Add CRI release build

Add installation scripts needed to generate CRI + CNI tar package on release. Update Github action release script to generate CRI release tarballs for Linux and Windows. Signed-off-by: Derek McGowan <derek@mcg.dev>
2020-08-06 23:11:48 -07:00 · 2020-08-06 23:11:48 -07:00 · d2472ecc59
commit d2472ecc59
parent 1c7312e5da
5 changed files with 219 additions and 19 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -66,11 +66,18 @@ jobs:

      - name: Set env
        shell: bash
+        env:
+          MOS: ${{ matrix.os }}
        run: |
          releasever=${{ github.ref }}
          releasever="${releasever#refs/tags/}"
+          os=linux
+          [[ "${MOS}" =~ "windows" ]] && {
+            os=windows
+          }
          echo "::set-env name=RELEASE_VER::${releasever}"
          echo "::set-env name=GOPATH::${{ github.workspace }}"
+          echo "::set-env name=OS::${os}"
          echo "::add-path::${{ github.workspace }}/bin"

      - name: Checkout containerd
@ -79,12 +86,14 @@ jobs:
          repository: containerd/containerd
          ref: ${{ github.ref }}
          path: src/github.com/containerd/containerd
+
      - name: HCS Shim commit
        id: hcsshim_commit
        if: startsWith(matrix.os, 'windows')
        shell: bash
        run: echo "::set-output name=sha::$(grep Microsoft/hcsshim vendor.conf | awk '{print $2}')"
        working-directory: src/github.com/containerd/containerd
+
      - name: Checkout hcsshim source
        if: startsWith(matrix.os, 'windows')
        uses: actions/checkout@v2
@ -92,16 +101,14 @@ jobs:
          repository: Microsoft/hcsshim
          ref: ${{ steps.hcsshim_commit.outputs.sha }}
          path: src/github.com/Microsoft/hcsshim
+
      - name: Make
        shell: bash
-        env:
-          MOS: ${{ matrix.os }}
-          OS: linux
        run: |
          make build
          make binaries
-          [[ "${MOS}" =~ "windows" ]] && {
-              OS=windows
+          rm bin/containerd-stress*
+          [[ "${OS}" == "windows" ]] && {
              (
                bindir="$(pwd)/bin"
                cd ../../Microsoft/hcsshim
@ -119,6 +126,47 @@ jobs:
          name: containerd-binaries-${{ matrix.os }}
          path: src/github.com/containerd/containerd/*.tar.gz*

