add containerd on fedora CoreOS

README.md

@@ -119,7 +119,7 @@ vagrant up
 - **Ubuntu** 16.04, 18.04, 20.04
 - **CentOS/RHEL** 7, [8](docs/centos8.md)
 - **Fedora** 33, 34
-- **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md))
+- **Fedora CoreOS** (see [fcos Note](docs/fcos.md))
 - **openSUSE** Leap 15.x/Tumbleweed
 - **Oracle Linux** 7, [8](docs/centos8.md)
 - **Alma Linux** [8](docs/centos8.md)

docs/fcos.md

@@ -1,6 +1,6 @@
 # Fedora CoreOS
 
-Tested with stable version 31.20200223.3.0.
+Tested with stable version 34.20210611.3.0
 
 Because package installation with `rpm-ostree` requires a reboot, playbook may fail while bootstrap.
 Restart playbook again.
@@ -9,33 +9,9 @@ Restart playbook again.
 
 Tested with
 
-- docker
+- containerd
 - crio
 
-### docker
-
-OS base packages contains docker.
-
-### cri-o
-
-To use `cri-o` disable docker service with ignition:
-
-```yaml
-#workaround, see https://github.com/coreos/fedora-coreos-tracker/issues/229
-systemd:
-  units:
-    - name: docker.service
-      enabled: false
-      contents: |
-        [Unit]
-        Description=disable docker
-
-        [Service]
-
-        [Install]
-        WantedBy=multi-user.target
-```
-
 ## Network
 
 ### calico
@@ -79,11 +55,14 @@ Prepare ignition and serve via http (a.e. python -m http.server )
 ### create guest
 
 ```shell script
-fcos_version=31.20200223.3.0
+machine_name=myfcos1
+ignition_url=http://mywebserver/fcos.ign
+
+fcos_version=34.20210611.3.0
 kernel=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-kernel-x86_64
 initrd=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-initramfs.x86_64.img
-ignition_url=http://mywebserver/fcos.ign
-kernel_args="ip=dhcp rd.neednet=1 console=tty0 coreos.liveiso=/ console=ttyS0 coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}"
+rootfs=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-rootfs.x86_64.img
+kernel_args="console=ttyS0 coreos.live.rootfs_url=${rootfs} coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}"
 sudo virt-install --name ${machine_name} --ram 4048 --graphics=none --vcpus 2 --disk size=20 \
                 --network bridge=virbr0 \
                 --install kernel=${kernel},initrd=${initrd},kernel_args_overwrite=yes,kernel_args="${kernel_args}"

roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml

@@ -19,28 +19,12 @@
   become: true
   when: need_bootstrap.rc != 0
 
-  # Because the package "python3-libselinux" has a dependency on libselinux,
-  # which is a base package in Fedora CoreOS and cannot be upgraded.
-  # Temporary disabling update repo allows to install python3-libselinux
-  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
-- name: Temporary disable fedora updates repo because of base packages conflicts
-  raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo"
-  become: true
-  when: need_bootstrap.rc != 0
-
 - name: Install required packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install --allow-inactive {{ fedora_coreos_packages|join(' ') }}"
   become: true
   when: need_bootstrap.rc != 0
 
-  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
-- name: Enable fedora updates repo
-  raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo"
-  become: true
-  when: need_bootstrap.rc != 0
-
-  # playbook fails because connection lost
-- name: Reboot immediately for updated ostree, please run playbook again if failed first time.
+- name: Reboot immediately for updated ostree
   raw: "nohup bash -c 'sleep 5s && shutdown -r now'"
   become: true
   ignore_errors: yes

roles/container-engine/containerd/tasks/main.yml

@@ -43,13 +43,15 @@
     - ansible_distribution == "Fedora"
     - (ansible_distribution_major_version | int) >= 31
     - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree
 
 - name: reboot in Fedora 31+
   reboot:
   when:
     - ansible_distribution == "Fedora"
     - (ansible_distribution_major_version | int) >= 31
     - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree
 
 - include_tasks: containerd_repo.yml
   when: not is_ostree

roles/container-engine/cri-o/tasks/main.yaml

@@ -34,13 +34,15 @@
     - ansible_distribution == "Fedora"
     - (ansible_distribution_major_version | int) >= 31
     - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree
 
 - name: reboot in Fedora 31+
   reboot:
   when:
     - ansible_distribution == "Fedora"
     - (ansible_distribution_major_version | int) >= 31
     - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree
 
 - name: import crio repo
   import_tasks: "crio_repo.yml"

roles/kubernetes/node/tasks/kubelet.yml

@@ -17,6 +17,7 @@
   template:
     src: "kubelet.env.{{ kubeletConfig_api_version }}.j2"
     dest: "{{ kube_config_dir }}/kubelet.env"
+    setype: "{{ (preinstall_selinux_state == 'enforcing') | ternary('t_etc', omit) }}"
     backup: yes
   notify: Node | restart kubelet
   tags: