feat: switch to binary runc and containerd install (#333)

* feat: switch to binary runc and containerd install

* fix: always download directly to dst node

* feat: add crictl role

* ci: add tests for binary downloads

* ci: rename scenario and add matrix

* ci: move to using prepare

* ci: stop using  anchors

* chore: refactor to download_artifact

* chore: add jammy to containerd+runc

* chore: bump ansible-lint

* chore: add more platforms for cri

* fix: ensure tar command exists

* chore: drop amznlinux2

---------

Co-authored-by: Mohammed Naser <[email protected]>

Author: fitbeard

.ansible-lint

@@ -10,6 +10,3 @@ exclude_paths:
 warn_list:
   - jinja[invalid]
   - jinja[spacing]
-  - name[casing]
-  - template-instead-of-copy
-  - yaml[line-length]

.github/workflows/containerd.yml

@@ -0,0 +1,69 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+name: containerd
+
+on:
+  pull_request:
+    paths:
+      - molecule/containerd/**
+      - roles/defaults/**
+      - roles/runc/**
+      - roles/binary_download/**
+      - roles/containerd/**
+      - roles/crictl/**
+  push:
+    branches:
+      - main
+    paths:
+      - molecule/containerd/**
+      - roles/defaults/**
+      - roles/runc/**
+      - roles/binary_download/**
+      - roles/containerd/**
+      - roles/crictl/**
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - debian10
+          - debian11
+          - fedora36
+          - fedora37
+          - rockylinux8
+          - rockylinux9
+          - ubuntu2004
+          - ubuntu2204
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v3
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          cache: poetry
+
+      - name: Install dependencies
+        run: poetry install --no-interaction --with dev
+
+      - name: Run Molecule
+        run: poetry run molecule test -s containerd
+        env:
+          MOLECULE_DISTRO: ${{ matrix.distro }}

.pre-commit-config.yaml

@@ -15,7 +15,7 @@ repos:
           - commit-msg
 
   - repo: https://github.com/ansible/ansible-lint
-    rev: v6.8.6
+    rev: v6.13.1
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$

galaxy.yml

@@ -14,6 +14,14 @@ dependencies:
   community.general: 4.5.0
   kubernetes.core: 2.3.2
   openstack.cloud: 1.7.0
+tags:
+  - application
+  - cloud
+  - infrastructure
+  - linux
+  - monitoring
+  - storage
+  - tools
 repository: https://github.com/vexxhost/atmosphere
 documentation: https://github.com/vexxhost/atmosphere/tree/main/docs
 homepage: https://github.com/vexxhost/atmosphere

meta/runtime.yml

@@ -1,2 +1,2 @@
 ---
-requires_ansible: ">=2.11"
+requires_ansible: ">=2.13.4"

molecule/containerd/converge.yml

@@ -0,0 +1,20 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Converge
+  hosts: all
+  become: true
+  roles:
+    - vexxhost.atmosphere.containerd
+    - vexxhost.atmosphere.crictl

molecule/containerd/molecule.yml

@@ -0,0 +1,31 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    privileged: true
+    cgroupns_mode: host
+    pre_build_image: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+provisioner:
+  name: ansible
+verifier:
+  name: ansible

molecule/containerd/prepare.yml

@@ -0,0 +1,28 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Prepare
+  hosts: all
+  become: true
+  pre_tasks:
+    - name: Wait for systemd to complete initialization
+      ansible.builtin.command: systemctl is-system-running
+      register: systemctl_status
+      until: >
+        'running' in systemctl_status.stdout or
+        'degraded' in systemctl_status.stdout
+      retries: 30
+      delay: 5
+      changed_when: false
+      failed_when: systemctl_status.rc > 1

molecule/containerd/verify.yml

@@ -0,0 +1,40 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Verify
+  hosts: all
+  become: true
+
+  pre_tasks:
+    - name: Gather service facts
+      service_facts:
+
+  tasks:
+    - name: Make sure containerd service is running
+      ansible.builtin.assert:
+        that:
+          - ansible_facts.services['containerd.service'].state in ['active', 'running']
+
+    - name: Make sure containerd service is enabled
+      ansible.builtin.assert:
+        that:
+          - ansible_facts.services['containerd.service'].status == 'enabled'
+
+    - name: Pull image from registry
+      ansible.builtin.command: ctr image pull docker.io/library/alpine:latest
+
+    - name: List images
+      ansible.builtin.command: ctr images ls
+      register: images
+      failed_when: not(images.stdout.find('alpine') != -1)

roles/ceph_mgr/tasks/main.yml

@@ -12,18 +12,18 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- name: install packages
+- name: Install packages
   ansible.builtin.apt:
     name: ["ceph-mgr"]
     install_recommends: false
 
-- name: create manager folder
+- name: Create manager folder
   ansible.builtin.file:
     path: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}"
     state: directory
     owner: ceph
     group: ceph
-    mode: 0700
+    mode: "0700"
 
 - name: Create Ceph manager keyring
   vexxhost.atmosphere.ceph_key:
@@ -36,14 +36,14 @@
     owner: ceph
     group: ceph
 
-- name: ensure permissions are fixed
+- name: Ensure permissions are fixed
   ansible.builtin.file:
     path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}"
     owner: ceph
     group: ceph
     recurse: true
 
-- name: enable and start service
+- name: Enable and start service
   ansible.builtin.service:
     name: "ceph-mgr@{{ inventory_hostname_short }}"
     state: started