はじめに
Kubernetesで利用するコンテナランタイムとしてCRI-Oをインストールする。
参考文献
Opensuse
Opensuse
openSUSE は、デスクトップ用およびサーバ用のディストリビューションを提供している。
今回、CRI-O のパッケージはここから取得する。
makeのinstall
make は、主にソフトウェアのビルドや管理のために使用されるツールである。
CRI-OのGitHub上のコードがmakefileというもので書かれており、makeはmakefileの通りに自分のサーバ上にデプロイを行う。
そのため、事前準備としてmakeのインストールを行っておく必要がある。
apt update
[実行コマンド]
sudo apt update
[結果]
Hit:1 http://jp.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://jp.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://jp.archive.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
147 packages can be upgraded. Run 'apt list --upgradable' to see them.
make install
[実行コマンド]
sudo apt install make
[結果]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
make-doc
The following NEW packages will be installed:
make
0 upgraded, 1 newly installed, 0 to remove and 147 not upgraded.
Need to get 180 kB of archives.
After this operation, 426 kB of additional disk space will be used.
Get:1 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB]
Fetched 180 kB in 1s (129 kB/s)
(続く)
インストールされているか、apt listでパッケージを一覧表示させて確認
[実行コマンド]
sudo apt list --installed | grep make
[結果]
make/jammy,now 4.3-4.1build1 amd64 [installed]
ヒットしたのでインストールできている。
CRI-O インストール準備
GitHub参照
基本的には目次の赤枠通りに進めていく。
runcのインストール
最初は、runcのインストールが条件である旨記載されているので、こちらをインストールする。
以下、参照。
runc install
ここでは、runcのGitHubリポジトリを参考にしてruncをインストールしている。
cri-o-runcとcontainers-common をはじめとしたパッケージインストール
以下の部分を参考にCRI-Oに必要なパッケージを取得する。
cri-o-runc install
狙いを定める
URLがあっているか確認
[実行コマンド]
curl -L http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04/Release.key
[結果]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQENBFtkV0cBCADStSTCG5qgYtzmWfymHZqxxhfwfS6fdHJcbGUeXsI5dxjeCWhs
XarZm6rWZOd5WfSmpXhbKOyM6Ll+6bpSl5ICHLa6fcpizYWEPa8fpg9EGl0cF12G
(続く)
問題ないことを確認。
GPGキー情報を追加したい。
まず、現在登録されているキー情報を参照する
[確認コマンド]
sudo apt-key list
[結果]
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
キーを登録
[実行コマンド]
curl -L http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04/Release.key | sudo apt-key add -
[結果]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
100 1093 100 1093 0 0 969 0 0:00:01 0:00:01 --:--:-- 970
OK
GPGキーが登録されたか確認
[実行コマンド]
sudo apt-key list
[結果]
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2018-08-03 [SC] [expires: 2025-02-14]
2472 D6D0 D2F6 6AF8 7ABA 8DA3 4D64 3903 7506 0AA4
uid [ unknown] devel:kubic OBS Project <devel:kubic@build.opensuse.org>
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
(続く)
CRI-OのURLを控える
これ、どっちがどっちのURLが整理しておく。
http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04/
リポジトリに以下の内容で追加
[実行コマンド]
sudo vi /etc/apt/sources.list.d/cri-o.list
[追加する内容]
# cri-o repository
deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04/ /
#cri-o-runc repository
deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /
最後の「/」の意味は、そのURLがディレクトリであり、そのディレクトリ内のすべてのファイルをインデックスしていることを示しています。
パッケージを取得
[実行コマンド]
sudo apt update
[結果]
Hit:1 http://jp.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:3 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04 InRelease [1,626 B]
Get:4 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 InRelease [1,642 B]
Hit:5 http://jp.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:6 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04 Packages [1,916 B]
Get:7 http://jp.archive.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:8 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 Packages [15.0 kB]
Fetched 277 kB in 2s (119 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
147 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
エラーがないのでOK。
cri-o-runc install
[実行コマンド]
sudo apt-get install -y cri-o-runc
[結果]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
cri-o-runc
0 upgraded, 1 newly installed, 0 to remove and 147 not upgraded.
Need to get 2,804 kB of archives.
After this operation, 10.0 MB of additional disk space will be used.
