chore: refactor to vexxhost.k8s.containerd
diff --git a/.github/workflows/containerd.yml b/.github/workflows/containerd.yml
deleted file mode 100644
index 69a0ec8..0000000
--- a/.github/workflows/containerd.yml
+++ /dev/null
@@ -1,69 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: containerd
-
-on:
- pull_request:
- paths:
- - molecule/containerd/**
- - roles/defaults/**
- - roles/runc/**
- - roles/binary_download/**
- - roles/containerd/**
- - roles/crictl/**
- push:
- branches:
- - main
- paths:
- - molecule/containerd/**
- - roles/defaults/**
- - roles/runc/**
- - roles/binary_download/**
- - roles/containerd/**
- - roles/crictl/**
-
-jobs:
- test:
- runs-on: ubuntu-latest
- strategy:
- matrix:
- distro:
- - debian10
- - debian11
- - fedora36
- - fedora37
- - rockylinux8
- - rockylinux9
- - ubuntu2004
- - ubuntu2204
- steps:
- - name: Checkout project
- uses: actions/checkout@v3
-
- - name: Install Poetry
- run: pipx install poetry
-
- - name: Setup Python
- uses: actions/setup-python@v4
- with:
- cache: poetry
-
- - name: Install dependencies
- run: poetry install --no-interaction --with dev
-
- - name: Run Molecule
- run: poetry run molecule test -s containerd
- env:
- MOLECULE_DISTRO: ${{ matrix.distro }}
diff --git a/molecule/containerd/converge.yml b/molecule/containerd/converge.yml
deleted file mode 100644
index ca8b887..0000000
--- a/molecule/containerd/converge.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Converge
- hosts: all
- become: true
- roles:
- - vexxhost.atmosphere.containerd
- - vexxhost.atmosphere.crictl
diff --git a/molecule/containerd/molecule.yml b/molecule/containerd/molecule.yml
deleted file mode 100644
index bf62b9c..0000000
--- a/molecule/containerd/molecule.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest
- command: ${MOLECULE_DOCKER_COMMAND:-""}
- privileged: true
- cgroupns_mode: host
- pre_build_image: true
- volumes:
- - /sys/fs/cgroup:/sys/fs/cgroup:rw
-provisioner:
- name: ansible
-verifier:
- name: ansible
diff --git a/molecule/containerd/prepare.yml b/molecule/containerd/prepare.yml
deleted file mode 100644
index f538ad1..0000000
--- a/molecule/containerd/prepare.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Prepare
- hosts: all
- become: true
- pre_tasks:
- - name: Wait for systemd to complete initialization
- ansible.builtin.command: systemctl is-system-running
- register: systemctl_status
- until: >
- 'running' in systemctl_status.stdout or
- 'degraded' in systemctl_status.stdout
- retries: 30
- delay: 5
- changed_when: false
- failed_when: systemctl_status.rc > 1
diff --git a/molecule/containerd/verify.yml b/molecule/containerd/verify.yml
deleted file mode 100644
index 1462252..0000000
--- a/molecule/containerd/verify.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Verify
- hosts: all
- become: true
-
- pre_tasks:
- - name: Gather service facts
- service_facts:
-
- tasks:
- - name: Make sure containerd service is running
- ansible.builtin.assert:
- that:
- - ansible_facts.services['containerd.service'].state in ['active', 'running']
-
- - name: Make sure containerd service is enabled
- ansible.builtin.assert:
- that:
- - ansible_facts.services['containerd.service'].status == 'enabled'
-
- - name: Pull image from registry
- ansible.builtin.command: ctr image pull docker.io/library/alpine:latest
