diff --git a/contrib/ansible/cri-containerd.yaml b/contrib/ansible/cri-containerd.yaml new file mode 100644 index 000000000..85cb417ae --- /dev/null +++ b/contrib/ansible/cri-containerd.yaml @@ -0,0 +1,48 @@ +--- +- hosts: all + become: true + tasks: + - include_vars: vars/vars.yaml # Contains tasks variables for installer + - include: tasks/bootstrap_ubuntu.yaml # Contains tasks bootstrap components for ubuntu systems + when: ansible_distribution == "Ubuntu" + - include: tasks/bootstrap_centos.yaml # Contains tasks bootstrap components for centos systems + when: ansible_distribution == "CentOS" + - include: tasks/k8s.yaml # Contains tasks kubernetes component installation + - include: tasks/binaries.yaml # Contains tasks for pulling containerd and cri-containerd components + + - name: "Start Containerd" + systemd: name=containerd daemon_reload=yes state=started enabled=yes + + - name: "Start CRI-Containerd" + systemd: name=cri-containerd daemon_reload=yes state=started enabled=yes + + - name: "Set bridge-nf-call-iptables" + lineinfile: + line: "net/bridge/bridge-nf-call-iptables = 1" + dest: /etc/sysctl.conf + insertafter: 'EOF' + regexp: '\/net\/bridge\/bridge-nf-call-iptables = 1' + state: present + ignore_errors: true + + - name: "Check kubelet args in kubelet config" + shell: grep "^Environment=\"KUBELET_EXTRA_ARGS=" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + ignore_errors: true + register: check_args + + - name: "Add runtime args in kubelet conf" + lineinfile: + dest: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf" + line: "Environment=\"KUBELET_EXTRA_ARGS= --container-runtime=remote --runtime-request-timeout=15m --image-service-endpoint=/var/run/cri-containerd.sock --container-runtime-endpoint=/var/run/cri-containerd.sock\"" + insertafter: '\[Service\]' + when: check_args.stdout == "" + + - name: "Start Kubelet" + systemd: name=kubelet daemon_reload=yes state=started enabled=yes + + # TODO This needs to be removed once we have consistent concurrent pull results + - name: "Pre-pull pause container image" + shell: | + /usr/local/bin/ctr pull gcr.io/google_containers/pause:3.0 + /usr/local/bin/crictl --runtime-endpoint /var/run/cri-containerd.sock \ + pull gcr.io/google_containers/pause:3.0 diff --git a/contrib/ansible/tasks/binaries.yaml b/contrib/ansible/tasks/binaries.yaml new file mode 100644 index 000000000..d8c6fc1af --- /dev/null +++ b/contrib/ansible/tasks/binaries.yaml @@ -0,0 +1,51 @@ +--- +- name: "Create a directory to download binaries" + file: path={{ cri_release_directory }} state=directory + +- name: "Get Containerd and CRI-Containerd" + get_url: + validate_certs: "no" + url: "https://storage.googleapis.com/cri-containerd-staging/cri-containerd-{{ cri_containerd_release_version }}.tar.gz" + dest: "{{ cri_release_directory }}" + mode: 0755 + +- name: "Unpack Containerd and CRI-Containerd" + unarchive: + src: "{{ cri_release_directory }}cri-containerd-{{ cri_containerd_release_version }}.tar.gz" + dest: "{{ cri_release_directory }}" + remote_src: yes + +- name: "Install the containerd and cri-containerd binaries" + copy: + src: "{{ cri_release_directory }}usr/local/bin/{{ item }}" + dest: "{{ local_bin_dir }}{{ item }}" + mode: 0755 + remote_src: yes + with_items: + - containerd + - containerd-stress + - containerd-shim + - cri-containerd + - ctr + - crictl + +- name: "Install runc" + copy: + src: "{{ cri_release_directory }}usr/local/sbin/{{ item }}" + dest: "{{ local_sbin_dir }}{{ item }}" + mode: 0755 + remote_src: yes + with_items: + - runc + +- name: "Copy containerd systemd service unit" + template: src=../../systemd-units/containerd.service dest=/etc/systemd/system/containerd.service + +- name: "Copy cri-containerd systemd service unit" + template: src=../../systemd-units/cri-containerd.service dest=/etc/systemd/system/cri-containerd.service + +- name: "Create a directory for cni binary" + file: path={{ cni_bin_dir }} state=directory + +- name: "Create a directory for cni config files" + file: path={{ cni_conf_dir }} state=directory diff --git a/contrib/ansible/tasks/bootstrap_centos.yaml b/contrib/ansible/tasks/bootstrap_centos.yaml new file mode 100644 index 000000000..73e82428f --- /dev/null +++ b/contrib/ansible/tasks/bootstrap_centos.yaml @@ -0,0 +1,13 @@ +--- +- name: "Install required packages on CentOS " + yum: + name: "{{ item }}" + state: latest + with_items: + - unzip + - tar + - btrfs-progs-devel + - libseccomp-devel + - util-linux + - socat + - libselinux-python diff --git a/contrib/ansible/tasks/bootstrap_ubuntu.yaml b/contrib/ansible/tasks/bootstrap_ubuntu.yaml new file mode 100644 index 000000000..3dcaa4e79 --- /dev/null +++ b/contrib/ansible/tasks/bootstrap_ubuntu.yaml @@ -0,0 +1,16 @@ +--- +- name: "Install required packages on Ubuntu" + package: + name: "{{ item }}" + state: latest + with_items: + - unzip + - tar + - apt-transport-https + - btrfs-tools + - libapparmor-dev + - libseccomp-dev # Revisit the need and alternatives for all -dev packages + - libseccomp2 + - socat + - util-linux +# TODO: Limited support for trusty for nsenter. Need to handle/verify diff --git a/contrib/ansible/tasks/k8s.yaml b/contrib/ansible/tasks/k8s.yaml new file mode 100644 index 000000000..30860fae2 --- /dev/null +++ b/contrib/ansible/tasks/k8s.yaml @@ -0,0 +1,50 @@ +--- +- name: "Add gpg key (Ubuntu)" + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + state: present + when: ansible_distribution == "Ubuntu" + +- name: "Add kubernetes source list (Ubuntu)" + apt_repository: + repo: "deb http://apt.kubernetes.io/ kubernetes-{{ ansible_distribution_release }} main" + state: present + filename: "kubernetes" + when: ansible_distribution == "Ubuntu" + +- name: "Update the repository cache (Ubuntu)" + apt: + update_cache: yes + when: ansible_distribution == "Ubuntu" + +- name: "Add Kubernetes repository and install gpg key (CentOS)" + yum_repository: + name: kubernetes + description: Kubernetes repository + baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 + gpgcheck: yes + enabled: yes + repo_gpgcheck: yes + gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg + when: ansible_distribution == "CentOS" + +- name: "Disable SELinux (CentOS)" + selinux: + state: disabled + when: ansible_distribution == "CentOS" + +- name: "Install kubelet,kubeadm,kubectl (CentOS)" + yum: state=present name={{ item }} + with_items: + - kubelet + - kubeadm + - kubectl + when: ansible_distribution == "CentOS" + +- name: "Install kubelet, kubeadm, kubectl (Ubuntu)" + apt: name={{item}} state=installed + with_items: + - kubelet + - kubeadm + - kubectl + when: ansible_distribution == "Ubuntu" diff --git a/contrib/ansible/vars/vars.yaml b/contrib/ansible/vars/vars.yaml new file mode 100644 index 000000000..4aeff4ed9 --- /dev/null +++ b/contrib/ansible/vars/vars.yaml @@ -0,0 +1,8 @@ +--- +# TODO update official versions once they are available +cri_containerd_release_version: 0.1.0-234-g55a0887 +cri_release_directory: /opt/cri-containerd/ +local_bin_dir: /usr/local/bin/ +local_sbin_dir: /usr/local/sbin/ +cni_bin_dir: /opt/cni/bin/ +cni_conf_dir: /etc/cni/net.d/ diff --git a/contrib/systemd-units/containerd.service b/contrib/systemd-units/containerd.service index b731666f6..cbf2cb41a 100644 --- a/contrib/systemd-units/containerd.service +++ b/contrib/systemd-units/containerd.service @@ -4,11 +4,13 @@ Documentation=https://containerd.io After=network.target [Service] -Restart=always -RestartSec=10 +ExecStartPre=/sbin/modprobe overlay ExecStart=/usr/local/bin/containerd +Restart=always +RestartSec=5 Delegate=yes KillMode=process +OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target diff --git a/contrib/systemd-units/cri-containerd.service b/contrib/systemd-units/cri-containerd.service index b4c7a514d..1ba029c75 100644 --- a/contrib/systemd-units/cri-containerd.service +++ b/contrib/systemd-units/cri-containerd.service @@ -5,7 +5,7 @@ After=containerd.service [Service] Restart=always -RestartSec=10 +RestartSec=5 ExecStart=/usr/local/bin/cri-containerd --logtostderr OOMScoreAdjust=-999