├── .gitignore ├── .gitreview ├── .zuul.yaml ├── CONTRIBUTING.rst ├── README.rst ├── devstack ├── lib │ ├── cni │ │ └── plugins │ ├── crio │ ├── docker │ ├── k8s │ └── tools │ │ └── crictl ├── plugin.sh └── settings ├── etc └── cni │ └── net.d │ ├── 10-bridge.conf │ └── 99-loopback.conf ├── playbooks ├── devstack-plugin-container-dsvm │ ├── post.yaml │ ├── pre.yaml │ └── run.yaml └── devstack-plugin-container-k8s │ ├── post.yaml │ ├── pre.yaml │ └── run.yaml ├── releasenotes └── notes │ └── add-support-for-kata-containers-49eae38b994aeae8.yaml ├── roles ├── fetch_docker_log │ ├── README.rst │ └── tasks │ │ └── main.yaml └── fetch_kubelet_log │ ├── README.rst │ └── tasks │ └── main.yaml └── tox.ini /.gitignore: -------------------------------------------------------------------------------- 1 | .tox 2 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/devstack-plugin-container.git 5 | -------------------------------------------------------------------------------- /.zuul.yaml: -------------------------------------------------------------------------------- 1 | - job: 2 | name: devstack-plugin-container-dsvm 3 | parent: devstack 4 | pre-run: playbooks/devstack-plugin-container-dsvm/pre.yaml 5 | run: playbooks/devstack-plugin-container-dsvm/run.yaml 6 | post-run: playbooks/devstack-plugin-container-dsvm/post.yaml 7 | timeout: 4200 8 | required-projects: 9 | - openstack/devstack 10 | - openstack/devstack-plugin-container 11 | vars: 12 | devstack_localrc: 13 | USE_PYTHON3: true 14 | devstack_plugins: 15 | devstack-plugin-container: https://opendev.org/openstack/devstack-plugin-container 16 | 17 | - job: 18 | name: devstack-plugin-container-k8s 19 | parent: devstack-minimal 20 | nodeset: openstack-two-node-noble 21 | pre-run: playbooks/devstack-plugin-container-k8s/pre.yaml 22 | run: playbooks/devstack-plugin-container-k8s/run.yaml 23 | post-run: playbooks/devstack-plugin-container-k8s/post.yaml 24 | timeout: 7200 25 | required-projects: 26 | - openstack/devstack 27 | - openstack/devstack-plugin-container 28 | vars: 29 | devstack_services: 30 | # Ignore any default set by devstack. Emit a "disable_all_services". 31 | base: false 32 | etcd3: true 33 | container: true 34 | k8s-master: true 35 | devstack_localrc: 36 | K8S_TOKEN: "9agf12.zsu5uh2m4pzt3qba" 37 | USE_PYTHON3: true 38 | devstack_plugins: 39 | devstack-plugin-container: https://opendev.org/openstack/devstack-plugin-container 40 | group-vars: 41 | subnode: 42 | devstack_services: 43 | # Ignore any default set by devstack. Emit a "disable_all_services". 44 | base: false 45 | container: true 46 | k8s-node: true 47 | devstack_localrc: 48 | K8S_TOKEN: "9agf12.zsu5uh2m4pzt3qba" 49 | USE_PYTHON3: true 50 | 51 | - project: 52 | check: 53 | jobs: 54 | - openstack-tox-bashate 55 | - devstack-plugin-container-dsvm 56 | - devstack-plugin-container-k8s: 57 | voting: false 58 | gate: 59 | jobs: 60 | - openstack-tox-bashate 61 | - devstack-plugin-container-dsvm 62 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/devstack-plugin-container 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/devstack 15 | 16 | For more specific information about contributing to this repository, see the 17 | Devstack contributor guide: 18 | 19 | https://docs.openstack.org/devstack/latest/contributor/contributing.html 20 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ================ 2 | Container Plugin 3 | ================ 4 | 5 | This plugin enables installation of container engine and Kubernetes on 6 | Devstack. The default container engine is Docker. 7 | 8 | ==================== 9 | Enabling in Devstack 10 | ==================== 11 | 12 | 1. Download DevStack 13 | -------------------- 14 | 15 | For more info on devstack installation follow the below link: 16 | 17 | .. code-block:: ini 18 | 19 | https://docs.openstack.org/devstack/latest/ 20 | 21 | 2. Add this repo as an external repository 22 | ------------------------------------------ 23 | 24 | This plugin supports installing Kubernetes or container engine only. 25 | For installing container engine only, using the following config: 26 | 27 | .. code-block:: ini 28 | 29 | cat > /opt/stack/devstack/local.conf << END 30 | [[local|localrc]] 31 | enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container 32 | END 33 | 34 | For installing Kata Containers, using the following config: 35 | 36 | .. code-block:: ini 37 | 38 | cat > /opt/stack/devstack/local.conf << END 39 | [[local|localrc]] 40 | enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container 41 | ENABLE_KATA_CONTAINERS=True 42 | END 43 | 44 | For installing Kubernetes, using the following config in master node: 45 | 46 | .. code-block:: ini 47 | 48 | cat > /opt/stack/devstack/local.conf << END 49 | [[local|localrc]] 50 | enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devstack-plugin-container 51 | enable_service etcd3 52 | enable_service container 53 | enable_service k8s-master 54 | # kubeadm token generate 55 | K8S_TOKEN="9agf12.zsu5uh2m4pzt3qba" 56 | 57 | ... 58 | 59 | END 60 | 61 | And using the following config in worker node: 62 | 63 | .. code-block:: ini 64 | 65 | cat > /opt/stack/devstack/local.conf << END 66 | [[local|localrc]] 67 | SERVICE_HOST=10.0.0.11 # change this to controller's IP address 68 | 69 | enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devstack-plugin-container 70 | enable_service container 71 | enable_service k8s-node 72 | # kubeadm token generate 73 | K8S_TOKEN="9agf12.zsu5uh2m4pzt3qba" 74 | 75 | ... 