conmon-rs/.github/setup

#!/usr/bin/env bash
set -euox pipefail

main() {
    set -x
    prepare_system

    install_critest
    install_crio
}

curl_retry() {
    curl -sSfL --retry 5 --retry-delay 3 "$@"
}

prepare_system() {
    sudo systemctl stop docker
    sudo ufw disable

    # enable necessary kernel modules
    sudo modprobe br_netfilter
    sudo sysctl -p /etc/sysctl.conf
    sudo ip6tables --list >/dev/null

    # enable necessary sysctls
    sudo sysctl -w net.ipv4.conf.all.route_localnet=1
    sudo sysctl -w net.ipv4.ip_forward=1

    # needed for crictl test
    sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
    sudo iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j MASQUERADE

    if ! grep -q containers /etc/subuid; then
        echo "containers:100000:65536" | sudo tee -a /etc/subuid
    fi
    if ! grep -q containers /etc/subgid; then
        echo "containers:100000:65536" | sudo tee -a /etc/subgid
    fi

    printf "RateLimitInterval=0\nRateLimitBurst=0\n" | sudo tee /etc/systemd/journald.conf
    sudo systemctl restart systemd-journald
}

install_crio() {
    curl_retry "https://raw.githubusercontent.com/cri-o/packaging/main/get" |
        sudo bash -s --

    cat <<EOT | sudo tee /etc/crio/crio.conf.d/10-crun.conf
[crio.runtime]
log_level = "debug"
default_runtime = "runc"

[crio.runtime.runtimes.runc]
runtime_path = "/usr/libexec/crio/runc"
runtime_type = "pod"
monitor_path = "/usr/libexec/crio/conmonrs"
EOT

    sudo systemctl enable --now crio.service

    # Validate if the correct config is being loaded
    sudo crio status config | grep -q 'default_runtime = "runc"'
    sudo crio status config | grep -q 'runtime_type = "pod"'
}

install_critest() {
    URL=https://github.com/kubernetes-sigs/cri-tools

    git clone $URL
    pushd cri-tools
    sudo -E PATH="$PATH" make BINDIR=/usr/local/bin install
    popd
    sudo rm -rf cri-tools
    sudo critest --version
}

main "$@"