Install CRI-O Container Runtime on Rocky Linux 8|AlmaLinux 8

Posted on 131 views

In this article we shall discuss on the installation of CRI-O Container Runtime on Rocky Linux 8|AlmaLinux 8. CRI-O is an OCI-based implementation of Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a replacement to commonly used container runtimes such as Docker and Containerd. The Open Container Initiative is responsible for creation of the specifications for standards on Operating System process and application containers. We have a separate guide on deployment of Kubernetes Cluster on Rocky Linux 8 servers using CRI-O as container runtime.

The design of CRI-O is guided by the specifications outlined below:

  • Support for multiple means to download images including trust & image verification
  • Support multiple image formats including the existing Docker image format
  • Container process lifecycle management
  • Container image management (managing image layers, overlay filesystems, etc)
  • Resource isolation as required by the CRI
  • Monitoring and logging required to satisfy the CRI

CRI-O with other libraries that bridges its functionalities to deliver an awesome container runtime.

The architecture of CRI-O is given below.

crio-container-runtime-architecture-1024x615
Image source: Official project website

Install CRI-O Container Runtime on Rocky Linux 8|AlmaLinux 8

With these few basics on CRI-O, we can go ahead and set the installation process ofRocky Linux 8|AlmaLinux 8 in motion.

Step 1 – Update OS packags

Let’s start the installation with the upgrade of all the packages installed on our system

sudo dnf -y update

We can check exact minor version of our operating system

$ cat /etc/os-release
NAME="AlmaLinux"
VERSION="8.5 (Arctic Sphynx)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.5 (Arctic Sphynx)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.5"

Step 2 – Add CRI-O Repository toRocky Linux 8|AlmaLinux 8 Linux

The CRI-O releases page contains a list of all latest releases. As of this article, the highest available version is 1.22.x intended to be used with Kubernetes release 1.22.

We’ll add CRI-O 1.22 repository in our system. Export the release number of CRI-O as variable.

VERSION=1.22

Add the repository into your system.

sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo

List repositories available on the system

$ sudo dnf -y repolist
repo id                                                                               repo name
appstream                                                                             AlmaLinux 8 - AppStream
baseos                                                                                AlmaLinux 8 - BaseOS
devel_kubic_libcontainers_stable                                                      Stable Releases of Upstream github.com/containers packages (CentOS_8)
devel_kubic_libcontainers_stable_cri-o_1.22                                           devel:kubic:libcontainers:stable:cri-o:1.22 (CentOS_8)
extras                                                                                AlmaLinux 8 - Extras

Step 3 – Install CRI-O Container runtime on Rocky Linux 8|AlmaLinux 8

With the repository configured, installCRI-O Container runtime on Rocky Linux 8|AlmaLinux 8:

sudo dnf install cri-o cri-tools

Accept installation prompts as asked during installation

Dependencies resolved.
======================================================================================================================================================================================================
 Package                               Architecture                       Version                                       Repository                                                               Size
======================================================================================================================================================================================================
Installing:
 cri-o                                 x86_64                             1.22.1-6.1.el8                                devel_kubic_libcontainers_stable_cri-o_1.22                              25 M
 cri-tools                             x86_64                             1.21.0-.el8.2.6                               devel_kubic_libcontainers_stable                                        8.6 M
Installing dependencies:
 socat                                 x86_64                             1.7.4.1-1.el8                                 appstream                                                               322 k

Transaction Summary
======================================================================================================================================================================================================
Install  3 Packages

Total download size: 34 M
Installed size: 162 M
Is this ok [y/N]: y

As well as GPG key importation:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                  23 MB/s |  34 MB     00:01
Stable Releases of Upstream github.com/containers packages (CentOS_8)                                                                                                  19 kB/s | 1.1 kB     00:00
Importing GPG key 0x75060AA4:
 Userid     : "devel:kubic OBS Project "
 Fingerprint: 2472 D6D0 D2F6 6AF8 7ABA 8DA3 4D64 3903 7506 0AA4
 From       : https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/repodata/repomd.xml.key
Is this ok [y/N]: y

