17 Commits

Author SHA1 Message Date
Jim Gauld
169a0c0ee3 Move k8s container cleanup to containerd service
This introduces k8s-container-cleanup script that will be called
when containerd.service is stopped. The script detects whether systemd
state is 'stopping' due to shutdown/reboot, then stops all running
containers before the service shuts down.

During shutdown/reboot, some containers are not receiving the
SIGTERM signal. This leads to unexpected behaviour such as
generating huge coredumps.

There is an upstream issue regarding this:
https://github.com/kubernetes/kubernetes/issues/107158
The problem seems to be systemd related but this commit
addresses the problem with a workaround.

This reverts commit f3c18b0f79e3b145d378474b24d861926dd61a13.
The k8s-container-cleanup script is moved from kubelet.service
to containerd.service. The ExecStopPost that calls this script
is removed, and replaced with ExecStop in containerd.service
to call the script (in config-files repo).

The k8s-container-cleanup script requires containerd is running
in order to use crictl utility. The shutdown of kubelet and
containerd have unpredictable timing, so the cleanup must be done
in containerd.

Test Plan: On AIO-SX
PASS: Verify k8s-container-cleanup logs to daemon.log during 'stopping.
PASS: Manual change containerd/kubelet shutdown timing and verify.
k8s-container-cleanup running to completion before containerd stopped.
PASS: Reboot and verify k8s-container-cleanup running to completion.
PASS: Lock/unlock and verify k8s-container-cleanup running to completion.
PASS: Manually run spellintian tool against k8s-container-cleanup.sh.
PASS: Manually run shellcheck tool against k8s-container-cleanup.sh.
PASS: Zuul tox bashate tool against k8s-container-cleanup.sh.

Partial-Bug: 1964111
Change-Id: Ic8a9e257f861ae218a8520205eced3eaa580dd20
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
2022-04-12 13:52:40 -04:00
Kaustubh Dhokte
298c333a76 CentOS: upversion containerd and runc
To align with kubernetes 1.21.8,
Upgrade containerd from version 1.4.6 to 1.4.11
Upgrade runc from version 1.0.0-rc95 to 1.0.2

We continue to use no_btrfs build flag for containerd
as we do not use btrfs

Test Plan:
Built an iso (CentOS) and installed on AIO-DX lab
PASS: Run basic docker, ctr, crictl and runc commands
      to create, list containers, images
PASS: Create new pods and PVCs and delete them
PASS: Lock-unlock and reboot hosts.
      Check all pods are up back

Story: 2009845
Task: 44456

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I8e5ce0fd316e2e7f059c8abe5050732192f502a1
2022-03-02 02:35:09 -05:00
Gleb Aronsky
5022532a73 Backport commit to Reduce clutter of log entries
Backport containerd 1.5.0 commit
1f5b84f27cd675780bc7127f9aedbfe34cc7590b to reduce clutter of log
entries during process execution

Test Plan: Verify containerd.log logs fewer messages

PASS: Verified that the containerd.log file omits previously noisy log
messages such as "ExecSync for", "Exec process", and "Finish piping"
which are now logged at the Debug verbosity threshold.

Story: 2009272
Task: 43588

Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
Change-Id: I71d52b8306185917144b0bbf40dd371508f78064
2021-10-14 14:58:27 -04:00
Scott Little
6c2e809c92 Modify go package to be compatible with golang 1.16.6
Most packages will compile using the new default golang version (1.16.6).
For some packages it is a transparent change, but those reliant on
the old GOPATH method require the addition of  ...

    go env -w GO111MODULE=auto

... to their build instruction to restore GOPATH compatibility.

For Kubernetes version 1.18.1, I explicitly set to compile using
golang version 1.13.9 as this is the version recommended by Kubernetes.

Story: 2008972
Task: 42655
Depends-On: https://review.opendev.org/c/starlingx/compile/+/804123
Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: I0d813cd245cb46932bf2096b641c4972f8a49efc
2021-08-16 09:45:48 -04:00
Mihnea Saracin
5935f2a65f Update containerd to 1.4.6 (with fixed paths)
This updates containerd from 1.3.3 to 1.4.6,
runc from 1.0.0-rc10 to 1.0.0-rc95 and crictl from 1.18 to 1.21
to align with what was used upstream for Kubernetes 1.21 testing.

We could also remove the "no_btrfs" build flag by adding the
btrfs-progs-devel RPM to the CentOS mirror.  But we don't use btrfs
anyway, so this way we make the package a bit smaller.

Story: 2008972
Task: 42640

Change-Id: I3dc5465a80209eab34224e9e6e2d5aee49a8266e
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
2021-06-30 15:06:59 +00:00
Mihnea Saracin
883860da4e Revert "Update containerd to 1.4.6"
This reverts commit 4c682e9c434db74f616a039d6ab4415f36fedc03.

Change-Id: I18950de2f06e42c45b19f0f8d5cca058216c68f6
2021-06-29 20:04:44 +00:00
Mihnea Saracin
4c682e9c43 Update containerd to 1.4.6
This updates containerd from 1.3.3 to 1.4.6,
runc from 1.0.0-rc10 to 1.0.0-rc95 and crictl from 1.18 to 1.21
to align with what was used upstream for Kubernetes 1.21 testing.

