Add support for kata container runtime
This adds support for kata containers by installing and configuring the relevant runtime. The default remains as 'runc' but can be adjusted using the variable added to the defaults. Change-Id: Iea07012d092333c656b397f97b541a2f0a5f0e44
This commit is contained in:
parent
29a7510b18
commit
fb440ce3d0
@ -89,6 +89,7 @@ zun_kuryr_lock_path: "/var/lock/kuryr"
|
|||||||
## Docker setup information
|
## Docker setup information
|
||||||
zun_docker_package_version: "{{ _zun_docker_package_version }}"
|
zun_docker_package_version: "{{ _zun_docker_package_version }}"
|
||||||
zun_containerd_package_version: "{{ _zun_containerd_package_version }}"
|
zun_containerd_package_version: "{{ _zun_containerd_package_version }}"
|
||||||
|
zun_kata_package_version: "{{ _zun_kata_package_version }}"
|
||||||
|
|
||||||
# Set a list of users that are permitted to execute the docker binary.
|
# Set a list of users that are permitted to execute the docker binary.
|
||||||
zun_docker_users:
|
zun_docker_users:
|
||||||
@ -207,6 +208,9 @@ zun_service_endpoint_type: internalURL
|
|||||||
zun_recreate_keys: False
|
zun_recreate_keys: False
|
||||||
|
|
||||||
## General Zun configuration
|
## General Zun configuration
|
||||||
|
# Select between the 'runc' or 'kata' runtime
|
||||||
|
zun_container_runtime: runc
|
||||||
|
|
||||||
# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
|
# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
|
||||||
# compute the number of api workers to use.
|
# compute the number of api workers to use.
|
||||||
# zun_osapi_compute_workers: 16
|
# zun_osapi_compute_workers: 16
|
||||||
|
@ -13,6 +13,60 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Stop containerd
|
||||||
|
systemd:
|
||||||
|
name: "containerd"
|
||||||
|
enabled: yes
|
||||||
|
state: "stopped"
|
||||||
|
daemon_reload: yes
|
||||||
|
register: _stop
|
||||||
|
until: _stop is success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
listen: "Restart containerd"
|
||||||
|
|
||||||
|
- name: Start containerd
|
||||||
|
systemd:
|
||||||
|
name: "containerd"
|
||||||
|
enabled: yes
|
||||||
|
state: "started"
|
||||||
|
daemon_reload: yes
|
||||||
|
register: _start
|
||||||
|
until: _start is success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
listen: "Restart containerd"
|
||||||
|
|
||||||
|
- name: Stop docker
|
||||||
|
systemd:
|
||||||
|
name: "{{ item }}"
|
||||||
|
enabled: yes
|
||||||
|
state: "stopped"
|
||||||
|
daemon_reload: yes
|
||||||
|
with_items:
|
||||||
|
- docker
|
||||||
|
- kuryr-libnetwork
|
||||||
|
register: _stop
|
||||||
|
until: _stop is success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
listen: "Restart docker"
|
||||||
|
|
||||||
|
- name: Start docker
|
||||||
|
systemd:
|
||||||
|
name: "{{ item }}"
|
||||||
|
enabled: yes
|
||||||
|
state: "started"
|
||||||
|
daemon_reload: yes
|
||||||
|
with_items:
|
||||||
|
- kuryr-libnetwork
|
||||||
|
- docker
|
||||||
|
register: _start
|
||||||
|
until: _start is success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
listen: "Restart docker"
|
||||||
|
|
||||||
- name: Stop services
|
- name: Stop services
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item.service_name }}"
|
name: "{{ item.service_name }}"
|
||||||
@ -43,36 +97,6 @@
|
|||||||
- "Restart zun services"
|
- "Restart zun services"
|
||||||
- "venv changed"
|
- "venv changed"
|
||||||
|
|
||||||
- name: Stop docker
|
|
||||||
systemd:
|
|
||||||
name: "{{ item }}"
|
|
||||||
enabled: yes
|
|
||||||
state: "stopped"
|
|
||||||
daemon_reload: yes
|
|
||||||
with_items:
|
|
||||||
- docker
|
|
||||||
- kuryr-libnetwork
|
|
||||||
register: _stop
|
|
||||||
until: _stop is success
|
|
||||||
retries: 5
|
|
||||||
delay: 2
|
|
||||||
listen: "Restart kuryr services"
|
|
||||||
|
|
||||||
- name: Start docker
|
|
||||||
systemd:
|
|
||||||
name: "{{ item }}"
|
|
||||||
enabled: yes
|
|
||||||
state: "started"
|
|
||||||
daemon_reload: yes
|
|
||||||
with_items:
|
|
||||||
- docker
|
|
||||||
- kuryr-libnetwork
|
|
||||||
register: _start
|
|
||||||
until: _start is success
|
|
||||||
retries: 5
|
|
||||||
delay: 2
|
|
||||||
listen: "Restart kuryr services"
|
|
