Previously, an internal playbook installed many extra
necessary/unnecessary packages before this playbook even started. Since
this is a terrible design, move all dependencies here so that nothing is
unwritten. This includes installing some deps. for ansible itself
(which must be done as a raw command).
Signed-off-by: Chris Evich <cevich@redhat.com>
If running a playbook more than once, there's no need to re-bootstrap
the virtual environment. Assume if the verified crio directory already
exists, it should be used (after re-asserting hashes of requirements).
Signed-off-by: Chris Evich <cevich@redhat.com>
Our CI tests on RHEL and Fedora and we want to test the systemd cgroup
driver. However, kubelet needs to run in tests with systemd cgroup
driver as well, or tests fail. This patch fixes broken CI because of
not matching cgroup driver between CRI-O and the kubelet.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.
The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The environment executing the test playbooks matters. Establish a
script to bootstrap a known-good and fixed-version python virtual
environment. Spell out precise execution requirements in a standard
pip 'requirements.txt' file, including version numbers and hashes.
Upon executing the ``venv-ansible-playbook.sh`` wrapper, a virtual
environment is setup and contained within a fixed (or temporary)
directory, with full logs from setup. If this is to be preserved
across executions, the ``$WORKSPACE`` environment variable must be
set and exported beforehand.
Example execution command-line provided in script file
Signed-off-by: Chris Evich <cevich@redhat.com>
Without any swap space enabled, it's possible some intensive operation
can chew up all the memory on the test VM. Enabling swap space will
prevent this for minor cases, but could lead to disk-thrashing if the
memory demand is excessive.
Since the test system never reboots, using a file-backed swap should
suffice. Though not ideal, it's easy to setup and doesn't require any
interactions with the cloud that owns the VM or the job that created it.
Signed-off-by: Chris Evich <cevich@redhat.com>
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name. We want to elminate the name ocid from use.
Move fully to crio.
Also cric is being renamed to crioctl for the time being.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
When powering off the system, we want the ocid service, to shutdown
all containers running on the system so they can cleanup properly
This patch will cleanup all pods on poweroff.
The ocid-shutdown.service drops a file /var/run/ocid.shutdown when the system
is shutting down. The ocid-shutdown.service should only be executed at system
shutdown.
On bootup sequence should be
start ocid.service
start ocid-shutdown.service (This is a NO-OP)
On system shutdown
stop ocid-shutdown.service (Creates /var/run/ocid.shutdown)
stop ocid.service (Notices /var/run/ocid.service and stops all pods before exiting.)
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This also updates the readme to no longer contain CNI configuration
information (which had incorrect steps), and rather just points to the
example configs.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
In addition, remove the installation steps from the Makefile. In
general, I personally don't like projects that install service files on
`make install` -- that's the job of a package manager.
Signed-off-by: Aleksa Sarai <asarai@suse.com>