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}" - 'stable': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}" - 'edge': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}" diff --git a/roles/container-engine/containerd-common/vars/redhat.yml b/roles/container-engine/containerd-common/vars/redhat.yml deleted file mode 100644 index 58edb8ba3..000000000 --- a/roles/container-engine/containerd-common/vars/redhat.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}" - '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}" - '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}" - '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}" - '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el{{ ansible_distribution_major_version }}" - '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}" - 'stable': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}" - 'edge': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}" diff --git a/roles/container-engine/containerd-common/vars/suse.yml b/roles/container-engine/containerd-common/vars/suse.yml new file mode 100644 index 000000000..056816936 --- /dev/null +++ b/roles/container-engine/containerd-common/vars/suse.yml @@ -0,0 +1,2 @@ +--- +containerd_package: containerd diff --git a/roles/container-engine/containerd-common/vars/ubuntu-16.yml b/roles/container-engine/containerd-common/vars/ubuntu-16.yml deleted file mode 100644 index 2832884e5..000000000 --- a/roles/container-engine/containerd-common/vars/ubuntu-16.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.7': "{{ containerd_package }}=1.3.7-1" - '1.3.9': "{{ containerd_package }}=1.3.9-1" - '1.4.3': "{{ containerd_package }}=1.4.3-2" - '1.4.4': "{{ containerd_package }}=1.4.4-1" - '1.4.6': "{{ containerd_package }}=1.4.6-1" - 'stable': "{{ containerd_package }}=1.4.6-1" - 'edge': "{{ containerd_package }}=1.4.6-1" diff --git a/roles/container-engine/containerd-common/vars/ubuntu.yml b/roles/container-engine/containerd-common/vars/ubuntu.yml deleted file mode 100644 index 184eb8f10..000000000 --- a/roles/container-engine/containerd-common/vars/ubuntu.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -containerd_versioned_pkg: - 'latest': "{{ containerd_package }}" - '1.3.7': "{{ containerd_package }}=1.3.7-1" - '1.3.9': "{{ containerd_package }}=1.3.9-1" - '1.4.3': "{{ containerd_package }}=1.4.3-2" - '1.4.4': "{{ containerd_package }}=1.4.4-1" - '1.4.6': "{{ containerd_package }}=1.4.6-1" - '1.4.9': "{{ containerd_package }}=1.4.9-1" - 'stable': "{{ containerd_package }}=1.4.9-1" - 'edge': "{{ containerd_package }}=1.4.9-1" diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml index 0e0bb0d50..bfab4aaa8 100644 --- a/roles/container-engine/containerd/defaults/main.yml +++ b/roles/container-engine/containerd/defaults/main.yml @@ -1,6 +1,7 @@ --- containerd_storage_dir: "/var/lib/containerd" containerd_state_dir: "/run/containerd" +containerd_systemd_dir: "/etc/systemd/system/containerd.service.d" containerd_oom_score: 0 containerd_default_runtime: "runc" @@ -35,39 +36,6 @@ containerd_max_container_log_line_size: -1 containerd_cfg_dir: /etc/containerd -# Path to runc binary -runc_binary: /usr/bin/runc - -yum_repo_dir: /etc/yum.repos.d - -# Optional values for containerd apt repo -containerd_package_info: - pkgs: - -containerd_repo_key_info: - repo_keys: - -containerd_repo_info: - repos: - -# Ubuntu docker-ce repo -containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu" -containerd_ubuntu_repo_gpgkey: "https://download.docker.com/linux/ubuntu/gpg" -containerd_ubuntu_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88" -containerd_ubuntu_repo_component: "stable" - -# Debian docker-ce repo -containerd_debian_repo_base_url: "https://download.docker.com/linux/debian" -containerd_debian_repo_gpgkey: "https://download.docker.com/linux/debian/gpg" -containerd_debian_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88" -containerd_debian_repo_component: "stable" - -# Fedora docker-ce repo -containerd_fedora_repo_base_url: "https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable" -containerd_fedora_repo_gpgkey: "https://download.docker.com/linux/fedora/gpg" -containerd_fedora_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88" -containerd_fedora_repo_component: "stable" - # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally containerd_extra_args: '' diff --git a/roles/container-engine/containerd/meta/main.yml b/roles/container-engine/containerd/meta/main.yml index 1a53ba7d6..562956772 100644 --- a/roles/container-engine/containerd/meta/main.yml +++ b/roles/container-engine/containerd/meta/main.yml @@ -1,3 +1,5 @@ --- dependencies: - role: container-engine/containerd-common + - role: container-engine/runc + - role: container-engine/crictl diff --git a/roles/container-engine/containerd/molecule/default/converge.yml b/roles/container-engine/containerd/molecule/default/converge.yml index 26ff82a9e..7847871e2 100644 --- a/roles/container-engine/containerd/molecule/default/converge.yml +++ b/roles/container-engine/containerd/molecule/default/converge.yml @@ -2,6 +2,8 @@ - name: Converge hosts: all become: true + vars: + container_manager: containerd roles: - role: kubespray-defaults - role: container-engine/containerd diff --git a/roles/container-engine/containerd/molecule/default/molecule.yml b/roles/container-engine/containerd/molecule/default/molecule.yml index 48f7b5dd0..f285da1cb 100644 --- a/roles/container-engine/containerd/molecule/default/molecule.yml +++ b/roles/container-engine/containerd/molecule/default/molecule.yml @@ -7,12 +7,30 @@ lint: | set -e yamllint -c ../../../.yamllint . platforms: - - name: ubuntu18 - box: generic/ubuntu1804 - cpus: 2 + - name: ubuntu20 + box: generic/ubuntu2004 + cpus: 1 memory: 1024 groups: - kube_control_plane + - kube_node + - k8s_cluster + - name: debian11 + box: generic/debian11 + cpus: 1 + memory: 1024 + groups: + - kube_control_plane + - kube_node + - k8s_cluster + - name: centos8 + box: generic/centos8 + cpus: 1 + memory: 1024 + groups: + - kube_control_plane + - kube_node + - k8s_cluster provisioner: name: ansible env: diff --git a/roles/container-engine/containerd/molecule/default/prepare.yml b/roles/container-engine/containerd/molecule/default/prepare.yml index 1afc51a04..aef05228d 100644 --- a/roles/container-engine/containerd/molecule/default/prepare.yml +++ b/roles/container-engine/containerd/molecule/default/prepare.yml @@ -2,5 +2,10 @@ - name: Prepare hosts: all gather_facts: False + become: true + vars: + ignore_assert_errors: true roles: + - role: kubespray-defaults - role: bootstrap-os + - { role: kubernetes/preinstall, tags: ["bootstrap-os"] } diff --git a/roles/container-engine/containerd/tasks/containerd_repo.yml b/roles/container-engine/containerd/tasks/containerd_repo.yml deleted file mode 100644 index b26bc84c7..000000000 --- a/roles/container-engine/containerd/tasks/containerd_repo.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: ensure containerd repository public key is installed - apt_key: - id: "{{ item }}" - url: "{{ containerd_repo_key_info.url }}" - state: present - register: keyserver_task_result - until: keyserver_task_result is succeeded - retries: 4 - delay: "{{ retry_stagger | d(3) }}" - with_items: "{{ containerd_repo_key_info.repo_keys }}" - environment: "{{ proxy_env }}" - when: ansible_pkg_mgr == 'apt' - -- name: ensure containerd repository is enabled - apt_repository: - repo: "{{ item }}" - state: present - with_items: "{{ containerd_repo_info.repos }}" - when: ansible_pkg_mgr == 'apt' - -- name: Configure containerd repository on Fedora - template: - src: "fedora_containerd.repo.j2" - dest: "{{ yum_repo_dir }}/containerd.repo" - mode: 0644 - when: ansible_distribution == "Fedora" - -- name: Configure containerd repository on RedHat/OracleLinux/CentOS/AlmaLinux - template: - src: "rh_containerd.repo.j2" - dest: "{{ yum_repo_dir }}/containerd.repo" - mode: 0644 - when: - - ansible_os_family == "RedHat" - - ansible_distribution not in ["Fedora", "Amazon"] diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index a7479199c..4a76a192a 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -1,41 +1,10 @@ --- -- name: check if fedora coreos - stat: - path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no - register: ostree - -- name: set is_ostree - set_fact: - is_ostree: "{{ ostree.stat.exists }}" - - name: Fail containerd setup if distribution is not supported fail: msg: "{{ ansible_distribution }} is not supported by containerd." when: - not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux", "Rocky", "Amazon", "Flatcar", "Flatcar Container Linux by Kinvolk"] -- name: gather os specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml" - - "{{ ansible_distribution|lower }}.yml" - - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml" - - "{{ ansible_os_family|lower }}.yml" - - defaults.yml - paths: - - ../vars - skip: true - tags: - - facts - - name: disable unified_cgroup_hierarchy in Fedora 31+ command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0" when: @@ -52,32 +21,71 @@ - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' - not is_ostree -- include_tasks: containerd_repo.yml - when: not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) +- name: containerd | Remove any package manager controlled containerd package + package: + name: "{{ containerd_package }}" + state: absent + when: + - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) -- name: Create containerd service systemd directory if it doesn't exist +- name: containerd | Remove containerd repository file: - path: /etc/systemd/system/containerd.service.d - state: directory - mode: 0755 + path: "{{ yum_repo_dir }}/containerd.repo" + state: absent + when: + - ansible_os_family in ['RedHat'] -- name: Write containerd proxy drop-in +- name: containerd | Remove containerd repository + apt_repository: + repo: "{{ item }}" + state: absent + with_items: "{{ containerd_repo_info.repos }}" + when: ansible_pkg_mgr == 'apt' + +- name: containerd | Download containerd + include_tasks: "../../../download/tasks/download_file.yml" + vars: + download: "{{ download_defaults | combine(downloads.containerd) }}" + +- name: containerd | Unpack containerd archive + unarchive: + src: "{{ downloads.containerd.dest }}" + dest: "{{ containerd_bin_dir }}" + mode: 0755 + remote_src: yes + extra_opts: + - --strip-components=1 + notify: restart containerd + +- name: containerd | Generate systemd service for containerd template: - src: http-proxy.conf.j2 - dest: /etc/systemd/system/containerd.service.d/http-proxy.conf + src: containerd.service.j2 + dest: /etc/systemd/system/containerd.service mode: 0644 notify: restart containerd - when: http_proxy is defined or https_proxy is defined -- name: ensure containerd config directory +- name: containerd | Ensure containerd directories exist file: - dest: "{{ containerd_cfg_dir }}" + dest: "{{ item }}" state: directory mode: 0755 owner: root group: root + with_items: + - "{{ containerd_systemd_dir }}" + - "{{ containerd_cfg_dir }}" + - "{{ containerd_storage_dir }}" + - "{{ containerd_state_dir }}" -- name: Copy containerd config file +- name: containerd | Write containerd proxy drop-in + template: + src: http-proxy.conf.j2 + dest: "{{ containerd_systemd_dir }}/http-proxy.conf" + mode: 0644 + notify: restart containerd + when: http_proxy is defined or https_proxy is defined + +- name: containerd | Copy containerd config file template: src: config.toml.j2 dest: "{{ containerd_cfg_dir }}/config.toml" @@ -85,49 +93,12 @@ mode: 0640 notify: restart containerd -# This is required to ensure any apt upgrade will not break kubernetes -- name: Set containerd pin priority to apt_preferences on Debian family - copy: - content: | - Package: {{ containerd_package }} - Pin: version {{ containerd_version }}* - Pin-Priority: 1001 - dest: "/etc/apt/preferences.d/containerd" - owner: "root" - mode: 0644 - when: ansible_pkg_mgr == 'apt' - -- name: ensure containerd packages are installed - package: - name: "{{ containerd_package_info.pkgs }}" - state: present - module_defaults: - apt: - update_cache: true - dnf: - enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}" - yum: - enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}" - zypper: - update_cache: true - register: containerd_task_result - until: containerd_task_result is succeeded - retries: 4 - delay: "{{ retry_stagger | d(3) }}" - notify: restart containerd - when: - - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) - - containerd_package_info.pkgs|length > 0 - -- include_role: # noqa unnamed-task - name: container-engine/crictl - # you can sometimes end up in a state where everything is installed # but containerd was not started / enabled -- name: flush handlers +- name: containerd | Flush handlers meta: flush_handlers -- name: ensure containerd is started and enabled +- name: containerd | Ensure containerd is started and enabled service: name: containerd enabled: yes diff --git a/roles/container-engine/containerd/templates/containerd.service.j2 b/roles/container-engine/containerd/templates/containerd.service.j2 new file mode 100644 index 000000000..09f9a3b2a --- /dev/null +++ b/roles/container-engine/containerd/templates/containerd.service.j2 @@ -0,0 +1,40 @@ +# Copyright The containerd Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[Unit] +Description=containerd container runtime +Documentation=https://containerd.io +After=network.target local-fs.target + +[Service] +ExecStartPre=-/sbin/modprobe overlay +ExecStart={{ containerd_bin_dir }}/containerd + +Type=notify +Delegate=yes +KillMode=process +Restart=always +RestartSec=5 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +LimitNOFILE=infinity +# Comment TasksMax if your systemd version does not supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +OOMScoreAdjust=-999 + +[Install] +WantedBy=multi-user.target diff --git a/roles/container-engine/containerd/templates/fedora_containerd.repo.j2 b/roles/container-engine/containerd/templates/fedora_containerd.repo.j2 deleted file mode 100644 index 8422664a6..000000000 --- a/roles/container-engine/containerd/templates/fedora_containerd.repo.j2 +++ /dev/null @@ -1,7 +0,0 @@ -[docker-ce] -name=Docker-CE Repository -baseurl={{ containerd_fedora_repo_base_url }} -enabled=0 -gpgcheck={{ '1' if containerd_fedora_repo_gpgkey else '0' }} -gpgkey={{ containerd_fedora_repo_gpgkey }} -{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %} diff --git a/roles/container-engine/containerd/templates/rh_containerd.repo.j2 b/roles/container-engine/containerd/templates/rh_containerd.repo.j2 deleted file mode 100644 index 178bbc2cd..000000000 --- a/roles/container-engine/containerd/templates/rh_containerd.repo.