From 09bccc97bab30673e810ed893df19936346aa7ea Mon Sep 17 00:00:00 2001 From: Maxime Guyot Date: Wed, 22 Apr 2020 15:09:52 +0200 Subject: [PATCH] Add CRI-O CI (#5460) --- .gitlab-ci/packet.yml | 5 +++ .../container-engine/cri-o/defaults/main.yml | 2 +- .../container-engine/cri-o/handlers/main.yml | 1 + .../cri-o/molecule/default/molecule.yml | 31 +++++++++++++++++++ .../cri-o/molecule/default/playbook.yml | 7 +++++ .../cri-o/molecule/default/prepare.yml | 6 ++++ .../molecule/default/tests/test_default.py | 20 ++++++++++++ roles/container-engine/cri-o/tasks/crictl.yml | 14 +++++++-- roles/container-engine/cri-o/tasks/main.yaml | 10 +++++- .../cri-o/templates/crio.conf.j2 | 2 -- roles/container-engine/cri-o/vars/fedora.yml | 3 +- roles/container-engine/cri-o/vars/ubuntu.yml | 4 +-- tests/files/packet_ubuntu18-crio.yml | 14 +++++++++ 13 files changed, 109 insertions(+), 10 deletions(-) create mode 100644 roles/container-engine/cri-o/molecule/default/molecule.yml create mode 100644 roles/container-engine/cri-o/molecule/default/playbook.yml create mode 100644 roles/container-engine/cri-o/molecule/default/prepare.yml create mode 100644 roles/container-engine/cri-o/molecule/default/tests/test_default.py create mode 100644 tests/files/packet_ubuntu18-crio.yml diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index a844be132..927c0aaa5 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -27,6 +27,11 @@ packet_centos7-flannel-containerd-addons-ha: stage: deploy-part2 when: on_success +packet_ubuntu18-crio: + extends: .packet + stage: deploy-part2 + when: on_success + # ### MANUAL JOBS packet_centos7-weave-upgrade-ha: diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml index dd75ec4fe..429168ecf 100644 --- a/roles/container-engine/cri-o/defaults/main.yml +++ b/roles/container-engine/cri-o/defaults/main.yml @@ -5,4 +5,4 @@ crio_seccomp_profile: "/etc/crio/seccomp.json" crio_cgroup_manager: "{{ kubelet_cgroup_driver | default('cgroupfs') }}" -crio_runc_path: "/usr/sbin/runc" +crio_runc_path: "/usr/sbin/runc" \ No newline at end of file diff --git a/roles/container-engine/cri-o/handlers/main.yml b/roles/container-engine/cri-o/handlers/main.yml index 957e8e400..8bc936b45 100644 --- a/roles/container-engine/cri-o/handlers/main.yml +++ b/roles/container-engine/cri-o/handlers/main.yml @@ -13,3 +13,4 @@ service: name: crio state: restarted + enabled: yes diff --git a/roles/container-engine/cri-o/molecule/default/molecule.yml b/roles/container-engine/cri-o/molecule/default/molecule.yml new file mode 100644 index 000000000..d544f57fb --- /dev/null +++ b/roles/container-engine/cri-o/molecule/default/molecule.yml @@ -0,0 +1,31 @@ +--- +driver: + name: vagrant + provider: + name: libvirt +lint: + name: yamllint + options: + config-file: ../../../.yamllint +platforms: + - name: kubespray-crio + box: generic/ubuntu1804 + cpus: 2 + memory: 1024 + groups: + - kube-master +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../../ + config_options: + defaults: + callback_whitelist: profile_tasks + lint: + name: ansible-lint + options: + c: ../../../.ansible-lint +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/container-engine/cri-o/molecule/default/playbook.yml b/roles/container-engine/cri-o/molecule/default/playbook.yml new file mode 100644 index 000000000..fdb8fb600 --- /dev/null +++ b/roles/container-engine/cri-o/molecule/default/playbook.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + become: true + roles: + - role: kubespray-defaults + - role: cri-o diff --git a/roles/container-engine/cri-o/molecule/default/prepare.yml b/roles/container-engine/cri-o/molecule/default/prepare.yml new file mode 100644 index 000000000..1afc51a04 --- /dev/null +++ b/roles/container-engine/cri-o/molecule/default/prepare.yml @@ -0,0 +1,6 @@ +--- +- name: Prepare + hosts: all + gather_facts: False + roles: + - role: bootstrap-os diff --git a/roles/container-engine/cri-o/molecule/default/tests/test_default.py b/roles/container-engine/cri-o/molecule/default/tests/test_default.py