Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade crio to 1.15.0 #4703

Merged
merged 2 commits into from
Jul 16, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions deploy/iso/minikube-iso/package/crio-bin/conmon-config.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@

#if !defined(CONFIG_H)
#define CONFIG_H

#define BUF_SIZE 8192
#define STDIO_BUF_SIZE 8192
#define DEFAULT_SOCKET_PATH "/var/run/crio"

#endif // CONFIG_H
1 change: 1 addition & 0 deletions deploy/iso/minikube-iso/package/crio-bin/crio-bin.hash
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ sha256 92588998dbb79002c38f65f84602b5659f0d0ef1cd36b1a568a2e40269b66816 v1.13.0.
sha256 48e7cf64a757d62a3edf214e1b93b74d99f090ca924f956ede2494a260eab2db v1.13.1.tar.gz
sha256 7435c4745017f06c260973b049440d924efe65b0df008d14175dfb8f5e23b599 v1.14.0.tar.gz
sha256 1f6f72b1f89d4286b2d5b54a48f4d5ed4c0c01065d484635dcb343a706feb743 v1.14.1.tar.gz
sha256 f7041a92e2d3a4c341be8df58f1076ba57ecb5daa02b6c65e652530c5f242739 v1.15.0.tar.gz
15 changes: 7 additions & 8 deletions deploy/iso/minikube-iso/package/crio-bin/crio-bin.mk
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
#
################################################################################

CRIO_BIN_VERSION = v1.14.1
CRIO_BIN_COMMIT = b7644f67e6383cc862b3e37fb74fba334b0b2721
CRIO_BIN_SITE = https://github.com/kubernetes-sigs/cri-o/archive
CRIO_BIN_VERSION = v1.15.0
CRIO_BIN_COMMIT = 485227d727401fa0472a449b5df3b0537e314ebb
CRIO_BIN_SITE = https://github.com/cri-o/cri-o/archive
CRIO_BIN_SOURCE = $(CRIO_BIN_VERSION).tar.gz
CRIO_BIN_DEPENDENCIES = host-go libgpgme
CRIO_BIN_GOPATH = $(@D)/_output
Expand All @@ -23,8 +23,10 @@ define CRIO_BIN_USERS
endef

define CRIO_BIN_CONFIGURE_CMDS
mkdir -p $(CRIO_BIN_GOPATH)/src/github.com/kubernetes-sigs
ln -sf $(@D) $(CRIO_BIN_GOPATH)/src/github.com/kubernetes-sigs/cri-o
mkdir -p $(CRIO_BIN_GOPATH)/src/github.com/cri-o
ln -sf $(@D) $(CRIO_BIN_GOPATH)/src/github.com/cri-o/cri-o
# Generate conmon/config.h with a simplified bin/crio-config
$(CRIO_BIN_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) BUILDTAGS="containers_image_ostree_stub exclude_graphdriver_btrfs exclude_graphdriver_devicemapper containers_image_openpgp" conmon/config.h
endef

define CRIO_BIN_BUILD_CMDS
Expand All @@ -45,9 +47,6 @@ define CRIO_BIN_INSTALL_TARGET_CMDS
$(INSTALL) -Dm755 \
$(@D)/bin/pause \
$(TARGET_DIR)/usr/libexec/crio/pause
$(INSTALL) -Dm644 \
$(@D)/seccomp.json \
$(TARGET_DIR)/etc/crio/seccomp.json
$(INSTALL) -Dm644 \
$(BR2_EXTERNAL_MINIKUBE_PATH)/package/crio-bin/crio.conf \
$(TARGET_DIR)/etc/crio/crio.conf
Expand Down
39 changes: 39 additions & 0 deletions deploy/iso/minikube-iso/package/crio-bin/crio-bin.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
diff --git a/Makefile b/Makefile
index de79f63..a9ea13b 100644
--- a/Makefile
+++ b/Makefile
@@ -136,7 +136,7 @@ crio.conf: bin/crio
release-note: ${RELEASE_TOOL}
${RELEASE_TOOL} -n $(release)

-conmon/config.h: git-vars cmd/crio-config/config.go oci/oci.go
+conmon/config.h: cmd/crio-config/config.go oci/oci.go
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the git executable is not available within your build environment? Because the git-vars target was introduced to actually fix this, but it only checks for the .git folder. I think I can improve this :)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually it was worse... We do have git, but that's for our buildroot. Thus it recorded commits from a different project. We build all our packages from tarballs, so have to supply the matching commit for each one.

The main problem here is that the "git-vars" target forces the conmon/config.h to be re-generated, even if it already exists (same with crio.conf too)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see, thanks. Let's see if we can get rid of the git-vars dependency of this target entirely.

