diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml index 40054b2e3..b9aee516a 100644 --- a/roles/bootstrap-os/defaults/main.yml +++ b/roles/bootstrap-os/defaults/main.yml @@ -13,7 +13,7 @@ use_oracle_public_repo: true fedora_coreos_packages: - python - - libselinux-python3 + - python3-libselinux - ethtool # required in kubeadm preflight phase for verifying the environment - ipset # required in kubeadm preflight phase for verifying the environment - conntrack-tools # required by kube-proxy diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml index 39acdcc7f..0d70a3398 100644 --- a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml @@ -8,17 +8,38 @@ tags: - facts +- name: Remove podman network cni + raw: "podman network rm podman" + become: true + ignore_errors: yes + when: need_bootstrap.rc != 0 + - name: Clean up possible pending packages on fedora coreos raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree cleanup -p }}" become: true when: need_bootstrap.rc != 0 + # Because the package "python3-libselinux" has a dependency on libselinux, + # which is a base package in Fedora CoreOS and cannot be upgraded. + # Temporary disabling update repo allows to install python3-libselinux + # see https://github.com/coreos/fedora-coreos-tracker/issues/592 +- name: Temporary disable fedora updates repo because of base packages conflicts + raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo" + become: true + when: need_bootstrap.rc != 0 + - name: Install required packages on fedora coreos raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install {{ fedora_coreos_packages|join(' ') }}" become: true when: need_bootstrap.rc != 0 -# playbook fails because connection lost + # see https://github.com/coreos/fedora-coreos-tracker/issues/592 +- name: Enable fedora updates repo + raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo" + become: true + when: need_bootstrap.rc != 0 + + # playbook fails because connection lost - name: Reboot immediately for updated ostree, please run playbook again if failed first time. raw: "nohup bash -c 'sleep 5s && shutdown -r now'" become: true diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml index 4d94231aa..0676f9c8e 100644 --- a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml +++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml @@ -1,9 +1,9 @@ --- - name: NetworkManager | Add nameservers to NM configuration ini_file: - path: /etc/NetworkManager/system-connections/default_connection.nmconnection - section: ipv4 - option: dns + path: /etc/NetworkManager/conf.d/dns.conf + section: global-dns-domain-* + option: servers value: "{{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(';') }}" mode: '0600' backup: yes @@ -11,9 +11,9 @@ - name: NetworkManager | Add DNS search to NM configuration ini_file: - path: /etc/NetworkManager/system-connections/default_connection.nmconnection - section: ipv4 - option: dns-search + path: /etc/NetworkManager/conf.d/dns.conf + section: global-dns + option: searches value: "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(';') }}" mode: '0600' backup: yes @@ -21,20 +21,10 @@ - name: NetworkManager | Add DNS options to NM configuration ini_file: - path: /etc/NetworkManager/system-connections/default_connection.nmconnection - section: ipv4 - option: dns-options + path: /etc/NetworkManager/conf.d/dns.conf + section: global-dns + option: options value: "ndots:{{ ndots }};timeout:2;attempts:2;" mode: '0600' backup: yes notify: Preinstall | update resolvconf for Fedora CoreOS - -- name: NetworkManager | Ignore DNS auto configuration - ini_file: - path: /etc/NetworkManager/system-connections/default_connection.nmconnection - section: ipv4 - option: ignore-auto-dns - value: 'true' - mode: '0600' - backup: yes - notify: Preinstall | update resolvconf for Fedora CoreOS