Hello community, here is the log from the commit of package cri-o for openSUSE:Factory checked in at 2019-11-15 22:33:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cri-o (Old) and /work/SRC/openSUSE:Factory/.cri-o.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cri-o" Fri Nov 15 22:33:28 2019 rev:39 rq:748819 version:1.16.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2019-11-12 11:54:59.831316158 +0100 +++ /work/SRC/openSUSE:Factory/.cri-o.new.26869/cri-o.changes 2019-11-15 22:33:31.224040564 +0100 @@ -1,0 +2,48 @@ +Fri Nov 15 04:49:31 UTC 2019 - Sascha Grunert <sgrun...@suse.com> + +- Use single service macro invocation +- Add shell completions directories to files + +------------------------------------------------------------------- +Thu Nov 14 09:19:51 UTC 2019 - Sascha Grunert <sgrun...@suse.com> + +- Add crio and crio-status shell completions +- Add crio-wipe and crio-shutdown services +- Update kubelet verbosity to `-v=2` +- Update conmon cgroup to `system.slice` +- Update crio.conf to match latest version +- Update to v1.16.0: + * Major Changes + * Add support for manifest lists + * Dual stack IPv6 support + * HUP reload of SystemRegistries + * file_locking is no longer a supported option in the + configuration file + * Hooks are no longer found implicitally. + * conmon now lives in a separate repository and must be + downloaded separately. + * Minor + * All OCI mounts are mounted as rw when a pod is privileged + * CRI-O can now run on a cgroupv2 system (only with the runtime + crun) + * Add environment variables to CLI flags + * Add crio-status client to conveniently query status of crio + or a container + * Conmon is now found in $PATH if a path isn't specified or is + empty + * Add metrics to configuration file + * Bandwidth burst can only be 4GB + * If another container manager shares CRI-O's storage (like + podman), CRI-O no longer attempts to restore them + * Increase validation for log_dir and runtime_type in + configuration + * Allow usage of short container ID in ContainerStats + * Make image volumes writeable by the container user + * Various man page fixes + * The crio-wipe script is now included in the crio binary (as + crio wipe), and only removes CRI-O containers and images. + * Set some previously public packages as internal (client, lib, + oci, pkg, tools, version) + * infra container now spawned as not privileged + +------------------------------------------------------------------- Old: ---- cri-o-1.15.2.tar.xz New: ---- cri-o-1.16.0.tar.xz crio-shutdown.service crio-wipe.service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cri-o.spec ++++++ --- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.256040111 +0100 +++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.260040109 +0100 @@ -26,8 +26,10 @@ %define name_source1 crio.service %define name_source2 sysconfig.crio %define name_source3 crio.conf +%define name_source4 crio-wipe.service +%define name_source5 crio-shutdown.service Name: cri-o -Version: 1.15.2 +Version: 1.16.0 Release: 0 Summary: OCI-based implementation of Kubernetes Container Runtime Interface License: Apache-2.0 @@ -39,6 +41,8 @@ Source3: %{name_source3} Source4: cri-o-rpmlintrc Source5: kubelet.env +Source6: %{name_source4} +Source7: %{name_source5} BuildRequires: device-mapper-devel BuildRequires: fdupes BuildRequires: glib2-devel-static @@ -61,6 +65,7 @@ Requires: libcontainers-storage Requires: runc >= 1.0.0~rc6 Requires: socat +Requires: conmon Recommends: katacontainers # Provide generic cri-runtime dependency (needed by kubernetes) Provides: cri-runtime @@ -100,10 +105,10 @@ make %pre -%service_add_pre %{name_source1} +%service_add_pre %{name_source1} %{name_source4} %{name_source5} %post -%service_add_post %{name_source1} +%service_add_post %{name_source1} %{name_source4} %{name_source5} # This is the additional directory where cri-o is going to look up for CNI # plugins installed by DaemonSets running on Kubernetes (i.e. Cilium). mkdir -p /opt/cni/bin @@ -112,19 +117,26 @@ %fillup_only -n kubelet %preun -%service_del_preun %{name_source1} +%service_del_preun %{name_source1} %{name_source4} %{name_source5} %postun -%service_del_postun %{name_source1} +%service_del_postun %{name_source1} %{name_source4} %{name_source5} %install cd $HOME/go/src/%{project} # Binaries install -D -m 0755 bin/crio %{buildroot}/%{_bindir}/crio +install -D -m 0755 bin/crio-status %{buildroot}/%{_bindir}/crio-status install -d %{buildroot}/%{_libexecdir}/crio/bin -install -D -m 0755 bin/conmon %{buildroot}/%{_libexecdir}/crio/bin/conmon install -D -m 0755 bin/pause %{buildroot}/%{_libexecdir}/crio/bin/pause +# Completions +install -D -m 0644 completions/bash/crio %{buildroot}/%{_datadir}/bash-completion/completions/crio +install -D -m 0644 completions/zsh/_crio %{buildroot}%{_sysconfdir}/zsh_completion.d/_crio +install -D -m 0644 completions/fish/crio.fish %{buildroot}/%{_datadir}/fish/completions/crio.fish +install -D -m 0644 completions/bash/crio-status %{buildroot}/%{_datadir}/bash-completion/completions/crio-status +install -D -m 0644 completions/zsh/_crio-status %{buildroot}%{_sysconfdir}/zsh_completion.d/_crio-status +install -D -m 0644 completions/fish/crio-status.fish %{buildroot}/%{_datadir}/fish/completions/crio-status.fish # Manpages install -d %{buildroot}/%{_mandir}/man5 install -d %{buildroot}/%{_mandir}/man8 @@ -136,6 +148,8 @@ install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/%{name_source2} # Systemd install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source1} +install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source4} +install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source5} # place kubelet.env in fillupdir install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet # Symlinks to rc files @@ -147,10 +161,20 @@ %files # Binaries %{_bindir}/crio +%{_bindir}/crio-status %dir %{_libexecdir}/crio %dir %{_libexecdir}/crio/bin -%{_libexecdir}/crio/bin/conmon %{_libexecdir}/crio/bin/pause +# Completions +%{_datadir}/bash-completion/completions/crio +%{_datadir}/bash-completion/completions/crio-status +%{_sysconfdir}/zsh_completion.d +%{_sysconfdir}/zsh_completion.d/_crio +%{_sysconfdir}/zsh_completion.d/_crio-status +%{_datadir}/fish +%{_datadir}/fish/completions +%{_datadir}/fish/completions/crio.fish +%{_datadir}/fish/completions/crio-status.fish # Manpages %{_mandir}/man5/crio.conf.5* %{_mandir}/man8/crio.8* @@ -165,6 +189,8 @@ %{_fillupdir}/%{name_source2} # Systemd %{_unitdir}/%{name_source1} +%{_unitdir}/%{name_source4} +%{_unitdir}/%{name_source5} %{_sbindir}/rccrio %files kubeadm-criconfig ++++++ _service ++++++ --- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.320040083 +0100 +++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.320040083 +0100 @@ -2,8 +2,8 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/cri-o/cri-o</param> <param name="scm">git</param> -<param name="versionformat">1.15.2</param> -<param name="revision">v1.15.2</param> +<param name="versionformat">1.16.0</param> +<param name="revision">v1.16.0</param> </service> <service name="recompress" mode="disabled"> <param name="file">cri-o-*.tar</param> ++++++ cri-o-1.15.2.tar.xz -> cri-o-1.16.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/cri-o/cri-o-1.15.2.tar.xz /work/SRC/openSUSE:Factory/.cri-o.new.26869/cri-o-1.16.0.tar.xz differ: char 25, line 1 ++++++ crio-shutdown.service ++++++ [Unit] Description=Shutdown CRI-O containers before shutting down the system Wants=crio.service After=crio.service Documentation=man:crio(8) [Service] Type=oneshot ExecStart=/usr/bin/rm -f /var/lib/crio/crio.shutdown ExecStop=/usr/bin/bash -c "/usr/bin/mkdir /var/lib/crio; /usr/bin/touch /var/lib/crio/crio.shutdown" RemainAfterExit=yes [Install] WantedBy=multi-user.target ++++++ crio-wipe.service ++++++ [Unit] Description=CRI-O Auto Update Script Before=crio.service RequiresMountsFor=/var/lib/containers [Service] EnvironmentFile=-/etc/sysconfig/crio ExecStart=/usr/bin/crio $CRIO_OPTIONS wipe Type=oneshot [Install] WantedBy=multi-user.target ++++++ crio.conf ++++++ --- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.428040035 +0100 +++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.428040035 +0100 @@ -32,14 +32,12 @@ #storage_option = [ #] -# If set to false, in-memory locking will be used instead of file-based locking. -# **Deprecated** this option will be removed in the future. -file_locking = false - -# Path to the lock file. -# **Deprecated** this option will be removed in the future. -file_locking_path = "/run/crio.lock" +# The default log directory where all logs will go unless directly specified by +# the kubelet. The log directory specified must be an absolute directory. +log_dir = "/var/log/crio/pods" +# Location for CRI-O to lay down the version file +version_file = "/var/lib/crio/version" # The crio.api table contains settings for the kubelet/gRPC interface. [crio.api] @@ -47,6 +45,9 @@ # Path to AF_LOCAL socket on which CRI-O will listen. listen = "/var/run/crio/crio.sock" +# Host IP considered as the primary IP to use by CRI-O for things such as host network IP. +host_ip = "" + # IP address on which the stream server will listen. stream_address = "127.0.0.1" @@ -62,11 +63,11 @@ stream_tls_cert = "" # Path to the key file used to serve the encrypted stream. This file can -# change, and CRI-O will automatically pick up the changes within 5 minutes. +# change and CRI-O will automatically pick up the changes within 5 minutes. stream_tls_key = "" # Path to the x509 CA(s) file used to verify and authenticate client -# communication with the encrypted stream. This file