Let’s confirm package version after installation:

$ rpm -qi cri-o
Name        : cri-o
Epoch       : 0
Version     : 1.22.1
Release     : 6.1.el8
Architecture: x86_64
Install Date: Wed Dec  8 15:49:55 2021
Group       : Unspecified
Size        : 119156642
License     : ASL 2.0
Signature   : RSA/SHA256, Fri Dec  3 23:41:20 2021, Key ID 4d64390375060aa4
Source RPM  : cri-o-1.22.1-6.1.el8.src.rpm
Build Date  : Fri Dec  3 23:40:55 2021
Build Host  : goat01
Relocations : (not relocatable)
Vendor      : obs://build.opensuse.org/devel:kubic
URL         : https://github.com/cri-o/cri-o

Step 4 – Start CRI-O Serviceon Rocky Linux 8|AlmaLinux 8

The name of the service to start iscrio.

$ sudo systemctl enable --now crio
Created symlink /etc/systemd/system/cri-o.service → /usr/lib/systemd/system/crio.service.
Created symlink /etc/systemd/system/multi-user.target.wants/crio.service → /usr/lib/systemd/system/crio.service.

Checking service status;

$ systemctl status crio
 crio.service - Container Runtime Interface for OCI (CRI-O)
   Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-12-08 15:53:41 EAT; 1min 10s ago
     Docs: https://github.com/cri-o/cri-o
 Main PID: 48096 (crio)
    Tasks: 10
   Memory: 35.9M
   CGroup: /system.slice/crio.service
           └─48096 /usr/bin/crio

Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.467744023+03:00" level=info msg="No blockio config file specified, blockio not configured"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.467749851+03:00" level=info msg="RDT not available in the host system"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.476094686+03:00" level=info msg="Found CNI network crio (type=bridge) at /etc/cni/net.d/100-crio-bridge.conf"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.483568893+03:00" level=info msg="Found CNI network 200-loopback.conf (type=loopback) at /etc/cni/net.d/200-loopback.co>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.483617099+03:00" level=info msg="Updated default CNI network name to crio"
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.489400024+03:00" level=warning msg="The binary conntrack is not installed, this can cause failures in network connecti>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.492637284+03:00" level=warning msg="The binary conntrack is not installed, this can cause failures in network connecti>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.492918552+03:00" level=warning msg="Error encountered when checking whether cri-o should wipe images: version file /va>
Dec 08 15:53:41 almalinux-8.localdomain crio[48096]: time="2021-12-08 15:53:41.493887221+03:00" level=info msg="Serving metrics on :9537 via HTTP"
Dec 08 15:53:41 almalinux-8.localdomain systemd[1]: Started Container Runtime Interface for OCI (CRI-O).

The path to CRI-O sock file is:

$ ls /var/run/crio/crio.sock
/var/run/crio/crio.sock

With this installation, you get crictl tool which provides a CLI for CRI-compatible container runtime. This enables you to debug the runtime without needing to set up Kubernetes components.

Let’s pull some test images from a registry

$ sudo crictl pull  hello-world:latest
Image is up to date for docker.io/library/[email protected]:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685

$ sudo crictl pull  alpine:latest
Image is up to date for docker.io/library/[email protected]:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300

List container images available

$ sudo crictl images
IMAGE                           TAG                 IMAGE ID            SIZE
docker.io/library/alpine        latest              c059bfaa849c4       5.87MB
docker.io/library/hello-world   latest              feb5d9fea6a5e       19.9kB

To set container registries and set priority, edit the file:

sudo vim /etc/containers/registries.conf

Example

unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]

If using CRI-O on Kubernetes, read through Debugging Kubernetes nodes with crictl documentation to learn more on its usage.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.