add containerd on fedora CoreOS (#7794)

* set selinux type t_etc if selinux state is enforcing * workaround with update repo is no longer needed remove comments about failing playbook * grubby is not available in distros using ostree * remove docker support because removed in fcos update install script example with live rootfs * do not call grubby on ostree based distro * update docs enabling containerd on fedora coreos
2026-02-15 10:10:03 -03:30 · 2021-07-15 09:00:48 +02:00
parent 3b3ccac212
commit c2cf0d9945
6 changed files with 14 additions and 61 deletions
--- a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
@@ -19,28 +19,12 @@
  become: true
  when: need_bootstrap.rc != 0

-  # Because the package "python3-libselinux" has a dependency on libselinux,
-  # which is a base package in Fedora CoreOS and cannot be upgraded.
-  # Temporary disabling update repo allows to install python3-libselinux
-  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
- name: Temporary disable fedora updates repo because of base packages conflicts
-  raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo"
-  become: true
-  when: need_bootstrap.rc != 0
-
 - name: Install required packages on fedora coreos
  raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install --allow-inactive {{ fedora_coreos_packages|join(' ') }}"
  become: true
  when: need_bootstrap.rc != 0

-  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
- name: Enable fedora updates repo
-  raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo"
-  become: true
-  when: need_bootstrap.rc != 0
-
-  # playbook fails because connection lost
- name: Reboot immediately for updated ostree, please run playbook again if failed first time.
+- name: Reboot immediately for updated ostree
  raw: "nohup bash -c 'sleep 5s && shutdown -r now'"
  become: true
  ignore_errors: true  # noqa ignore-errors
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -43,6 +43,7 @@
    - ansible_distribution == "Fedora"
    - (ansible_distribution_major_version | int) >= 31
    - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree

 - name: reboot in Fedora 31+
  reboot:
@@ -50,6 +51,7 @@
    - ansible_distribution == "Fedora"
    - (ansible_distribution_major_version | int) >= 31
    - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree

 - include_tasks: containerd_repo.yml
  when: not is_ostree
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -34,6 +34,7 @@
    - ansible_distribution == "Fedora"
    - (ansible_distribution_major_version | int) >= 31
    - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree

 - name: reboot in Fedora 31+
  reboot:
@@ -41,6 +42,7 @@
    - ansible_distribution == "Fedora"
    - (ansible_distribution_major_version | int) >= 31
    - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
+    - not is_ostree

 - name: import crio repo
  import_tasks: "crio_repo.yml"