76 | 77 | END 78 | 79 | 3. Run devstack 80 | -------------------- 81 | 82 | .. code-block:: ini 83 | 84 | cd /opt/stack/devstack 85 | ./stack.sh 86 | -------------------------------------------------------------------------------- /devstack/lib/cni/plugins: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # lib/cni/plugins 4 | # Common CNI plugins functions 5 | 6 | # Dependencies: 7 | # ``functions`` file 8 | # ``STACK_USER`` has to be defined 9 | 10 | # Save trace setting 11 | _XTRACE_CONTAINER_CNI_PLUGINS=$(set +o | grep xtrace) 12 | set +o xtrace 13 | 14 | # Defaults 15 | # -------- 16 | 17 | CNI_PLUGINS_BIN_DIR=/opt/cni/bin 18 | # install all plugins by default 19 | CNI_PLUGINS_INSTALL_PLUGINS=${CNI_PLUGINS_INSTALL_PLUGINS:-flannel,ptp,host-local,portmap,tuning,vlan,host-device,sample,dhcp,ipvlan,macvlan,loopback,bridge} 20 | CNI_PLUGINS_CONF_SOURCE_DIR=${CNI_PLUGINS_CONF_SOURCE_DIR:-$DEST/devstack-plugin-container/etc/cni/net.d} 21 | CNI_PLUGINS_CONF_DIR=${CNI_PLUGINS_CONF_DIR:-/etc/cni/net.d} 22 | 23 | CNI_PLUGINS_VERSION=${CNI_PLUGINS_VERSION:-v0.7.1} 24 | CNI_PLUGINS_SHA256_AMD64=${CNI_PLUGINS_SHA256_AMD64:-"6ecc5c7dbb8e4296b0d0d017e5440618e19605b9aa3b146a2c29af492f299dc7"} 25 | CNI_PLUGINS_SHA256_ARM64=${CNI_PLUGINS_SHA256_ARM64:-"258080b94bfc54bd54fd0ea7494efc31806aa4b2836ba3f2d189e0fc16fab0ef"} 26 | CNI_PLUGINS_SHA256_PPC64=${CNI_PLUGINS_SHA256_PPC64:-"a515c45a52e752249bb0e9feac1654c5d38974df6a36148778f6eeab9826f706"} 27 | CNI_PLUGINS_SHA256_S390X=${CNI_PLUGINS_SHA256_S390X:-"24e31be69a012395f1026cd37d125f5f81001cfc36434d8f7a17b36bc5f1e6ad"} 28 | # Make sure CNI plugins downloads the correct architecture 29 | if is_arch "x86_64"; then 30 | CNI_PLUGINS_ARCH="amd64" 31 | CNI_PLUGINS_SHA256=${CNI_PLUGINS_SHA256:-$CNI_PLUGINS_SHA256_AMD64} 32 | elif is_arch "aarch64"; then 33 | CNI_PLUGINS_ARCH="arm64" 34 | CNI_PLUGINS_SHA256=${CNI_PLUGINS_SHA256:-$CNI_PLUGINS_SHA256_ARM64} 35 | elif is_arch "ppc64le"; then 36 | CNI_PLUGINS_ARCH="ppc64le" 37 | CNI_PLUGINS_SHA256=${CNI_PLUGINS_SHA256:-$CNI_PLUGINS_SHA256_PPC64} 38 | elif is_arch "s390x"; then 39 | CNI_PLUGINS_ARCH="s390x" 40 | CNI_PLUGINS_SHA256=${CNI_PLUGINS_SHA256:-$CNI_PLUGINS_SHA256_S390X} 41 | else 42 | exit_distro_not_supported "invalid hardware type" 43 | fi 44 | CNI_PLUGINS_DOWNLOAD_URL=${CNI_PLUGINS_DOWNLOAD_URL:-https://github.com/containernetworking/plugins/releases/download} 45 | CNI_PLUGINS_DOWNLOAD_FILE=cni-plugins-$CNI_PLUGINS_ARCH-$CNI_PLUGINS_VERSION.tgz 46 | CNI_PLUGINS_DOWNLOAD_LOCATION=$CNI_PLUGINS_DOWNLOAD_URL/$CNI_PLUGINS_VERSION/$CNI_PLUGINS_DOWNLOAD_FILE 47 | 48 | 49 | # Installs standard cni plugins. 50 | function install_cni_plugins { 51 | echo "Installing CNI standard plugins" 52 | 53 | # Download and cache the cni plugins tgz for subsequent use 54 | local plugins_file 55 | cni_plugins_file="$(get_extra_file $CNI_PLUGINS_DOWNLOAD_LOCATION)" 56 | if [ ! -d "$FILES/cniplugins" ]; then 57 | echo "${CNI_PLUGINS_SHA256} $cni_plugins_file" > $FILES/cniplugins.sha256sum 58 | # remove the damaged file when checksum fails 59 | sha256sum -c $FILES/cniplugins.sha256sum || (sudo rm -f $cni_plugins_file; exit 1) 60 | 61 | mkdir $FILES/cniplugins 62 | tar xzvf $cni_plugins_file -C $FILES/cniplugins 63 | fi 64 | for plugin in ${CNI_PLUGINS_INSTALL_PLUGINS//,/ }; do 65 | if [ $(ls $FILES/cniplugins/$plugin 2> /dev/null) ]; then 66 | echo "Install plugin: $plugin" 67 | sudo install -o "$STACK_USER" -m 0555 -D "$FILES/cniplugins/$plugin" \ 68 | "$CNI_PLUGINS_BIN_DIR/$plugin" 69 | else 70 | echo "Skip installing plugin: $plugin" 71 | fi 72 | done 73 | } 74 | 75 | # Configure cni plugins. 76 | function configure_cni_plugins { 77 | echo "Configuring CNI plugins" 78 | 79 | for plugin in ${CNI_PLUGINS_INSTALL_PLUGINS//,/ }; do 80 | local source_config_file 81 | source_config_file=$(ls ${CNI_PLUGINS_CONF_SOURCE_DIR}/*${plugin}.conf 2> /dev/null || true) 82 | if [ $source_config_file ]; then 83 | echo "Found config file for plugin: $plugin" 84 | sudo install -o "$STACK_USER" -m 0664 -t "$CNI_PLUGINS_CONF_DIR" -D \ 85 | "${source_config_file}" 86 | else 87 | echo "Config file not found for plugin: $plugin" 88 | fi 89 | done 90 | } 91 | 92 | 93 | # Restore xtrace 94 | $_XTRACE_CONTAINER_CNI_PLUGINS 95 | -------------------------------------------------------------------------------- /devstack/lib/crio: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Dependencies: 4 | # 5 | # - functions 6 | 7 | # stack.sh 8 | # --------- 9 | # - check_crio 10 | # - install_crio 11 | # - configure_crio 12 | # - stop_crio 13 | 14 | # Save trace setting 15 | _XTRACE_DOCKER=$(set +o | grep xtrace) 16 | set +o xtrace 17 | 18 | 19 | # Defaults 20 | # -------- 21 | 22 | CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock} 23 | CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP) 24 | 25 | # Functions 26 | # --------- 27 | 28 | function check_crio { 29 | if is_ubuntu; then 30 | dpkg -l | grep cri-o > /dev/null 2>&1 31 | else 32 | false 33 | # TODO: CentOS/Fedora support. 34 | fi 35 | } 36 | 37 | function install_crio { 38 | if [[ -z "$os_PACKAGE" ]]; then 39 | GetOSVersion 40 | fi 41 | 42 | local lsb_dist=${os_VENDOR,,} 43 | if is_ubuntu; then 44 | local stream="https://pkgs.k8s.io/addons:/cri-o:/stable:/v${CRIO_VERSION%.