add containerd on fedora CoreOS (#7794)

* set selinux type t_etc if selinux state is enforcing

* workaround with update repo is no longer needed
remove comments about failing playbook

* grubby is not available in distros using ostree

* remove docker support because removed in fcos
update install script example with live rootfs

* do not call grubby on ostree based distro

* update docs enabling containerd on fedora coreos
This commit is contained in:
spaced 2021-07-15 09:00:48 +02:00 committed by GitHub
parent 3b3ccac212
commit c2cf0d9945
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 14 additions and 61 deletions

View file

@ -119,7 +119,7 @@ vagrant up
- **Ubuntu** 16.04, 18.04, 20.04
- **CentOS/RHEL** 7, [8](docs/centos8.md)
- **Fedora** 33, 34
- **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md))
- **Fedora CoreOS** (see [fcos Note](docs/fcos.md))
- **openSUSE** Leap 15.x/Tumbleweed
- **Oracle Linux** 7, [8](docs/centos8.md)
- **Alma Linux** [8](docs/centos8.md)

View file

@ -1,14 +0,0 @@
CoreOS bootstrap
===============
Example with Ansible:
Before running the cluster playbook you must satisfy the following requirements:
General CoreOS Pre-Installation Notes:
- Ensure that the bin_dir is set to `/opt/bin`
- ansible_python_interpreter should be `/opt/bin/python`. This will be laid down by the bootstrap task.
- The default resolvconf_mode setting of `docker_dns` **does not** work for CoreOS. This is because we do not edit the systemd service file for docker on CoreOS nodes. Instead, just use the `host_resolvconf` mode. It should work out of the box.
Then you can proceed to [cluster deployment](#run-deployment)

View file

@ -1,6 +1,6 @@
# Fedora CoreOS
Tested with stable version 31.20200223.3.0.
Tested with stable version 34.20210611.3.0
Because package installation with `rpm-ostree` requires a reboot, playbook may fail while bootstrap.
Restart playbook again.
@ -9,33 +9,9 @@ Restart playbook again.
Tested with
- docker
- containerd
- crio
### docker
OS base packages contains docker.
### cri-o
To use `cri-o` disable docker service with ignition:
```yaml
#workaround, see https://github.com/coreos/fedora-coreos-tracker/issues/229
systemd:
units:
- name: docker.service
enabled: false
contents: |
[Unit]
Description=disable docker
[Service]
[Install]
WantedBy=multi-user.target
```
## Network
### calico
@ -79,11 +55,14 @@ Prepare ignition and serve via http (a.e. python -m http.server )
### create guest
```shell script
fcos_version=31.20200223.3.0
machine_name=myfcos1
ignition_url=http://mywebserver/fcos.ign
fcos_version=34.20210611.3.0
kernel=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-kernel-x86_64
initrd=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-initramfs.x86_64.img
ignition_url=http://mywebserver/fcos.ign
kernel_args="ip=dhcp rd.neednet=1 console=tty0 coreos.liveiso=/ console=ttyS0 coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}"
rootfs=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-rootfs.x86_64.img
kernel_args="console=ttyS0 coreos.live.rootfs_url=${rootfs} coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}"
sudo virt-install --name ${machine_name} --ram 4048 --graphics=none --vcpus 2 --disk size=20 \
--network bridge=virbr0 \
--install kernel=${kernel},initrd=${initrd},kernel_args_overwrite=yes,kernel_args="${kernel_args}"

View file

@ -19,28 +19,12 @@
become: true
when: need_bootstrap.rc != 0
# Because the package "python3-libselinux" has a dependency on libselinux,
# which is a base package in Fedora CoreOS and cannot be upgraded.
# Temporary disabling update repo allows to install python3-libselinux
# see https://github.com/coreos/fedora-coreos-tracker/issues/592
- name: Temporary disable fedora updates repo because of base packages conflicts
raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo"
become: true
when: need_bootstrap.rc != 0
- name: Install required packages on fedora coreos
raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install --allow-inactive {{ fedora_coreos_packages|join(' ') }}"
become: true
when: need_bootstrap.rc != 0
# see https://github.com/coreos/fedora-coreos-tracker/issues/592
- name: Enable fedora updates repo
raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo"
become: true
when: need_bootstrap.rc != 0
# playbook fails because connection lost
- name: Reboot immediately for updated ostree, please run playbook again if failed first time.
- name: Reboot immediately for updated ostree
raw: "nohup bash -c 'sleep 5s && shutdown -r now'"
become: true
ignore_errors: true # noqa ignore-errors

View file

@ -43,6 +43,7 @@
- ansible_distribution == "Fedora"
- (ansible_distribution_major_version | int) >= 31
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
- name: reboot in Fedora 31+
reboot:
@ -50,6 +51,7 @@
- ansible_distribution == "Fedora"
- (ansible_distribution_major_version | int) >= 31
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
- include_tasks: containerd_repo.yml
when: not is_ostree

View file

@ -34,6 +34,7 @@
- ansible_distribution == "Fedora"
- (ansible_distribution_major_version | int) >= 31
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
- name: reboot in Fedora 31+
reboot:
@ -41,6 +42,7 @@
- ansible_distribution == "Fedora"
- (ansible_distribution_major_version | int) >= 31
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
- name: import crio repo
import_tasks: "crio_repo.yml"