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[docker-ce] -name=Docker-CE Repository -baseurl={{ docker_rh_repo_base_url }} -enabled=0 -gpgcheck={{ '1' if docker_rh_repo_gpgkey else '0' }} -keepcache={{ docker_rpm_keepcache | default('1') }} -gpgkey={{ docker_rh_repo_gpgkey }} -{% if http_proxy is defined %} -proxy={{ http_proxy }} -{% endif %} diff --git a/roles/container-engine/containerd/vars/amazon.yml b/roles/container-engine/containerd/vars/amazon.yml deleted file mode 100644 index 28235ec73..000000000 --- a/roles/container-engine/containerd/vars/amazon.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -containerd_package_info: - enablerepo: "amzn2extra-docker" - pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" diff --git a/roles/container-engine/containerd/vars/debian.yml b/roles/container-engine/containerd/vars/debian.yml index 7b73083da..99dc4a50c 100644 --- a/roles/container-engine/containerd/vars/debian.yml +++ b/roles/container-engine/containerd/vars/debian.yml @@ -1,13 +1,4 @@ --- -containerd_package_info: - pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" - -containerd_repo_key_info: - url: '{{ containerd_debian_repo_gpgkey }}' - repo_keys: - - '{{ containerd_debian_repo_repokey }}' - containerd_repo_info: repos: - > diff --git a/roles/container-engine/containerd/vars/fedora.yml b/roles/container-engine/containerd/vars/fedora.yml deleted file mode 100644 index e51f2c89c..000000000 --- a/roles/container-engine/containerd/vars/fedora.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -containerd_package_info: - enablerepo: "docker-ce" - pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" diff --git a/roles/container-engine/containerd/vars/redhat.yml b/roles/container-engine/containerd/vars/redhat.yml deleted file mode 100644 index e51f2c89c..000000000 --- a/roles/container-engine/containerd/vars/redhat.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -containerd_package_info: - enablerepo: "docker-ce" - pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" diff --git a/roles/container-engine/containerd/vars/suse.yml b/roles/container-engine/containerd/vars/suse.yml deleted file mode 100644 index fb45f9ca8..000000000 --- a/roles/container-engine/containerd/vars/suse.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# docker-ce containerd.io does not contain daemon -containerd_package: containerd - -containerd_package_info: - pkgs: - - "{{ containerd_package }}" diff --git a/roles/container-engine/containerd/vars/ubuntu.yml b/roles/container-engine/containerd/vars/ubuntu.yml index a43797e65..ccce96d0e 100644 --- a/roles/container-engine/containerd/vars/ubuntu.yml +++ b/roles/container-engine/containerd/vars/ubuntu.yml @@ -1,13 +1,4 @@ --- -containerd_package_info: - pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" - -containerd_repo_key_info: - url: '{{ containerd_ubuntu_repo_gpgkey }}' - repo_keys: - - '{{ containerd_ubuntu_repo_repokey }}' - containerd_repo_info: repos: - > diff --git a/roles/container-engine/docker/defaults/main.yml b/roles/container-engine/docker/defaults/main.yml index d4d7e53b2..91227f91e 100644 --- a/roles/container-engine/docker/defaults/main.yml +++ b/roles/container-engine/docker/defaults/main.yml @@ -13,8 +13,6 @@ docker_repo_info: docker_cgroup_driver: systemd -yum_repo_dir: /etc/yum.repos.d - docker_bin_dir: "/usr/bin" # flag to enable/disable docker cleanup @@ -41,3 +39,26 @@ docker_remove_packages_apt: - docker - docker-engine - docker.io + +# Docker specific repos should be part of the docker role not containerd-common anymore +# Optional values for containerd apt repo +containerd_package_info: + pkgs: + +# Fedora docker-ce repo +docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable' +docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg' + +# CentOS/RedHat docker-ce repo +docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable' +docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg' + +# Ubuntu docker-ce repo +docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu" +docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg' +docker_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' + +# Debian docker-ce repo +docker_debian_repo_base_url: "https://download.docker.com/linux/debian" +docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg' +docker_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' diff --git a/roles/container-engine/docker/vars/debian-stretch.yml b/roles/container-engine/docker/vars/debian-stretch.yml index 2b111ea0a..3616c64e0 100644 --- a/roles/container-engine/docker/vars/debian-stretch.yml +++ b/roles/container-engine/docker/vars/debian-stretch.yml @@ -1,4 +1,13 @@ --- +# containerd versions are only relevant for docker +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.3.7': "{{ containerd_package }}=1.3.7-1" + '1.3.9': "{{ containerd_package }}=1.3.9-1" + '1.4.3': "{{ containerd_package }}=1.4.3-1" + 'stable': "{{ containerd_package }}=1.4.3-1" + 'edge': "{{ containerd_package }}=1.4.3-1" + docker_version: 19.03 docker_cli_version: 19.03 diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml index 94dd107ba..3b0c784bb 100644 --- a/roles/container-engine/docker/vars/debian.yml +++ b/roles/container-engine/docker/vars/debian.yml @@ -1,4 +1,16 @@ --- +# containerd package info is only relevant for docker +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.3.7': "{{ containerd_package }}=1.3.7-1" + '1.3.9': "{{ containerd_package }}=1.3.9-1" + '1.4.3': "{{ containerd_package }}=1.4.3-2" + '1.4.4': "{{ containerd_package }}=1.4.4-1" + '1.4.6': "{{ containerd_package }}=1.4.6-1" + '1.4.9': "{{ containerd_package }}=1.4.9-1" + 'stable': "{{ containerd_package }}=1.4.9-1" + 'edge': "{{ containerd_package }}=1.4.9-1" + # https://download.docker.com/linux/debian/ docker_versioned_pkg: 'latest': docker-ce diff --git a/roles/container-engine/docker/vars/fedora.yml b/roles/container-engine/docker/vars/fedora.yml index 7d6ea81dd..df5d3597d 100644 --- a/roles/container-engine/docker/vars/fedora.yml +++ b/roles/container-engine/docker/vars/fedora.yml @@ -1,4 +1,16 @@ --- +# containerd versions are only relevant for docker +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}" + '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}" + '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}" + '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}" + '1.4.6': "{{ containerd_package }}-1.4.6-3.1.fc{{ ansible_distribution_major_version }}" + '1.4.9': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}" + 'stable': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}" + 'edge': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}" + # https://docs.docker.com/install/linux/docker-ce/fedora/ # https://download.docker.com/linux/fedora//x86_64/stable/Packages/ docker_versioned_pkg: diff --git a/roles/container-engine/docker/vars/redhat.yml b/roles/container-engine/docker/vars/redhat.yml index ebe4a77f4..8cc897cda 100644 --- a/roles/container-engine/docker/vars/redhat.yml +++ b/roles/container-engine/docker/vars/redhat.yml @@ -1,4 +1,16 @@ --- +# containerd versions are only relevant for docker +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}" + '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}" + '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}" + '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}" + '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el{{ ansible_distribution_major_version }}" + '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}" + 'stable': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}" + 'edge': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}" + # https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package # https://download.docker.com/linux/centos/>/x86_64/stable/Packages/ # or do 'yum --showduplicates list docker-engine' diff --git a/roles/container-engine/docker/vars/ubuntu-16.yml b/roles/container-engine/docker/vars/ubuntu-16.yml index f37413820..54046cbe2 100644 --- a/roles/container-engine/docker/vars/ubuntu-16.yml +++ b/roles/container-engine/docker/vars/ubuntu-16.yml @@ -1,4 +1,15 @@ --- +# containerd versions are only relevant for docker +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.3.7': "{{ containerd_package }}=1.3.7-1" + '1.3.9': "{{ containerd_package }}=1.3.9-1" + '1.4.3': "{{ containerd_package }}=1.4.3-2" + '1.4.4': "{{ containerd_package }}=1.4.4-1" + '1.4.6': "{{ containerd_package }}=1.4.6-1" + 'stable': "{{ containerd_package }}=1.4.6-1" + 'edge': "{{ containerd_package }}=1.4.6-1" + # https://download.docker.com/linux/ubuntu/ docker_versioned_pkg: 'latest': docker-ce diff --git a/roles/container-engine/docker/vars/ubuntu.yml b/roles/container-engine/docker/vars/ubuntu.yml