*}" 45 | local key_path="/etc/apt/keyrings/cri-o-apt-keyring.gpg" 46 | 47 | apt_get install apt-transport-https ca-certificates \ 48 | software-properties-common curl 49 | curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}" 50 | echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \ 51 | sudo tee /etc/apt/sources.list.d/cri-o.list 52 | 53 | # Installing podman and containerd will get us compatible versions of 54 | # cri-o. And we need podman to manage container images anyway. 55 | REPOS_UPDATED=False apt_get_update 56 | crio_pkg_version=$(sudo apt-cache show cri-o | grep "Version: $CRIO_VERSION-" | awk '{ print $2 }' | head -n 1) 57 | apt_get install podman buildah cri-o="${crio_pkg_version}" 58 | sudo systemctl enable crio 59 | elif is_fedora; then 60 | if [[ "$lsb_dist" = "centos" ]]; then 61 | sudo yum-config-manager \ 62 | --add-repo \ 63 | https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/ 64 | sudo yum-config-manager \ 65 | --add-repo \ 66 | https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/ 67 | fi 68 | if [[ "${os_VENDOR}" == *'Stream' ]]; then 69 | local stream="_Stream" 70 | fi 71 | # NOTE: All crio versions are not supported for Centos 8 stream 72 | # because crio rpm is not present for some minor versions 73 | sudo yum-config-manager \ 74 | --add-repo \ 75 | "https://download.opensuse.org/repositories/"` 76 | `"devel:/kubic:/libcontainers:/stable:/cri-o:/${CRIO_VERSION}/"` 77 | `"CentOS_${os_RELEASE}${stream}/"` 78 | `"devel:kubic:libcontainers:stable:cri-o:${CRIO_VERSION}.repo" 79 | 80 | yum_install cri-o podman buildah 81 | fi 82 | } 83 | 84 | function configure_crio { 85 | # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1 86 | sudo systemctl stop crio.service || true 87 | 88 | export CRIO_CONF="/etc/crio/crio.conf" 89 | 90 | # We're wrapping values in \"\" because that's the format cri-o wants. 91 | iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\" 92 | iniset -sudo ${CRIO_CONF} crio.image pause_image \"${CRIO_PAUSE_IMAGE}\" 93 | iniset -sudo ${CRIO_CONF} crio.image pause_command \"${CRIO_PAUSE_COMMAND}\" 94 | if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then 95 | # debug is way too verbose, info will be enough 96 | iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\" 97 | fi 98 | if is_ubuntu; then 99 | local crio_minor=${CRIO_VERSION#*.} 100 | # At least for 18.04 we need to set up /etc/containers/registries.conf 101 | # with some initial content. That's another bug with that PPA. 102 | local registries_conf 103 | registries_conf="/etc/containers/registries.conf" 104 | 105 | if [[ ! -f ${registries_conf} && $crio_minor -lt 24 ]]; then 106 | sudo mkdir -p `dirname ${registries_conf}` 107 | cat << EOF | sudo tee ${registries_conf} 108 | [registries.search] 109 | registries = ['docker.io'] 110 | EOF 111 | else 112 | # If there is a config file, that means, we are probably on the 113 | # newer version of crio/container/podman, which basically means 114 | # we cannot mix [registries.search] registries filled with 115 | # something and unqualified-search-registries setting which appear 116 | # on sysregistry v2 config syntax. And because it's a TOML now, we 117 | # cannot rely on iniset, but directly change the file. 118 | 119 | local rname='unqualified-search-registries' 120 | local rval='["docker.io", "quay.io"]' 121 | if [[ ! -f ${registries_conf} ]]; then 122 | cat << EOF | sudo tee ${registries_conf} 123 | unqualified-search-registries = ["docker.io", "quay.io"] 124 | EOF 125 | elif grep -wq "^${rname}" "${registries_conf}"; then 126 | sudo sed -i -e \ 127 | "s/^${rname}.*$/${rname} = ${rval}/" "${registries_conf}" 128 | else 129 | sudo sed -i "1s/^/${rname} = ${rval}\n/" "${registries_conf}" 130 | fi 131 | fi 132 | # CRI-O from kubic repo have placed runc in different place, not even 133 | # in path, just to not conflict with runc package from official repo. 134 | # We need to change it. 135 | iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \ 136 | \"/usr/lib/cri-o-runc/sbin/runc\" 137 | 138 | if [ -n "${CNI_CONF_DIR}" ]; then 139 | iniset -sudo ${CRIO_CONF} crio.network network_dir \ 140 | \"${CNI_CONF_DIR}\" 141 | fi 142 | if [ -n "${CNI_PLUGIN_DIR}" ]; then 143 | iniset -sudo ${CRIO_CONF} crio.network plugin_dir \ 144 | \"${CNI_PLUGIN_DIR}\" 145 | fi 146 | # By default CRI-O doesn't allow ICMP between containers, although it 147 | # is ususally expected for testing purposes. 148 | if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then 149 | if grep -wq '^default_sysctls' ${CRIO_CONF}; then 150 | export CRIO_KEY="default_sysctls" 151 | export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]' 152 | _update_config 153 | else 154 | iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \ 155 | '[ "net.ipv4.ping_group_range=0 2147483647", ]' 156 | fi 157 | fi 158 | elif is_fedora; then 159 | local lsb_dist=${os_VENDOR,,} 160 | 161 | if [[ "$lsb_dist" = "centos" ]]; then 162 | # CentOS packages are putting runc binary in different place... 163 | iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\" 164 | 165 | # CentOS version seems to only work with cgroupfs... 