+      - name: Install cri-containerd dependencies
+        shell: bash
+        env:
+          RUNC_FLAVOR: runc
+          DESTDIR: ${{ github.workspace }}/cri-release
+        run: |
+          mkdir ${DESTDIR}
+          if [[ "${OS}" == "linux" ]]; then
+            sudo install -d ${DESTDIR}/usr/local/bin
+            sudo install -D -m 755 bin/* ${DESTDIR}/usr/local/bin
+            sudo install -d ${DESTDIR}/opt/containerd/cluster
+            sudo cp -r contrib/gce ${DESTDIR}/opt/containerd/cluster/
+            sudo install -d ${DESTDIR}/etc/systemd/system
+            sudo install -m 644 containerd.service ${DESTDIR}/etc/systemd/system
+            echo "CONTAINERD_VERSION: '${RELEASE_VER#v}'" | sudo tee ${DESTDIR}/opt/containerd/cluster/version
+
+            sudo PATH=$PATH script/setup/install-seccomp
+            USESUDO=true script/setup/install-runc
+            script/setup/install-cni
+            script/setup/install-critools
+          elif [[ "${OS}" == "windows" ]]; then
+            script/setup/install-cni-windows
+            cp bin/* ${DESTDIR}/
+          fi
+        working-directory: src/github.com/containerd/containerd
+
+      - name: Make cri-containerd tar
+        shell: bash
+        run: |
+          TARFILE="cri-containerd-cni-${RELEASE_VER#v}-${OS}-amd64.tar.gz"
+          [[ "${OS}" == "linux" ]] && tar czf ${TARFILE} etc usr opt
+          [[ "${OS}" == "windows" ]] && tar czf ${TARFILE} *
+          sha256sum ${TARFILE} >${TARFILE}.sha256sum
+        working-directory: cri-release
+
+      - name: Save cri-containerd binaries
+        uses: actions/upload-artifact@v2
+        with:
+          name: cri-containerd-binaries-${{ matrix.os }}
+          path: cri-release/cri-containerd-cni-*.tar.gz*
+
  release:
    name: Create containerd Release
    runs-on: ubuntu-18.04
@ -135,8 +183,12 @@ jobs:
        run: |
          _filenum=1
          for i in "ubuntu-18.04" "windows-2019"; do
-            for i in `ls builds/containerd-binaries-${i}`; do
-              echo "::set-output name=file${_filenum}::${i}"
+            for f in `ls builds/containerd-binaries-${i}`; do
+              echo "::set-output name=file${_filenum}::${f}"
+              let "_filenum+=1"
+            done
+            for f in `ls builds/cri-containerd-binaries-${i}`; do
+              echo "::set-output name=file${_filenum}::${f}"
              let "_filenum+=1"
            done
          done
@ -169,14 +221,32 @@ jobs:
          asset_path: ./builds/containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file2 }}
          asset_name: ${{ steps.catalog.outputs.file2 }}
          asset_content_type: text/plain
+      - name: Upload Linux cri containerd tarball
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/cri-containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file3 }}
+          asset_name: ${{ steps.catalog.outputs.file3 }}
+          asset_content_type: application/gzip
+      - name: Upload Linux cri sha256 sum
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/cri-containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file4 }}
+          asset_name: ${{ steps.catalog.outputs.file4 }}
+          asset_content_type: text/plain
      - name: Upload Windows containerd tarball
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file3 }}
-          asset_name: ${{ steps.catalog.outputs.file3 }}
+          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file5 }}
+          asset_name: ${{ steps.catalog.outputs.file5 }}
          asset_content_type: application/gzip
      - name: Upload Windows sha256 sum
        uses: actions/upload-release-asset@v1
@ -184,6 +254,24 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file4 }}
-          asset_name: ${{ steps.catalog.outputs.file4 }}
+          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file6 }}
+          asset_name: ${{ steps.catalog.outputs.file6 }}
+          asset_content_type: text/plain
+      - name: Upload Windows cri containerd tarball
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/cri-containerd-binaries-windows-2019/${{ steps.catalog.outputs.file7 }}
+          asset_name: ${{ steps.catalog.outputs.file7 }}
+          asset_content_type: application/gzip
+      - name: Upload Windows cri sha256 sum
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/cri-containerd-binaries-windows-2019/${{ steps.catalog.outputs.file8 }}
+          asset_name: ${{ steps.catalog.outputs.file8 }}
          asset_content_type: text/plain
--- a/script/setup/install-cni
+++ b/script/setup/install-cni
@ -22,8 +22,8 @@
 set -eu -o pipefail

 CNI_COMMIT=$(grep containernetworking/plugins "$GOPATH"/src/github.com/containerd/containerd/vendor.conf | awk '{print $2}')
-CNI_DIR=/opt/cni
-CNI_CONFIG_DIR=/etc/cni/net.d
+CNI_DIR=${DESTDIR:=''}/opt/cni
+CNI_CONFIG_DIR=${DESTDIR}/etc/cni/net.d

