feat: switch to binary runc and containerd install (#333)
* feat: switch to binary runc and containerd install
* fix: always download directly to dst node
* feat: add crictl role
* ci: add tests for binary downloads
* ci: rename scenario and add matrix
* ci: move to using prepare
* ci: stop using anchors
* chore: refactor to download_artifact
* chore: add jammy to containerd+runc
* chore: bump ansible-lint
* chore: add more platforms for cri
* fix: ensure tar command exists
* chore: drop amznlinux2
---------
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/roles/crictl/README.md b/roles/crictl/README.md
new file mode 100644
index 0000000..f02acf0
--- /dev/null
+++ b/roles/crictl/README.md
@@ -0,0 +1 @@
+# `crictl`
diff --git a/roles/crictl/defaults/main.yml b/roles/crictl/defaults/main.yml
new file mode 100644
index 0000000..a3d2c0c
--- /dev/null
+++ b/roles/crictl/defaults/main.yml
@@ -0,0 +1,33 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+crictl_bin_dir: /usr/bin
+
+crictl_version: v1.25.0
+crictl_checksums:
+ arm64:
+ v1.25.0: 651c939eca010bbf48cc3932516b194028af0893025f9e366127f5b50ad5c4f4
+ amd64:
+ v1.25.0: 86ab210c007f521ac4cdcbcf0ae3fb2e10923e65f16de83e0e1db191a07f0235
+
+crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ download_artifact_goarch }}.tar.gz" # noqa: yaml[line-length]
+crictl_download_dest: "{{ crictl_download_unarchive_dest }}.tar.gz"
+crictl_download_unarchive_dest: "{{ download_artifact_work_directory }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ download_artifact_goarch }}"
+crictl_binary_checksum: "{{ crictl_checksums[download_artifact_goarch][crictl_version] }}"
+
+# NOTE(mnaser): This is to accomodate for the uninstallation of the old packages
+# that shipped with the operating system
+crictl_package_name: cri-tools
+
+crictl_socket: /run/containerd/containerd.sock
diff --git a/roles/crictl/meta/main.yml b/roles/crictl/meta/main.yml
new file mode 100644
index 0000000..c8c51ab
--- /dev/null
+++ b/roles/crictl/meta/main.yml
@@ -0,0 +1,47 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for "crictl"
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ standalone: false
+ platforms:
+ - name: Debian
+ versions:
+ - buster
+ - bullseye
+ - name: Fedora
+ versions:
+ - "36"
+ - "37"
+ - name: EL
+ versions:
+ - "8"
+ - "9"
+ - name: Ubuntu
+ versions:
+ - focal
+ - jammy
+
+dependencies:
+ - role: download_artifact
+ download_artifact_url: "{{ crictl_download_url }}"
+ download_artifact_dest: "{{ crictl_download_dest }}"
+ download_artifact_checksum: "sha256:{{ crictl_binary_checksum }}"
+ download_artifact_owner: root
+ download_artifact_mode: "0755"
+ download_artifact_unarchive: true
+ download_artifact_unarchive_dest: "{{ crictl_download_unarchive_dest }}"
diff --git a/roles/crictl/tasks/main.yml b/roles/crictl/tasks/main.yml
new file mode 100644
index 0000000..d4801f3
--- /dev/null
+++ b/roles/crictl/tasks/main.yml
@@ -0,0 +1,38 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Uninstall crictl package
+ ansible.builtin.package:
+ name: "{{ crictl_package_name }}"
+ state: absent
+
+- name: Copy crictl binary from download dir
+ ansible.builtin.copy:
+ src: "{{ download_artifact_dest }}"
+ dest: "{{ crictl_bin_dir }}/crictl"
+ mode: "0755"
+ remote_src: true
+
+- name: Create crictl config
+ ansible.builtin.template:
+ src: crictl.yaml.j2
+ dest: /etc/crictl.yaml
+ owner: root
+ mode: "0644"
+
+- name: Remove crictl orphaned binary
+ ansible.builtin.file:
+ path: /usr/bin/crictl
+ state: absent
+ when: crictl_bin_dir != "/usr/bin"
diff --git a/roles/crictl/templates/crictl.yaml.j2 b/roles/crictl/templates/crictl.yaml.j2
new file mode 100644
index 0000000..a3355fa
--- /dev/null
+++ b/roles/crictl/templates/crictl.yaml.j2
@@ -0,0 +1,4 @@
+runtime-endpoint: unix://{{ crictl_socket }}
+image-endpoint: unix://{{ crictl_socket }}
+timeout: 30
+debug: false