166 | iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\" 167 | fi 168 | fi 169 | 170 | sudo systemctl --no-block restart crio.service 171 | } 172 | 173 | function stop_crio { 174 | sudo systemctl stop crio.service || true 175 | } 176 | 177 | function _update_config { 178 | sudo -E python3 - < /dev/null 2>&1 || dpkg -s docker-ce > /dev/null 2>&1 48 | else 49 | rpm -q docker-engine > /dev/null 2>&1 || rpm -q docker > /dev/null 2>&1 || rpm -q docker-ce > /dev/null 2>&1 50 | fi 51 | } 52 | 53 | function install_docker { 54 | if [[ -z "$os_PACKAGE" ]]; then 55 | GetOSVersion 56 | fi 57 | 58 | local lsb_dist=${os_VENDOR,,} 59 | local dist_version=${os_CODENAME} 60 | if [[ "$lsb_dist" != "centosstream" ]]; then 61 | local arch 62 | arch=$(dpkg --print-architecture) 63 | fi 64 | if is_ubuntu; then 65 | apt_get install apparmor 66 | if [[ ${dist_version} == 'trusty' ]]; then 67 | if uname -r | grep -q -- '-generic' && dpkg -l 'linux-image-*-generic' | grep -qE '^ii|^hi' 2>/dev/null; then 68 | apt_get install linux-image-extra-$(uname -r) linux-image-extra-virtual 69 | else 70 | (>&2 echo "WARNING: Current kernel is not supported by the linux-image-extra-virtual package. Docker may not work.") 71 | fi 72 | fi 73 | apt_get install apt-transport-https ca-certificates software-properties-common 74 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 75 | sudo add-apt-repository -y \ 76 | "deb [arch=${arch}] https://download.docker.com/linux/${lsb_dist} \ 77 | ${dist_version} \ 78 | stable" 79 | REPOS_UPDATED=False apt_get_update 80 | if [ -n "${UBUNTU_DOCKER_VERSION}" ]; then 81 | apt_get install docker-ce=$UBUNTU_DOCKER_VERSION 82 | else 83 | apt_get install docker-ce 84 | fi 85 | elif is_fedora; then 86 | if [[ "$lsb_dist" = "centos" ]]; then 87 | sudo yum-config-manager \ 88 | --add-repo \ 89 | https://download.docker.com/linux/centos/docker-ce.repo 90 | elif [[ "$lsb_dist" = "centosstream" ]]; then 91 | sudo yum-config-manager \ 92 | --add-repo \ 93 | https://download.docker.com/linux/centos/docker-ce.repo 94 | sudo yum-config-manager \ 95 | --add-repo \ 96 | https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 #noqa 97 | sudo yum-config-manager \ 98 | --enable \ 99 | packages.cloud.google.com_yum_repos_kubernetes-el7-x86_64 100 | sudo dnf -y install kubeadm --nogpgcheck 101 | elif [[ "$lsb_dist" = "fedora" ]]; then 102 | sudo dnf config-manager \ 103 | --add-repo \ 104 | https://download.docker.com/linux/fedora/docker-ce.repo 105 | fi 106 | yum_install docker-ce 107 | fi 108 | if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then 109 | # Kata Containers can't run inside VM, so check whether virtualization 110 | # is enabled or not 111 | if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then 112 | if is_ubuntu; then 113 | install_kata_container_ubuntu 114 | elif is_fedora; then 115 | install_kata_container_fedora 116 | fi 117 | else 118 | (>&2 echo "WARNING: Kata Containers needs the CPU extensions svm or vmx which is not enabled. Skipping Kata Containers installation.") 119 | fi 120 | # TODO(hongbin): deprecate and remove clear container 121 | elif [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then 122 | # Clear Container can't run inside VM, so check whether virtualization 123 | # is enabled or not 124 | (>&2 echo "WARNING: Clear Container support is deprecated in Train release and will be removed in U release.") 125 | if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then 126 | if is_ubuntu; then 127 | install_clear_container_ubuntu 128 | elif is_fedora; then 129 | install_clear_container_fedora 130 | fi 131 | else 132 | (>&2 echo "WARNING: Clear Container needs the CPU extensions svm or vmx which is not enabled. Skipping Clear Container installation.") 133 | fi 134 | fi 135 | 136 | if [[ "$ENABLE_CONTAINERD_CRI" == "True" ]]; then 137 | source $DEST/devstack-plugin-container/devstack/lib/cni/plugins 138 | install_cni_plugins 139 | 140 | source $DEST/devstack-plugin-container/devstack/lib/tools/crictl 141 | install_crictl 142 | fi 143 | } 144 | 145 | function configure_docker { 146 | if [[ ${ENABLE_CONTAINERD_CRI} == "True" ]]; then 147 | source $DEST/devstack-plugin-container/devstack/lib/cni/plugins 148 | configure_cni_plugins 149 | 150 | configure_containerd 151 | 152 | source $DEST/devstack-plugin-container/devstack/lib/tools/crictl 153 | configure_crictl 154 | fi 155 | 156 | # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1 157 | sudo systemctl stop docker.service || true 158 | 159 | local cluster_store_opts="" 160 | if [[ -n "$DOCKER_CLUSTER_STORE" ]]; then 161 | cluster_store_opts+="\"cluster-store\": \"$DOCKER_CLUSTER_STORE\"," 162 | fi 163 | local runtime_opts="" 164 | if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then 165 | if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then 166 | runtime_opts+="\"runtimes\": { 167 | \"$KATA_RUNTIME\": { 168 | \"path\": \"/usr/bin/kata-runtime\" 169 | } 170 | }, 171 | \"default-runtime\": \"$KATA_RUNTIME\"," 172 | fi 173 | # TODO(hongbin): deprecate and remove clear container 174 | elif [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then 175 | (>&2 echo "WARNING: Clear Container support is deprecated in Train release and will be removed in U release.") 