can change, and CRI-O will +# communication with the encrypted stream. This file can change and CRI-O will # automatically pick up the changes within 5 minutes. stream_tls_ca = "" @@ -95,9 +96,11 @@ no_pivot = false # Path to the conmon binary, used for monitoring the OCI runtime. -conmon = "/usr/lib/crio/bin/conmon" +# Will be searched for using $PATH if empty. +conmon = "" + # Cgroup setting for conmon -conmon_cgroup = "pod" +conmon_cgroup = "system.slice" # Environment variable list for the conmon process, used for passing necessary # environment variables to conmon or the runtime. @@ -115,7 +118,7 @@ # Used to change the name of the default AppArmor profile of CRI-O. The default # profile name is "crio-default-" followed by the version string of CRI-O. -apparmor_profile = "crio-default-1.15.2" +apparmor_profile = "crio-default-1.16.0" # Cgroup management implementation used for the runtime. cgroup_manager = "systemd" @@ -192,6 +195,9 @@ # Path to directory for container attach sockets. container_attach_socket_dir = "/var/run/crio" +# The prefix to use for the source of the bind mounts. +bind_mount_prefix = "" + # If set to true, all containers will run in read-only mode. read_only = false @@ -200,9 +206,6 @@ # configuration reload. log_level = "error" -# The default log directory where all logs will go unless directly specified by the kubelet -log_dir = "/var/log/crio/pods" - # The UID mappings for the user namespace of each container. A range is # specified in the form containerUID:HostUID:Size. Multiple ranges must be # separated by comma. @@ -224,13 +227,12 @@ # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. # The runtime to use is picked based on the runtime_handler provided by the CRI. # If no runtime_handler is provided, the runtime will be picked based on the level -# of trust of the workload. -# Each entry in the table should follow this format: +# of trust of the workload. Each entry in the table should follow the format: # #[crio.runtime.runtimes.runtime-handler] -# runtime_path = "/path/to/the/runtime/handler/executable" +# runtime_path = "/path/to/the/executable" # runtime_type = "oci" -# runtime_root = "/path/to/the/runtime/root" +# runtime_root = "/path/to/the/root" # # Where: # - runtime-handler: name used to identify the runtime @@ -243,6 +245,7 @@ # - runtime_root (optional, string): root directory for storage of containers # state. + [crio.runtime.runtimes.runc] # Kata Containers is an OCI runtime, where containers are run inside lightweight @@ -284,8 +287,10 @@ pause_image_auth_file = "" # The command to run to have a container stay in the paused state. -# This option supports live configuration reload. -pause_command = "/usr/bin/pause" +# When explicitly set to "", it will fallback to the entrypoint and command +# specified in the pause image. When commented out, it will fallback to the +# default: "/pause". This option supports live configuration reload. +pause_command = "" # Path to the file which decides what sort of policy we use when deciding # whether or not to trust an image that we've pulled. It is not recommended that @@ -294,6 +299,11 @@ # refer to containers-policy.json(5) for more details. signature_policy = "" +# List of registries to skip TLS verification for pulling images. Please +# consider configuring the registries via /etc/containers/registries.conf before +# changing them here. +#insecure_registries = "[]" + # Controls how image volumes are handled. The valid values are mkdir, bind and # ignore; the latter will ignore volumes entirely. image_volumes = "mkdir" @@ -319,3 +329,12 @@ "/opt/cni/bin/", "/usr/lib/cni/", ] + +# A necessary configuration for Prometheus based metrics retrieval +[crio.metrics] + +# Globally enable or disable metrics support. +enable_metrics = false + +# The port on which the metrics server will listen. +metrics_port = 9090 ++++++ crio.service ++++++ --- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.452040024 +0100 +++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.456040023 +0100 @@ -1,7 +1,11 @@ [Unit] -Description=Open Container Initiative Daemon +Description=Container Runtime Interface for OCI (CRI-O) Documentation=https://github.com/cri-o/cri-o -After=network.target lwm2-monitor.service SuSEfirewall2.service +After=network.target +After=lwm2-monitor.service +After=SuSEfirewall2.service +After=crio-wipe.service +Requires=crio-wipe.service [Service] Type=notify ++++++ kubelet.env ++++++ --- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.480040012 +0100 +++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.484040011 +0100 @@ -1 +1 @@ -KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-request-timeout=15m --cgroup-driver=systemd" +KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-request-timeout=15m --cgroup-driver=systemd -v=2"