Get:1 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 cri-o-runc 1.1.12~0 [2,804 kB]
Fetched 2,804 kB in 12s (240 kB/s)
Selecting previously unselected package cri-o-runc.
(Reading database ... 74525 files and directories currently installed.)
Preparing to unpack .../cri-o-runc_1.1.12~0_amd64.deb ...
Unpacking cri-o-runc (1.1.12~0) ...
Setting up cri-o-runc (1.1.12~0) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
[実行コマンド]
sudo apt-get install -y containers-common
[結果]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
containers-common
0 upgraded, 1 newly installed, 0 to remove and 147 not upgraded.
Need to get 52.4 kB of archives.
After this operation, 115 kB of additional disk space will be used.
Get:1 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 containers-common 100:1-22 [52.4 kB]
Fetched 52.4 kB in 2s (31.7 kB/s)
Selecting previously unselected package containers-common.
(Reading database ... 74531 files and directories currently installed.)
Preparing to unpack .../containers-common_100%3a1-22_all.deb ...
Unpacking containers-common (100:1-22) ...
Setting up containers-common (100:1-22) ...
Processing triggers for man-db (2.10.2-1) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
cri-o系のリポジトリの確認
[実行コマンド]
apt list --installed | grep cri
[結果]
cri-o-runc/unknown,now 1.1.12~0 amd64 [installed]
[実行コマンド]
apt list --installed | grep contain
[結果]
containers-common/unknown,now 100:1-22 all [installed]
バージョンも確認しておく。
その他のパッケージのインストール
[実行コマンド]
sudo apt-get install -y libbtrfs-dev containers-common git libassuan-dev libglib2.0-dev libc6-dev libgpgme-dev libgpg-error-dev libseccomp-dev libsystemd-dev libselinux1-dev pkg-config go-md2man cri-o-runc libudev-dev software-properties-common gcc make
[結果]
sudo apt-get install -y libbtrfs-dev containers-common git libassuan-dev libglib2.0-dev libc6-dev libgpgme-dev libgpg-error-dev libseccomp-dev libsystemd-dev libselinux1-dev pkg-config go-md2man cri-o-runc libudev-dev software-properties-common gcc make
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
containers-common is already the newest version (100:1-22).
cri-o-runc is already the newest version (1.1.12~0).
make is already the newest version (4.3-4.1build1).
(続く)
CRI-O Setup
GitHubの中のこの部分を実行する。
CRO-Oのソースコードを取得して、
ソースコードを取得
[実行コマンド]
git clone https://github.com/cri-o/cri-o
[結果]
Cloning into 'cri-o'...
remote: Enumerating objects: 197441, done.
remote: Counting objects: 100% (16785/16785), done.
remote: Compressing objects: 100% (1582/1582), done.
remote: Total 197441 (delta 15380), reused 15266 (delta 15189), pack-reused 180656
Receiving objects: 100% (197441/197441), 159.34 MiB | 9.73 MiB/s, done.
Resolving deltas: 100% (117341/117341), done.