new file mode 100644 index 000000000..1f01b5ab5 --- /dev/null +++ b/roles/container-engine/cri-o/molecule/default/tests/test_default.py @@ -0,0 +1,20 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_service(host): + svc = host.service("crio") + assert svc.is_running + assert svc.is_enabled + + +def test_run(host): + path = "unix:///var/run/crio/crio.sock" + with host.sudo(): + cmd = host.command("crictl --runtime-endpoint " + path + " version") + assert cmd.rc == 0 + assert "RuntimeName: cri-o" in cmd.stdout diff --git a/roles/container-engine/cri-o/tasks/crictl.yml b/roles/container-engine/cri-o/tasks/crictl.yml index 60a9c91aa..fd6a4c348 100644 --- a/roles/container-engine/cri-o/tasks/crictl.yml +++ b/roles/container-engine/cri-o/tasks/crictl.yml @@ -21,7 +21,15 @@ group: no delegate_to: "{{ inventory_hostname }}" -- name: Install crictl completion - shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl" - ignore_errors: True +- name: Get crictl completion + shell: "{{ bin_dir }}/crictl completion" when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"] + changed_when: False + register: cri_completion + +- name: Install crictl completion + copy: + dest: /etc/bash_completion.d/crictl + content: "{{ cri_completion.stdout }}" + become: True + when: cri_completion is defined \ No newline at end of file diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml index 08de0c99d..c6ed04088 100644 --- a/roles/container-engine/cri-o/tasks/main.yaml +++ b/roles/container-engine/cri-o/tasks/main.yaml @@ -101,6 +101,14 @@ - is_ostree - not need_bootstrap_crio.stat.exists +- name: Remove example CNI configs + file: + path: "/etc/cni/net.d/{{ item }}" + state: absent + loop: + - 100-crio-bridge.conf + - 200-loopback.conf + - name: Install cri-o config template: src: crio.conf.j2 @@ -126,4 +134,4 @@ src: http-proxy.conf.j2 dest: /etc/systemd/system/crio.service.d/http-proxy.conf notify: restart crio - when: http_proxy is defined or https_proxy is defined + when: http_proxy is defined or https_proxy is defined \ No newline at end of file diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2 index f632f563b..977cbbf74 100644 --- a/roles/container-engine/cri-o/templates/crio.conf.j2 +++ b/roles/container-engine/cri-o/templates/crio.conf.j2 @@ -281,7 +281,5 @@ network_dir = "/etc/cni/net.d/" # Paths to directories where CNI plugin binaries are located. plugin_dirs = [ "/usr/libexec/cni", -{% if ansible_os_family == "ClearLinux" or is_ostree %} "/opt/cni/bin/", -{% endif %} ] diff --git a/roles/container-engine/cri-o/vars/fedora.yml b/roles/container-engine/cri-o/vars/fedora.yml index f7927a29a..a2a6ad286 100644 --- a/roles/container-engine/cri-o/vars/fedora.yml +++ b/roles/container-engine/cri-o/vars/fedora.yml @@ -4,4 +4,5 @@ crio_packages: - cri-tools crio_conmon: /usr/libexec/crio/conmon -crio_seccomp_profile: "" +crio_runc_path: "/usr/bin/runc" +crio_seccomp_profile: "" \ No newline at end of file diff --git a/roles/container-engine/cri-o/vars/ubuntu.yml b/roles/container-engine/cri-o/vars/ubuntu.yml index 689c07f53..bed9659ab 100644 --- a/roles/container-engine/cri-o/vars/ubuntu.yml +++ b/roles/container-engine/cri-o/vars/ubuntu.yml @@ -1,7 +1,7 @@ --- crio_packages: - - "cri-o-{{ kube_version | regex_replace('^v(?P\\d+).(?P\\d+).(?P\\d+)$', '\\g.\\g') }}" + - "cri-o-1.15" -crio_conmon: /usr/libexec/podman/conmon +crio_conmon: /usr/bin/conmon crio_seccomp_profile: "" crio_runc_path: /usr/lib/cri-o-runc/sbin/runc diff --git a/tests/files/packet_ubuntu18-crio.yml b/tests/files/packet_ubuntu18-crio.yml new file mode 100644 index 000000000..e2ba42220 --- /dev/null +++ b/tests/files/packet_ubuntu18-crio.yml @@ -0,0 +1,14 @@ +--- +# Instance settings +cloud_image: ubuntu-1804 +mode: default + +# Kubespray settings +deploy_netchecker: true +dns_min_replicas: 1 +container_manager: crio + +# CRI-O requirements +download_container: false +etcd_deployment_type: host +kubelet_deployment_type: host