176 | if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then 177 | runtime_opts+="\"runtimes\": { 178 | \"cor\": { 179 | \"path\": \"/usr/bin/cc-oci-runtime\" 180 | } 181 | }," 182 | fi 183 | fi 184 | local docker_config_file=/etc/docker/daemon.json 185 | local debug 186 | local live_restore 187 | local ipv6 188 | if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then 189 | debug=true 190 | else 191 | debug=false 192 | fi 193 | if [[ "$ENABLE_LIVE_RESTORE" == "True" ]]; then 194 | live_restore=true 195 | else 196 | live_restore=false 197 | fi 198 | if [[ "$ENABLE_IPV6" == "True" ]]; then 199 | ipv6=true 200 | else 201 | ipv6=false 202 | fi 203 | sudo mkdir -p $(dirname ${docker_config_file}) 204 | cat </dev/null 205 | { 206 | $cluster_store_opts 207 | $runtime_opts 208 | "debug": ${debug}, 209 | "live-restore": ${live_restore}, 210 | "ipv6": ${ipv6}, 211 | "group": "$DOCKER_GROUP", 212 | EOF 213 | if [[ -n "$DOCKER_CGROUP_DRIVER" ]]; then 214 | 215 | cat </dev/null 216 | "exec-opts": ["native.cgroupdriver=${DOCKER_CGROUP_DRIVER}"], 217 | EOF 218 | fi 219 | 220 | cat </dev/null 221 | "hosts": [ 222 | "unix://$DOCKER_ENGINE_SOCKET_FILE", 223 | "tcp://0.0.0.0:$DOCKER_ENGINE_PORT" 224 | ] 225 | } 226 | EOF 227 | 228 | # NOTE(hongbin): We override ExecStart to workaround issue 22339. 229 | # https://github.com/docker/docker/issues/22339 230 | local docker_drop_in_file=/etc/systemd/system/docker.service.d/docker.conf 231 | sudo mkdir -p $(dirname ${docker_drop_in_file}) 232 | cat </dev/null 233 | [Service] 234 | ExecStart= 235 | ExecStart=/usr/bin/dockerd --config-file=$docker_config_file 236 | Environment="HTTP_PROXY=$http_proxy" "HTTPS_PROXY=$https_proxy" "NO_PROXY=$no_proxy" 237 | EOF 238 | sudo systemctl daemon-reload 239 | sudo systemctl restart docker.service 240 | } 241 | 242 | function configure_containerd { 243 | sudo mkdir -p $CONTAINERD_CONF_DIR 244 | sudo chown -R $STACK_USER $CONTAINERD_CONF_DIR 245 | 246 | stack_user_gid=$(getent group $STACK_USER | cut -d: -f3) 247 | cat </dev/null 248 | [grpc] 249 | gid = $stack_user_gid 250 | 251 | [debug] 252 | level = "debug" 253 | 254 | EOF 255 | if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then 256 | cat </dev/null 257 | [plugins] 258 | [plugins.cri] 259 | [plugins.cri.containerd] 260 | [plugins.cri.containerd.runtimes.${KATA_RUNTIME}] 261 | runtime_type = "io.containerd.kata.v2" 262 | EOF 263 | fi 264 | 265 | sudo systemctl --no-block restart containerd.service 266 | } 267 | 268 | function stop_docker { 269 | sudo systemctl stop docker.service || true 270 | } 271 | 272 | function cleanup_docker { 273 | uninstall_package docker-ce 274 | rm -f $CONTAINERD_CONF 275 | } 276 | 277 | # TODO(hongbin): deprecate and remove clear container 278 | function install_clear_container_ubuntu { 279 | sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/ /' >> /etc/apt/sources.list.d/cc-oci-runtime.list" 280 | curl -fsSL http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add - 281 | REPOS_UPDATED=False apt_get_update 282 | apt_get install cc-oci-runtime 283 | } 284 | 285 | # TODO(hongbin): deprecate and remove clear container 286 | function install_clear_container_fedora { 287 | source /etc/os-release 288 | local lsb_dist=${os_VENDOR,,} 289 | if [[ "$lsb_dist" = "fedora" ]]; then 290 | sudo -E dnf config-manager \ 291 | --add-repo \ 292 | http://download.opensuse.org/repositories/home:clearlinux:preview:clear-containers-2.1/Fedora\_$VERSION_ID/home:clearlinux:preview:clear-containers-2.1.repo 293 | fi 294 | yum_install cc-oci-runtime linux-container 295 | } 296 | 297 | function install_kata_container_ubuntu { 298 | sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/xUbuntu_${os_RELEASE}/ /' \ 299 | > /etc/apt/sources.list.d/kata-containers.list" 300 | curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/xUbuntu_${os_RELEASE}/Release.key \ 301 | | sudo apt-key add - 302 | REPOS_UPDATED=False apt_get_update 303 | apt_get install kata-runtime kata-proxy kata-shim 304 | } 305 | 306 | function install_kata_container_fedora { 307 | source /etc/os-release 308 | if [[ -x $(command -v dnf 2>/dev/null) ]]; then 309 | sudo dnf -y install dnf-plugins-core 310 | sudo -E dnf config-manager --add-repo \ 311 | "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/Fedora_${VERSION_ID}/home:katacontainers:releases:$(arch):${KATA_BRANCH}.repo" 312 | elif [[ -x $(command -v yum 2>/dev/null) ]]; then 313 | # all rh patforms (fedora, centos, rhel) have this pkg 314 | sudo yum -y install yum-utils 315 | sudo -E yum-config-manager --add-repo \ 316 | "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/CentOS_${VERSION_ID}/home:katacontainers:releases:$(arch):${KATA_BRANCH}.repo" 317 | else 318 | die $LINENO "Unable to find or auto-install Kata Containers" 319 | fi 320 | yum_install kata-runtime kata-proxy kata-shim 321 | } 322 | 323 | # Restore xtrace 324 | $_XTRACE_DOCKER 325 | -------------------------------------------------------------------------------- /devstack/lib/k8s: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Dependencies: 4 | # 5 | # - functions 6 | # - ``STACK_USER`` must be defined 7 | 8 | # stack.sh 9 | # -------- 10 | # - install_k8s 11 | 12 | # The following variables are assumed to be defined by certain functions: 13 | # 14 | # - ``http_proxy`` ``https_proxy`` ``no_proxy`` 15 | 16 | # Save trace setting 17 | _XTRACE_DOCKER=$(set +o | grep xtrace) 18 | set +o xtrace 19 | 20 | 21 | # Defaults 22 | # -------- 23 | 24 | K8S_TOKEN=${K8S_TOKEN:-""} 25 | K8S_API_SERVER_IP=${K8S_API_SERVER_IP:-$SERVICE_HOST} 26 | K8S_NODE_IP=${K8S_NODE_IP:-$HOST_IP} 27 | K8S_API_SERVER_PORT=${K8S_API_SERVER_PORT:-6443} 28 | K8S_POD_NETWORK_CIDR=${K8S_POD_NETWORK_CIDR:-10.244.0.0/16} 29 | K8S_SERVICE_NETWORK_CIDR=${K8S_SERVICE_NETWORK_CIDR:-10.96.0.0/12} 30 | K8S_VERSION=${K8S_VERSION:-"1.30.5"} 31 | K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel} 32 | 33 | # Functions 34 | # --------- 35 | 36 | function is_k8s_enabled { 37 | [[ ,${ENABLED_SERVICES} =~ ,"k8s-" ]] && return 0 38 | return 1 39 | } 40 | 41 | function install_kubeadm { 42 | if is_ubuntu; then 43 | local stream="https://pkgs.k8s.io/core:/stable:/v${K8S_VERSION%.