Add support for kata container runtime

This adds support for kata containers by installing and configuring
the relevant runtime.

The default remains as 'runc' but can be adjusted using the
variable added to the defaults.

Change-Id: Iea07012d092333c656b397f97b541a2f0a5f0e44
This commit is contained in:
Andrew Bonney 2021-01-06 14:19:01 +00:00
parent 29a7510b18
commit fb440ce3d0
8 changed files with 118 additions and 39 deletions

View File

@ -89,6 +89,7 @@ zun_kuryr_lock_path: "/var/lock/kuryr"
## Docker setup information ## Docker setup information
zun_docker_package_version: "{{ _zun_docker_package_version }}" zun_docker_package_version: "{{ _zun_docker_package_version }}"
zun_containerd_package_version: "{{ _zun_containerd_package_version }}" zun_containerd_package_version: "{{ _zun_containerd_package_version }}"
zun_kata_package_version: "{{ _zun_kata_package_version }}"
# Set a list of users that are permitted to execute the docker binary. # Set a list of users that are permitted to execute the docker binary.
zun_docker_users: zun_docker_users:
@ -207,6 +208,9 @@ zun_service_endpoint_type: internalURL
zun_recreate_keys: False zun_recreate_keys: False
## General Zun configuration ## General Zun configuration
# Select between the 'runc' or 'kata' runtime
zun_container_runtime: runc
# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to # If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use. # compute the number of api workers to use.
# zun_osapi_compute_workers: 16 # zun_osapi_compute_workers: 16

View File

@ -13,6 +13,60 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Stop containerd
systemd:
name: "containerd"
enabled: yes
state: "stopped"
daemon_reload: yes
register: _stop
until: _stop is success
retries: 5
delay: 2
listen: "Restart containerd"
- name: Start containerd
systemd:
name: "containerd"
enabled: yes
state: "started"
daemon_reload: yes
register: _start
until: _start is success
retries: 5
delay: 2
listen: "Restart containerd"
- name: Stop docker
systemd:
name: "{{ item }}"
enabled: yes
state: "stopped"
daemon_reload: yes
with_items:
- docker
- kuryr-libnetwork
register: _stop
until: _stop is success
retries: 5
delay: 2
listen: "Restart docker"
- name: Start docker
systemd:
name: "{{ item }}"
enabled: yes
state: "started"
daemon_reload: yes
with_items:
- kuryr-libnetwork
- docker
register: _start
until: _start is success
retries: 5
delay: 2
listen: "Restart docker"
- name: Stop services - name: Stop services
systemd: systemd:
name: "{{ item.service_name }}" name: "{{ item.service_name }}"
@ -43,36 +97,6 @@
- "Restart zun services" - "Restart zun services"
- "venv changed" - "venv changed"
- name: Stop docker
systemd:
name: "{{ item }}"
enabled: yes
state: "stopped"
daemon_reload: yes
with_items:
- docker
- kuryr-libnetwork
register: _stop
until: _stop is success
retries: 5
delay: 2
listen: "Restart kuryr services"
- name: Start docker
systemd:
name: "{{ item }}"
enabled: yes
state: "started"
daemon_reload: yes
with_items:
- docker
- kuryr-libnetwork
register: _start
until: _start is success
retries: 5
delay: 2
listen: "Restart kuryr services"
- meta: noop - meta: noop
listen: Manage LB listen: Manage LB
when: false when: false

View File

@ -42,6 +42,15 @@
- package: "containerd.io" - package: "containerd.io"
version: "{{ zun_containerd_package_version }}" version: "{{ zun_containerd_package_version }}"
priority: 1000 priority: 1000
- package: "kata-runtime"
version: "{{ zun_kata_package_version }}"
priority: 1000
- package: "kata-proxy"
version: "{{ zun_kata_package_version }}"
priority: 1000
- package: "kata-shim"
version: "{{ zun_kata_package_version }}"
priority: 1000
- name: Get apt gpg key - name: Get apt gpg key
get_url: get_url:
@ -58,7 +67,7 @@
- name: Add apt repository - name: Add apt repository
apt_repository: apt_repository:
repo: deb [arch=amd64] {{ item.uri }} {{ ansible_distribution_release | lower }} stable repo: "{{ item.repo }}"
state: present state: present
filename: "{{ item.name }}" filename: "{{ item.name }}"
update_cache: no update_cache: no
@ -81,7 +90,7 @@
yum_repository: yum_repository:
name: "{{ item.name }}" name: "{{ item.name }}"
description: "{{ item.description }}" description: "{{ item.description }}"
baseurl: "{{ item.uri }}" baseurl: "{{ item.repo }}"
gpgkey: "{{ item.gpgkey | default(omit) }}" gpgkey: "{{ item.gpgkey | default(omit) }}"
gpgcheck: yes gpgcheck: yes
enabled: yes enabled: yes
@ -113,6 +122,24 @@
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
enablerepo: "{{ (ansible_pkg_mgr in ['yum', 'dnf']) | ternary('extras', omit) }}" enablerepo: "{{ (ansible_pkg_mgr in ['yum', 'dnf']) | ternary('extras', omit) }}"
- name: Ensure the containerd config directory exists
file:
path: "/etc/containerd"
state: "directory"
owner: "root"
group: "root"
mode: "0755"
- name: Configure containerd
template:
src: "config.toml.j2"
dest: "/etc/containerd/config.toml"
mode: "0644"
owner: "root"
group: "root"
notify:
- Restart containerd
- name: Ensure the Docker config directory exists - name: Ensure the Docker config directory exists
file: file:
path: "/etc/docker" path: "/etc/docker"
@ -135,7 +162,7 @@
config_overrides: "{{ zun_docker_config_overrides }}" config_overrides: "{{ zun_docker_config_overrides }}"
config_type: "json" config_type: "json"
notify: notify:
- Restart kuryr services - Restart docker
- name: Create the kuryr system group - name: Create the kuryr system group
group: group:
@ -214,7 +241,7 @@
config_type: "ini" config_type: "ini"
notify: notify:
- Manage LB - Manage LB
- Restart kuryr services - Restart docker
tags: tags:
- zun-config - zun-config
- zun-post-install - zun-post-install
@ -233,7 +260,7 @@
config_overrides: "{{ zun_kuryr_config_overrides }}" config_overrides: "{{ zun_kuryr_config_overrides }}"
config_type: "json" config_type: "json"
notify: notify:
- Restart kuryr services - Restart docker
- name: Ensure docker users are added to the docker group - name: Ensure docker users are added to the docker group
user: user:

