Ubuntu CRI-O (#5426)

* Fix crictl

* Reload systemd daemon before enabling service

* Typo

* Add crictl template

* Remove seccomp.json for ubuntu

* Set runtime path of runc for ubuntu

* Change path to conmon

roles/container-engine/cri-o/tasks/crictl.yml

@@ -0,0 +1,27 @@
+---
+- name: crictl | Download crictl
+  include_tasks: "../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.crictl) }}"
+
+- name: Install crictl config
+  template:
+    src: ../templates/crictl.yaml.j2
+    dest: /etc/crictl.yaml
+    owner: bin
+    mode: 0644
+
+- name: Copy crictl binary from download dir
+  synchronize:
+    src: "{{ local_release_dir }}/crictl"
+    dest: "{{ bin_dir }}/crictl"
+    compress: no
+    perms: yes
+    owner: no
+    group: no
+  delegate_to: "{{ inventory_hostname }}"
+
+- name: Install crictl completion
+  shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl"
+  ignore_errors: True
+  when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]

roles/container-engine/cri-o/tasks/main.yaml

@@ -30,11 +30,7 @@
     state: present
   when: ansible_distribution in ["Ubuntu"]
 
-- name: Add CRI-O PPA
-  apt_repository:
-    repo: ppa:projectatomic/ppa
-    state: present
-  when: ansible_distribution in ["Ubuntu"]
+- include_tasks: "crictl.yml"
 
 - name: Install crictl
   unarchive:
@@ -76,6 +72,10 @@
     owner: root
     mode: 0755
 
+- name: Reload systemd daemon
+  systemd:
+    daemon_reload: yes
+
 - name: Install cri-o service
   service:
     name: "{{ crio_service }}"

roles/container-engine/cri-o/templates/crictl.yaml.j2

@@ -0,0 +1,4 @@
+runtime-endpoint: unix://{{ cri_socket }}
+image-endpoint: unix://{{ cri_socket }}
+timeout: 30
+debug: false

roles/container-engine/cri-o/templates/crio.conf.j2

@@ -104,6 +104,8 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
 # for the runtime.
 {% if ansible_os_family == "ClearLinux" %}
 seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
+{% elif ansible_distribution == "Ubuntu" %}
+seccomp_profile = ""
 {% else %}
 seccomp_profile = "/etc/crio/seccomp.json"
 {% endif %}
@@ -216,8 +218,10 @@ ctr_stop_timeout = 0
   # of trust of the workload.
   
   [crio.runtime.runtimes.runc]
-{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" or ansible_distribution == "Ubuntu" %}
+{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
   runtime_path = "/usr/bin/runc"
+{% elif ansible_distribution == "Ubuntu" %}
+  runtime_path = "/usr/lib/cri-o-runc/sbin/runc"
 {% else %}
   runtime_path = "/usr/sbin/runc"
 {% endif %}

roles/container-engine/cri-o/vars/ubuntu.yml

@@ -3,4 +3,4 @@ crio_packages:
   - "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
 
 crio_service: crio
-crio_conmon: /usr/lib/crio/bin/conmon
+crio_conmon: /usr/bin/conmon