awslabs
diff --git a/‎templates/al2/provisioners/install-worker.sh‎
Lines changed: 4 additions & 15 deletions b/‎templates/al2/provisioners/install-worker.sh‎
Lines changed: 4 additions & 15 deletions
diff --git a/‎templates/al2/runtime/containerd.service‎
Lines changed: 0 additions & 42 deletions b/‎templates/al2/runtime/containerd.service‎
Lines changed: 0 additions & 42 deletions
diff --git a/‎templates/al2023/provisioners/install-worker.sh‎
Lines changed: 4 additions & 26 deletions b/‎templates/al2023/provisioners/install-worker.sh‎
Lines changed: 4 additions & 26 deletions
diff --git a/‎templates/al2023/runtime/rootfs/etc/systemd/system/containerd.service‎
Lines changed: 0 additions & 42 deletions b/‎templates/al2023/runtime/rootfs/etc/systemd/system/containerd.service‎
Lines changed: 0 additions & 42 deletions
diff --git a/‎templates/shared/provisioners/generate-version-info.sh‎
Lines changed: 0 additions & 7 deletions b/‎templates/shared/provisioners/generate-version-info.sh‎
Lines changed: 0 additions & 7 deletions
@@ -150,22 +150,11 @@ sudo yum versionlock runc-*
 
 # install containerd and lock version
 if [[ "$INSTALL_CONTAINERD_FROM_S3" == "true" ]]; then
-  CONTAINERD_BINARIES=(
-    containerd
-    containerd-shim-runc-v2
-    ctr
-  )
   echo "Installing containerd from S3..."
-  for binary in "${CONTAINERD_BINARIES[@]}"; do
-    aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/containerd/${CONTAINERD_VERSION}/${MACHINE}/${binary} .
-    sudo chmod +x $binary
-    sudo mv $binary /usr/bin/
-  done
-  sudo mkdir -p /var/lib/containerd
-  sudo mv $WORKING_DIR/containerd.service /etc/systemd/system/containerd.service
-  sudo chown root:root /etc/systemd/system/containerd.service
-  # exclude containerd from yum.conf as versionlock doesn't work in this case
-  echo "exclude=containerd*,docker*" | sudo tee -a /etc/yum.conf
+  aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/containerd/containerd-${CONTAINERD_VERSION}.${MACHINE}.rpm ${WORKING_DIR}/containerd/
+  sudo yum install -y ${WORKING_DIR}/containerd/containerd-${CONTAINERD_VERSION}.${MACHINE}.rpm
+  # have to add versionlock explicitly as sudo yum versionlock containerd-* doesn't work for rpm installed outside al repo
+  sudo yum versionlock add containerd-${CONTAINERD_VERSION}.*
 else
   sudo yum install -y containerd-${CONTAINERD_VERSION}
   sudo yum versionlock containerd-*
 
@@ -148,24 +148,12 @@ fi
 ###############################################################################
 sudo dnf install -y runc-${RUNC_VERSION}
 if [[ "$INSTALL_CONTAINERD_FROM_S3" == "true" ]]; then
-  CONTAINERD_BINARIES=(
-    containerd
-    containerd-shim-runc-v2
-    ctr
-  )
-  for binary in "${CONTAINERD_BINARIES[@]}"; do
-    echo "Installing containerd from S3..."
-    aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/containerd/${CONTAINERD_VERSION}/${MACHINE}/${binary} .
-    sudo chmod +x $binary
-    sudo mv $binary /usr/bin/
-    # exclude containerd from yum.conf as versionlock doesn't work in this case
-    echo "exclude=containerd*" | sudo tee -a /etc/dnf/dnf.conf
-  done
-  sudo mkdir -p /var/lib/containerd
+  aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/containerd/containerd-${CONTAINERD_VERSION}.${MACHINE}.rpm ${WORKING_DIR}/containerd/
+  sudo dnf install -y ${WORKING_DIR}/containerd/containerd-${CONTAINERD_VERSION}.${MACHINE}.rpm
 else
   sudo dnf install -y containerd-${CONTAINERD_VERSION}
-  sudo dnf versionlock containerd-*
 fi
+sudo dnf versionlock containerd-*
 
 # generate and store containerd version in file /etc/eks/containerd-version.txt
 containerd --version | sudo tee /etc/eks/containerd-version.txt
@@ -254,17 +242,7 @@ sudo mv $ECR_CREDENTIAL_PROVIDER_BINARY /etc/eks/image-credential-provider/
 ### SOCI Snapshotter ##########################################################
 ###############################################################################
 
-# dnf will still try to install containerd from Amazon Linux as a dependency,
-# and it will break because we explicitly exclude it in favor of our manual
-# version in order to version lock it. dnf doesn't recognize the locally
-# installed version.
-# Use `--disableexcludes=all` to allow downloading containerd RPM (but not installing it).
-# TODO consider installing a stub package that provides containerd so that we can
-# do this the normal way with dnf.
-SOCI_RPM_DIR=$(mktemp -d)
-sudo dnf install -y --downloadonly --downloaddir="${SOCI_RPM_DIR}" --disableexcludes=all soci-snapshotter
-# This will break if we need other deps besides containerd.
-sudo rpm -i --nodeps "${SOCI_RPM_DIR}/soci-snapshotter*.rpm"
+sudo dnf install -y soci-snapshotter
 sudo systemctl enable soci-snapshotter.socket
 
 ################################################################################
 
@@ -31,13 +31,6 @@ if [ "$?" != 0 ]; then
 fi
 echo $(jq ".binaries.kubelet = \"$KUBELET_VERSION\"" $OUTPUT_FILE) > $OUTPUT_FILE
 
-CONTAINERD_VERSION=$(containerd --version | awk '{print $3}')
-if [ "$?" != 0 ]; then
-  echo "unable to get containerd version"
-  exit 1
-fi
-echo $(jq ".binaries.containerd = \"$CONTAINERD_VERSION\"" $OUTPUT_FILE) > $OUTPUT_FILE
-
 CLI_VERSION=$(aws --version | awk '{print $1}' | cut -d '/' -f 2)
 if [ "$?" != 0 ]; then
   echo "unable to get aws cli version"