Fedora CoreOS support (#5657)

* fedora coreos support
- bootstrap and new fact for

* fedora coreos support
- fix bootstrap condition

* fedora coreos support
- allow customize packages for fedora coreos bootstrap

* fedora coreos support
- prevent install ptyhon3 and epel via dnf for fedora coreos

* fedora coreos support
- handle all ostree like os in same way

* fedora coreos support
- handle all ostree like os in same way for crio

* fedora coreos support
- add fcos documentations

roles/container-engine/cri-o/templates/crio.conf.j2

@@ -104,7 +104,7 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
 # for the runtime.
 {% if ansible_os_family == "ClearLinux" %}
 seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
-{% elif ansible_distribution == "Ubuntu" %}
+{% elif ansible_distribution == "Ubuntu" or is_fedora_coreos %}
 seccomp_profile = ""
 {% else %}
 seccomp_profile = "/etc/crio/seccomp.json"
@@ -121,17 +121,17 @@ cgroup_manager = "cgroupfs"
 # only the capabilities defined in the containers json file by the user/kube
 # will be added.
 default_capabilities = [
-	"CHOWN", 
-	"DAC_OVERRIDE", 
-	"FSETID", 
-	"FOWNER", 
-	"NET_RAW", 
-	"SETGID", 
-	"SETUID", 
-	"SETPCAP", 
-	"NET_BIND_SERVICE", 
-	"SYS_CHROOT", 
-	"KILL", 
+	"CHOWN",
+	"DAC_OVERRIDE",
+	"FSETID",
+	"FOWNER",
+	"NET_RAW",
+	"SETGID",
+	"SETUID",
+	"SETPCAP",
+	"NET_BIND_SERVICE",
+	"SYS_CHROOT",
+	"KILL",
 ]
 
 # List of default sysctls. If it is empty or commented out, only the sysctls
@@ -154,7 +154,7 @@ hooks_dir = [
 # be removed in future versions in favor of default_mounts_file.
 default_mounts = [
 {% if ansible_os_family == "RedHat" %}
-	"/usr/share/rhel/secrets:/run/secrets", 
+	"/usr/share/rhel/secrets:/run/secrets",
 {% endif %}
 ]
 
@@ -216,7 +216,7 @@ ctr_stop_timeout = 0
   # The runtime to use is picked based on the runtime_handler provided by the CRI.
   # If no runtime_handler is provided, the runtime will be picked based on the level
   # of trust of the workload.
-  
+
   [crio.runtime.runtimes.runc]
 {% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
   runtime_path = "/usr/bin/runc"
@@ -226,7 +226,7 @@ ctr_stop_timeout = 0
   runtime_path = "/usr/sbin/runc"
 {% endif %}
   runtime_type = "oci"
-  
+
 
 
 # The crio.image table contains settings pertaining to the management of OCI images.
@@ -242,7 +242,7 @@ ctr_stop_timeout = 0
 default_transport = "docker://"
 
 # The image used to instantiate infra containers.
-pause_image = "docker://k8s.gcr.io/pause:3.1"
+pause_image = "docker://{{kube_image_repo}}/pause:3.1"
 
 # If not empty, the path to a docker/config.json-like file containing credentials
 # necessary for pulling the image specified by pause_image above.