||||||
|
|
||||||
- meta: noop
|
- meta: noop
|
||||||
listen: Manage LB
|
listen: Manage LB
|
||||||
when: false
|
when: false
|
||||||
|
@ -42,6 +42,15 @@
|
|||||||
- package: "containerd.io"
|
- package: "containerd.io"
|
||||||
version: "{{ zun_containerd_package_version }}"
|
version: "{{ zun_containerd_package_version }}"
|
||||||
priority: 1000
|
priority: 1000
|
||||||
|
- package: "kata-runtime"
|
||||||
|
version: "{{ zun_kata_package_version }}"
|
||||||
|
priority: 1000
|
||||||
|
- package: "kata-proxy"
|
||||||
|
version: "{{ zun_kata_package_version }}"
|
||||||
|
priority: 1000
|
||||||
|
- package: "kata-shim"
|
||||||
|
version: "{{ zun_kata_package_version }}"
|
||||||
|
priority: 1000
|
||||||
|
|
||||||
- name: Get apt gpg key
|
- name: Get apt gpg key
|
||||||
get_url:
|
get_url:
|
||||||
@ -58,7 +67,7 @@
|
|||||||
|
|
||||||
- name: Add apt repository
|
- name: Add apt repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb [arch=amd64] {{ item.uri }} {{ ansible_distribution_release | lower }} stable
|
repo: "{{ item.repo }}"
|
||||||
state: present
|
state: present
|
||||||
filename: "{{ item.name }}"
|
filename: "{{ item.name }}"
|
||||||
update_cache: no
|
update_cache: no
|
||||||
@ -81,7 +90,7 @@
|
|||||||
yum_repository:
|
yum_repository:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
description: "{{ item.description }}"
|
description: "{{ item.description }}"
|
||||||
baseurl: "{{ item.uri }}"
|
baseurl: "{{ item.repo }}"
|
||||||
gpgkey: "{{ item.gpgkey | default(omit) }}"
|
gpgkey: "{{ item.gpgkey | default(omit) }}"
|
||||||
gpgcheck: yes
|
gpgcheck: yes
|
||||||
enabled: yes
|
enabled: yes
|
||||||
@ -113,6 +122,24 @@
|
|||||||
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
|
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
|
||||||
enablerepo: "{{ (ansible_pkg_mgr in ['yum', 'dnf']) | ternary('extras', omit) }}"
|
enablerepo: "{{ (ansible_pkg_mgr in ['yum', 'dnf']) | ternary('extras', omit) }}"
|
||||||
|
|
||||||
|
- name: Ensure the containerd config directory exists
|
||||||
|
file:
|
||||||
|
path: "/etc/containerd"
|
||||||
|
state: "directory"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Configure containerd
|
||||||
|
template:
|
||||||
|
src: "config.toml.j2"
|
||||||
|
dest: "/etc/containerd/config.toml"
|
||||||
|
mode: "0644"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
notify:
|
||||||
|
- Restart containerd
|
||||||
|
|
||||||
- name: Ensure the Docker config directory exists
|
- name: Ensure the Docker config directory exists
|
||||||
file:
|
file:
|
||||||
path: "/etc/docker"
|
path: "/etc/docker"
|
||||||
@ -135,7 +162,7 @@
|
|||||||
config_overrides: "{{ zun_docker_config_overrides }}"
|
config_overrides: "{{ zun_docker_config_overrides }}"
|
||||||
config_type: "json"
|
config_type: "json"
|
||||||
notify:
|
notify:
|
||||||
- Restart kuryr services
|
- Restart docker
|
||||||
|
|
||||||
- name: Create the kuryr system group
|
- name: Create the kuryr system group
|
||||||
group:
|
group:
|
||||||
@ -214,7 +241,7 @@
|
|||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
notify:
|
notify:
|
||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart kuryr services
|
- Restart docker
|
||||||
tags:
|
tags:
|
||||||
- zun-config
|
- zun-config
|
||||||
- zun-post-install
|
- zun-post-install
|
||||||
@ -233,7 +260,7 @@
|
|||||||
config_overrides: "{{ zun_kuryr_config_overrides }}"
|
config_overrides: "{{ zun_kuryr_config_overrides }}"
|
||||||
config_type: "json"
|
config_type: "json"
|
||||||
notify:
|
notify:
|
||||||
- Restart kuryr services
|
- Restart docker
|
||||||
|
|
||||||
- name: Ensure docker users are added to the docker group
|
- name: Ensure docker users are added to the docker group
|
||||||
user:
|
user:
|
||||||
|
5
templates/config.toml.j2
Normal file
5
templates/config.toml.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
[plugins]
|
||||||
|
[plugins.cri]
|
||||||
|
[plugins.cri.containerd]
|
||||||
|
[plugins.cri.containerd.runtimes.kata]
|
||||||
|
runtime_type = "io.containerd.kata.v2"
|
@ -1,3 +1,3 @@
|
|||||||
[Service]
|
[Service]
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %}
|