*}" 44 | local key_path="/etc/apt/keyrings/kubernetes-apt-keyring.gpg" 45 | 46 | apt_get install apt-transport-https ca-certificates curl gpg 47 | curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}" 48 | echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \ 49 | sudo tee /etc/apt/sources.list.d/kubernetes.list 50 | 51 | REPOS_UPDATED=False apt_get_update 52 | kube_pkg_version=$(sudo apt-cache show kubeadm | grep "Version: $K8S_VERSION-" | awk '{ print $2 }' | head -n 1) 53 | apt_get install kubelet="${kube_pkg_version}" kubeadm="${kube_pkg_version}" kubectl="${kube_pkg_version}" 54 | sudo apt-mark hold kubelet kubeadm kubectl 55 | # NOTE(hongbin): This work-around an issue that kubelet pick a wrong 56 | # IP address if the node has multiple network interfaces. 57 | # See https://github.com/kubernetes/kubeadm/issues/203 58 | echo "KUBELET_EXTRA_ARGS=--node-ip=$K8S_NODE_IP" | sudo tee -a /etc/default/kubelet 59 | sudo systemctl daemon-reload && sudo systemctl restart kubelet 60 | else 61 | (>&2 echo "WARNING: kubeadm installation is not supported in this distribution.") 62 | fi 63 | } 64 | 65 | function kubeadm_init { 66 | local kubeadm_config_file 67 | kubeadm_config_file=$(mktemp) 68 | 69 | if [[ ${CONTAINER_ENGINE} == 'crio' ]]; then 70 | CGROUP_DRIVER=$(iniget "/etc/crio/crio.conf" crio.runtime cgroup_manager) 71 | CRI_SOCKET="unix:///var/run/crio/crio.sock" 72 | else 73 | # docker is used 74 | CGROUP_DRIVER=$(docker info -f '{{.CgroupDriver}}') 75 | CRI_SOCKET="/var/run/dockershim.sock" 76 | fi 77 | 78 | cat </dev/null 79 | apiVersion: kubeadm.k8s.io/v1beta3 80 | kind: ClusterConfiguration 81 | imageRepository: "${KUBEADMIN_IMAGE_REPOSITORY}" 82 | etcd: 83 | external: 84 | endpoints: 85 | - "http://${SERVICE_HOST}:${ETCD_PORT}" 86 | networking: 87 | podSubnet: "${K8S_POD_NETWORK_CIDR}" 88 | serviceSubnet: "${K8S_SERVICE_NETWORK_CIDR}" 89 | --- 90 | apiVersion: kubeadm.k8s.io/v1beta3 91 | bootstrapTokens: 92 | - token: "${K8S_TOKEN}" 93 | ttl: 0s 94 | kind: InitConfiguration 95 | localAPIEndpoint: 96 | advertiseAddress: "${K8S_API_SERVER_IP}" 97 | bindPort: ${K8S_API_SERVER_PORT} 98 | nodeRegistration: 99 | criSocket: "$CRI_SOCKET" 100 | kubeletExtraArgs: 101 | enable-server: "true" 102 | taints: 103 | [] 104 | --- 105 | apiVersion: kubelet.config.k8s.io/v1beta1 106 | kind: KubeletConfiguration 107 | failSwapOn: false 108 | address: "0.0.0.0" 109 | enableServer: true 110 | cgroupDriver: $CGROUP_DRIVER 111 | EOF 112 | sudo kubeadm config images pull --image-repository=${KUBEADMIN_IMAGE_REPOSITORY} 113 | sudo kubeadm init --config $kubeadm_config_file --ignore-preflight-errors Swap 114 | 115 | local kube_config_file=$HOME/.kube/config 116 | sudo mkdir -p $(dirname ${kube_config_file}) 117 | sudo cp /etc/kubernetes/admin.conf $kube_config_file 118 | safe_chown $STACK_USER:$STACK_USER $kube_config_file 119 | 120 | if [[ "$K8S_NETWORK_ADDON" == "flannel" ]]; then 121 | kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml 122 | fi 123 | } 124 | 125 | function kubeadm_join { 126 | local kubeadm_config_file 127 | kubeadm_config_file=$(mktemp) 128 | 129 | if [[ ${CONTAINER_ENGINE} == 'crio' ]]; then 130 | CGROUP_DRIVER=$(iniget "/etc/crio/crio.conf" crio.runtime cgroup_manager) 131 | CRI_SOCKET="unix:///var/run/crio/crio.sock" 132 | else 133 | # docker is used 134 | CGROUP_DRIVER=$(docker info -f '{{.CgroupDriver}}') 135 | CRI_SOCKET="/var/run/dockershim.sock" 136 | fi 137 | 138 | cat </dev/null 139 | apiVersion: kubeadm.k8s.io/v1beta3 140 | kind: JoinConfiguration 141 | discovery: 142 | bootstrapToken: 143 | apiServerEndpoint: "${K8S_API_SERVER_IP}:${K8S_API_SERVER_PORT}" 144 | token: "${K8S_TOKEN}" 145 | unsafeSkipCAVerification: true 146 | tlsBootstrapToken: "${K8S_TOKEN}" 147 | nodeRegistration: 148 | criSocket: "$CRI_SOCKET" 149 | kubeletExtraArgs: 150 | enable-server: "true" 151 | taints: 152 | [] 153 | --- 154 | apiVersion: kubelet.config.k8s.io/v1beta1 155 | kind: KubeletConfiguration 156 | failSwapOn: false 157 | address: "0.0.0.0" 158 | enableServer: true 159 | cgroupDriver: $CGROUP_DRIVER 160 | EOF 161 | sudo kubeadm join --config $kubeadm_config_file --ignore-preflight-errors Swap 162 | } 163 | 164 | function start_collect_logs { 165 | wait_for_kube_service 180 component=kube-controller-manager 166 | wait_for_kube_service 60 component=kube-apiserver 167 | wait_for_kube_service 30 component=kube-scheduler 168 | wait_for_kube_service 30 k8s-app=kube-proxy 169 | run_process kube-controller-manager "/usr/bin/kubectl logs -n kube-system -f -l component=kube-controller-manager" 170 | run_process kube-apiserver "/usr/bin/kubectl logs -n kube-system -f -l component=kube-apiserver" 171 | run_process kube-scheduler "/usr/bin/kubectl logs -n kube-system -f -l component=kube-scheduler" 172 | run_process kube-proxy "/usr/bin/kubectl logs -n kube-system -f -l k8s-app=kube-proxy" 173 | } 174 | 175 | function wait_for_kube_service { 176 | local timeout=$1 177 | local selector=$2 178 | local rval=0 179 | time_start "wait_for_service" 180 | timeout $timeout bash -x < $FILES/crictl.sha256sum 54 | # remove the damaged file when checksum fails 55 | sha256sum -c $FILES/crictl.sha256sum || (sudo rm -f $crictl_file; exit 1) 56 | 57 | tar xzvf $crictl_file -C $FILES 58 | sudo install -o "$STACK_USER" -m 0555 -D "$FILES/crictl" \ 59 | "$CRICTL_BIN_DIR/crictl" 60 | fi 61 | } 62 | 63 | # Configure crictl tools. 