-
- - name: List images
- ansible.builtin.command: ctr images ls
- register: images
- failed_when: not(images.stdout.find('alpine') != -1)
diff --git a/playbooks/kubernetes.yml b/playbooks/kubernetes.yml
index 3112310..fc0da39 100644
--- a/playbooks/kubernetes.yml
+++ b/playbooks/kubernetes.yml
@@ -19,5 +19,7 @@
- role: ethtool
tags:
- ethtool
- - role: containerd
+ - role: vexxhost.kubernetes.containerd
+ vars:
+ containerd_pause_image: "{{ atmosphere_images['pause'] }}"
- role: kubernetes
diff --git a/roles/containerd/README.md b/roles/containerd/README.md
deleted file mode 100644
index 4aa8a1f..0000000
--- a/roles/containerd/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# `containerd`
diff --git a/roles/containerd/defaults/main.yml b/roles/containerd/defaults/main.yml
deleted file mode 100644
index 64879dd..0000000
--- a/roles/containerd/defaults/main.yml
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-containerd_bin_dir: /usr/bin
-
-containerd_version: 1.6.15
-containerd_archive_checksums:
- arm64:
- 1.6.15: d63e4d27c51e33cd10f8b5621c559f09ece8a65fec66d80551b36cac9e61a07d
- amd64:
- 1.6.15: 191bb4f6e4afc237efc5c85b5866b6fdfed731bde12cceaa6017a9c7f8aeda02
-
-containerd_download_url: "https://github.com/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-{{ ansible_system | lower }}-{{ download_artifact_goarch }}.tar.gz" # noqa: yaml[line-length]
-containerd_download_dest: "{{ containerd_download_unarchive_dest }}.tar.gz"
-containerd_download_unarchive_dest: "{{ download_artifact_work_directory }}/containerd-{{ containerd_version }}-{{ ansible_system | lower }}-{{ download_artifact_goarch }}" # noqa: yaml[line-length]
-containerd_archive_checksum: "{{ containerd_archive_checksums[download_artifact_goarch][containerd_version] }}"
-
-containerd_pause_image: "{{ atmosphere_images['pause'] | vexxhost.kubernetes.docker_image('ref') }}"
-containerd_insecure_registries: []
-
-# NOTE(mnaser): This is to accomodate for the uninstallation of the old packages
-# that shipped with the operating system
-containerd_package_name:
- - containerd
- - containerd.io
-
-containerd_binaries:
- - containerd
- - containerd-shim
- - containerd-shim-runc-v1
- - containerd-shim-runc-v2
- - containerd-stress
- - ctr
-
-containerd_cfg_dir: /etc/containerd
-containerd_storage_dir: /var/lib/containerd
-containerd_state_dir: /run/containerd
-
-containerd_debug_level: "info"
-containerd_max_container_log_line_size: -1
-
-containerd_limit_proc_num: "infinity"
-containerd_limit_core: "infinity"
-containerd_limit_open_file_num: "infinity"
-containerd_limit_mem_lock: "infinity"
diff --git a/roles/containerd/handlers/main.yml b/roles/containerd/handlers/main.yml
deleted file mode 100644
index fee82a4..0000000
--- a/roles/containerd/handlers/main.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright (c) 2022 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Reload systemd
- ansible.builtin.systemd:
- daemon_reload: true
- daemon_reexec: true
-
-- name: Restart containerd
- ansible.builtin.service:
- name: containerd
- state: restarted
diff --git a/roles/containerd/meta/main.yml b/roles/containerd/meta/main.yml
deleted file mode 100644
index 87b064b..0000000
--- a/roles/containerd/meta/main.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-galaxy_info:
- author: VEXXHOST, Inc.