ExecStart=/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %} --add-runtime kata=/usr/bin/kata-runtime
|
||||||
|
@ -7,8 +7,8 @@ transport_url = {{ zun_oslomsg_rpc_transport }}://{% for host in zun_oslomsg_rpc
|
|||||||
use_sandbox = true
|
use_sandbox = true
|
||||||
image_driver_list = glance,docker
|
image_driver_list = glance,docker
|
||||||
default_image_driver = docker
|
default_image_driver = docker
|
||||||
|
|
||||||
capsule_driver = docker
|
capsule_driver = docker
|
||||||
|
container_runtime = {{ zun_container_runtime }}
|
||||||
|
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
@ -15,11 +15,18 @@
|
|||||||
|
|
||||||
_zun_docker_package_version: "5:19.03.14~*"
|
_zun_docker_package_version: "5:19.03.14~*"
|
||||||
_zun_containerd_package_version: "1.4.3-1"
|
_zun_containerd_package_version: "1.4.3-1"
|
||||||
|
_zun_kata_package_version: "{{ (ansible_distribution_release | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}"
|
||||||
|
|
||||||
|
zun_kata_repo_version: "{{ (ansible_distribution_release | lower == 'focal') | ternary('stable-1.12', 'stable-1.11') }}"
|
||||||
|
zun_kata_repo_distro: "{{ (ansible_distribution | lower == 'ubuntu') | ternary('x', '') }}{{ ansible_distribution | capitalize }}"
|
||||||
|
|
||||||
zun_docker_repo:
|
zun_docker_repo:
|
||||||
- name: "docker-ce"
|
- name: "docker-ce"
|
||||||
uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}"
|
repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable"
|
||||||
gpg_uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
|
gpg_uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
|
||||||
|
- name: "kata"
|
||||||
|
repo: "deb https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_architecture }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_distribution_version }}/ /"
|
||||||
|
gpg_uri: "https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_architecture }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_distribution_version }}/Release.key"
|
||||||
|
|
||||||
# Common apt packages
|
# Common apt packages
|
||||||
zun_distro_packages:
|
zun_distro_packages:
|
||||||
@ -36,6 +43,9 @@ zun_distro_compute_packages:
|
|||||||
- pciutils
|
- pciutils
|
||||||
- numactl
|
- numactl
|
||||||
- multipath-tools
|
- multipath-tools
|
||||||
|
- kata-runtime
|
||||||
|
- kata-proxy
|
||||||
|
- kata-shim
|
||||||
|
|
||||||
zun_docker_groupname: docker
|
zun_docker_groupname: docker
|
||||||
|
|
||||||
|
@ -15,12 +15,17 @@
|
|||||||
|
|
||||||
_zun_docker_package_version: "19.03.14-3"
|
_zun_docker_package_version: "19.03.14-3"
|
||||||
_zun_containerd_package_version: "1.4.3-3.1"
|
_zun_containerd_package_version: "1.4.3-3.1"
|
||||||
|
_zun_kata_package_version: "1.11.3-1"
|
||||||
|
|
||||||
zun_docker_repo:
|
zun_docker_repo:
|
||||||
- name: "docker-ce"
|
- name: "docker-ce"
|
||||||
description: Docker CE Stable
|
description: Docker CE Stable
|
||||||
uri: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable"
|
repo: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable"
|
||||||
gpgkey: "https://download.docker.com/linux/centos/gpg"
|
gpgkey: "https://download.docker.com/linux/centos/gpg"
|
||||||
|
- name: "kata"
|
||||||
|
description: Kata runtime
|
||||||
|
repo: "http://mirror.centos.org/centos/{{ ansible_distribution_major_version }}/virt/$basearch/kata-containers"
|
||||||
|
gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Official"
|
||||||
|
|
||||||
# Common yum packages
|
# Common yum packages
|
||||||
zun_distro_packages:
|
zun_distro_packages:
|
||||||
@ -34,5 +39,9 @@ zun_distro_compute_packages:
|
|||||||
- pciutils
|
- pciutils
|
||||||
- numactl
|
- numactl
|
||||||
- device-mapper-multipath
|
- device-mapper-multipath
|
||||||
|
- "kata-runtime-{{ zun_kata_package_version }}.el{{ ansible_distribution_major_version }}.x86_64"
|
||||||
|
- "kata-shim-{{ zun_kata_package_version }}.el{{ ansible_distribution_major_version }}.x86_64"
|
||||||
|
# NOTE: This package is unavailable from the centos mirrors
|
||||||
|
# - "kata-proxy-{{ zun_kata_package_version }}.el{{ ansible_distribution_major_version }}.x86_64"
|
||||||
|
|
||||||
zun_docker_groupname: docker
|
zun_docker_groupname: docker
|
||||||
|
Loading…
Reference in New Issue
Block a user