From 97f0502299e2fead61d2eca3f35ef46fd741bc65 Mon Sep 17 00:00:00 2001 From: David Justice Date: Wed, 21 Dec 2022 23:17:59 -0500 Subject: [PATCH] wip --- images/capi/Makefile | 1 + .../ansible/roles/containerd/tasks/main.yml | 35 +++++++++++++++++++ .../templates/etc/containerd/config.toml | 8 +++++ images/capi/packer/azure/azure-config.json | 1 + images/capi/packer/azure/packer.json | 2 ++ images/capi/packer/config/ansible-args.json | 2 +- images/capi/packer/config/wasm-shims.json | 6 ++++ images/capi/packer/goss/goss-command.yaml | 17 +++++++++ images/capi/packer/goss/goss-vars.yaml | 1 + 9 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 images/capi/packer/config/wasm-shims.json diff --git a/images/capi/Makefile b/images/capi/Makefile index 438c4df8b5..1be0e3deda 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -233,6 +233,7 @@ endif COMMON_NODE_VAR_FILES := packer/config/kubernetes.json \ packer/config/cni.json \ packer/config/containerd.json \ + packer/config/wasm-shims.json \ packer/config/ansible-args.json \ packer/config/goss-args.json \ packer/config/common.json \ diff --git a/images/capi/ansible/roles/containerd/tasks/main.yml b/images/capi/ansible/roles/containerd/tasks/main.yml index 5ae9753026..c7c5df2a91 100644 --- a/images/capi/ansible/roles/containerd/tasks/main.yml +++ b/images/capi/ansible/roles/containerd/tasks/main.yml @@ -30,6 +30,14 @@ dest: /tmp/containerd.tar.gz mode: 0600 +- name: download containerd-wasm-shims + get_url: + url: "{{ containerd_wasm_shims_url }}" + checksum: "sha256:{{ containerd_wasm_shims_sha256 }}" + dest: /tmp/containerd_wasm_shims.tar.gz + mode: 0600 + when: containerd_wasm_shims_runtimes | length > 0 + - name: Create a directory if it does not exist file: path: "{{ sysusr_prefix }}/bin" @@ -47,6 +55,17 @@ - --no-overwrite-dir when: ansible_os_family != "Flatcar" +# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin' +# see: https://github.com/kubernetes-sigs/image-builder/pull/1037 +- name: unpack containerd-wasm-shims + unarchive: + remote_src: True + src: /tmp/containerd_wasm_shims.tar.gz + dest: "{{ sysusr_prefix }}/bin" + extra_opts: + - --no-overwrite-dir + when: ansible_os_family != "Flatcar" and (containerd_wasm_shims_runtimes | length > 0) + - name: unpack containerd for Flatcar to /opt/bin unarchive: remote_src: True @@ -62,6 +81,17 @@ - 's@opt/local@opt@' when: ansible_os_family == "Flatcar" +# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin' +# see: https://github.com/kubernetes-sigs/image-builder/pull/1037 +- name: unpack containerd-wasm-shims for Flatcar to /opt/bin + unarchive: + remote_src: True + src: /tmp/containerd_wasm_shims.tar.gz + dest: "{{ sysusr_prefix }}/bin" + extra_opts: + - --no-overwrite-dir + when: ansible_os_family == "Flatcar" and (containerd_wasm_shims_runtimes | length > 0) + # Remove /opt/cni directory, as we will install cni later - name: delete /opt/cni directory file: @@ -132,3 +162,8 @@ file: path: /tmp/containerd.tar.gz state: absent + +- name: delete tarball + file: + path: /tmp/containerd_wasm_shims.tar.gz + state: absent diff --git a/images/capi/ansible/roles/containerd/templates/etc/containerd/config.toml b/images/capi/ansible/roles/containerd/templates/etc/containerd/config.toml index 12f3d71627..2e77c0cbe8 100644 --- a/images/capi/ansible/roles/containerd/templates/etc/containerd/config.toml +++ b/images/capi/ansible/roles/containerd/templates/etc/containerd/config.toml @@ -16,6 +16,14 @@ imports = ["/etc/containerd/conf.d/*.toml"] runtime_type = "io.containerd.runc.v2" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true +{% if 'spin' in containerd_wasm_shims_runtimes %} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin] + runtime_type = "io.containerd.spin.v1" +{% endif %} +{% if 'slight' in containerd_wasm_shims_runtimes %} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.slight] + runtime_type = "io.containerd.slight.v1" +{% endif %} {% endif %} {% if packer_builder_type.startswith('azure') %} [plugins."io.containerd.grpc.v1.cri".registry.headers] diff --git a/images/capi/packer/azure/azure-config.json b/images/capi/packer/azure/azure-config.json index 5c01568a61..c91419531d 100644 --- a/images/capi/packer/azure/azure-config.json +++ b/images/capi/packer/azure/azure-config.json @@ -2,6 +2,7 @@ "azure_location": "{{env `AZURE_LOCATION`}}", "client_id": "{{env `AZURE_CLIENT_ID`}}", "client_secret": "{{env `AZURE_CLIENT_SECRET`}}", + "containerd_wasm_shims_runtimes": "spin,slight", "subscription_id": "{{env `AZURE_SUBSCRIPTION_ID`}}", "vm_size": "Standard_B2ms" } diff --git a/images/capi/packer/azure/packer.json b/images/capi/packer/azure/packer.json index fccdacb20f..749c9208aa 100644 --- a/images/capi/packer/azure/packer.json +++ b/images/capi/packer/azure/packer.json @@ -181,6 +181,7 @@ "OS": "{{user `distribution` | lower}}", "PROVIDER": "azure", "containerd_version": "{{user `containerd_version`}}", + "containerd_wasm_shims_runtimes": "{{user `containerd_wasm_shims_runtimes` }}", "kubernetes_cni_deb_version": "{{ user `kubernetes_cni_deb_version` }}", "kubernetes_cni_rpm_version": "{{ split (user `kubernetes_cni_rpm_version`) \"-\" 0 }}", "kubernetes_cni_source_type": "{{user `kubernetes_cni_source_type`}}", @@ -219,6 +220,7 @@ "containerd_sha256": null, "containerd_url": "https://github.com/containerd/containerd/releases/download/v{{user `containerd_version`}}/cri-containerd-cni-{{user `containerd_version`}}-linux-amd64.tar.gz", "containerd_version": null, + "containerd_wasm_shims_runtimes": null, "crictl_url": "https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{user `crictl_version`}}/crictl-v{{user `crictl_version`}}-linux-amd64.tar.gz", "crictl_version": null, "direct_shared_gallery_image_id": "", diff --git a/images/capi/packer/config/ansible-args.json b/images/capi/packer/config/ansible-args.json index 4f5f859215..b44429ab01 100644 --- a/images/capi/packer/config/ansible-args.json +++ b/images/capi/packer/config/ansible-args.json @@ -1,5 +1,5 @@ { "ansible_common_ssh_args": "-o IdentitiesOnly=yes -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa", - "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} crictl_url={{user `crictl_url`}} crictl_sha256={{user `crictl_sha256`}} crictl_source_type={{user `crictl_source_type`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }}", + "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" crictl_url={{user `crictl_url`}} crictl_sha256={{user `crictl_sha256`}} crictl_source_type={{user `crictl_source_type`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }}", "ansible_scp_extra_args": "{{env `ANSIBLE_SCP_EXTRA_ARGS`}}" } diff --git a/images/capi/packer/config/wasm-shims.json b/images/capi/packer/config/wasm-shims.json new file mode 100644 index 0000000000..8a020a6304 --- /dev/null +++ b/images/capi/packer/config/wasm-shims.json @@ -0,0 +1,6 @@ +{ + "containerd_wasm_shims_runtimes": "", + "containerd_wasm_shims_sha256": "da84b1c065a58f95a841d39e143cd7115d43e6faedcce7a8782f2942388260d7", + "containerd_wasm_shims_url": "https://github.com/deislabs/containerd-wasm-shims/releases/download/{{user `containerd_wasm_shims_version`}}/containerd-wasm-shims-v1-linux-x86_64.tar.gz", + "containerd_wasm_shims_version": "v0.3.3" +} diff --git a/images/capi/packer/goss/goss-command.yaml b/images/capi/packer/goss/goss-command.yaml index e79c00a1f0..6ae2150d56 100644 --- a/images/capi/packer/goss/goss-command.yaml +++ b/images/capi/packer/goss/goss-command.yaml @@ -10,6 +10,23 @@ command: stdout: [] stderr: [] timeout: 0 +{{if ne .Vars.containerd_wasm_shims_runtimes ""}} + containerd-shim-slight-v1: + exit-status: 1 + stdout: [ ] + stderr: ["io.containerd.slight.v1: InvalidArgument(\"Shim namespace cannot be empty\")"] + timeout: 0 + containerd-shim-spin-v1: + exit-status: 1 + stdout: [ ] + stderr: ["io.containerd.spin.v1: InvalidArgument(\"Shim namespace cannot be empty\")"] + timeout: 0 + grep -E 'io\.containerd\.(slight|spin)\.v1' /etc/containerd/config.toml: + exit-status: 0 + stdout: [ ] + stderr: [ ] + timeout: 0 +{{end}} {{if eq .Vars.kubernetes_source_type "pkg"}} {{if eq .Vars.kubernetes_cni_source_type "pkg"}} crictl images | grep -v 'IMAGE ID' | awk -F'[ /]' '{print $2}' | sed 's/-{{ .Vars.arch }}//g' | sort: diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index e6a9ee05c1..bac883c0fc 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -71,6 +71,7 @@ common_photon_rpms: &common_photon_rpms arch: "amd64" containerd_version: "" +containerd_wasm_shims_runtimes: "" kubernetes_cni_source_type: "" kubernetes_cni_version: "" kubernetes_source_type: ""