 go get -d github.com/containernetworking/plugins/...
 cd "$GOPATH"/src/github.com/containernetworking/plugins
@ -45,9 +45,17 @@ cat <<EOF | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist
      "promiscMode": true,
      "ipam": {
        "type": "host-local",
-        "subnet": "10.88.0.0/16",
+        "ranges": [
+          [{
+            "subnet": "10.88.0.0/16"
+          }],
+          [{
+            "subnet": "2001:4860:4860::8888/32"
+          }]
+        ],
        "routes": [
-          { "dst": "0.0.0.0/0" }
+          { "dst": "0.0.0.0/0" },
+          { "dst": "::/0" }
        ]
      }
    },
--- a/script/setup/install-cni-windows
+++ b/script/setup/install-cni-windows
@ -0,0 +1,97 @@
+#!/bin/bash
+
+#   Copyright The containerd Authors.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -eu -o pipefail
+
+destdir="${destdir:-"C:\\Program Files\\containerd"}"
+WINCNI_BIN_DIR="${destdir}/cni"
+WINCNI_PKG=github.com/Microsoft/windows-container-networking
+WINCNI_VERSION=aa10a0b31e9f72937063436454def1760b858ee2
+
+go get -d "${WINCNI_PKG}/..."
+cd "${GOPATH}/src/${WINCNI_PKG}"
+git checkout "${WINCNI_VERSION}"
+make all
+install -D -m 755 "out/nat.exe" "${WINCNI_BIN_DIR}/nat.exe"
+install -D -m 755 "out/sdnbridge.exe" "${WINCNI_BIN_DIR}/sdnbridge.exe"
+install -D -m 755 "out/sdnoverlay.exe" "${WINCNI_BIN_DIR}/sdnoverlay.exe"
+
+CNI_CONFIG_DIR="${destdir}/cni/conf"
+mkdir -p "${CNI_CONFIG_DIR}"
+
+# split_ip splits ip into a 4-element array.
+split_ip() {
+  local -r varname="$1"
+  local -r ip="$2"
+  for i in {0..3}; do
+    eval "$varname"[$i]=$( echo "$ip" | cut -d '.' -f $((i + 1)) )
+  done
+}
+
+# subnet gets subnet for a gateway, e.g. 192.168.100.0/24.
+calculate_subnet() {
+  local -r gateway="$1"
+  local -r prefix_len="$2"
+  split_ip gateway_array "$gateway"
+  local len=$prefix_len
+  for i in {0..3}; do
+    if (( len >= 8 )); then
+      mask=255
+    elif (( len > 0 )); then
+      mask=$(( 256 - 2 ** ( 8 - len ) ))
+    else
+      mask=0
+    fi
+    (( len -= 8 ))
+    result_array[i]=$(( gateway_array[i] & mask ))
+  done
+  result="$(printf ".%s" "${result_array[@]}")"
+  result="${result:1}"
+  echo "$result/$((32 - prefix_len))"
+}
+
+# nat already exists on the Windows VM, the subnet and gateway
+# we specify should match that.
+gateway="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).IPAddress")"
+prefix_len="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).PrefixLength")"
+
+subnet="$(calculate_subnet "$gateway" "$prefix_len")"
+
+# The "name" field in the config is used as the underlying
+# network type right now (see
+# https://github.com/microsoft/windows-container-networking/pull/45),
+# so it must match a network type in:
+# https://docs.microsoft.com/en-us/windows-server/networking/technologies/hcn/hcn-json-document-schemas
+bash -c 'cat >"'"${CNI_CONFIG_DIR}"'"/0-containerd-nat.conf <<EOF
+{
+    "cniVersion": "0.2.0",
+    "name": "nat",
+    "type": "nat",
+    "master": "Ethernet",
+    "ipam": {
+        "subnet": "'$subnet'",
+        "routes": [
+            {
+                "GW": "'$gateway'"
+            }
+        ]
+    },
+    "capabilities": {
+        "portMappings": true,
+        "dns": true
+    }
+}
+EOF'
--- a/script/setup/install-critools
+++ b/script/setup/install-critools
@ -26,7 +26,7 @@ go get -d github.com/kubernetes-sigs/cri-tools/...
 cd "$GOPATH"/src/github.com/kubernetes-sigs/cri-tools
 git checkout $CRITEST_COMMIT
 make
-sudo make install
-cat << EOF | sudo tee /etc/crictl.yaml
+sudo make install -e BINDIR=${DESTDIR:=''}/usr/local/bin
+cat << EOF | sudo tee ${DESTDIR}/etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
--- a/script/setup/install-runc
+++ b/script/setup/install-runc
@ -27,7 +27,14 @@ function install_runc() {
 	cd "$GOPATH"/src/github.com/opencontainers/runc
 	git checkout $RUNC_COMMIT
 	make BUILDTAGS='apparmor seccomp selinux' runc
-	make install
+
+	USESUDO=${USESUDO:-false}
+	if ${USESUDO}; then
+	  SUDO='sudo -E'
+	else
+	  SUDO=''
+	fi
+	${SUDO} make install
 }

 function install_crun() {