Hello community,
here is the log from the commit of package cri-o for openSUSE:Factory checked
in at 2019-11-15 22:33:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cri-o (Old)
and /work/SRC/openSUSE:Factory/.cri-o.new.26869 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cri-o"
Fri Nov 15 22:33:28 2019 rev:39 rq:748819 version:1.16.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2019-11-12
11:54:59.831316158 +0100
+++ /work/SRC/openSUSE:Factory/.cri-o.new.26869/cri-o.changes 2019-11-15
22:33:31.224040564 +0100
@@ -1,0 +2,48 @@
+Fri Nov 15 04:49:31 UTC 2019 - Sascha Grunert <sgrun...@suse.com>
+
+- Use single service macro invocation
+- Add shell completions directories to files
+
+-------------------------------------------------------------------
+Thu Nov 14 09:19:51 UTC 2019 - Sascha Grunert <sgrun...@suse.com>
+
+- Add crio and crio-status shell completions
+- Add crio-wipe and crio-shutdown services
+- Update kubelet verbosity to `-v=2`
+- Update conmon cgroup to `system.slice`
+- Update crio.conf to match latest version
+- Update to v1.16.0:
+ * Major Changes
+ * Add support for manifest lists
+ * Dual stack IPv6 support
+ * HUP reload of SystemRegistries
+ * file_locking is no longer a supported option in the
+ configuration file
+ * Hooks are no longer found implicitally.
+ * conmon now lives in a separate repository and must be
+ downloaded separately.
+ * Minor
+ * All OCI mounts are mounted as rw when a pod is privileged
+ * CRI-O can now run on a cgroupv2 system (only with the runtime
+ crun)
+ * Add environment variables to CLI flags
+ * Add crio-status client to conveniently query status of crio
+ or a container
+ * Conmon is now found in $PATH if a path isn't specified or is
+ empty
+ * Add metrics to configuration file
+ * Bandwidth burst can only be 4GB
+ * If another container manager shares CRI-O's storage (like
+ podman), CRI-O no longer attempts to restore them
+ * Increase validation for log_dir and runtime_type in
+ configuration
+ * Allow usage of short container ID in ContainerStats
+ * Make image volumes writeable by the container user
+ * Various man page fixes
+ * The crio-wipe script is now included in the crio binary (as
+ crio wipe), and only removes CRI-O containers and images.
+ * Set some previously public packages as internal (client, lib,
+ oci, pkg, tools, version)
+ * infra container now spawned as not privileged
+
+-------------------------------------------------------------------
Old:
----
cri-o-1.15.2.tar.xz
New:
----
cri-o-1.16.0.tar.xz
crio-shutdown.service
crio-wipe.service
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cri-o.spec ++++++
--- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.256040111 +0100
+++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.260040109 +0100
@@ -26,8 +26,10 @@
%define name_source1 crio.service
%define name_source2 sysconfig.crio
%define name_source3 crio.conf
+%define name_source4 crio-wipe.service
+%define name_source5 crio-shutdown.service
Name: cri-o
-Version: 1.15.2
+Version: 1.16.0
Release: 0
Summary: OCI-based implementation of Kubernetes Container Runtime
Interface
License: Apache-2.0
@@ -39,6 +41,8 @@
Source3: %{name_source3}
Source4: cri-o-rpmlintrc
Source5: kubelet.env
+Source6: %{name_source4}
+Source7: %{name_source5}
BuildRequires: device-mapper-devel
BuildRequires: fdupes
BuildRequires: glib2-devel-static
@@ -61,6 +65,7 @@
Requires: libcontainers-storage
Requires: runc >= 1.0.0~rc6
Requires: socat
+Requires: conmon
Recommends: katacontainers
# Provide generic cri-runtime dependency (needed by kubernetes)
Provides: cri-runtime
@@ -100,10 +105,10 @@
make
%pre
-%service_add_pre %{name_source1}
+%service_add_pre %{name_source1} %{name_source4} %{name_source5}
%post
-%service_add_post %{name_source1}
+%service_add_post %{name_source1} %{name_source4} %{name_source5}
# This is the additional directory where cri-o is going to look up for CNI
# plugins installed by DaemonSets running on Kubernetes (i.e. Cilium).
mkdir -p /opt/cni/bin
@@ -112,19 +117,26 @@
%fillup_only -n kubelet
%preun
-%service_del_preun %{name_source1}
+%service_del_preun %{name_source1} %{name_source4} %{name_source5}
%postun
-%service_del_postun %{name_source1}
+%service_del_postun %{name_source1} %{name_source4} %{name_source5}
%install
cd $HOME/go/src/%{project}
# Binaries
install -D -m 0755 bin/crio %{buildroot}/%{_bindir}/crio
+install -D -m 0755 bin/crio-status %{buildroot}/%{_bindir}/crio-status
install -d %{buildroot}/%{_libexecdir}/crio/bin
-install -D -m 0755 bin/conmon %{buildroot}/%{_libexecdir}/crio/bin/conmon
install -D -m 0755 bin/pause %{buildroot}/%{_libexecdir}/crio/bin/pause
+# Completions
+install -D -m 0644 completions/bash/crio
%{buildroot}/%{_datadir}/bash-completion/completions/crio
+install -D -m 0644 completions/zsh/_crio
%{buildroot}%{_sysconfdir}/zsh_completion.d/_crio
+install -D -m 0644 completions/fish/crio.fish
%{buildroot}/%{_datadir}/fish/completions/crio.fish
+install -D -m 0644 completions/bash/crio-status
%{buildroot}/%{_datadir}/bash-completion/completions/crio-status
+install -D -m 0644 completions/zsh/_crio-status
%{buildroot}%{_sysconfdir}/zsh_completion.d/_crio-status
+install -D -m 0644 completions/fish/crio-status.fish
%{buildroot}/%{_datadir}/fish/completions/crio-status.fish
# Manpages
install -d %{buildroot}/%{_mandir}/man5
install -d %{buildroot}/%{_mandir}/man8
@@ -136,6 +148,8 @@
install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/%{name_source2}
# Systemd
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source1}
+install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source4}
+install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source5}
# place kubelet.env in fillupdir
install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
# Symlinks to rc files
@@ -147,10 +161,20 @@
%files
# Binaries
%{_bindir}/crio
+%{_bindir}/crio-status
%dir %{_libexecdir}/crio
%dir %{_libexecdir}/crio/bin
-%{_libexecdir}/crio/bin/conmon
%{_libexecdir}/crio/bin/pause
+# Completions
+%{_datadir}/bash-completion/completions/crio
+%{_datadir}/bash-completion/completions/crio-status
+%{_sysconfdir}/zsh_completion.d
+%{_sysconfdir}/zsh_completion.d/_crio
+%{_sysconfdir}/zsh_completion.d/_crio-status
+%{_datadir}/fish
+%{_datadir}/fish/completions
+%{_datadir}/fish/completions/crio.fish
+%{_datadir}/fish/completions/crio-status.fish
# Manpages
%{_mandir}/man5/crio.conf.5*
%{_mandir}/man8/crio.8*
@@ -165,6 +189,8 @@
%{_fillupdir}/%{name_source2}
# Systemd
%{_unitdir}/%{name_source1}
+%{_unitdir}/%{name_source4}
+%{_unitdir}/%{name_source5}
%{_sbindir}/rccrio
%files kubeadm-criconfig
++++++ _service ++++++
--- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.320040083 +0100
+++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.320040083 +0100
@@ -2,8 +2,8 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/cri-o/cri-o</param>
<param name="scm">git</param>
-<param name="versionformat">1.15.2</param>
-<param name="revision">v1.15.2</param>
+<param name="versionformat">1.16.0</param>
+<param name="revision">v1.16.0</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">cri-o-*.tar</param>
++++++ cri-o-1.15.2.tar.xz -> cri-o-1.16.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/cri-o/cri-o-1.15.2.tar.xz
/work/SRC/openSUSE:Factory/.cri-o.new.26869/cri-o-1.16.0.tar.xz differ: char
25, line 1
++++++ crio-shutdown.service ++++++
[Unit]
Description=Shutdown CRI-O containers before shutting down the system
Wants=crio.service
After=crio.service
Documentation=man:crio(8)
[Service]
Type=oneshot
ExecStart=/usr/bin/rm -f /var/lib/crio/crio.shutdown
ExecStop=/usr/bin/bash -c "/usr/bin/mkdir /var/lib/crio; /usr/bin/touch
/var/lib/crio/crio.shutdown"
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
++++++ crio-wipe.service ++++++
[Unit]
Description=CRI-O Auto Update Script
Before=crio.service
RequiresMountsFor=/var/lib/containers
[Service]
EnvironmentFile=-/etc/sysconfig/crio
ExecStart=/usr/bin/crio $CRIO_OPTIONS wipe
Type=oneshot
[Install]
WantedBy=multi-user.target
++++++ crio.conf ++++++
--- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.428040035 +0100
+++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.428040035 +0100
@@ -32,14 +32,12 @@
#storage_option = [
#]
-# If set to false, in-memory locking will be used instead of file-based
locking.
-# **Deprecated** this option will be removed in the future.
-file_locking = false
-
-# Path to the lock file.
-# **Deprecated** this option will be removed in the future.
-file_locking_path = "/run/crio.lock"
+# The default log directory where all logs will go unless directly specified by
+# the kubelet. The log directory specified must be an absolute directory.
+log_dir = "/var/log/crio/pods"
+# Location for CRI-O to lay down the version file
+version_file = "/var/lib/crio/version"
# The crio.api table contains settings for the kubelet/gRPC interface.
[crio.api]
@@ -47,6 +45,9 @@
# Path to AF_LOCAL socket on which CRI-O will listen.
listen = "/var/run/crio/crio.sock"
+# Host IP considered as the primary IP to use by CRI-O for things such as host
network IP.
+host_ip = ""
+
# IP address on which the stream server will listen.
stream_address = "127.0.0.1"
@@ -62,11 +63,11 @@
stream_tls_cert = ""
# Path to the key file used to serve the encrypted stream. This file can
-# change, and CRI-O will automatically pick up the changes within 5 minutes.
