From 55f6b3879d770d756963564a5894c09806a31003 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Sat, 15 Jul 2017 21:45:13 +0200 Subject: node.yaml: configure node to use cri-o when openshift.common.use_crio Signed-off-by: Giuseppe Scrivano --- roles/openshift_node/templates/node.yaml.v1.j2 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 351c8c9f6..a400dd8d9 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -16,6 +16,21 @@ imageConfig: latest: false kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} +{% if use_crio | default(False) %} + container-runtime: + - remote + container-runtime-endpoint: + - /var/run/crio.sock + enable-cri: + - 'true' + image-service-endpoint: + - /var/run/crio.sock + node-labels: + - router=true + - registry=true + runtime-request-timeout: + - 10m +{% endif %} {% if openshift.common.version_gte_3_3_or_1_3 | bool %} masterClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json -- cgit v1.2.1 From 85b9622751913619e57b9380b6051dc612e990b9 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Mon, 17 Jul 2017 14:28:46 -0400 Subject: cri-o: Add cri-o as a Wants in node units --- roles/openshift_node/templates/node.service.j2 | 1 + roles/openshift_node/templates/openshift.docker.node.dep.service | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2 index e12a52c15..3d0ae3bbd 100644 --- a/roles/openshift_node/templates/node.service.j2 +++ b/roles/openshift_node/templates/node.service.j2 @@ -8,6 +8,7 @@ Wants={{ openshift.docker.service_name }}.service Documentation=https://github.com/openshift/origin Requires=dnsmasq.service After=dnsmasq.service +{% if openshift.docker.use_crio %}Wants=cri-o.service{% endif %} [Service] Type=notify diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service index 4c47f8c0d..c4580be1f 100644 --- a/roles/openshift_node/templates/openshift.docker.node.dep.service +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -3,7 +3,7 @@ Requires={{ openshift.docker.service_name }}.service After={{ openshift.docker.service_name }}.service PartOf={{ openshift.common.service_type }}-node.service Before={{ openshift.common.service_type }}-node.service - +{% if openshift.docker.use_crio %}Wants=cri-o.service{% endif %} [Service] ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" -- cgit v1.2.1 From 4588260e27e0e139690d0219f6e57b125dce116a Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Wed, 19 Jul 2017 10:36:24 -0400 Subject: cri-o: Fix node template to use full variable --- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index a400dd8d9..2a664790f 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -16,7 +16,7 @@ imageConfig: latest: false kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} -{% if use_crio | default(False) %} +{% if openshift.docker.use_crio | default(False) %} container-runtime: - remote container-runtime-endpoint: -- cgit v1.2.1 From a4be4c390a5eca18ef2cec8af57c24dfc162e6d2 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Wed, 19 Jul 2017 16:40:04 -0400 Subject: openshift_node: fix typo for experimental-cri --- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 2a664790f..93f8658b4 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -21,7 +21,7 @@ kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yam - remote container-runtime-endpoint: - /var/run/crio.sock - enable-cri: + experimental-cri: - 'true' image-service-endpoint: - /var/run/crio.sock -- cgit v1.2.1 From 0a020bae8b93a53271c940714c8701d5e63db5f0 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 28 Jul 2017 11:24:12 +0200 Subject: openvswitch: system container depends on the cri-o service Signed-off-by: Giuseppe Scrivano --- roles/openshift_node/tasks/openvswitch_system_container.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index c8d653880..3254b35d6 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -1,4 +1,15 @@ --- +- set_fact: + l_use_crio: "{{ openshift_docker_use_crio | default(false) }}" + +- set_fact: + l_service_name: "cri-o" + when: l_use_crio + +- set_fact: + l_service_name: "{{ openshift.docker.service_name }}" + when: not l_use_crio + - name: Pre-pull OpenVSwitch system container image command: > atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} @@ -11,4 +22,4 @@ image: "{{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" state: latest values: - - "DOCKER_SERVICE={{ openshift.docker.service_name }}.service" + - "DOCKER_SERVICE={{ l_service_name }}" -- cgit v1.2.1 From 302171a630655f943f581634a7b8283160feb564 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Tue, 1 Aug 2017 12:15:04 -0400 Subject: cri-o: Continue node without SELinux check cri-o currently requires SELinux to be off. This change disables the SELinux check in the openshift_node role when cri-o is in use. --- roles/openshift_node/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 87b1f6537..6c3d10134 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -2,9 +2,9 @@ # TODO: allow for overriding default ports where possible - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." - when: > - (not ansible_selinux or ansible_selinux.status != 'enabled') and - deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] + when: + - (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] + - not openshift_docker_use_crio | default(false) # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory - name: Check for swap usage -- cgit v1.2.1 From 39cf5084f18e2e0adca46b925660a6f2c38d227c Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Tue, 1 Aug 2017 12:16:11 -0400 Subject: cri-o: Restart cri-o after openshift sdn installation --- roles/openshift_node/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 6c3d10134..ca4fef360 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -66,6 +66,13 @@ - openshift.common.use_openshift_sdn | default(true) | bool - not openshift.common.is_containerized | bool +- name: Restart cri-o + systemd: + name: cri-o + enabled: yes + state: restarted + when: openshift_docker_use_crio | default(false) + - name: Install conntrack-tools package package: name: "conntrack-tools" -- cgit v1.2.1