Support installing specific version of docker

Change-Id: I12015c28f6f8ffc125097a14514a6a90a20cf35b
(cherry picked from commit f8e786f0d5)

.gitreview

@@ -2,4 +2,4 @@
 host=review.opendev.org
 port=29418
 project=openstack/devstack-plugin-container.git
-defaultbranch=stable/wallaby
+defaultbranch=stable/zed

devstack/lib/crio

@@ -20,6 +20,7 @@ set +o xtrace
 # --------
 
 CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock}
+CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)
 
 # Functions
 # ---------
@@ -73,14 +74,15 @@ function configure_crio {
     # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
     sudo systemctl stop crio.service || true
 
-    local crio_conf
-    crio_conf=/etc/crio/crio.conf
+    export CRIO_CONF="/etc/crio/crio.conf"
 
     # We're wrapping values in \"<val>\" because that's the format cri-o wants.
-    iniset -sudo ${crio_conf} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
+    iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
+    iniset -sudo ${CRIO_CONF} crio.image pause_image \"${CRIO_PAUSE_IMAGE}\"
+    iniset -sudo ${CRIO_CONF} crio.image pause_command \"${CRIO_PAUSE_COMMAND}\"
     if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
         # debug is way too verbose, info will be enough
-        iniset -sudo ${crio_conf} crio.runtime log_level \"info\"
+        iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\"
     fi
     if is_ubuntu; then
         # At least for 18.04 we need to set up /etc/containers/registries.conf
@@ -94,15 +96,41 @@ function configure_crio {
 registries = ['docker.io']
 EOF
         fi
+        # CRI-O from kubic repo have placed runc in different place, not even
+        # in path, just to not conflict with runc package from official repo.
+        # We need to change it.
+        iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \
+            \"/usr/lib/cri-o-runc/sbin/runc\"
+
+        if [ -n "${CNI_CONF_DIR}" ]; then
+            iniset -sudo ${CRIO_CONF} crio.network network_dir \
+                \"${CNI_CONF_DIR}\"
+        fi
+        if [ -n "${CNI_PLUGIN_DIR}" ]; then
+            iniset -sudo ${CRIO_CONF} crio.network plugin_dir \
+                \"${CNI_PLUGIN_DIR}\"
+        fi
+        # By default CRI-O doesn't allow ICMP between containers, although it
+        # is ususally expected for testing purposes.
+        if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then
+            if grep -q 'default_sysctls =' ${CRIO_CONF}; then
+                export CRIO_KEY="default_sysctls"
+                export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]'
+                _update_config
+            else
+                iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \
+                    '[ "net.ipv4.ping_group_range=0 2147483647", ]'
+            fi
+        fi
     elif is_fedora; then
         local lsb_dist=${os_VENDOR,,}
 
         if [[ "$lsb_dist" = "centos" ]]; then
             # CentOS packages are putting runc binary in different place...
-            iniset -sudo ${crio_conf} crio.runtime runtime \"/usr/sbin/runc\"
+            iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\"
 
             # CentOS version seems to only work with cgroupfs...
-            iniset -sudo ${crio_conf} crio.runtime cgroup_manager \"cgroupfs\"
+            iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\"
         fi
     fi
 
@@ -113,5 +141,46 @@ function stop_crio {
     sudo systemctl stop crio.service || true
 }
 
+function _update_config {
+sudo -E python3 - <<EOF
+"""
+Update provided by CRIO_KEY key list in crio configuration in a form of:
+
+  some_key = [ some,
+      value
+  ]
+
+or just an empty list:
+
+  some_key = [
+  ]
+
+with the CRIO_VAL value.
+
+Note, CRIO_VAL must include square brackets.
+
+"""
+import os
+import re
+
+crio_key = os.environ.get('CRIO_KEY')
+crio_val = os.environ.get('CRIO_VAL')
+crio_conf = os.environ.get('CRIO_CONF')
+
+pat = re.compile(rf'{crio_key}\s*=\s*\[[^\]]*\]', flags=re.S | re.M)
+
+with open(crio_conf) as fobj:
+    conf = fobj.read()
+
+with open(crio_conf, 'w') as fobj:
+    search = pat.search(conf)
+    if search:
+        start, end = search.span()
+        conf = conf[:start] + f'{crio_key} = {crio_val}' + conf[end:]
+        fobj.write(conf)
+
+EOF
+}
+
 # Restore xtrace
 $_XTRACE_DOCKER

