containerd: download containerd from upstream instead of using distro specific packages (#7970)

* Containerd: download containerd from upstream instead of using distro specific packages

split runc download to separate role
make bootstrap-os role deploy container-selinux and seccomp libraries
clean up package manager provided containerd
move variables to docker role that are no longer common with containerd

* Containerd: make molecule testing more relevant

* replace ubuntu18 with ubuntu20
* add centos8 and debian11 to molecule tests
* run kubernetes/preinstall role to ensure relevancy
  of test including dependency packages

* CI: adjust test scenarios for downloaded containerd

roles/container-engine/containerd/tasks/containerd_repo.yml

@@ -1,36 +0,0 @@
----
-- name: ensure containerd repository public key is installed
-  apt_key:
-    id: "{{ item }}"
-    url: "{{ containerd_repo_key_info.url }}"
-    state: present
-  register: keyserver_task_result
-  until: keyserver_task_result is succeeded
-  retries: 4
-  delay: "{{ retry_stagger | d(3) }}"
-  with_items: "{{ containerd_repo_key_info.repo_keys }}"
-  environment: "{{ proxy_env }}"
-  when: ansible_pkg_mgr == 'apt'
-
-- name: ensure containerd repository is enabled
-  apt_repository:
-    repo: "{{ item }}"
-    state: present
-  with_items: "{{ containerd_repo_info.repos }}"
-  when: ansible_pkg_mgr == 'apt'
-
-- name: Configure containerd repository on Fedora
-  template:
-    src: "fedora_containerd.repo.j2"
-    dest: "{{ yum_repo_dir }}/containerd.repo"
-    mode: 0644
-  when: ansible_distribution == "Fedora"
-
-- name: Configure containerd repository on RedHat/OracleLinux/CentOS/AlmaLinux
-  template:
-    src: "rh_containerd.repo.j2"
-    dest: "{{ yum_repo_dir }}/containerd.repo"
-    mode: 0644
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution not in ["Fedora", "Amazon"]

roles/container-engine/containerd/tasks/main.yml

@@ -1,41 +1,10 @@
 ---
-- name: check if fedora coreos
-  stat:
-    path: /run/ostree-booted
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
-  register: ostree
-
-- name: set is_ostree
-  set_fact:
-    is_ostree: "{{ ostree.stat.exists }}"
-
 - name: Fail containerd setup if distribution is not supported
   fail:
     msg: "{{ ansible_distribution }} is not supported by containerd."
   when:
     - not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux", "Rocky", "Amazon", "Flatcar", "Flatcar Container Linux by Kinvolk"]
 
-- name: gather os specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
-        - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
-        - "{{ ansible_os_family|lower }}.yml"
-        - defaults.yml
-      paths:
-        - ../vars
-      skip: true
-  tags:
-    - facts
-
 - name: disable unified_cgroup_hierarchy in Fedora 31+
   command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
   when:
@@ -52,32 +21,71 @@
     - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
     - not is_ostree
 
-- include_tasks: containerd_repo.yml
-  when: not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
+- name: containerd | Remove any package manager controlled containerd package
+  package:
+    name: "{{ containerd_package }}"
+    state: absent
+  when:
+    - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
 
-- name: Create containerd service systemd directory if it doesn't exist
+- name: containerd | Remove containerd repository
   file:
-    path: /etc/systemd/system/containerd.service.d
-    state: directory
-    mode: 0755
+    path: "{{ yum_repo_dir }}/containerd.repo"
+    state: absent
+  when:
+    - ansible_os_family in ['RedHat']
 
-- name: Write containerd proxy drop-in
+- name: containerd | Remove containerd repository
+  apt_repository:
+    repo: "{{ item }}"
+    state: absent
+  with_items: "{{ containerd_repo_info.repos }}"
+  when: ansible_pkg_mgr == 'apt'
+
+- name: containerd | Download containerd
+  include_tasks: "../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.containerd) }}"
+
+- name: containerd | Unpack containerd archive
+  unarchive:
+    src: "{{ downloads.containerd.dest }}"
+    dest: "{{ containerd_bin_dir }}"
+    mode: 0755
+    remote_src: yes
+    extra_opts:
+      - --strip-components=1
+  notify: restart containerd
+
+- name: containerd | Generate systemd service for containerd
   template:
-    src: http-proxy.conf.j2
-    dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
+    src: containerd.service.j2
+    dest: /etc/systemd/system/containerd.service
     mode: 0644
   notify: restart containerd
-  when: http_proxy is defined or https_proxy is defined
 
-- name: ensure containerd config directory
+- name: containerd | Ensure containerd directories exist
   file:
-    dest: "{{ containerd_cfg_dir }}"
+    dest: "{{ item }}"
     state: directory
     mode: 0755
     owner: root
     group: root
+  with_items:
+    - "{{ containerd_systemd_dir }}"
+    - "{{ containerd_cfg_dir }}"
+    - "{{ containerd_storage_dir }}"
+    - "{{ containerd_state_dir }}"
 
-- name: Copy containerd config file
+- name: containerd | Write containerd proxy drop-in
+  template:
+    src: http-proxy.conf.j2
+    dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
+    mode: 0644
+  notify: restart containerd
+  when: http_proxy is defined or https_proxy is defined
+
+- name: containerd | Copy containerd config file
   template:
     src: config.toml.j2
     dest: "{{ containerd_cfg_dir }}/config.toml"
@@ -85,49 +93,12 @@
     mode: 0640
   notify: restart containerd
 
-# This is required to ensure any apt upgrade will not break kubernetes
-- name: Set containerd pin priority to apt_preferences on Debian family
-  copy:
-    content: |
-      Package: {{ containerd_package }}
-      Pin: version {{ containerd_version }}*
-      Pin-Priority: 1001
-    dest: "/etc/apt/preferences.d/containerd"
-    owner: "root"
-    mode: 0644
-  when: ansible_pkg_mgr == 'apt'
-
-- name: ensure containerd packages are installed
-  package:
-    name: "{{ containerd_package_info.pkgs }}"
-    state: present
-  module_defaults:
-    apt:
-      update_cache: true
-    dnf:
-      enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}"
-    yum:
-      enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}"
-    zypper:
-      update_cache: true
-  register: containerd_task_result
-  until: containerd_task_result is succeeded
-  retries: 4
-  delay: "{{ retry_stagger | d(3) }}"
-  notify: restart containerd
-  when:
-    - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
-    - containerd_package_info.pkgs|length > 0
-
-- include_role:  # noqa unnamed-task
-    name: container-engine/crictl
-
 # you can sometimes end up in a state where everything is installed
 # but containerd was not started / enabled
-- name: flush handlers
+- name: containerd | Flush handlers
   meta: flush_handlers
 
-- name: ensure containerd is started and enabled
+- name: containerd | Ensure containerd is started and enabled
   service:
     name: containerd
     enabled: yes