From c2cf0d994588036c24b4e505011993ac7b4e59d5 Mon Sep 17 00:00:00 2001 From: spaced Date: Thu, 15 Jul 2021 09:00:48 +0200 Subject: [PATCH] add containerd on fedora CoreOS (#7794) * set selinux type t_etc if selinux state is enforcing * workaround with update repo is no longer needed remove comments about failing playbook * grubby is not available in distros using ostree * remove docker support because removed in fcos update install script example with live rootfs * do not call grubby on ostree based distro * update docs enabling containerd on fedora coreos --- README.md | 2 +- docs/coreos.md | 14 ------- docs/fcos.md | 37 ++++--------------- .../tasks/bootstrap-fedora-coreos.yml | 18 +-------- .../containerd/tasks/main.yml | 2 + roles/container-engine/cri-o/tasks/main.yaml | 2 + 6 files changed, 14 insertions(+), 61 deletions(-) delete mode 100644 docs/coreos.md diff --git a/README.md b/README.md index 204c24801..31382fbdc 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ vagrant up - **Ubuntu** 16.04, 18.04, 20.04 - **CentOS/RHEL** 7, [8](docs/centos8.md) - **Fedora** 33, 34 -- **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md)) +- **Fedora CoreOS** (see [fcos Note](docs/fcos.md)) - **openSUSE** Leap 15.x/Tumbleweed - **Oracle Linux** 7, [8](docs/centos8.md) - **Alma Linux** [8](docs/centos8.md) diff --git a/docs/coreos.md b/docs/coreos.md deleted file mode 100644 index a30c9dd66..000000000 --- a/docs/coreos.md +++ /dev/null @@ -1,14 +0,0 @@ -CoreOS bootstrap -=============== - -Example with Ansible: - -Before running the cluster playbook you must satisfy the following requirements: - -General CoreOS Pre-Installation Notes: - -- Ensure that the bin_dir is set to `/opt/bin` -- ansible_python_interpreter should be `/opt/bin/python`. This will be laid down by the bootstrap task. -- The default resolvconf_mode setting of `docker_dns` **does not** work for CoreOS. This is because we do not edit the systemd service file for docker on CoreOS nodes. Instead, just use the `host_resolvconf` mode. It should work out of the box. - -Then you can proceed to [cluster deployment](#run-deployment) diff --git a/docs/fcos.md b/docs/fcos.md index 0682879cc..c91d8b1d4 100644 --- a/docs/fcos.md +++ b/docs/fcos.md @@ -1,6 +1,6 @@ # Fedora CoreOS -Tested with stable version 31.20200223.3.0. +Tested with stable version 34.20210611.3.0 Because package installation with `rpm-ostree` requires a reboot, playbook may fail while bootstrap. Restart playbook again. @@ -9,33 +9,9 @@ Restart playbook again. Tested with -- docker +- containerd - crio -### docker - -OS base packages contains docker. - -### cri-o - -To use `cri-o` disable docker service with ignition: - -```yaml -#workaround, see https://github.com/coreos/fedora-coreos-tracker/issues/229 -systemd: - units: - - name: docker.service - enabled: false - contents: | - [Unit] - Description=disable docker - - [Service] - - [Install] - WantedBy=multi-user.target -``` - ## Network ### calico @@ -79,11 +55,14 @@ Prepare ignition and serve via http (a.e. python -m http.server ) ### create guest ```shell script -fcos_version=31.20200223.3.0 +machine_name=myfcos1 +ignition_url=http://mywebserver/fcos.ign + +fcos_version=34.20210611.3.0 kernel=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-kernel-x86_64 initrd=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-initramfs.x86_64.img -ignition_url=http://mywebserver/fcos.ign -kernel_args="ip=dhcp rd.neednet=1 console=tty0 coreos.liveiso=/ console=ttyS0 coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}" +rootfs=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-rootfs.x86_64.img +kernel_args="console=ttyS0 coreos.live.rootfs_url=${rootfs} coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}" sudo virt-install --name ${machine_name} --ram 4048 --graphics=none --vcpus 2 --disk size=20 \ --network bridge=virbr0 \ --install kernel=${kernel},initrd=${initrd},kernel_args_overwrite=yes,kernel_args="${kernel_args}" diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml index 1a222f664..d3fd1c942 100644 --- a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml @@ -19,28 +19,12 @@ become: true when: need_bootstrap.rc != 0 - # Because the package "python3-libselinux" has a dependency on libselinux, - # which is a base package in Fedora CoreOS and cannot be upgraded. - # Temporary disabling update repo allows to install python3-libselinux - # see https://github.com/coreos/fedora-coreos-tracker/issues/592 -- name: Temporary disable fedora updates repo because of base packages conflicts - raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo" - become: true - when: need_bootstrap.rc != 0 - - name: Install required packages on fedora coreos raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install --allow-inactive {{ fedora_coreos_packages|join(' ') }}" become: true when: need_bootstrap.rc != 0 - # see https://github.com/coreos/fedora-coreos-tracker/issues/592 -- name: Enable fedora updates repo - raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo" - become: true - when: need_bootstrap.rc != 0 - - # playbook fails because connection lost -- name: Reboot immediately for updated ostree, please run playbook again if failed first time. +- name: Reboot immediately for updated ostree raw: "nohup bash -c 'sleep 5s && shutdown -r now'" become: true ignore_errors: true # noqa ignore-errors diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index e4ba9983b..504be3aec 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -43,6 +43,7 @@ - ansible_distribution == "Fedora" - (ansible_distribution_major_version | int) >= 31 - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' + - not is_ostree - name: reboot in Fedora 31+ reboot: @@ -50,6 +51,7 @@ - ansible_distribution == "Fedora" - (ansible_distribution_major_version | int) >= 31 - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' + - not is_ostree - include_tasks: containerd_repo.yml when: not is_ostree diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml index 3fda1aeb4..cde3552f9 100644 --- a/roles/container-engine/cri-o/tasks/main.yaml +++ b/roles/container-engine/cri-o/tasks/main.yaml @@ -34,6 +34,7 @@ - ansible_distribution == "Fedora" - (ansible_distribution_major_version | int) >= 31 - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' + - not is_ostree - name: reboot in Fedora 31+ reboot: @@ -41,6 +42,7 @@ - ansible_distribution == "Fedora" - (ansible_distribution_major_version | int) >= 31 - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' + - not is_ostree - name: import crio repo import_tasks: "crio_repo.yml"