- description: Ansible role for "containerd"
- license: Apache-2.0
- min_ansible_version: 5.5.0
- standalone: false
- platforms:
- - name: Debian
- versions:
- - buster
- - bullseye
- - name: Fedora
- versions:
- - "36"
- - "37"
- - name: EL
- versions:
- - "8"
- - "9"
- - name: Ubuntu
- versions:
- - focal
- - jammy
-
-dependencies:
- - role: defaults
- - role: runc
- - role: download_artifact
- download_artifact_url: "{{ containerd_download_url }}"
- download_artifact_dest: "{{ containerd_download_dest }}"
- download_artifact_checksum: "sha256:{{ containerd_archive_checksum }}"
- download_artifact_owner: root
- download_artifact_mode: "0755"
- download_artifact_unarchive: true
- download_artifact_unarchive_dest: "{{ containerd_download_unarchive_dest }}"
- download_artifact_unarchive_extra_opts:
- - --strip-components=1
diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml
deleted file mode 100644
index 3040bd7..0000000
--- a/roles/containerd/tasks/main.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Remove containerd package
- ansible.builtin.package:
- name: "{{ containerd_package_name }}"
- state: absent
-
-- name: Install containerd binaries
- ansible.builtin.copy:
- src: "{{ containerd_download_unarchive_dest }}/{{ item }}"
- dest: "{{ containerd_bin_dir }}/{{ item }}"
- mode: "0755"
- remote_src: true
- loop: "{{ containerd_binaries }}"
- notify: Restart containerd
-
-- name: Remove containerd orphaned binaries
- ansible.builtin.file:
- path: "/usr/bin/{{ item }}"
- state: absent
- loop: "{{ containerd_binaries }}"
- when: containerd_bin_dir != "/usr/bin"
-
-- name: Create systemd service file for containerd
- ansible.builtin.template:
- src: containerd.service.j2
- dest: /etc/systemd/system/containerd.service
- mode: "0644"
- notify:
- - Reload systemd
- - Restart containerd
-
-- name: Create folders for configuration
- ansible.builtin.file:
- dest: "{{ item }}"
- state: directory
- mode: "0755"
- owner: root
- group: root
- with_items:
- - "{{ containerd_cfg_dir }}"
- - "{{ containerd_storage_dir }}"
- - "{{ containerd_state_dir }}"
- notify:
- - Restart containerd
-
-- name: Create containerd config file
- ansible.builtin.template:
- src: config.toml.j2
- dest: /etc/containerd/config.toml
- owner: root
- group: root
- mode: "0644"
- notify:
- - Restart containerd
-
-- name: Force any restarts if necessary
- ansible.builtin.meta: flush_handlers
-
-- name: Enable and start service
- ansible.builtin.service:
- name: containerd
- enabled: true
- state: started
diff --git a/roles/containerd/templates/config.toml.j2 b/roles/containerd/templates/config.toml.j2
deleted file mode 100644
index 55b6b41..0000000
--- a/roles/containerd/templates/config.toml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-version = 2
-
-[debug]
- level = "{{ containerd_debug_level | default('info') }}"
-
-[plugins]
- [plugins."io.containerd.grpc.v1.cri"]
- sandbox_image = "{{ containerd_pause_image }}"
- max_container_log_line_size = {{ containerd_max_container_log_line_size }}
- [plugins."io.containerd.grpc.v1.cri".registry]
- [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
- {% for registry in containerd_insecure_registries %}
- [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
- endpoint = ["http://{{ registry }}"]
- {% endfor %}
- [plugins."io.containerd.grpc.v1.cri".registry.configs]
- {% for registry in containerd_insecure_registries %}
- [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry }}".tls]
- insecure_skip_verify = true
- {% endfor %}
diff --git a/roles/containerd/templates/containerd.service.j2 b/roles/containerd/templates/containerd.service.j2
deleted file mode 100644
index adebcf2..0000000
--- a/roles/containerd/templates/containerd.service.j2
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright The containerd Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-[Unit]
-Description=containerd container runtime
-Documentation=https://containerd.io
-After=network.target local-fs.target
-
-[Service]
-ExecStartPre=-/sbin/modprobe overlay
-ExecStart={{ containerd_bin_dir }}/containerd
-
-Type=notify
-Delegate=yes
-KillMode=process
-Restart=always
-RestartSec=5
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNPROC={{ containerd_limit_proc_num }}
-LimitCORE={{ containerd_limit_core }}
-LimitNOFILE={{ containerd_limit_open_file_num }}
-LimitMEMLOCK={{ containerd_limit_mem_lock }}
-# Comment TasksMax if your systemd version does not supports it.
-# Only systemd 226 and above support this version.
-TasksMax=infinity
-OOMScoreAdjust=-999
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/kubernetes/meta/main.yml b/roles/kubernetes/meta/main.yml
index ef85549..b9b6532 100644
--- a/roles/kubernetes/meta/main.yml
+++ b/roles/kubernetes/meta/main.yml
@@ -25,4 +25,3 @@
dependencies:
- role: defaults
- - role: containerd