$(GO) build $(LDFLAGS) -tags "$(BUILDTAGS)" -o bin/crio-config $(PROJECT)/cmd/crio-config
( cd conmon && $(CURDIR)/bin/crio-config )

diff --git a/cmd/crio/main.go b/cmd/crio/main.go
index 0bc347a..ab9969f 100644
--- a/cmd/crio/main.go
+++ b/cmd/crio/main.go
@@ -207,7 +207,7 @@ func mergeConfig(config *server.Config, ctx *cli.Context) (string, error) {
}

func writeCrioGoroutineStacks() {
- path := filepath.Join("/tmp", fmt.Sprintf("crio-goroutine-stacks-%s.log", strings.ReplaceAll(time.Now().Format(time.RFC3339), ":", "")))
+ path := filepath.Join("/tmp", fmt.Sprintf("crio-goroutine-stacks-%s.log", strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
if err := utils.WriteGoroutineStacksToFile(path); err != nil {
logrus.Warnf("Failed to write goroutine stacks: %s", err)
}
diff --git a/oci/runtime_vm.go b/oci/runtime_vm.go
index 57a1fde..64f853f 100644
--- a/oci/runtime_vm.go
+++ b/oci/runtime_vm.go
@@ -172,7 +172,7 @@ func (r *runtimeVM) startRuntimeDaemon(c *Container) error {
args = append(args, "start")

// Modify the runtime path so that it complies with v2 shim API
- newRuntimePath := strings.ReplaceAll(r.path, "-", ".")
+ newRuntimePath := strings.Replace(r.path, "-", ".", -1)

// Setup default namespace
r.ctx = namespaces.WithNamespace(r.ctx, namespaces.Default)
58 changes: 42 additions & 16 deletions deploy/iso/minikube-iso/package/crio-bin/crio.conf
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
#
# Please refer to crio.conf(5) for details of all configuration options.

# CRI-O supports partial configuration reload during runtime, which can be
# done by sending SIGHUP to the running process. Currently supported options
# are explicitly mentioned with: 'This option supports live configuration
# reload'.

# CRI-O reads its storage defaults from the containers-storage.conf(5) file
# located at /etc/containers/storage.conf. Modify this storage configuration if
# you want to change the system's defaults. If you want to modify storage just
Expand All @@ -28,9 +33,11 @@ storage_driver = "overlay"
#]

# If set to false, in-memory locking will be used instead of file-based locking.
file_locking = true
# **Deprecated** this option will be removed in the future.
file_locking = false

# Path to the lock file.
# **Deprecated** this option will be removed in the future.
file_locking_path = "/run/crio.lock"


Expand Down Expand Up @@ -90,6 +97,9 @@ no_pivot = true
# Path to the conmon binary, used for monitoring the OCI runtime.
conmon = "/usr/libexec/crio/conmon"

# Cgroup setting for conmon
conmon_cgroup = "pod"

# Environment variable list for the conmon process, used for passing necessary
# environment variables to conmon or the runtime.
conmon_env = [
Expand All @@ -100,8 +110,9 @@ conmon_env = [
selinux = false

# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
seccomp_profile = "/etc/crio/seccomp.json"
# for the runtime. If not specified, then the internal default seccomp profile
# will be used.
seccomp_profile = ""

# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default-" followed by the version string of CRI-O.
Expand Down Expand Up @@ -185,9 +196,13 @@ container_attach_socket_dir = "/var/run/crio"
read_only = false

# Changes the verbosity of the logs based on the level it is set to. Options
# are fatal, panic, error, warn, info, and debug.
# are fatal, panic, error, warn, info, and debug. This option supports live
# configuration reload.
log_level = "error"

# The default log directory where all logs will go unless directly specified by the kubelet
log_dir = "/var/log/crio/pods"

# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
Expand All @@ -202,15 +217,19 @@ gid_mappings = ""
# regarding the proper termination of the container.
ctr_stop_timeout = 0

# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
# of trust of the workload.

[crio.runtime.runtimes.runc]
runtime_path = "/usr/bin/runc"
runtime_type = "oci"

# ManageNetworkNSLifecycle determines whether we pin and remove network namespace
# and manage its lifecycle.
manage_network_ns_lifecycle = false

# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
# of trust of the workload.

[crio.runtime.runtimes.runc]
runtime_path = "/usr/bin/runc"
runtime_type = "oci"
runtime_root = "/run/runc"


# The crio.image table contains settings pertaining to the management of OCI images.
Expand All @@ -225,14 +244,21 @@ ctr_stop_timeout = 0
# Default transport for pulling images from a remote container storage.
default_transport = "docker://"

# The path to a file containing credentials necessary for pulling images from
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
global_auth_file = ""

# The image used to instantiate infra containers.
# This option supports live configuration reload.
pause_image = "k8s.gcr.io/pause:3.1"

# If not empty, the path to a docker/config.json-like file containing credentials
# necessary for pulling the image specified by pause_image above.
# The path to a file containing credentials specific for pulling the pause_image from
# above. The file is similar to that of /var/lib/kubelet/config.json
# This option supports live configuration reload.
pause_image_auth_file = ""

# The command to run to have a container stay in the paused state.
# This option supports live configuration reload.
pause_command = "/pause"

# Path to the file which decides what sort of policy we use when deciding
Expand Down Expand Up @@ -264,6 +290,6 @@ registries = [
network_dir = "/etc/cni/net.d/"

# Paths to directories where CNI plugin binaries are located.
plugin_dir = [
plugin_dirs = [
"/opt/cni/bin/",
]
60 changes: 43 additions & 17 deletions deploy/iso/minikube-iso/package/crio-bin/crio.conf.default
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
#
# Please refer to crio.conf(5) for details of all configuration options.