ディレクトリを移動する。
[実行コマンド]
cd cri-o
[確認コマンド]
ll
[結果]
drwxrwxr-x 23 mainte mainte 4096 Jul 7 06:29 ./
drwxr-x--- 5 mainte mainte 4096 Jul 7 06:29 ../
-rw-rw-r-- 1 mainte mainte 3249 Jul 7 06:29 ADOPTERS.md
-rw-rw-r-- 1 mainte mainte 2913 Jul 7 06:29 awesome.md
-rw-rw-r-- 1 mainte mainte 3659 Jul 7 06:29 .clang-format
drwxrwxr-x 3 mainte mainte 4096 Jul 7 06:29 cmd/
makeを実行し、ビルドする。
[実行コマンド]
make
[結果]
go build -trimpath -ldflags '-s -w -X github.com/cri-o/cri-o/internal/version.buildDate='2024-07-07T10:41:47Z' ' -tags "containers_image_ostree_stub containers_image_openpgp seccomp selinux exclude_graphdriver_devicemapper" -o bin/crio ./cmd/crio
make -C pinns
make[1]: Entering directory '/home/mainte/cri-o/pinns'
cc -std=c99 -Os -Wall -Werror -Wextra -static -O3 -o src/pinns.o -c src/pinns.c
cc -std=c99 -Os -Wall -Werror -Wextra -static -O3 -o src/sysctl.o -c src/sysctl.c
cc -o ../bin/pinns src/pinns.o src/sysctl.o -std=c99 -Os -Wall -Werror -Wextra -static
strip -s ../bin/pinns
make[1]: Leaving directory '/home/mainte/cri-o/pinns'
./bin/crio -d "" --config="" config > crio.conf
INFO[2024-07-07 10:43:24.031102607Z] Starting CRI-O, version: 1.31.0, git: 45bd35a727d9609dfa7a3f3ce63edcdda7201e93(clean)
INFO Using default capabilities: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FSETID, CAP_FOWNER, CAP_SETGID, CAP_SETUID, CAP_SETPCAP, CAP_NET_BIND_SERVICE, CAP_KILL
(/home/mainte/cri-o/build/bin/go-md2man -in docs/crio.8.md -out docs/crio.8.tmp && touch docs/crio.8.tmp && mv docs/crio.8.tmp docs/crio.8) || \
(/home/mainte/cri-o/build/bin/go-md2man -in docs/crio.8.md -out docs/crio.8.tmp && touch docs/crio.8.tmp && mv docs/crio.8.tmp docs/crio.8)
(/home/mainte/cri-o/build/bin/go-md2man -in docs/crio.conf.5.md -out docs/crio.conf.5.tmp && touch docs/crio.conf.5.tmp && mv docs/crio.conf.5.tmp docs/crio.conf.5) || \
(/home/mainte/cri-o/build/bin/go-md2man -in docs/crio.conf.5.md -out docs/crio.conf.5.tmp && touch docs/crio.conf.5.tmp && mv docs/crio.conf.5.tmp docs/crio.conf.5)
(/home/mainte/cri-o/build/bin/go-md2man -in docs/crio.conf.d.5.md -out docs/crio.conf.d.5.tmp && touch docs/crio.conf.d.5.tmp && mv docs/crio.conf.d.5.tmp docs/crio.conf.d.5) || \
(/home/mainte/cri-o/build/bin/go-md2man -in docs/crio.conf.d.5.md -out docs/crio.conf.d.5.tmp && touch docs/crio.conf.d.5.tmp && mv docs/crio.conf.d.5.tmp docs/crio.conf.d.5)
次にビルドしたものを、make installでインストールする。
[実行コマンド]
sudo make install
[結果]
make -C pinns
make[1]: Entering directory '/home/mainte/cri-o/pinns'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/mainte/cri-o/pinns'
install -D -m 755 bin/crio /usr/local/bin/crio
install -D -m 755 bin/pinns /usr/local/bin/pinns
install -d -m 755 /usr/local/share/man/man5
install -d -m 755 /usr/local/share/man/man8
install -m 644 docs/crio.conf.5 docs/crio.conf.d.5 -t /usr/local/share/man/man5
install -m 644 docs/crio.8 -t /usr/local/share/man/man8
install -d -m 755 /usr/local/share/bash-completion/completions
install -d -m 755 /usr/local/share/fish/completions
install -d -m 755 /usr/local/share/zsh/site-functions
install -D -m 644 -t /usr/local/share/bash-completion/completions completions/bash/crio
install -D -m 644 -t /usr/local/share/fish/completions completions/fish/crio.fish
install -D -m 644 -t /usr/local/share/zsh/site-functions completions/zsh/_crio
install -D -m 644 contrib/systemd/crio.service /usr/local/lib/systemd/system/crio.service
install -D -m 644 contrib/systemd/crio-wipe.service /usr/local/lib/systemd/system/crio-wipe.service
install -d /usr/local/share/containers/oci/hooks.d
install -d /etc/crio/crio.conf.d
install -D -m 644 crio.conf /etc/crio/crio.conf
install -D -m 644 crio-umount.conf /usr/local/share/oci-umount/oci-umount.d/crio-umount.conf
install -D -m 644 crictl.yaml /etc
conmonをインストールする
[実行コマンド]
git clone https://github.com/containers/conmon
[結果]
Cloning into 'conmon'...
remote: Enumerating objects: 2400, done.
remote: Counting objects: 100% (58/58), done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 2400 (delta 33), reused 37 (delta 30), pack-reused 2342
Receiving objects: 100% (2400/2400), 828.00 KiB | 4.48 MiB/s, done.
Resolving deltas: 100% (1308/1308), done.
conmonのディレクトリに移動し、makeを実行する。
conmonはCRI-Oをモニタリングするツール
[実行コマンド]
cd conmon
[実行コマンド]
make
[結果]
mkdir -p bin
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/conmon.o -c src/conmon.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/cmsg.o -c src/cmsg.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/ctr_logging.o -c src/ctr_logging.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/utils.o -c src/utils.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/cli.o -c src/cli.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/globals.o -c src/globals.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/cgroup.o -c src/cgroup.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/conn_sock.o -c src/conn_sock.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/oom.o -c src/oom.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/ctrl.o -c src/ctrl.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/ctr_stdio.o -c src/ctr_stdio.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/parent_pipe_fd.o -c src/parent_pipe_fd.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/ctr_exit.o -c src/ctr_exit.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/runtime_args.o -c src/runtime_args.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/close_fds.o -c src/close_fds.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o src/seccomp_notify.o -c src/seccomp_notify.c
cc -std=c99 -Os -Wall -Wextra -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DVERSION=\"2.1.12\" -DGIT_COMMIT=\""1578849631b84607d43b36a52455a1014c84acf8"\" -D USE_JOURNALD=1 -D USE_SECCOMP=1 -o bin/conmon src/conmon.o src/cmsg.o src/ctr_logging.o src/utils.o src/cli.o src/globals.o src/cgroup.o src/conn_sock.o src/oom.o src/ctrl.o src/ctr_stdio.o src/parent_pipe_fd.o src/ctr_exit.o src/runtime_args.o src/close_fds.o src/seccomp_notify.o -lglib-2.0 -lsystemd -lseccomp -ldl
[実行コマンド]
sudo make install
[結果]
install -d -m 755 /usr/local/bin
install -m 755 bin/conmon /usr/local/bin/conmon
make -C tools
make[1]: Entering directory '/home/mainte/conmon/tools'
/bin/sh: 1: go: not found
make[1]: Leaving directory '/home/mainte/conmon/tools'
make -C docs
make[1]: Entering directory '/home/mainte/conmon/docs'
../tools/build/go-md2man -in conmon.8.md -out conmon.8
make[1]: ../tools/build/go-md2man: No such file or directory
make[1]: *** [Makefile:9: conmon.8] Error 127
make[1]: Leaving directory '/home/mainte/conmon/docs'
make: *** [Makefile:99: docs] Error 2
CRI-Oを開始する
systemdのインストール?
勉強中
[実行コマンド]
cd cri-o/
[実行コマンド]
sudo make install.systemd
[結果]
install -D -m 644 contrib/systemd/crio.service /usr/local/lib/systemd/system/crio.service
install -D -m 644 contrib/systemd/crio-wipe.service /usr/local/lib/systemd/system/crio-wipe.service
[実行コマンド]
sudo systemctl daemon-reload
sudo systemctl enable crio
sudo systemctl start crio
[確認コマンド]
sudo systemctl status crio
[結果]
...
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/local/lib/systemd/system/crio.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-07-09 13:54:45 UTC; 4s ago
...
crio.confにcgroupの設定をする
/etc/crio/crio.confを設定する。
[実行コマンド]
sudo vi /etc/crio/crio.conf
ファイルを開いたら、以下の内容を該当の箇所に入れる
[crio.runtime]
conmon_cgroup = "pod"
cgroup_manager = "cgroupfs"
[crio.image]
pause_image="registry.k8s.io/pause:3.6"
トラブルシュート
go install
URLを控える。
https://go.dev/dl/go1.22.5.linux-amd64.tar.gz
パッケージの取得
[実行コマンド]
wget https://go.dev/dl/go1.22.5.linux-amd64.tar.gz
[結果]
--2024-07-07 10:25:36-- https://go.dev/dl/go1.22.5.linux-amd64.tar.gz
Resolving go.dev (go.dev)... 216.239.34.21, 216.239.36.21, 216.239.38.21, ...
