In this article we shall discuss on the installation of CRI-O Container Runtime on Rocky Linux 8|AlmaLinux 8. CRI-O is an OCI-based implementation ofKubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a replacement to commonly used container runtimes such as Docker and Containerd. The Open Container Initiative is responsible for creation of the specifications for standards on Operating System process and application containers. We have a separate guide on deployment of Kubernetes Cluster on Rocky Linux 8 servers using CRI-O as container runtime.
The design of CRI-O is guided by the specifications outlined below:
- Support for multiple means to download images including trust & image verification
- Support multiple image formats including the existing Docker image format
- Container process lifecycle management
- Container image management (managing image layers, overlay filesystems, etc)
- Resource isolation as required by the CRI
- Monitoring and logging required to satisfy the CRI
CRI-O with other libraries that bridges its functionalities to deliver an awesome container runtime.
- Runtime: runc (or any OCI runtime-spec implementation) and oci runtime tools
- Images: Image management using containers/image
- Networking: Networking support through use of CNI
- Storage: Storage and management of image layers using containers/storage
The architecture of CRI-O is given below.
Install CRI-O Container Runtime on Rocky Linux 8|AlmaLinux 8
With these few basics on CRI-O, we can go ahead and set the installation process ofRocky Linux 8|AlmaLinux 8 in motion.
Step 1 – Update OS packags
Let’s start the installation with the upgrade of all the packages installed on our system
sudo dnf -y updateWe can check exact minor version of our operating system
$ cat /etc/os-release
NAME="AlmaLinux"
VERSION="8.5 (Arctic Sphynx)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.5 (Arctic Sphynx)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.5"Step 2 – Add CRI-O Repository toRocky Linux 8|AlmaLinux 8 Linux
The CRI-O releases page contains a list of all latest releases. As of this article, the highest available version is 1.22.x intended to be used with Kubernetes release 1.22.
We’ll add CRI-O 1.22 repository in our system. Export the release number of CRI-O as variable.
VERSION=1.22Add the repository into your system.
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:${VERSION}/CentOS_8/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repoList repositories available on the system
$ sudo dnf -y repolist
repo id repo name
appstream AlmaLinux 8 - AppStream
baseos AlmaLinux 8 - BaseOS
devel_kubic_libcontainers_stable Stable Releases of Upstream github.com/containers packages (CentOS_8)
devel_kubic_libcontainers_stable_cri-o_1.22 devel:kubic:libcontainers:stable:cri-o:1.22 (CentOS_8)
extras AlmaLinux 8 - Extras
Step 3 – Install CRI-O Container runtime on Rocky Linux 8|AlmaLinux 8
With the repository configured, installCRI-O Container runtime on Rocky Linux 8|AlmaLinux 8:
sudo dnf install cri-o cri-toolsAccept installation prompts as asked during installation
Dependencies resolved.
======================================================================================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================================================================================
Installing:
cri-o x86_64 1.22.1-6.1.el8 devel_kubic_libcontainers_stable_cri-o_1.22 25 M
cri-tools x86_64 1.21.0-.el8.2.6 devel_kubic_libcontainers_stable 8.6 M
Installing dependencies:
socat x86_64 1.7.4.1-1.el8 appstream 322 k
Transaction Summary
======================================================================================================================================================================================================
Install 3 Packages
Total download size: 34 M
Installed size: 162 M
Is this ok [y/N]: y
As well as GPG key importation:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 23 MB/s | 34 MB 00:01
Stable Releases of Upstream github.com/containers packages (CentOS_8) 19 kB/s | 1.1 kB 00:00
Importing GPG key 0x75060AA4:
Userid : "devel:kubic OBS Project <devel:[email protected]>"
Fingerprint: 2472 D6D0 D2F6 6AF8 7ABA 8DA3 4D64 3903 7506 0AA4
From : https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/repodata/repomd.xml.key
Is this ok [y/N]: yLet’s confirm package version after installation:
$ rpm -qi cri-o
Name : cri-o
Epoch : 0
Version : 1.22.1
Release : 6.1.el8
Architecture: x86_64
Install Date: Wed Dec 8 15:49:55 2021
Group : Unspecified
Size : 119156642
License : ASL 2.0
Signature : RSA/SHA256, Fri Dec 3 23:41:20 2021, Key ID 4d64390375060aa4
Source RPM : cri-o-1.22.1-6.1.el8.src.rpm
Build Date : Fri Dec 3 23:40:55 2021
Build Host : goat01
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/devel:kubic
URL : https://github.com/cri-o/cri-o
Step 4 – Start CRI-O Serviceon Rocky Linux 8|AlmaLinux 8
The name of the service to start iscrio.
$ sudo systemctl enable --now crio
Created symlink /etc/systemd/system/cri-o.service → /usr/lib/systemd/system/crio.service.
Created symlink /etc/systemd/system/multi-user.target.wants/crio.service → /usr/lib/systemd/system/crio.service.Checking service status;
$ systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-12-08 15:53:41 EAT; 1min 10s ago
Docs: https://github.com/cri-o/cri-o
Main PID: 48096 (crio)
Tasks: 10
Memory: 35.9M
CGroup: /system.slice/crio.service
└─48096 /usr/bin/crio
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.467744023+03:00" level=info msg="No blockio config file specified, blockio not configured"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.467749851+03:00" level=info msg="RDT not available in the host system"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.476094686+03:00" level=info msg="Found CNI network crio (type=bridge) at /etc/cni/net.d/100-crio-bridge.conf"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.483568893+03:00" level=info msg="Found CNI network 200-loopback.conf (type=loopback) at /etc/cni/net.d/200-loopback.co>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.483617099+03:00" level=info msg="Updated default CNI network name to crio"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.489400024+03:00" level=warning msg="The binary conntrack is not installed, this can cause failures in network connecti>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.492637284+03:00" level=warning msg="The binary conntrack is not installed, this can cause failures in network connecti>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.492918552+03:00" level=warning msg="Error encountered when checking whether cri-o should wipe images: version file /va>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.493887221+03:00" level=info msg="Serving metrics on :9537 via HTTP"
Dec 08 15:53:41 almalinux-8.localdomain systemd[1]: Started Container Runtime Interface for OCI (CRI-O).The path to CRI-O sock file is:
$ ls /var/run/crio/crio.sock
/var/run/crio/crio.sockWith this installation, you get crictl tool which provides a CLI for CRI-compatible container runtime. This enables you to debug the runtime without needing to set up Kubernetes components.
Let’s pull some test images from a registry
$ sudo crictl pull hello-world:latest
Image is up to date for docker.io/library/hello-world@sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
$ sudo crictl pull alpine:latest
Image is up to date for docker.io/library/alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300List container images available
$ sudo crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/library/alpine latest c059bfaa849c4 5.87MB
docker.io/library/hello-world latest feb5d9fea6a5e 19.9kBTo set container registries and set priority, edit the file:
sudo vim /etc/containers/registries.confExample
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]If using CRI-O on Kubernetes, read through Debugging Kubernetes nodes with crictl documentation to learn more on its usage.
Other guides to check out on Kubernetes:
- Install and Configure Wiki.js on Kubernetes Cluster
- Deploy Nginx Ingress Controller on Kubernetes using Helm Chart
- How To Deploy Rook Ceph Storage on Kubernetes Cluster