# CRI-O supports partial configuration reload during runtime, which can be
# done by sending SIGHUP to the running process. Currently supported options
# are explicitly mentioned with: 'This option supports live configuration
# reload'.

# CRI-O reads its storage defaults from the containers-storage.conf(5) file
# located at /etc/containers/storage.conf. Modify this storage configuration if
# you want to change the system's defaults. If you want to modify storage just
Expand All @@ -20,17 +25,19 @@

# Storage driver used to manage the storage of images and containers. Please
# refer to containers-storage.conf(5) to see all available storage drivers.
#storage_driver = "overlay"
#storage_driver = ""

# List to pass options to the storage driver. Please refer to
# containers-storage.conf(5) to see all available storage options.
#storage_option = [
#]

# If set to false, in-memory locking will be used instead of file-based locking.
file_locking = true
# **Deprecated** this option will be removed in the future.
file_locking = false

# Path to the lock file.
# **Deprecated** this option will be removed in the future.
file_locking_path = "/run/crio.lock"


Expand Down Expand Up @@ -90,6 +97,9 @@ no_pivot = false
# Path to the conmon binary, used for monitoring the OCI runtime.
conmon = "/usr/local/libexec/crio/conmon"

# Cgroup setting for conmon
conmon_cgroup = "pod"

# Environment variable list for the conmon process, used for passing necessary
# environment variables to conmon or the runtime.
conmon_env = [
Expand All @@ -100,8 +110,9 @@ conmon_env = [
selinux = false

# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
seccomp_profile = "/etc/crio/seccomp.json"
# for the runtime. If not specified, then the internal default seccomp profile
# will be used.
seccomp_profile = ""

# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default-" followed by the version string of CRI-O.
Expand Down Expand Up @@ -185,9 +196,13 @@ container_attach_socket_dir = "/var/run/crio"
read_only = false

# Changes the verbosity of the logs based on the level it is set to. Options
# are fatal, panic, error, warn, info, and debug.
# are fatal, panic, error, warn, info, and debug. This option supports live
# configuration reload.
log_level = "error"

# The default log directory where all logs will go unless directly specified by the kubelet
log_dir = "/var/log/crio/pods"

# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
Expand All @@ -202,15 +217,19 @@ gid_mappings = ""
# regarding the proper termination of the container.
ctr_stop_timeout = 0

# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
# of trust of the workload.

[crio.runtime.runtimes.runc]
runtime_path = "/usr/bin/runc"
runtime_type = "oci"

# ManageNetworkNSLifecycle determines whether we pin and remove network namespace
# and manage its lifecycle.
manage_network_ns_lifecycle = false

# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
# of trust of the workload.

[crio.runtime.runtimes.runc]
runtime_path = ""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please be aware that runc has to be in $PATH to let this work during runtime.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this is what the crio generated by default. Compare it with our config (above).

runtime_path = "/usr/bin/runc"

I generated and added the default config, since it changes and breaks all. the. time

  • plugin_dir, plugin_dirs

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it should work fine :)

runtime_type = "oci"
runtime_root = "/run/runc"


# The crio.image table contains settings pertaining to the management of OCI images.
Expand All @@ -225,14 +244,21 @@ ctr_stop_timeout = 0
# Default transport for pulling images from a remote container storage.
default_transport = "docker://"

# The path to a file containing credentials necessary for pulling images from
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
global_auth_file = ""

# The image used to instantiate infra containers.
# This option supports live configuration reload.
pause_image = "k8s.gcr.io/pause:3.1"

# If not empty, the path to a docker/config.json-like file containing credentials
# necessary for pulling the image specified by pause_image above.
# The path to a file containing credentials specific for pulling the pause_image from
# above. The file is similar to that of /var/lib/kubelet/config.json
# This option supports live configuration reload.
pause_image_auth_file = ""

# The command to run to have a container stay in the paused state.
# This option supports live configuration reload.
pause_command = "/pause"

# Path to the file which decides what sort of policy we use when deciding
Expand Down Expand Up @@ -263,6 +289,6 @@ image_volumes = "mkdir"
network_dir = "/etc/cni/net.d/"

# Paths to directories where CNI plugin binaries are located.
plugin_dir = [
plugin_dirs = [
"/opt/cni/bin/",
]