Fedora coreos networkmanager global dns and bootstrapping fix (#6577)

* remove podman cni plugin

* configure networkamanger global dns

* allow installation of python3-libselinux by disabling update repo temporary

* remove ipv4 section because it is not a valid configuration

roles/bootstrap-os/defaults/main.yml

@@ -13,7 +13,7 @@ use_oracle_public_repo: true
 
 fedora_coreos_packages:
   - python
-  - libselinux-python3
+  - python3-libselinux
   - ethtool                 # required in kubeadm preflight phase for verifying the environment
   - ipset                   # required in kubeadm preflight phase for verifying the environment
   - conntrack-tools         # required by kube-proxy

roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml

@@ -8,16 +8,37 @@
   tags:
     - facts
 
+- name: Remove podman network cni
+  raw: "podman network rm podman"
+  become: true
+  ignore_errors: yes
+  when: need_bootstrap.rc != 0
+
 - name: Clean up possible pending packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree cleanup -p }}"
   become: true
   when: need_bootstrap.rc != 0
 
+  # Because the package "python3-libselinux" has a dependency on libselinux,
+  # which is a base package in Fedora CoreOS and cannot be upgraded.
+  # Temporary disabling update repo allows to install python3-libselinux
+  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
+- name: Temporary disable fedora updates repo because of base packages conflicts
+  raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo"
+  become: true
+  when: need_bootstrap.rc != 0
+
 - name: Install required packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install {{ fedora_coreos_packages|join(' ') }}"
   become: true
   when: need_bootstrap.rc != 0
 
+  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
+- name: Enable fedora updates repo
+  raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo"
+  become: true
+  when: need_bootstrap.rc != 0
+
   # playbook fails because connection lost
 - name: Reboot immediately for updated ostree, please run playbook again if failed first time.
   raw: "nohup bash -c 'sleep 5s && shutdown -r now'"

roles/kubernetes/preinstall/tasks/0062-networkmanager.yml

@@ -1,9 +1,9 @@
 ---
 - name: NetworkManager | Add nameservers to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns-domain-*
+    option: servers
     value: "{{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(';') }}"
     mode: '0600'
     backup: yes
@@ -11,9 +11,9 @@
 
 - name: NetworkManager | Add DNS search to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns-search
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns
+    option: searches
     value: "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(';') }}"
     mode: '0600'
     backup: yes
@@ -21,20 +21,10 @@
 
 - name: NetworkManager | Add DNS options to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns-options
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns
+    option: options
     value: "ndots:{{ ndots }};timeout:2;attempts:2;"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for Fedora CoreOS
-
-- name: NetworkManager | Ignore DNS auto configuration
-  ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: ignore-auto-dns
-    value: 'true'
-    mode: '0600'
-    backup: yes
-  notify: Preinstall | update resolvconf for Fedora CoreOS