devstack/lib/docker

@@ -56,8 +56,10 @@ function install_docker {
 
     local lsb_dist=${os_VENDOR,,}
     local dist_version=${os_CODENAME}
-    local arch
-    arch=$(dpkg --print-architecture)
+    if [[ "$lsb_dist" != "centosstream" ]]; then
+        local arch
+        arch=$(dpkg --print-architecture)
+    fi
     if is_ubuntu; then
         apt_get install apparmor
         if [[ ${dist_version} == 'trusty' ]]; then
@@ -74,12 +76,27 @@ function install_docker {
             ${dist_version} \
             stable"
         REPOS_UPDATED=False apt_get_update
-        apt_get install docker-ce
+        if [ -n "${UBUNTU_DOCKER_VERSION}" ]; then
+            apt_get install docker-ce=$UBUNTU_DOCKER_VERSION
+        else
+            apt_get install docker-ce
+        fi
     elif is_fedora; then
         if [[ "$lsb_dist" = "centos" ]]; then
             sudo yum-config-manager \
                 --add-repo \
                 https://download.docker.com/linux/centos/docker-ce.repo
+        elif  [[ "$lsb_dist" = "centosstream" ]]; then
+            sudo yum-config-manager \
+                --add-repo \
+                https://download.docker.com/linux/centos/docker-ce.repo
+            sudo yum-config-manager \
+                --add-repo \
+                https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 #noqa
+            sudo yum-config-manager \
+                --enable \
+                packages.cloud.google.com_yum_repos_kubernetes-el7-x86_64
+            sudo dnf -y install kubeadm --nogpgcheck
         elif [[ "$lsb_dist" = "fedora" ]]; then
             sudo dnf config-manager \
                 --add-repo \

devstack/settings

@@ -10,6 +10,11 @@ ENABLE_IPV6=${ENABLE_IPV6:-false}
 K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel}
 ENABLE_CONTAINERD_CRI=${ENABLE_CONTAINERD_CRI:-false}
 CRIO_VERSION=${CRIO_VERSION:-"1.18:/1.18.0"}
+CRIO_ALLOW_ICMP=${CRIO_ALLOW_ICMP:-true}
+CNI_CONF_DIR=${CNI_CONF_DIR:-}
+CNI_PLUGIN_DIR=${CNI_PLUGIN_DIR:-}
+
+UBUNTU_DOCKER_VERSION=${UBUNTU_DOCKER_VERSION:-}
 
 # Enable container services
 enable_service container
@@ -24,3 +29,7 @@ fi
 
 # Customize kubeadm container images repository
 KUBEADMIN_IMAGE_REPOSITORY=${KUBEADMIN_IMAGE_REPOSITORY:-"k8s.gcr.io"}
+
+# Configure crio pause image
+CRIO_PAUSE_IMAGE=${CRIO_PAUSE_IMAGE:-"k8s.gcr.io/pause:3.6"}
+CRIO_PAUSE_COMMAND=${CRIO_PAUSE_COMMAND:-"/pause"}

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-minversion = 1.6
+minversion = 3.18.0
 skipsdist = True
 envlist = bashate
 
@@ -14,7 +14,7 @@ basepython = python3
 # modified bashate tree
 deps =
    {env:BASHATE_INSTALL_PATH:bashate==0.5.1}
-whitelist_externals = bash
+allowlist_externals = bash
 commands = bash -c "find {toxinidir}             \
          -not \( -type d -name .?\* -prune \)    \
          -not \( -type d -name doc -prune \)     \