Hello community, here is the log from the commit of package cri-o for openSUSE:Factory checked in at 2020-09-18 15:21:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cri-o (Old) and /work/SRC/openSUSE:Factory/.cri-o.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cri-o" Fri Sep 18 15:21:10 2020 rev:56 rq:834541 version:1.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2020-08-04 20:18:23.164929387 +0200 +++ /work/SRC/openSUSE:Factory/.cri-o.new.4249/cri-o.changes 2020-09-18 15:21:16.777962075 +0200 @@ -1,0 +2,121 @@ +Tue Sep 15 07:24:16 UTC 2020 - Sascha Grunert <[email protected]> + +- API Change + - CRI-O now manages namespace lifecycles by default +- Feature + - Add --version-file-persist, a place to put the version file in + persistent storage. Now, crio wipe wipes containers if + --version-file is not present + - Add big_files_temporary_dir to allow customization of where + large temporary files are put + - Add build support for setting SOURCE_DATE_EPOCH + - Added `--metrics-socket`/`metrics_socket` configuration option + to allow exposing the metrics endpoint on a local socket path + - Added `crio_image_layer_reuse` metric which counts layer reuses + during image pull + - Added `privileged` field to container status `info` + - Added behavior to allow filtering by a partial Pod Sandbox ID + - Added configuration validation to ensure a `conmon_cgroup == + "pod"` if `cgroup_manager == "cgroupfs"` + - Added latest `crun` version to static binary bundle + - Added metrics-exporter and [documentation] + - Added new metrics `crio_image_pulls_failures` and + `crio_image_pulls_successes`. For more information please refer + to the [CRI-O metrics guide] + - Container HostPort with SCTP protocol is supported. + - Containers running `init` or `systemd` are now given a new + selinux label `container_init_t`, giving it selinux privileges + more appropriate for the workload + - If users want the container_kvm_t label when using a runtime + that supports kvm separation, they will need to either set the + runtime_type to "vm" or have "kata" in the runtime name. E.g + + [crio.runtime.runtimes.my-kata-runtime] + runtime_path = "" + runtime_type = "oci" + runtime_root = "/run/kata" + + or + + [crio.runtime.runtimes.my-kata-runtime] + runtime_path = "" + runtime_type = "vm" + runtime_root = "/run/kata" + - Re-add the behavior that string slices can be passed to the CLI + comma separated, for example `--default-capabilities + CHOWN,KILL` + - Removed `socat` runtime dependency which was needed for pod + port forwarding + - Return pod image, pid and spec in sandbox_status CRI verbose + mode +- Design + - Hooks_dir entries are now created if they don't exist +- Documentation + - Added `crun` container runtime to `crio.conf` + - Added dependency report to generated release notes + - The changelog is now rendered by a custom go template and + contains the table of contents +- Bug or Regression + - Adding additional runtime handler doesn't require the user to + copy existing default runtime handler configuration. The + existing default runtime handler configuration will be + preserved while adding the new runtime handler. + - ExecSync requests will ask conmon to not double fork, causing + systemd to have fewer conmons re-parented to it. conmon v2.0.19 + or greater is required for this feature. + - Fix handling of the --cni-plugin-dir and other multivalue + command line flags + - Fix path to bash via `/usr/bin/env` in crio-shutdown.service + - Fix the container cgroup in case cgroupfs cgroup manager is + used + - Fix working set calculation + - Fixed `crio version` binary mode parsing on musl toolchains + - Fixed a bug where crictl only showed pod level stats, not + container level stats. + - Fixed a bug where exec sync requests (manually or automatically + triggered via readiness/liveness probes) overwrite the runtime + `info.runtimeSpec.process.args` of the container status + - Fixed bug where Pod creation would fail if Uid was not + specified in Metadata of sandbox config passed in a run pod + sandbox request + - Fixed bug where pod names would sometimes leak on creation, + causing the kubelet to fail to recreate + - Fixed crio restart behavior to make sure that Pod creation + timestamps are restored and the order in the list of pods stays + stable across restarts + - Fixed wrong linkmode output + - Reflects resource updates under the container spec. +- Other + - Added info logs for image pulls and image status + - Cleanup default info logging + - Cleanup go module and vendor files. + - Pod creation now fails if conmon cannot be moved to the cgroup + specified in `conmon_cgroup`. Our default value for + `conmon_cgroup` is `system.slice`, which is invalid for + cgroupfs. As such, if you use cgroupfs, you should change + `conmon_cgroup` to `pod` + - Removed `crio-wipe.service` and `crio-shutdown.service` systemd + units from the static bundle since they are not required +- Uncategorized + - Add `--drop-infra-ctr` option to ask CRI-O to drop the infra + container when a pod level pid namespace isn't requested. This + feature is considered experimental + - Adds a new optional field, runtime_type, to the "--runtimes" + option. + - Cleanup