64 | function configure_crictl { 65 | local crictl_config_file=/etc/crictl.yaml 66 | cat </dev/null 67 | runtime-endpoint: unix:///run/containerd/containerd.sock 68 | image-endpoint: unix:///run/containerd/containerd.sock 69 | timeout: 10 70 | debug: true 71 | EOF 72 | } 73 | 74 | 75 | # Restore xtrace 76 | $_XTRACE_CONTAINER_TOOLS_CRICTL 77 | -------------------------------------------------------------------------------- /devstack/plugin.sh: -------------------------------------------------------------------------------- 1 | # container - Devstack extras script to install container engine 2 | 3 | # Save trace setting 4 | XTRACE=$(set +o | grep xtrace) 5 | set -o xtrace 6 | 7 | echo_summary "container's plugin.sh was called..." 8 | source $DEST/devstack-plugin-container/devstack/lib/docker 9 | source $DEST/devstack-plugin-container/devstack/lib/crio 10 | source $DEST/devstack-plugin-container/devstack/lib/k8s 11 | (set -o posix; set) 12 | 13 | if is_service_enabled container; then 14 | if [[ "$1" == "stack" && "$2" == "install" ]]; then 15 | echo_summary "Installing container engine" 16 | if [[ ${CONTAINER_ENGINE} == "docker" ]]; then 17 | check_docker || install_docker 18 | elif [[ ${CONTAINER_ENGINE} == "crio" ]]; then 19 | check_crio || install_crio 20 | fi 21 | elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then 22 | echo_summary "Configuring container engine" 23 | if [[ ${CONTAINER_ENGINE} == "docker" ]]; then 24 | configure_docker 25 | elif [[ ${CONTAINER_ENGINE} == "crio" ]]; then 26 | configure_crio 27 | fi 28 | fi 29 | 30 | if [[ "$1" == "unstack" ]]; then 31 | if [[ ${CONTAINER_ENGINE} == "docker" ]]; then 32 | stop_docker 33 | elif [[ ${CONTAINER_ENGINE} == "crio" ]]; then 34 | stop_crio 35 | fi 36 | fi 37 | 38 | if [[ "$1" == "clean" ]]; then 39 | if [[ ${CONTAINER_ENGINE} == "docker" ]]; then 40 | cleanup_docker 41 | fi 42 | fi 43 | fi 44 | 45 | if is_k8s_enabled; then 46 | if [[ "$1" == "stack" && "$2" == "install" ]]; then 47 | install_kubeadm 48 | elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then 49 | if is_service_enabled k8s-master; then 50 | kubeadm_init 51 | elif is_service_enabled k8s-node; then 52 | kubeadm_join 53 | fi 54 | elif [[ "$1" == "stack" && "$2" == "extra" ]]; then 55 | if is_service_enabled k8s-master; then 56 | start_collect_logs 57 | fi 58 | fi 59 | 60 | if [[ "$1" == "unstack" ]]; then 61 | kubeadm_reset 62 | fi 63 | 64 | if [[ "$1" == "clean" ]]; then 65 | # nothing needed here 66 | : 67 | fi 68 | fi 69 | 70 | # Restore xtrace 71 | $XTRACE 72 | -------------------------------------------------------------------------------- /devstack/settings: -------------------------------------------------------------------------------- 1 | # Devstack settings 2 | 3 | # Supported options are "docker" and "crio". 4 | CONTAINER_ENGINE=${CONTAINER_ENGINE:-docker} 5 | # TODO(hongbin): deprecate and remove clear container 6 | ENABLE_CLEAR_CONTAINER=${ENABLE_CLEAR_CONTAINER:-false} 7 | ENABLE_KATA_CONTAINERS=${ENABLE_KATA_CONTAINERS:-false} 8 | ENABLE_LIVE_RESTORE=${ENABLE_LIVE_RESTORE:-false} 9 | ENABLE_IPV6=${ENABLE_IPV6:-false} 10 | K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel} 11 | ENABLE_CONTAINERD_CRI=${ENABLE_CONTAINERD_CRI:-false} 12 | CRIO_VERSION=${CRIO_VERSION:-"1.30.5"} 13 | CRIO_ALLOW_ICMP=${CRIO_ALLOW_ICMP:-true} 14 | CNI_CONF_DIR=${CNI_CONF_DIR:-} 15 | CNI_PLUGIN_DIR=${CNI_PLUGIN_DIR:-} 16 | 17 | UBUNTU_DOCKER_VERSION=${UBUNTU_DOCKER_VERSION:-} 18 | 19 | # Enable container services 20 | enable_service container 21 | 22 | # Enable k8s services 23 | if [[ ,${ENABLED_SERVICES} =~ ,"k8s-master" ]]; then 24 | enable_service kube-controller-manager 25 | enable_service kube-apiserver 26 | enable_service kube-scheduler 27 | enable_service kube-proxy 28 | fi 29 | 30 | # Customize kubeadm container images repository 31 | KUBEADMIN_IMAGE_REPOSITORY=${KUBEADMIN_IMAGE_REPOSITORY:-"registry.k8s.io"} 32 | 33 | # Configure crio pause image 34 | CRIO_PAUSE_IMAGE=${CRIO_PAUSE_IMAGE:-"registry.k8s.io/pause:3.6"} 35 | CRIO_PAUSE_COMMAND=${CRIO_PAUSE_COMMAND:-"/pause"} 36 | -------------------------------------------------------------------------------- /etc/cni/net.d/10-bridge.conf: -------------------------------------------------------------------------------- 1 | { 2 | "cniVersion": "0.2.0", 3 | "name": "mynet", 4 | "type": "bridge", 5 | "bridge": "cni0", 6 | "isGateway": true, 7 | "ipMasq": true, 8 | "ipam": { 9 | "type": "host-local", 10 | "subnet": "10.22.0.0/16", 11 | "routes": [ 12 | { "dst": "0.0.0.0/0" } 13 | ] 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /etc/cni/net.d/99-loopback.conf: -------------------------------------------------------------------------------- 1 | { 2 | "cniVersion": "0.2.0", 3 | "name": "lo", 4 | "type": "loopback" 5 | } 6 | -------------------------------------------------------------------------------- /playbooks/devstack-plugin-container-dsvm/post.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - fetch_docker_log 4 | -------------------------------------------------------------------------------- /playbooks/devstack-plugin-container-dsvm/pre.