We could also remove the "no_btrfs" build flag by adding the
btrfs-progs-devel RPM to the CentOS mirror.  But we don't use btrfs
anyway, so this way we make the package a bit smaller.

Story: 2008972
Task: 42640

Change-Id: I2391ca7987d8f28a6f8efa1cd908b91004029e33
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
2021-06-25 18:53:56 +03:00
Dongqi Chen
af359d4938 Add auto-versioning to starlingx/integ packages
This update makes use of the PKG_GITREVCOUNT variable
to auto-version the packages in this repo.

Story: 2007750
Task: 39951
Change-Id: I854419c922b9db4edbbf6f1e987a982ec2ec7b59
Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
2020-06-24 09:48:28 +08:00
Chris Friesen
9400e1d2a6 switch to containerd.service file from upstream
Back when the containerd package was first added to the build,
the designer who added it didn't realize that the upstream source
already contained a "containerd.service" file and so they added
a separate one.

It turns out that the upstream source *does* have a service file,
and it also contains some additional settings that we might want
to pick up.  Furthermore, there are additional changes in more
recent versions of the package.  As such, we want to switch to
use the service file from the upstream source instead of a custom
one.

The upstream service file wants to run /usr/local/bin/containerd
so we just make a symlink at that location pointing to the
current binary location.

Closes-Bug: 1884111
Change-Id: I5ed4f46a7bcceb0d0f71abb26590160fb62c0b7b
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
2020-06-18 17:58:53 -04:00
Robert Church
5ac3a294a1 Upversion containerd components to align with k8s v1.18.0
To align with k8s v1.18.0. This moves containerd to v1.3.3, runc to
1.0.0-rc10, and crictl to v1.18.0.

Change-Id: I2e5afb63c494a87e29c8f981189ce019225feaf9
Story: 2006999
Task: 39340
Depends-On: https://review.opendev.org/#/c/718370/
Signed-off-by: Robert Church <robert.church@windriver.com>
2020-04-13 14:00:50 -04:00
Mingyuan Qi
5694c72218 Fix QAT plugin image pull failed
Fix several image pull failure issue caused by a containerd chmod
issue resolve by upstream commit e2269f2.

Original commit message:

handleLChmod() does not properly check that files behind the
handlinks exist before calling os.Chmod(). We've seen base images
where this results in "no such file or directory" error from
os.Chmod() when unpacking the image.

To keep the existing logic but fix the problem, this commit simply
skips IsNotExist error.

Closes-bug: 1869236

Change-Id: I2e77adbf89ad5505f2d7127a3f06ccfb805c0f24
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
2020-04-10 05:29:19 +00:00
Zuul
85723f2095 Merge "Fix containerd cannot pull image with old registry-token-server" 2020-02-18 14:35:53 +00:00
Shuicheng Lin
0e1ad4bbcd Fix containerd cannot pull image with old registry-token-server
registry-token-server has been updated to support POST method.
But for upgrade case(stx3.0 upgrade to stx4.0), containerd need
talk with old registry-token-server which doesn't support POST
method, and 400 error code will be returned. For this case,
containerd still need fallback to GET method.

Story: 2006145
Task: 38763
Change-Id: I9834d1afae406c7e1f80bea6034931d854d4e868
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-02-14 10:18:23 +08:00
Don Penney
77b632e28f Fix containerd build failure
The 20200205T023000Z CENGN build failed on containerd due to a build
ordering issue. In the failed build, containerd was built ahead of
rpm, and the mock build environment for the containerd build ran with
the stock CentOS version of RPM. Unfortunately, it appears this
version of RPM fails when trying to build the debuginfo for a golang
package. There are currently two other golang packages in StarlingX,
but these have debuginfo disabled in the spec.

Adding a version-specific dependency in the containerd spec to ensure
the newer RPM is installed resolves the issue.

Change-Id: Ia7c85751012bbd0c3b83a2496bd7424e123eef93
Closes-Bug: 1862038
Co-Authored-By: Scott Little <scott.little@windriver.com>
Signed-off-by: Don Penney <don.penney@windriver.com>
2020-02-05 12:34:15 -05:00
Lin Shuicheng
7165b3539c Revert "Revert "add containerd package for kata container support""
This reverts commit ff7b8ffd6a91d4fe3b59f939d59bf1512e524c60.

Depends-On: https://review.opendev.org/703263
Change-Id: I9ed3cc54bb61d6e49219c9c98571740f0e066c3f
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-01-19 02:00:08 +00:00
Don Penney
ff7b8ffd6a Revert "add containerd package for kata container support"
This reverts commit 90f7e49661653e82dbad7cbaa924837620fb4b60.

Reverting due to https://bugs.launchpad.net/starlingx/+bug/1859686

Change-Id: Ief511a012fe61d5d3016dc13c54fab1e32a4d6b0
2020-01-14 20:38:20 +00:00
Shuicheng Lin
90f7e49661 add containerd package for kata container support
containerd is upgrade from 1.2.5 to 1.3.0 in order to support
kata container.

Story: 2006145
Task: 36834
Depends-On: https://review.opendev.org/697601
Depends-On: https://review.opendev.org/685211
Change-Id: I2e067a1af1962328c865f463cafdabfad5946e02
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2019-12-06 10:23:09 +08:00