Support installing specific version of docker

Change-Id: I12015c28f6f8ffc125097a14514a6a90a20cf35b
(cherry picked from commit f8e786f0d5)

.gitreview

@@ -2,3 +2,4 @@
 host=review.opendev.org
 port=29418
 project=openstack/devstack-plugin-container.git
+defaultbranch=stable/yoga

devstack/lib/crio

@@ -20,6 +20,7 @@ set +o xtrace
 # --------
 
 CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock}
+CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)
 
 # Functions
 # ---------
@@ -73,14 +74,13 @@ function configure_crio {
     # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
     sudo systemctl stop crio.service || true
 
-    local crio_conf
-    crio_conf=/etc/crio/crio.conf
+    export CRIO_CONF="/etc/crio/crio.conf"
 
     # We're wrapping values in \"<val>\" because that's the format cri-o wants.
-    iniset -sudo ${crio_conf} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
+    iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
     if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
         # debug is way too verbose, info will be enough
-        iniset -sudo ${crio_conf} crio.runtime log_level \"info\"
+        iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\"
     fi
     if is_ubuntu; then
         # At least for 18.04 we need to set up /etc/containers/registries.conf
@@ -94,15 +94,41 @@ function configure_crio {
 registries = ['docker.io']
 EOF
         fi
+        # CRI-O from kubic repo have placed runc in different place, not even
+        # in path, just to not conflict with runc package from official repo.
+        # We need to change it.
+        iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \
+            \"/usr/lib/cri-o-runc/sbin/runc\"
+
+        if [ -n "${CNI_CONF_DIR}" ]; then
+            iniset -sudo ${CRIO_CONF} crio.network network_dir \
+                \"${CNI_CONF_DIR}\"
+        fi
+        if [ -n "${CNI_PLUGIN_DIR}" ]; then
+            iniset -sudo ${CRIO_CONF} crio.network plugin_dir \
+                \"${CNI_PLUGIN_DIR}\"
+        fi
+        # By default CRI-O doesn't allow ICMP between containers, although it
+        # is ususally expected for testing purposes.
+        if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then
+            if grep -q 'default_sysctls =' ${CRIO_CONF}; then
+                export CRIO_KEY="default_sysctls"
+                export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]'
+                _update_config
+            else
+                iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \
+                    '[ "net.ipv4.ping_group_range=0 2147483647", ]'
+            fi
+        fi
     elif is_fedora; then
         local lsb_dist=${os_VENDOR,,}
 
         if [[ "$lsb_dist" = "centos" ]]; then
             # CentOS packages are putting runc binary in different place...
-            iniset -sudo ${crio_conf} crio.runtime runtime \"/usr/sbin/runc\"
+            iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\"
 
             # CentOS version seems to only work with cgroupfs...
-            iniset -sudo ${crio_conf} crio.runtime cgroup_manager \"cgroupfs\"
+            iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\"
         fi
     fi
 
@@ -113,5 +139,46 @@ function stop_crio {
     sudo systemctl stop crio.service || true
 }
 
+function _update_config {
+sudo -E python3 - <<EOF
+"""
+Update provided by CRIO_KEY key list in crio configuration in a form of:
+
+  some_key = [ some,
+      value
+  ]
+
+or just an empty list:
+
+  some_key = [
+  ]
+
+with the CRIO_VAL value.
+
+Note, CRIO_VAL must include square brackets.
+
+"""
+import os
+import re
+
+crio_key = os.environ.get('CRIO_KEY')
+crio_val = os.environ.get('CRIO_VAL')
+crio_conf = os.environ.get('CRIO_CONF')
+
+pat = re.compile(rf'{crio_key}\s*=\s*\[[^\]]*\]', flags=re.S | re.M)
+
+with open(crio_conf) as fobj:
+    conf = fobj.read()
+
+with open(crio_conf, 'w') as fobj:
+    search = pat.search(conf)
+    if search:
+        start, end = search.span()
+        conf = conf[:start] + f'{crio_key} = {crio_val}' + conf[end:]
+        fobj.write(conf)
+
+EOF
+}
+
 # Restore xtrace
 $_XTRACE_DOCKER

devstack/lib/docker

@@ -73,7 +73,11 @@ function install_docker {
             ${dist_version} \
             stable"
         REPOS_UPDATED=False apt_get_update
-        apt_get install docker-ce
+        if [ -n "${UBUNTU_DOCKER_VERSION}" ]; then
+            apt_get install docker-ce=$UBUNTU_DOCKER_VERSION
+        else
+            apt_get install docker-ce
+        fi
     elif is_fedora; then
         if [[ "$lsb_dist" = "centos" ]]; then
             sudo yum-config-manager \

devstack/lib/k8s

@@ -63,6 +63,7 @@ function kubeadm_init {
     cat <<EOF | tee $kubeadm_config_file >/dev/null
 apiVersion: kubeadm.k8s.io/v1beta1
 kind: ClusterConfiguration
+imageRepository: "${KUBEADMIN_IMAGE_REPOSITORY}"
 etcd:
   external:
     endpoints:
@@ -84,6 +85,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 failSwapOn: false
 EOF
+    sudo kubeadm config images pull --image-repository=${KUBEADMIN_IMAGE_REPOSITORY}
     sudo kubeadm init --config $kubeadm_config_file --ignore-preflight-errors Swap
 
     local kube_config_file=$HOME/.kube/config

devstack/settings

@@ -10,6 +10,11 @@ ENABLE_IPV6=${ENABLE_IPV6:-false}
 K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel}
 ENABLE_CONTAINERD_CRI=${ENABLE_CONTAINERD_CRI:-false}
 CRIO_VERSION=${CRIO_VERSION:-"1.18:/1.18.0"}
+CRIO_ALLOW_ICMP=${CRIO_ALLOW_ICMP:-true}
+CNI_CONF_DIR=${CNI_CONF_DIR:-}
+CNI_PLUGIN_DIR=${CNI_PLUGIN_DIR:-}
+
+UBUNTU_DOCKER_VERSION=${UBUNTU_DOCKER_VERSION:-}
 
 # Enable container services
 enable_service container
@@ -21,3 +26,6 @@ if [[ ,${ENABLED_SERVICES} =~ ,"k8s-master" ]]; then
     enable_service kube-scheduler
     enable_service kube-proxy
 fi
+
+# Customize kubeadm container images repository
+KUBEADMIN_IMAGE_REPOSITORY=${KUBEADMIN_IMAGE_REPOSITORY:-"k8s.gcr.io"}

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-minversion = 1.6
+minversion = 3.18.0
 skipsdist = True
 envlist = bashate
 
@@ -14,7 +14,7 @@ basepython = python3
 # modified bashate tree
 deps =
    {env:BASHATE_INSTALL_PATH:bashate==0.5.1}
-whitelist_externals = bash
+allowlist_externals = bash
 commands = bash -c "find {toxinidir}             \
          -not \( -type d -name .?\* -prune \)    \
          -not \( -type d -name doc -prune \)     \