-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
containerd: Add support for tar.gz package #8199
Conversation
Hi @hakman. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cc @justinsb |
4908f06
to
923c768
Compare
/ok-to-test |
/test pull-kops-verify-packages |
923c768
to
dcef0b0
Compare
/test pull-kops-e2e-kubernetes-aws |
dcef0b0
to
3f1ae23
Compare
/test pull-kops-verify-generated |
b836268
to
878eec5
Compare
/assign @justinsb |
878eec5
to
08b504c
Compare
nodeup/pkg/model/containerd.go
Outdated
Hash: dv.Hash, | ||
TargetDir: "/", | ||
MapFiles: map[string]string{ | ||
"./usr/local/bin/ctr": "/usr/bin", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if we should map directories, as this likely makes it harder to support new tar.gz bundles we don't yet know about (they may have added a file)...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very good point. Updated and works perfectly.
|
||
manifest.Set("Service", "LimitNOFILE", "1048576") | ||
manifest.Set("Service", "LimitNPROC", "infinity") | ||
manifest.Set("Service", "LimitCORE", "infinity") | ||
manifest.Set("Service", "TasksMax", "infinity") | ||
|
||
manifest.Set("Service", "Restart", "always") | ||
manifest.Set("Service", "RestartSec", "2s") | ||
manifest.Set("Service", "StartLimitInterval", "0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might actually need these to prevent systemd marking the unit as failed and not always restarting e.g. https://serverfault.com/questions/736624/systemd-service-automatic-restart-after-startlimitinterval
However, I think with RestartSec = 5 we're OK with the default values, but it is possible that systemd is not running with the default values.
Also annoying is that the field was renamed from StartLimitInterval to StartLimitIntervalSec at some stage; I don't know if any of our OSes uses StartLimitInterval.
We might need a helper function - so we can probably leave this as-is for now :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also saw that Kops doesn't use StartLimitInterval
anywhere. Besides the name, it was also moved from [Service]
to [Unit]
at some point.
https://lists.freedesktop.org/archives/systemd-devel/2017-July/039255.html
Unless someone will complain, I also think we can skip it for now.
@@ -188,7 +188,7 @@ var dockerVersions = []packageVersion{ | |||
Hash: "a6b0243af348140236ed96f2e902b259c590eefa", | |||
}, | |||
}, | |||
Dependencies: []string{"libtool-ltdl", "libseccomp"}, | |||
Dependencies: []string{"libtool-ltdl"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are the ones we're moving into packages.go?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Moving to packages.go.
return fmt.Errorf("error creating directories %q: %v", targetDir, err) | ||
} | ||
|
||
args := []string{"tar", "xf", localFile, "-C", targetDir, "--strip-components=" + strconv.Itoa(stripCount), src} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is going to be slow I think, because we have to read the whole tar file every time (tar files aren't indexed, unlike zip files).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In theory, yes. In practice it's faster than yum install containerd
:
I0112 04:43:20.381756 652 files.go:100] Hash matched for "/var/cache/nodeup/archives/containerd.io": sha1:f451d46280104588f236bee277bca1da8babc0e8
I0112 04:43:20.381805 652 archive.go:189] running command [tar xf /var/cache/nodeup/archives/containerd.io -C /usr --strip-components=3 ./usr/local/bin]
I0112 04:43:22.038539 652 archive.go:189] running command [tar xf /var/cache/nodeup/archives/containerd.io -C /usr --strip-components=3 ./usr/local/sbin]
I0112 04:43:23.601597 652 executor.go:103] Tasks: 2 done / 60 total; 45 can run
``
@@ -107,14 +102,6 @@ var containerdVersions = []packageVersion{ | |||
Version: "1.2.10", | |||
Source: "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm", | |||
Hash: "f6447e84479df3a58ce04a3da87ccc384663493b", | |||
ExtraPackages: map[string]packageInfo{ | |||
"container-selinux": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess the problem here is that container-selinux might be tied to the behaviour of a particular version of containerd. i.e. a new version of containerd introduces a new required permission (?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My assumption was that newer container-selinux will only add permissions, which would make it backwards compatible with any containerd or docker version. In a regular install. where one has a valid subscription, any package upgrade would grab the latest version.
Thanks @hakman ... generally looks good but I have some questions! |
08b504c
to
2a6aeaf
Compare
Thanks @justinsb. I think this will make it simpler to support multi-arch. I see that the guys working on containerd are improving their support for multi-arch and hopefully will release official builds soon. Would it make sense to try and move Docker deps to Packages and add a tar.gz package there also? |
Thanks for the tweaks - looks great! /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman, justinsb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
For docker, my inclination would be to leave it as-is, and gradually let it age-out out of our code, as I think people will switch to pure containerd. But if there's an advantage to refactoring it, we can do that! |
/retest |
1 similar comment
/retest |
/test pull-kops-e2e-kubernetes-aws |
1 similar comment
/test pull-kops-e2e-kubernetes-aws |
/retest |
Each containerd release comes with a tar.gz that can be used to install it with minimal effort.
Ref: #7986 (comment)
Summary of changes:
container-selinux
is installed from repo and not vault (vault package is still needed for RHEL and Amazon Linux)PS1: Docker could get some similar upgrade by moving the deps to Packages and would open the way to multi-arch.
PS2: Amazon Linux 2 doesn't have the packages required to run the latest containerd (and Docker). At least the deps for
container-selinux
from CentOS are missing. I suspect this distro will need special care if support for it is desired.