From 627a06e30d0e6562a12f248ea83bbcaffa4db2fe Mon Sep 17 00:00:00 2001 From: AnatomicJC Date: Fri, 23 Jul 2021 16:07:16 +0200 Subject: [PATCH] CRI-O: Install libseccomp2 from backports on Debian 10 (#7816) * CRI-O: Install libseccomp2 from backports on Debian 10 libseccomp2 is a required dependency of cri-o-runc package The one provided in Debian 10 repositories is outdated * 7816: Remove useless when condition As this condition is handled by block --- .../cri-o/tasks/crio_repo.yml | 20 +++++++++++++++++++ roles/container-engine/cri-o/tasks/main.yaml | 7 +++++++ roles/container-engine/cri-o/vars/debian.yml | 3 +++ 3 files changed, 30 insertions(+) diff --git a/roles/container-engine/cri-o/tasks/crio_repo.yml b/roles/container-engine/cri-o/tasks/crio_repo.yml index b0ca20725..099d2ef64 100644 --- a/roles/container-engine/cri-o/tasks/crio_repo.yml +++ b/roles/container-engine/cri-o/tasks/crio_repo.yml @@ -1,5 +1,25 @@ --- +- block: + - name: Add Debian Backports apt repo + apt_repository: + repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main" + state: present + filename: debian-backports + + - name: Set libseccomp2 pin priority to apt_preferences on Debian buster + copy: + content: | + Package: libseccomp2 + Pin: release a={{ ansible_distribution_release }}-backports + Pin-Priority: 1001 + dest: "/etc/apt/preferences.d/libseccomp2" + owner: "root" + mode: 0644 + when: + - ansible_distribution == "Debian" + - ansible_distribution_version == "10" + - name: CRI-O kubic repo name for debian os family set_fact: crio_kubic_debian_repo_name: "{{ ((ansible_distribution == 'Ubuntu') | ternary('x','')) ~ ansible_distribution ~ '_' ~ ansible_distribution_version }}" diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml index cde3552f9..d22d1dc32 100644 --- a/roles/container-engine/cri-o/tasks/main.yaml +++ b/roles/container-engine/cri-o/tasks/main.yaml @@ -87,6 +87,13 @@ - not skip_downloads|default(false) - download_run_once +- name: Add libseccomp2 package from Debian Backports to install + set_fact: + crio_packages: "{{ crio_debian_buster_backports_packages + crio_packages }}" + when: + - ansible_distribution == "Debian" + - ansible_distribution_version == "10" + - name: Install cri-o packages package: name: "{{ item }}" diff --git a/roles/container-engine/cri-o/vars/debian.yml b/roles/container-engine/cri-o/vars/debian.yml index defdb88be..1e582d996 100644 --- a/roles/container-engine/cri-o/vars/debian.yml +++ b/roles/container-engine/cri-o/vars/debian.yml @@ -10,6 +10,9 @@ crio_versioned_pkg: - "cri-o=1.19*" - cri-o-runc +crio_debian_buster_backports_packages: + - "libseccomp2" + default_crio_packages: "{{ crio_versioned_pkg[crio_version] }}" crio_packages: "{{ debian_crio_packages | default(default_crio_packages) }}"