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - run-devstack 4 | -------------------------------------------------------------------------------- /playbooks/devstack-plugin-container-dsvm/run.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | name: Verify that Docker is installed correctly by running the hello-world image 3 | tasks: 4 | - shell: 5 | cmd: | 6 | set -e 7 | set -x 8 | sudo -H -u stack docker run hello-world 9 | -------------------------------------------------------------------------------- /playbooks/devstack-plugin-container-k8s/post.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - fetch_docker_log 4 | - fetch_kubelet_log 5 | -------------------------------------------------------------------------------- /playbooks/devstack-plugin-container-k8s/pre.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - orchestrate-devstack 4 | -------------------------------------------------------------------------------- /playbooks/devstack-plugin-container-k8s/run.yaml: -------------------------------------------------------------------------------- 1 | - hosts: controller 2 | name: Verify that k8s is installed correctly by running a pod 3 | tasks: 4 | - shell: 5 | cmd: | 6 | set -e 7 | set -x 8 | 9 | kubectl get nodes 10 | kubectl get pods --namespace kube-system 11 | 12 | tmpfile=$(mktemp) 13 | cat < $tmpfile 14 | apiVersion: v1 15 | kind: Pod 16 | metadata: 17 | name: myapp-pod 18 | labels: 19 | app: myapp 20 | spec: 21 | containers: 22 | - name: myapp-container 23 | image: busybox 24 | command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600'] 25 | EOT 26 | kubectl create -f $tmpfile 27 | kubectl wait --for=condition=Ready pod myapp-pod 28 | become: true 29 | become_user: stack 30 | -------------------------------------------------------------------------------- /releasenotes/notes/add-support-for-kata-containers-49eae38b994aeae8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | Support installing Kata Containers. 4 | features: 5 | - | 6 | In this release, it adds support for Kata Containers and configure it 7 | to work with Docker. 8 | deprecations: 9 | - | 10 | The support of Clear Container is deprecated in this release and will be 11 | removed in the next release. 12 | -------------------------------------------------------------------------------- /roles/fetch_docker_log/README.rst: -------------------------------------------------------------------------------- 1 | Collect docker log from test run 2 | -------------------------------------------------------------------------------- /roles/fetch_docker_log/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Ensure log path exists 2 | become: yes 3 | file: 4 | path: "{{ ansible_user_dir }}/logs" 5 | state: directory 6 | owner: "{{ ansible_user }}" 7 | group: "{{ ansible_user }}" 8 | mode: 0775 9 | 10 | - name: Store docker log in {{ ansible_user_dir }}/logs 11 | become: yes 12 | shell: 13 | cmd: | 14 | sudo journalctl -o short-precise --unit docker | sudo tee {{ ansible_user_dir }}/logs/docker.log > /dev/null 15 | 16 | - name: Set docker.log file permissions 17 | become: yes 18 | file: 19 | path: '{{ ansible_user_dir }}/logs/docker.log' 20 | owner: '{{ ansible_user }}' 21 | group: '{{ ansible_user }}' 22 | mode: 0644 23 | -------------------------------------------------------------------------------- /roles/fetch_kubelet_log/README.rst: -------------------------------------------------------------------------------- 1 | Collect kubelet log from test run 2 | -------------------------------------------------------------------------------- /roles/fetch_kubelet_log/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Ensure log path exists 2 | become: yes 3 | file: 4 | path: "{{ ansible_user_dir }}/logs" 5 | state: directory 6 | owner: "{{ ansible_user }}" 7 | group: "{{ ansible_user }}" 8 | mode: 0775 9 | 10 | - name: Store kubelet log in {{ ansible_user_dir }}/logs 11 | become: yes 12 | shell: 13 | cmd: | 14 | sudo journalctl -o short-precise --unit kubelet | sudo tee {{ ansible_user_dir }}/logs/kubelet.log > /dev/null 15 | 16 | - name: Set kubelet.log file permissions 17 | become: yes 18 | file: 19 | path: '{{ ansible_user_dir }}/logs/kubelet.log' 20 | owner: '{{ ansible_user }}' 21 | group: '{{ ansible_user }}' 22 | mode: 0644 23 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 3.18.0 3 | skipsdist = True 4 | envlist = bashate 5 | 6 | [testenv] 7 | usedevelop = False 8 | install_command = pip install {opts} {packages} 9 | 10 | [testenv:bashate] 11 | basepython = python3 12 | # if you want to test out some changes you have made to bashate 13 | # against devstack, just set BASHATE_INSTALL_PATH=/path/... to your 14 | # modified bashate tree 15 | deps = 16 | {env:BASHATE_INSTALL_PATH:bashate==0.5.1} 17 | allowlist_externals = bash 18 | commands = bash -c "find {toxinidir} \ 19 | -not \( -type d -name .?\* -prune \) \ 20 | -not \( -type d -name doc -prune \) \ 21 | -not \( -type f -name localrc -prune \) \ 22 | -type f \ 23 | -not -name \*~ \ 24 | -not -name \*.md \ 25 | -not -name stack-screenrc \ 26 | -not -name \*.orig \ 27 | -not -name \*.rej \ 28 | \( \ 29 | -name \*.sh -or \ 30 | -name \*rc -or \ 31 | -name functions\* -or \ 32 | -wholename \*/inc/\* -or \ 33 | -wholename \*/lib/\* \ 34 | \) \ 35 | -print0 | xargs -0 bashate -v -iE006 -eE005,E042" 36 | --------------------------------------------------------------------------------