feat(ocne): Upgrade to OL8 UEKR7

OCNE/.env

@@ -15,8 +15,8 @@
 # SUBNET=192.168.99
 
 # Set vCPU count and memory for the VMs:
-#   +  2 vCPU/1770MB memory minimum for Master node(s)
-#   +  1 vCPU/648MB memory minimum for Worker node(s)
+#   +  2 vCPU/1770MB absloute memory minimum for Master node(s)
+#   +  1 vCPU/700MB absloute memory minimum for Worker node(s)
 #   +  3GB memory minimum required for Istio module on Worker nodes
 # OPERATOR_CPUS=1
 # OPERATOR_MEMORY=1024

OCNE/README.md

@@ -16,7 +16,7 @@ Environment Platform Agent installed and configured to communicate with the
 Platform API Server on the operator node.
 
 The installation includes the Kubernetes module for Oracle Cloud
-Native Environment which deploys Kubernetes 1.22.8 configured to use
+Native Environment which deploys Kubernetes [1.24.8](https://docs.oracle.com/en/operating-systems/olcne/1.5/relnotes/components.html#d672e108) configured to use
 the CRI-O runtime interface. Two runtime engines are installed, runc and
 Kata Containers.
 
@@ -66,8 +66,8 @@ To obtain token from any Master node, you may run: `kubectl -n kubernetes-dashbo
 The VMs communicate via a private network:
 
 - Controller node IP: 192.168.99.100 (if `STANDALONE_OPERATOR=true`)
-- Master node _i_: 192.168.99.(100_+i_) / master*_i_*.vagrant.vm
-- Worker node _i_: 192.168.99.(110_+i_) / worker*_i_*.vagrant.vm
+- Master node _i_: 192.168.99.(100+ _i_ ) / master *_i_* .vagrant.vm
+- Worker node _i_: 192.168.99.(110+ _i_ ) / worker *_i_* .vagrant.vm
 - Master Virtual IP: 192.168.99.99 (if `MULTI_MASTER=true`)
 - LoadBalancer IPs: 192.168.99.240 - 192.168.99.250 (if `DEPLOY_METALLB=true`)
 

OCNE/Vagrantfile

@@ -1,7 +1,7 @@
 #
 # Vagrantfile for Oracle Cloud Native Environment
 #
-# Copyright (c) 2019, 2021 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2022 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at
 # https://oss.oracle.com/licenses/upl.
 #
@@ -247,7 +247,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       ip = 110 + i
       ip_addr = "#{SUBNET}.#{ip}"
       workers += "#{ip_addr},"
-      worker.vm.network :private_network, ip: ip_addr
+      worker.vm.network :private_network, nic_type: "virtio", ip: ip_addr
       if Vagrant.has_plugin?("vagrant-hosts")
         worker.vm.provision :hosts, :sync_hosts => true, :add_localhost_hostnames => false
       end
@@ -281,7 +281,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       ip = 100 + i
       ip_addr = "#{SUBNET}.#{ip}"
       masters += "#{ip_addr},"
-      master.vm.network :private_network, ip: ip_addr
+      master.vm.network :private_network, nic_type: "virtio", ip: ip_addr
       if Vagrant.has_plugin?("vagrant-hosts")
         master.vm.provision :hosts, :sync_hosts => true, :add_localhost_hostnames => false
       end
@@ -316,7 +316,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   if STANDALONE_OPERATOR
     config.vm.define "operator" do |operator|
       operator.vm.hostname = "operator.vagrant.vm"
-      operator.vm.network :private_network, ip: "#{SUBNET}.100"
+      operator.vm.network :private_network, nic_type: "virtio", ip: "#{SUBNET}.100"
       if Vagrant.has_plugin?("vagrant-hosts")
         operator.vm.provision :hosts, :sync_hosts => true, :add_localhost_hostnames => false
       end

OCNE/scripts/provision.sh

@@ -2,7 +2,7 @@
 #
 # Provision Oracle Cloud Native Environment nodes
 #
-# Copyright (c) 2019, 2021 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2022 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at
 # https://oss.oracle.com/licenses/upl.
 #
@@ -255,7 +255,7 @@ setup_repos() {
 
   # Add OCNE release package
   echo_do sudo dnf install -y oracle-olcne-release-el8
-  echo_do sudo dnf config-manager --enable ol8_olcne15 ol8_baseos_latest ol8_appstream ol8_addons ol8_UEKR6
+  echo_do sudo dnf config-manager --enable ol8_olcne15 ol8_baseos_latest ol8_appstream ol8_addons ol8_kvm_appstream ol8_UEKR7
   echo_do sudo dnf config-manager --disable ol8_olcne12 ol8_olcne13 ol8_olcne14
 
   # Optional extra repo
@@ -326,6 +326,14 @@ requirements() {
 #######################################
 install_packages() {
 
+  ### `nft_masq` is not part of kernel-uek-core since OL8U7. To enable masquerading, we must install kernel-uek-modules
+  ### https://docs.oracle.com/en/operating-systems/uek/7/relnotes7.0/uek7.0-NewFeaturesandChanges.html
+  msg "Installing kernel-uek-modules"
+  echo_do sudo dnf install -y kernel-uek-modules-$(uname -r)
+  msg "Installing the OpenSSL toolkit"
+  echo_do sudo dnf install -y openssl
+  ###
+
   if [[ ${OPERATOR} == 1 ]]; then
     msg "Installing the Oracle Cloud Native Environment Platform API Server and Platform CLI tool to the operator node."
     echo_do sudo dnf install -y olcnectl"${OCNE_VERSION}" olcne-api-server"${OCNE_VERSION}" olcne-utils"${OCNE_VERSION}"
@@ -372,7 +380,7 @@ install_packages() {
   fi
 
   if [[ ${DEPLOY_METALLB} == 1 ]]; then
-    if [[ ${WORKER} == 1 ]]; then
+    if [[ ${MASTER} == 1 || ${WORKER} == 1 ]]; then
       echo_do sudo firewall-cmd --add-port=7946/tcp --permanent
       echo_do sudo firewall-cmd --add-port=7946/udp --permanent
     fi
@@ -393,7 +401,7 @@ install_packages() {
       echo_do eval "cat /etc/ssl/glusterfs.pem >> /vagrant/glusterfs.ca"
       echo_do sudo touch /var/lib/glusterd/secure-access
       echo_do sudo systemctl enable --now glusterd.service
-      echo_do sudo firewall-cmd --permanent --add-service=glusterfs
+      echo_do sudo firewall-cmd --add-service=glusterfs --permanent
     fi
 
     if [[ ${OPERATOR} == 1 ]]; then
@@ -792,6 +800,16 @@ fixups() {
       \""
   done
 
+  # Fix: /usr/libexec/crio/conmon doesn't exist
+  #      conmon in @ol8_x86_64_appstream overrides @ol8_x86_64_olcne15
+  msg "Change conmon from /usr/libexec/crio/conmon to /usr/bin/conmon in /etc/crio/crio.conf"
+  for node in ${MASTERS//,/ } ${WORKERS//,/ }; do
+    echo_do ssh "${node}" "\"\
+      sudo sed 's|/usr/libexec/crio/conmon|/usr/bin/conmon|' -i /etc/crio/crio.conf \
+      && sudo systemctl restart crio.service \
+    \""
+  done  
+
   msg "Starting kubectl proxy service on master nodes"
   for node in ${MASTERS//,/ }; do
     # Expose the kubectl proxy to the host