5
templates/config.toml.j2 Normal file
View File

@ -0,0 +1,5 @@
[plugins]
[plugins.cri]
[plugins.cri.containerd]
[plugins.cri.containerd.runtimes.kata]
runtime_type = "io.containerd.kata.v2"

View File

@ -1,3 +1,3 @@
[Service] [Service]
ExecStart= ExecStart=
ExecStart=/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %} ExecStart=/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %} --add-runtime kata=/usr/bin/kata-runtime

View File

@ -7,8 +7,8 @@ transport_url = {{ zun_oslomsg_rpc_transport }}://{% for host in zun_oslomsg_rpc
use_sandbox = true use_sandbox = true
image_driver_list = glance,docker image_driver_list = glance,docker
default_image_driver = docker default_image_driver = docker
capsule_driver = docker capsule_driver = docker
container_runtime = {{ zun_container_runtime }}
[api] [api]

View File

@ -15,11 +15,18 @@
_zun_docker_package_version: "5:19.03.14~*" _zun_docker_package_version: "5:19.03.14~*"
_zun_containerd_package_version: "1.4.3-1" _zun_containerd_package_version: "1.4.3-1"
_zun_kata_package_version: "{{ (ansible_distribution_release | lower == 'focal') | ternary('1.12.0-2', '1.11.5-9') }}"
zun_kata_repo_version: "{{ (ansible_distribution_release | lower == 'focal') | ternary('stable-1.12', 'stable-1.11') }}"
zun_kata_repo_distro: "{{ (ansible_distribution | lower == 'ubuntu') | ternary('x', '') }}{{ ansible_distribution | capitalize }}"
zun_docker_repo: zun_docker_repo:
- name: "docker-ce" - name: "docker-ce"
uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}" repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable"
gpg_uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" gpg_uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
- name: "kata"
repo: "deb https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_architecture }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_distribution_version }}/ /"
gpg_uri: "https://download.opensuse.org/repositories/home:/katacontainers:/releases:/{{ ansible_architecture }}:/{{ zun_kata_repo_version }}/{{ zun_kata_repo_distro }}_{{ ansible_distribution_version }}/Release.key"
# Common apt packages # Common apt packages
zun_distro_packages: zun_distro_packages:
@ -36,6 +43,9 @@ zun_distro_compute_packages:
- pciutils - pciutils
- numactl - numactl
- multipath-tools - multipath-tools
- kata-runtime
- kata-proxy
- kata-shim
zun_docker_groupname: docker zun_docker_groupname: docker

View File

@ -15,12 +15,17 @@
_zun_docker_package_version: "19.03.14-3" _zun_docker_package_version: "19.03.14-3"
_zun_containerd_package_version: "1.4.3-3.1" _zun_containerd_package_version: "1.4.3-3.1"
_zun_kata_package_version: "1.11.3-1"
zun_docker_repo: zun_docker_repo:
- name: "docker-ce" - name: "docker-ce"
description: Docker CE Stable description: Docker CE Stable
uri: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable" repo: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable"
gpgkey: "https://download.docker.com/linux/centos/gpg" gpgkey: "https://download.docker.com/linux/centos/gpg"
- name: "kata"
description: Kata runtime
repo: "http://mirror.centos.org/centos/{{ ansible_distribution_major_version }}/virt/$basearch/kata-containers"
gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Official"
# Common yum packages # Common yum packages
zun_distro_packages: zun_distro_packages:
@ -34,5 +39,9 @@ zun_distro_compute_packages:
- pciutils - pciutils
- numactl - numactl
- device-mapper-multipath - device-mapper-multipath
- "kata-runtime-{{ zun_kata_package_version }}.el{{ ansible_distribution_major_version }}.x86_64"
- "kata-shim-{{ zun_kata_package_version }}.el{{ ansible_distribution_major_version }}.x86_64"
# NOTE: This package is unavailable from the centos mirrors
# - "kata-proxy-{{ zun_kata_package_version }}.el{{ ansible_distribution_major_version }}.x86_64"
zun_docker_groupname: docker zun_docker_groupname: docker