Connecting to go.dev (go.dev)|216.239.34.21|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://dl.google.com/go/go1.22.5.linux-amd64.tar.gz [following]
--2024-07-07 10:25:36-- https://dl.google.com/go/go1.22.5.linux-amd64.tar.gz
Resolving dl.google.com (dl.google.com)... 142.250.196.142, 2404:6800:4004:827::200e
Connecting to dl.google.com (dl.google.com)|142.250.196.142|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68972532 (66M) [application/x-gzip]
Saving to: ‘go1.22.5.linux-amd64.tar.gz’
go1.22.5.linux-amd64.tar.gz 100%[===========================================================================================>] 65.78M 15.0MB/s in 4.7s
2024-07-07 10:25:41 (14.0 MB/s) - ‘go1.22.5.linux-amd64.tar.gz’ saved [68972532/68972532]
/user/localに解凍する。
[実行コマンド]
sudo tar -C /usr/local -xzf go1.22.5.linux-amd64.tar.gz
[確認コマンド]
ll /usr/local/
[結果]
drwxr-xr-x 11 root root 4096 Jul 7 10:28 ./
drwxr-xr-x 14 root root 4096 Aug 10 2023 ../
drwxr-xr-x 2 root root 4096 Aug 10 2023 bin/
drwxr-xr-x 2 root root 4096 Aug 10 2023 etc/
drwxr-xr-x 2 root root 4096 Aug 10 2023 games/
drwxr-xr-x 10 root root 4096 Jun 27 20:11 go/
drwxr-xr-x 2 root root 4096 Aug 10 2023 include/
drwxr-xr-x 3 root root 4096 Aug 10 2023 lib/
lrwxrwxrwx 1 root root 9 Aug 10 2023 man -> share/man/
drwxr-xr-x 2 root root 4096 Aug 10 2023 sbin/
drwxr-xr-x 5 root root 4096 Jul 7 06:14 share/
drwxr-xr-x 2 root root 4096 Aug 10 2023 src/
/usr/local/の中にgoがあることが確認できた。
パスを通す。
[実行コマンド]
echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
[確認コマンド]
less ~/.bashrc
[結果]
(略)
export PATH=$PATH:/usr/local/go/bin
.bashrc(サーバ起動時に実行されるファイル)にgoのパスが追加されたことを確認できた。
前後確認を行う
[PATH変数の確認コマンド(前)]
export | grep PATH
[結果]
declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
[実行コマンド]
source ~/.bashrc
[PATH変数の確認コマンド(後)]
export | grep PATH
[結果]
declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin"
[goのversionコマンドが有効か確認]
go version
[結果]
go version go1.22.5 linux/amd64
確認が終わった。
トラブルシュート2 runcがインストールされておらず、うまく起動しなかった。
CRI-Oがうまく起動しなかった。
そのため、syslogを確認し原因を特定。
[確認コマンド]
less /var/log/syslog
[結果]
(略)
uilding images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
Jul 7 10:56:38 kube-controller01 crio[24584]: time="2024-07-07 10:56:38.444651151Z" level=info msg="Using default capabilities: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FSETID, CAP_FOWNER, CAP_SETGID, CAP_SETUID, CAP_SETPCAP, CAP_NET_BIND_SERVICE, CAP_KILL"
Jul 7 10:56:38 kube-controller01 crio[24584]: time="2024-07-07 10:56:38.444681542Z" level=fatal msg="validating runtime config: runtime validation: \"runc\" not found in $PATH: exec: \"runc\": executable file not found in $PATH"
Jul 7 10:56:38 kube-controller01 systemd[1]: crio.service: Main process exited, code=exited, status=1/FAILURE
Jul 7 10:56:38 kube-controller01 systemd[1]: crio.service: Failed with result 'exit-code'.
Jul 7 10:56:38 kube-controller01 systemd[1]: Failed to start Container Runtime Interface for OCI (CRI-O).
[確認コマンド]
journalctl -xeu crio.service
[結果]
(略)
Jul 07 12:06:59 kube-controller01 crio[31160]: time="2024-07-07 12:06:59.467943457Z" level=fatal msg="validating runtime config: monitor fields translation: failed to translate>
Jul 07 12:06:59 kube-controller01 systemd[1]: crio.service: Main process exited, code=exited, status=1/FAILURE
(続く)