openstack/devstack-plugin-container
Code Issues Proposed changes
devstack-plugin-container/devstack/lib/crio
Yoshiro Watanabe a0b2a6cbaf Change repository for k8s, cri-o 
The legacy k8s repository was retired on March 26, 2024 [1].
The cri-o project followed k8s lead and moved the build to a new
repository [2].

This patch changes the location of k8s, cri-o installed packages
for Ubuntu based deployments only. Changes the value of the
apiversion parameter in the kubeadm configuration because the new
repository can also install 1.27.x and later versions of k8s that
no longer support v1beta2 and earlier APIs.

The version of the package to be installed can be specified using
the K8S_VERSION and CRIO_VERSION variables.
Also, the default values of K8S_VERSION and CRIO_VERSION have been
changed, and it has been confirmed that tacker project FT works fine
with the changed version.

[1]https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/
[2]https://kubernetes.io/blog/2023/10/10/cri-o-community-package-infrastructure/

Change-Id: I0ce9fd2bcb5d79ebad2cecafabf8c9f33b106647
2024-10-01 09:18:19 +00:00

220 lines
7.2 KiB
Bash
Raw Blame History

#!/bin/bash
# Dependencies:
#
# - functions
# stack.sh
# ---------
# - check_crio
# - install_crio
# - configure_crio
# - stop_crio
# Save trace setting
_XTRACE_DOCKER=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock}
CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)
# Functions
# ---------
function check_crio {
if is_ubuntu; then
dpkg -l | grep cri-o > /dev/null 2>&1
else
false
# TODO: CentOS/Fedora support.
fi
}
function install_crio {
if [[ -z "$os_PACKAGE" ]]; then
GetOSVersion
fi
local lsb_dist=${os_VENDOR,,}
if is_ubuntu; then
local stream="https://pkgs.k8s.io/addons:/cri-o:/stable:/v${CRIO_VERSION%.*}"
local key_path="/etc/apt/keyrings/cri-o-apt-keyring.gpg"
apt_get install apt-transport-https ca-certificates \
software-properties-common curl
curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}"
echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \
sudo tee /etc/apt/sources.list.d/cri-o.list
# Installing podman and containerd will get us compatible versions of
# cri-o. And we need podman to manage container images anyway.
REPOS_UPDATED=False apt_get_update
crio_pkg_version=$(sudo apt-cache show cri-o | grep "Version: $CRIO_VERSION-" | awk '{ print $2 }' | head -n 1)
apt_get install podman buildah cri-o="${crio_pkg_version}"
sudo systemctl enable crio
elif is_fedora; then
if [[ "$lsb_dist" = "centos" ]]; then
sudo yum-config-manager \
--add-repo \
https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/
sudo yum-config-manager \
--add-repo \
https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/
fi
if [[ "${os_VENDOR}" == *'Stream' ]]; then
local stream="_Stream"
fi
# NOTE: All crio versions are not supported for Centos 8 stream
# because crio rpm is not present for some minor versions
sudo yum-config-manager \
--add-repo \
"https://download.opensuse.org/repositories/"`
`"devel:/kubic:/libcontainers:/stable:/cri-o:/${CRIO_VERSION}/"`
`"CentOS_${os_RELEASE}${stream}/"`
`"devel:kubic:libcontainers:stable:cri-o:${CRIO_VERSION}.repo"
yum_install cri-o podman buildah
fi
}
function configure_crio {
# After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
sudo systemctl stop crio.service || true
export CRIO_CONF="/etc/crio/crio.conf"
# We're wrapping values in \"<val>\" because that's the format cri-o wants.
iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
iniset -sudo ${CRIO_CONF} crio.image pause_image \"${CRIO_PAUSE_IMAGE}\"
iniset -sudo ${CRIO_CONF} crio.image pause_command \"${CRIO_PAUSE_COMMAND}\"
if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
# debug is way too verbose, info will be enough
iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\"
fi
if is_ubuntu; then
local crio_minor=${CRIO_VERSION#*.}
# At least for 18.04 we need to set up /etc/containers/registries.conf
# with some initial content. That's another bug with that PPA.
local registries_conf
registries_conf="/etc/containers/registries.conf"
if [[ ! -f ${registries_conf} && $crio_minor -lt 24 ]]; then
sudo mkdir -p `dirname ${registries_conf}`
cat << EOF | sudo tee ${registries_conf}
[registries.search]
registries = ['docker.io']
EOF
else
# If there is a config file, that means, we are probably on the
# newer version of crio/container/podman, which basically means
# we cannot mix [registries.search] registries filled with
# something and unqualified-search-registries setting which appear
# on sysregistry v2 config syntax. And because it's a TOML now, we
# cannot rely on iniset, but directly change the file.
local rname='unqualified-search-registries'
local rval='["docker.io", "quay.io"]'
if [[ ! -f ${registries_conf} ]]; then
cat << EOF | sudo tee ${registries_conf}
unqualified-search-registries = ["docker.io", "quay.io"]
EOF
elif grep -wq "^${rname}" "${registries_conf}"; then
sudo sed -i -e \
"s/^${rname}.*$/${rname} = ${rval}/" "${registries_conf}"
else
sudo sed -i "1s/^/${rname} = ${rval}\n/" "${registries_conf}"
fi
fi
# CRI-O from kubic repo have placed runc in different place, not even
# in path, just to not conflict with runc package from official repo.
# We need to change it.
iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \
\"/usr/lib/cri-o-runc/sbin/runc\"
if [ -n "${CNI_CONF_DIR}" ]; then
iniset -sudo ${CRIO_CONF} crio.network network_dir \
\"${CNI_CONF_DIR}\"
fi
if [ -n "${CNI_PLUGIN_DIR}" ]; then
iniset -sudo ${CRIO_CONF} crio.network plugin_dir \
\"${CNI_PLUGIN_DIR}\"
fi
# By default CRI-O doesn't allow ICMP between containers, although it
# is ususally expected for testing purposes.
if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then
if grep -wq '^default_sysctls' ${CRIO_CONF}; then
export CRIO_KEY="default_sysctls"
export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]'
_update_config
else
iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \
'[ "net.ipv4.ping_group_range=0 2147483647", ]'
fi
fi
elif is_fedora; then
local lsb_dist=${os_VENDOR,,}
if [[ "$lsb_dist" = "centos" ]]; then
# CentOS packages are putting runc binary in different place...
iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\"
# CentOS version seems to only work with cgroupfs...
iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\"
fi
fi
sudo systemctl --no-block restart crio.service
}
function stop_crio {
sudo systemctl stop crio.service || true
}
function _update_config {
sudo -E python3 - <<EOF
"""
Update provided by CRIO_KEY key list in crio configuration in a form of:
some_key = [ some,
value
]
or just an empty list:
some_key = [
]
with the CRIO_VAL value.
Note, CRIO_VAL must include square brackets.
"""
import os
import re
crio_key = os.environ.get('CRIO_KEY')
crio_val = os.environ.get('CRIO_VAL')
crio_conf = os.environ.get('CRIO_CONF')
pat = re.compile(rf'{crio_key}\s*=\s*\[[^\]]*\]', flags=re.S | re.M)
with open(crio_conf) as fobj:
conf = fobj.read()
with open(crio_conf, 'w') as fobj:
search = pat.search(conf)
if search:
start, end = search.span()
conf = conf[:start] + f'{crio_key} = {crio_val}' + conf[end:]
fobj.write(conf)
EOF
}
# Restore xtrace
$_XTRACE_DOCKER
View Git Blame Copy Permalink