[2.13] Backport CRI-O bugfixes (#6230)

* Enable crio 1.18 (#6197) * fix CRI-O repos for centos distributions (#6224) * fix CRI-O repos for centos distributions * fix CRI-O repos for centos distributions - revert workarounds * fix CRI-O repos for centos distributions - use https for centos repos * avoid 302 redirects for centos repos * Use OS packaging default value for apparmor_profile in crio.conf (#6125) Co-authored-by: jeanfabrice <github@bobo-rousselin.com>
2020-06-04 16:09:15 +02:00 · 2020-06-04 16:09:15 +02:00 · 051e08e31c
parent dd539cf360
commit 051e08e31c
5 changed files with 17 additions and 12 deletions
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@ -9,7 +9,7 @@ crio_conmon: "/usr/bin/conmon"
 crio_required_version: "{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
 crio_kubernetes_version_matrix:
-  "1.18": "1.17"
+  "1.18": "1.18"
  "1.17": "1.17"
  "1.16": "1.16"
--- a/roles/container-engine/cri-o/molecule/default/molecule.yml
+++ b/roles/container-engine/cri-o/molecule/default/molecule.yml
@ -8,12 +8,12 @@ lint:
  options:
    config-file: ../../../.yamllint
 platforms:
-  # - name: ubuntu1804
+  - name: ubuntu1804
-  #   box: generic/ubuntu1804
+    box: generic/ubuntu1804
-  #   cpus: 2
+    cpus: 2
-  #   memory: 1024
+    memory: 1024
-  #   groups:
+    groups:
-  #     - kube-master
+      - kube-master
  - name: centos7
    box: centos/7
    cpus: 2
--- a/roles/container-engine/cri-o/tasks/crio_repo.yml
+++ b/roles/container-engine/cri-o/tasks/crio_repo.yml
@ -22,7 +22,7 @@
  yum_repository:
    name: devel_kubic_libcontainers_stable
    description: Stable Releases of Upstream github.com/containers packages (CentOS_$releasever)
-    baseurl: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/
+    baseurl: http://widehat.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/
    gpgcheck: yes
    gpgkey: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/repodata/repomd.xml.key
  when: ansible_distribution in ["CentOS"]
@ -30,10 +30,10 @@
 - name: Add CRI-O kubic repo
  yum_repository:
    name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
-    description: 1.17 (CentOS_$releasever)
+    description: "CRI-O {{ crio_version }} (CentOS_$releasever)"
-    baseurl: "http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/CentOS_$releasever/"
+    baseurl: "http://widehat.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/CentOS_$releasever/"
    gpgcheck: yes
-    gpgkey: "http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/CentOS_$releasever/repodata/repomd.xml.key"
+    gpgkey: "http://widehat.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/CentOS_$releasever/repodata/repomd.xml.key"
  when: ansible_distribution in ["CentOS"]
 - name: Enable modular repos for CRI-O
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@ -106,7 +106,7 @@ seccomp_profile = "{{crio_seccomp_profile}}"
 # Used to change the name of the default AppArmor profile of CRI-O. The default
 # profile name is "crio-default-" followed by the version string of CRI-O.
-apparmor_profile = "crio-default"
+# apparmor_profile = "crio-default"
 # Cgroup management implementation used for the runtime.
 cgroup_manager = "{{crio_cgroup_manager}}"
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@ -4,3 +4,8 @@ crio_packages:
  - "cri-o-{{ crio_version }}"
 crio_runc_path: /usr/sbin/runc
 crio_kubernetes_version_matrix:
  "1.18": "1.17"
  "1.17": "1.17"
  "1.16": "1.16"