+# change and CRI-O will automatically pick up the changes within 5 minutes.
stream_tls_key = ""
# Path to the x509 CA(s) file used to verify and authenticate client
-# communication with the encrypted stream. This file can change, and CRI-O will
+# communication with the encrypted stream. This file can change and CRI-O will
# automatically pick up the changes within 5 minutes.
stream_tls_ca = ""
@@ -95,9 +96,11 @@
no_pivot = false
# Path to the conmon binary, used for monitoring the OCI runtime.
-conmon = "/usr/lib/crio/bin/conmon"
+# Will be searched for using $PATH if empty.
+conmon = ""
+
# Cgroup setting for conmon
-conmon_cgroup = "pod"
+conmon_cgroup = "system.slice"
# Environment variable list for the conmon process, used for passing necessary
# environment variables to conmon or the runtime.
@@ -115,7 +118,7 @@
# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default-" followed by the version string of CRI-O.
-apparmor_profile = "crio-default-1.15.2"
+apparmor_profile = "crio-default-1.16.0"
# Cgroup management implementation used for the runtime.
cgroup_manager = "systemd"
@@ -192,6 +195,9 @@
# Path to directory for container attach sockets.
container_attach_socket_dir = "/var/run/crio"
+# The prefix to use for the source of the bind mounts.
+bind_mount_prefix = ""
+
# If set to true, all containers will run in read-only mode.
read_only = false
@@ -200,9 +206,6 @@
# configuration reload.
log_level = "error"
-# The default log directory where all logs will go unless directly specified
by the kubelet
-log_dir = "/var/log/crio/pods"
-
# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
@@ -224,13 +227,12 @@
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the
CRI.
# If no runtime_handler is provided, the runtime will be picked based on the
level
-# of trust of the workload.
-# Each entry in the table should follow this format:
+# of trust of the workload. Each entry in the table should follow the format:
#
#[crio.runtime.runtimes.runtime-handler]
-# runtime_path = "/path/to/the/runtime/handler/executable"
+# runtime_path = "/path/to/the/executable"
# runtime_type = "oci"
-# runtime_root = "/path/to/the/runtime/root"
+# runtime_root = "/path/to/the/root"
#
# Where:
# - runtime-handler: name used to identify the runtime
@@ -243,6 +245,7 @@
# - runtime_root (optional, string): root directory for storage of containers
# state.
+
[crio.runtime.runtimes.runc]
# Kata Containers is an OCI runtime, where containers are run inside
lightweight
@@ -284,8 +287,10 @@
pause_image_auth_file = ""
# The command to run to have a container stay in the paused state.
-# This option supports live configuration reload.
-pause_command = "/usr/bin/pause"
+# When explicitly set to "", it will fallback to the entrypoint and command
+# specified in the pause image. When commented out, it will fallback to the
+# default: "/pause". This option supports live configuration reload.
+pause_command = ""
# Path to the file which decides what sort of policy we use when deciding
# whether or not to trust an image that we've pulled. It is not recommended
that
@@ -294,6 +299,11 @@
# refer to containers-policy.json(5) for more details.
signature_policy = ""
+# List of registries to skip TLS verification for pulling images. Please
+# consider configuring the registries via /etc/containers/registries.conf
before
+# changing them here.
+#insecure_registries = "[]"
+
# Controls how image volumes are handled. The valid values are mkdir, bind and
# ignore; the latter will ignore volumes entirely.
image_volumes = "mkdir"
@@ -319,3 +329,12 @@
"/opt/cni/bin/",
"/usr/lib/cni/",
]
+
+# A necessary configuration for Prometheus based metrics retrieval
+[crio.metrics]
+
+# Globally enable or disable metrics support.
+enable_metrics = false
+
+# The port on which the metrics server will listen.
+metrics_port = 9090
++++++ crio.service ++++++
--- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.452040024 +0100
+++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.456040023 +0100
@@ -1,7 +1,11 @@
[Unit]
-Description=Open Container Initiative Daemon
+Description=Container Runtime Interface for OCI (CRI-O)
Documentation=https://github.com/cri-o/cri-o
-After=network.target lwm2-monitor.service SuSEfirewall2.service
+After=network.target
+After=lwm2-monitor.service
+After=SuSEfirewall2.service
+After=crio-wipe.service
+Requires=crio-wipe.service
[Service]
Type=notify
++++++ kubelet.env ++++++
--- /var/tmp/diff_new_pack.jfCLC0/_old 2019-11-15 22:33:32.480040012 +0100
+++ /var/tmp/diff_new_pack.jfCLC0/_new 2019-11-15 22:33:32.484040011 +0100
@@ -1 +1 @@
-KUBELET_EXTRA_ARGS="--container-runtime=remote
--container-runtime-endpoint=unix:///var/run/crio/crio.sock
--runtime-request-timeout=15m --cgroup-driver=systemd"
+KUBELET_EXTRA_ARGS="--container-runtime=remote
--container-runtime-endpoint=unix:///var/run/crio/crio.sock
--runtime-request-timeout=15m --cgroup-driver=systemd -v=2"