and update nix derivation for static builds + - Fix a bug where a sudden reboot causes incomplete image writes. + This could cause image storage to be corrupted, resulting in an + error `layer not known`. + - Fix bug where empty config fields having to do with storage + cause `/info` requests to return incorrect information + - Fixes panic when /sys/fs/cgroup can't be stat'ed + - If the default_runtime is changed from the default + configuration, the corresponding existing default entry in the + runtime map in the configuration will be ignored. + - Remove support for `--runtime` flag + - Updated `crictl.yaml` configuration inside the repository to + reflect cri-tools v1.19.0 changes +- Dependency-Change + - Compile with go 1.15 + +------------------------------------------------------------------- Old: ---- cri-o-1.18.3.tar.xz New: ---- cri-o-1.19.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cri-o.spec ++++++ --- /var/tmp/diff_new_pack.N3fkF4/_old 2020-09-18 15:21:20.525965700 +0200 +++ /var/tmp/diff_new_pack.N3fkF4/_new 2020-09-18 15:21:20.525965700 +0200 @@ -24,7 +24,7 @@ %define project github.com/cri-o/cri-o # Define macros for further referenced sources Name: cri-o -Version: 1.18.3 +Version: 1.19.0 Release: 0 Summary: OCI-based implementation of Kubernetes Container Runtime Interface License: Apache-2.0 @@ -56,7 +56,6 @@ Requires: iptables Requires: libcontainers-common >= 0.0.1 Requires: runc >= 1.0.0~rc6 -Requires: socat Requires: conmon Suggests: katacontainers # Provide generic cri-runtime dependency (needed by kubernetes) ++++++ _service ++++++ --- /var/tmp/diff_new_pack.N3fkF4/_old 2020-09-18 15:21:20.561965735 +0200 +++ /var/tmp/diff_new_pack.N3fkF4/_new 2020-09-18 15:21:20.565965740 +0200 @@ -2,8 +2,8 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/cri-o/cri-o</param> <param name="scm">git</param> - <param name="versionformat">1.18.3</param> - <param name="revision">v1.18.3</param> + <param name="versionformat">1.19.0</param> + <param name="revision">v1.19.0</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="disabled"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.N3fkF4/_old 2020-09-18 15:21:20.581965755 +0200 +++ /var/tmp/diff_new_pack.N3fkF4/_new 2020-09-18 15:21:20.581965755 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cri-o/cri-o</param> - <param name="changesrevision">381ae2c212ba8b8d70b8f4492a5dc51bbed41368</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">92f6f9eb63f2f392ab8dfaf7332fbc0955d4009c</param></service></servicedata> \ No newline at end of file ++++++ cri-o-1.18.3.tar.xz -> cri-o-1.19.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/cri-o/cri-o-1.18.3.tar.xz /work/SRC/openSUSE:Factory/.cri-o.new.4249/cri-o-1.19.0.tar.xz differ: char 13, line 1 ++++++ crio.conf ++++++ --- /var/tmp/diff_new_pack.N3fkF4/_old 2020-09-18 15:21:20.649965821 +0200 +++ /var/tmp/diff_new_pack.N3fkF4/_new 2020-09-18 15:21:20.649965821 +0200 @@ -35,9 +35,16 @@ # the kubelet. The log directory specified must be an absolute directory. log_dir = "/var/log/crio/pods" -# Location for CRI-O to lay down the version file +# Location for CRI-O to lay down the temporary version file. +# It is used to check if crio wipe should wipe containers, which should +# always happen on a node reboot version_file = "/var/run/crio/version" +# Location for CRI-O to lay down the persistent version file. +# It is used to check if crio wipe should wipe images, which should +# only happen when CRI-O has been upgraded +version_file_persist = "/var/lib/crio/version" + # The crio.api table contains settings for the kubelet/gRPC interface. [crio.api] @@ -86,7 +93,8 @@ #] # default_runtime is the _name_ of the OCI runtime to be used as the default. -# The name is matched against the runtimes map below. +# The name is matched against the runtimes map below. If this value is changed, +# the corresponding existing entry from the runtimes map below will be ignored. default_runtime = "runc" # If true, the runtime will not use pivot_root, but instead use MS_MOVE. @@ -234,13 +242,16 @@ # value is 30s, whereas lower values are not considered by CRI-O. ctr_stop_timeout = 30 -# **DEPRECATED** this option is being replaced by manage_ns_lifecycle, which is described below. -# manage_network_ns_lifecycle = false - # manage_ns_lifecycle determines whether we pin and remove namespaces # and manage their lifecycle manage_ns_lifecycle = true +# drop_infra_ctr determines whether CRI-O drops the infra container +# when a pod does not have a private PID namespace, and does not use +# a kernel separating runtime (like kata). +# It requires manage_ns_lifecycle to be true. +drop_infra_ctr = false + # The directory where the state of the managed namespaces gets tracked. # Only used when manage_ns_lifecycle is true. namespaces_dir = "/var/run" @@ -340,6 +351,8 @@ #registries = [ # ] +# Temporary directory to use for storing big files +big_files_temporary_dir = "" # The crio.network table containers settings pertaining to the management of # CNI plugins. @@ -366,3 +379,6 @@ # The port on which the metrics server will listen. metrics_port = 9090 + +# Local socket path to bind the metrics server to +metrics_socket = ""