index a4dfb6c9a..0fdc778e3 100644 --- a/roles/container-engine/docker/vars/ubuntu.yml +++ b/roles/container-engine/docker/vars/ubuntu.yml @@ -1,4 +1,16 @@ --- +# containerd versions are only relevant for docker +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.3.7': "{{ containerd_package }}=1.3.7-1" + '1.3.9': "{{ containerd_package }}=1.3.9-1" + '1.4.3': "{{ containerd_package }}=1.4.3-2" + '1.4.4': "{{ containerd_package }}=1.4.4-1" + '1.4.6': "{{ containerd_package }}=1.4.6-1" + '1.4.9': "{{ containerd_package }}=1.4.9-1" + 'stable': "{{ containerd_package }}=1.4.9-1" + 'edge': "{{ containerd_package }}=1.4.9-1" + # https://download.docker.com/linux/ubuntu/ docker_versioned_pkg: 'latest': docker-ce diff --git a/roles/container-engine/runc/defaults/main.yml b/roles/container-engine/runc/defaults/main.yml new file mode 100644 index 000000000..9c2fafffd --- /dev/null +++ b/roles/container-engine/runc/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +runc_bin_dir: /usr/bin/ + +runc_package_name: runc diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml new file mode 100644 index 000000000..be1014d79 --- /dev/null +++ b/roles/container-engine/runc/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: runc | Uninstall runc package managed by package manager + package: + name: "{{ runc_package_name }}" + state: absent + +- name: runc | Download runc binary + include_tasks: "../../../download/tasks/download_file.yml" + vars: + download: "{{ download_defaults | combine(downloads.runc) }}" + +- name: Copy runc binary from download dir + copy: + src: "{{ downloads.runc.dest }}" + dest: "{{ runc_bin_dir }}/runc" + mode: 0755 + remote_src: true diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 394a19e33..37428e043 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -52,6 +52,7 @@ image_arch: "{{host_architecture | default('amd64')}}" kubeadm_version: "{{ kube_version }}" etcd_version: v3.5.0 crun_version: 1.2 +runc_version: v1.0.2 kata_containers_version: 2.2.0 gvisor_version: 20210921 @@ -110,6 +111,7 @@ calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/dow calico_crds_download_url: "https://github.com/projectcalico/calico/archive/{{ calico_version }}.tar.gz" crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz" +runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}" crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}" kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz" # gVisor only supports amd64 and uses x86_64 to in the download link @@ -117,6 +119,7 @@ gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/relea gvisor_containerd_shim_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/containerd-shim-runsc-v1" nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz" +containerd_download_url: "https://github.com/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz" crictl_checksums: arm: @@ -375,6 +378,14 @@ helm_archive_checksums: arm64: v3.7.0: 03bf55435b4ebef739f862334bdfbf7b7eed714b94340a22298c485b6626aaca +runc_checksums: + arm: + v1.0.2: 0 + arm64: + v1.0.2: 0 + amd64: + v1.0.2: 44d1ba01a286aaf0b31b4be9c6abc20deab0653d44ecb0d93b4d0d20eac3e0b6 + crun_checksums: arm: 0 amd64: @@ -436,6 +447,21 @@ nerdctl_archive_checksums: amd64: 0.12.1: 868dc5997c3edb0bd06f75012e71c2b15ee0885b83bad191fbe2a1d6d5f4f2ac +# TODO(cristicalin): remove compatibility entries once debian9 and ubuntu16 jobs are dropped or docker is dropped +containerd_archive_checksums: + arm: + latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy + 1.4.9: 0 + 1.5.5: 0 + arm64: + latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy + 1.4.9: 0 + 1.5.5: 0 + amd64: + latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy + 1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b + 1.5.5: 8efc527ffb772a82021800f0151374a3113ed2439922497ff08f2596a70f10f1 + etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}" cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}" kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}" @@ -445,12 +471,14 @@ calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl calico_crds_archive_checksum: "{{ calico_crds_archive_checksums[calico_version] }}" crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}" helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}" +runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}" crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}" kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}" gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}" gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}" nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}" krew_archive_checksum: "{{ krew_archive_checksums[krew_version] }}" +containerd_archive_checksum: "{{ containerd_archive_checksums[image_arch][containerd_version] }}" # Containers # In some cases, we need a way to set --registry-mirror or --insecure-registry for docker, @@ -737,6 +765,19 @@ downloads: groups: - k8s_cluster + runc: + file: true + enabled: "{{ container_manager == 'containerd' }}" + version: "{{ runc_version }}" + dest: "{{ local_release_dir }}/runc" + sha256: "{{ runc_binary_checksum }}" + url: "{{ runc_download_url }}" + unarchive: false + owner: "root" + mode: "0755" + groups: + - k8s_cluster + kata_containers: enabled: "{{ kata_containers_enabled }}" file: true @@ -750,6 +791,19 @@ downloads: groups: - k8s_cluster + containerd: + enabled: "{{ container_manager == 'containerd' }}" + file: true + version: "{{ containerd_version }}" + dest: "{{ local_release_dir }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz" + sha256: "{{ containerd_archive_checksum }}" + url: "{{ containerd_download_url }}" + unarchive: false + owner: "root" + mode: "0755" + groups: + - k8s_cluster + gvisor_runsc: enabled: "{{ gvisor_enabled }}" file: true diff --git a/roles/kubernetes/preinstall/vars/amazon.yml b/roles/kubernetes/preinstall/vars/amazon.yml new file mode 100644 index 000000000..09c645f51 --- /dev/null +++ b/roles/kubernetes/preinstall/vars/amazon.yml @@ -0,0 +1,7 @@ +--- +required_pkgs: + - libselinux-python + - device-mapper-libs + - nss + - conntrack-tools + - libseccomp diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml index 479f120cb..2a5b6c75d 100644 --- a/roles/kubernetes/preinstall/vars/centos.yml +++ b/roles/kubernetes/preinstall/vars/centos.yml @@ -4,3 +4,5 @@ required_pkgs: - device-mapper-libs - nss - conntrack + - container-selinux + - libseccomp diff --git a/roles/kubernetes/preinstall/vars/debian-11.yml b/roles/kubernetes/preinstall/vars/debian-11.yml index 0006296fd..59cbc5a37 100644 --- a/roles/kubernetes/preinstall/vars/debian-11.yml +++ b/roles/kubernetes/preinstall/vars/debian-11.yml @@ -7,3 +7,4 @@ required_pkgs: - conntrack - iptables - apparmor + - libseccomp2 diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml index e5422b71a..51a280237 100644 --- a/roles/kubernetes/preinstall/vars/debian.yml +++ b/roles/kubernetes/preinstall/vars/debian.yml @@ -6,3 +6,4 @@ required_pkgs: - software-properties-common - conntrack - apparmor + - libseccomp2 diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml index 9c91d6aea..40d269dc4 100644 --- a/roles/kubernetes/preinstall/vars/fedora.yml +++ b/roles/kubernetes/preinstall/vars/fedora.yml @@ -3,3 +3,5 @@ required_pkgs: - libselinux-python3 - device-mapper-libs - conntrack + - container-selinux + - libseccomp diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml index 479f120cb..2a5b6c75d 100644 --- a/roles/kubernetes/preinstall/vars/redhat.yml +++ b/roles/kubernetes/preinstall/vars/redhat.yml @@ -4,3 +4,5 @@ required_pkgs: - device-mapper-libs - nss - conntrack + - container-selinux + - libseccomp diff --git a/roles/kubernetes/preinstall/vars/suse.yml b/roles/kubernetes/preinstall/vars/suse.yml index 8293cfd48..d089ac150 100644 --- a/roles/kubernetes/preinstall/vars/suse.yml +++ b/roles/kubernetes/preinstall/vars/suse.yml @@ -2,3 +2,4 @@ required_pkgs: - device-mapper - conntrack-tools + - libseccomp2 diff --git a/roles/kubernetes/preinstall/vars/ubuntu.yml b/roles/kubernetes/preinstall/vars/ubuntu.yml index 480b57a22..ed8084ff9 100644 --- a/roles/kubernetes/preinstall/vars/ubuntu.yml +++ b/roles/kubernetes/preinstall/vars/ubuntu.yml @@ -6,3 +6,4 @@ required_pkgs: - software-properties-common - conntrack - apparmor + - libseccomp2 diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 11f6a8165..283462bc8 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -169,6 +169,25 @@ tags: - services +- name: reset | remove containerd + when: container_manager == 'containerd' + block: + - name: reset | stop containerd service + service: + name: containerd + state: stopped + failed_when: false + tags: + - services + + - name: reset | remove containerd service + file: + path: /etc/systemd/system/containerd.service + state: absent + register: services_removed + tags: + - services + - name: reset | gather mounted kubelet dirs # noqa 301 shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac args: @@ -279,6 +298,7 @@ - "{{ bin_dir }}/etcd" - "{{ bin_dir }}/etcd-events" - "{{ bin_dir }}/etcdctl" + - "{{ bin_dir }}/etcdctl.sh" - "{{ bin_dir }}/kubernetes-scripts" - "{{ bin_dir }}/kubectl" - "{{ bin_dir }}/kubeadm" @@ -310,6 +330,26 @@ tags: - files +- name: reset | remove containerd binary files + file: + path: "{{ containerd_bin_dir }}/{{ item }}" + state: absent + with_items: + - containerd + - containerd-shim + - containerd-shim-runc-v1 + - containerd-shim-runc-v2 + - containerd-stress + - crictl + - critest + - ctd-decoder + - ctr + - runc + ignore_errors: true # noqa ignore-errors + when: container_manager == 'containerd' + tags: + - files + - name: reset | remove dns settings from dhclient.conf blockinfile: path: "{{ item }}" diff --git a/tests/files/packet_debian9-calico-upgrade-once.yml b/tests/files/packet_debian9-calico-upgrade-once.yml index f0d5a80f4..9e4fa1b55 100644 --- a/tests/files/packet_debian9-calico-upgrade-once.yml +++ b/tests/files/packet_debian9-calico-upgrade-once.yml @@ -8,3 +8,6 @@ kube_network_plugin: calico deploy_netchecker: true dns_min_replicas: 1 download_run_once: true + +# Make docker happy +containerd_version: latest diff --git a/tests/files/packet_debian9-calico-upgrade.yml b/tests/files/packet_debian9-calico-upgrade.yml index ca5ef1216..dd0277024 100644 --- a/tests/files/packet_debian9-calico-upgrade.yml +++ b/tests/files/packet_debian9-calico-upgrade.yml @@ -7,3 +7,6 @@ mode: default kube_network_plugin: calico deploy_netchecker: true dns_min_replicas: 1 + +# Make docker happy +containerd_version: latest diff --git a/tests/files/packet_debian9-macvlan.yml b/tests/files/packet_debian9-macvlan.yml index 7a80202f6..9a481b2b9 100644 --- a/tests/files/packet_debian9-macvlan.yml +++ b/tests/files/packet_debian9-macvlan.yml @@ -12,3 +12,6 @@ kube_proxy_masquerade_all: true macvlan_interface: "eth0" auto_renew_certificates: true + +# Make docker happy +containerd_version: latest diff --git a/tests/files/packet_fedora34-kube-ovn-containerd.yml b/tests/files/packet_fedora34-kube-ovn-containerd.yml index 77d1a711d..f3a266245 100644 --- a/tests/files/packet_fedora34-kube-ovn-containerd.yml +++ b/tests/files/packet_fedora34-kube-ovn-containerd.yml @@ -5,7 +5,6 @@ mode: default # Kubespray settings container_manager: containerd -containerd_version: latest etcd_deployment_type: host deploy_netchecker: true dns_min_replicas: 1 diff --git a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml index 94261c50b..9861b3502 100644 --- a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml +++ b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml @@ -9,5 +9,5 @@ kube_network_plugin: canal deploy_netchecker: true dns_min_replicas: 1 -# Ubuntu 16 packages for containerd are limited to 1.4.6 -containerd_version: 1.4.6 +# Make docker jobs happy +containerd_version: latest diff --git a/tests/files/packet_ubuntu16-canal-sep.yml b/tests/files/packet_ubuntu16-canal-sep.yml index d4bfc0535..44df4f948 100644 --- a/tests/files/packet_ubuntu16-canal-sep.yml +++ b/tests/files/packet_ubuntu16-canal-sep.yml @@ -9,5 +9,5 @@ kube_network_plugin: canal deploy_netchecker: true dns_min_replicas: 1 -# Ubuntu 16 packages for containerd are limited to 1.4.6 -containerd_version: 1.4.6 +# Make docker jobs happy +containerd_version: latest diff --git a/tests/files/packet_ubuntu16-flannel-ha.yml b/tests/files/packet_ubuntu16-flannel-ha.yml index 7c6160922..5f3b19d9b 100644 --- a/tests/files/packet_ubuntu16-flannel-ha.yml +++ b/tests/files/packet_ubuntu16-flannel-ha.yml @@ -11,5 +11,5 @@ skip_non_kubeadm_warning: true deploy_netchecker: true dns_min_replicas: 1 -# Ubuntu 16 packages for containerd are limited to 1.4.6 -containerd_version: 1.4.6 +# Make docker jobs happy +containerd_version: latest diff --git a/tests/files/packet_ubuntu16-kube-router-sep.yml b/tests/files/packet_ubuntu16-kube-router-sep.yml index 5ec576756..e923834aa 100644 --- a/tests/files/packet_ubuntu16-kube-router-sep.yml +++ b/tests/files/packet_ubuntu16-kube-router-sep.yml @@ -9,5 +9,5 @@ kube_network_plugin: kube-router deploy_netchecker: true dns_min_replicas: 1 -# Ubuntu 16 packages for containerd are limited to 1.4.6 -containerd_version: 1.4.6 +# Make docker jobs happy +containerd_version: latest diff --git a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml index 97ea810d1..043639ad9 100644 --- a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml +++ b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml @@ -11,5 +11,5 @@ dns_min_replicas: 1 kube_router_run_service_proxy: true -# Ubuntu 16 packages for containerd are limited to 1.4.6 -containerd_version: 1.4.6 +# Make docker jobs happy +containerd_version: latest diff --git a/tests/files/packet_ubuntu16-weave-sep.yml b/tests/files/packet_ubuntu16-weave-sep.yml index b06c75e87..e424a6cc8 100644 --- a/tests/files/packet_ubuntu16-weave-sep.yml +++ b/tests/files/packet_ubuntu16-weave-sep.yml @@ -10,5 +10,5 @@ dns_min_replicas: 1 auto_renew_certificates: true -# Ubuntu 16 packages for containerd are limited to 1.4.6 -containerd_version: 1.4.6 +# Make docker jobs happy +containerd_version: latest