Cleanup fedora coreos with crio container (#5887)

* fix upgrade of crio on fcos - update documents * install conntrack required by kube-proxy - like commit 48c41bcbe7 * enable fedora modular repo for crio * allow to override crio configuration - set cgroup manager same to kubelet_cgroup_driver if defined - path of seccomp_profile depends on distribution * allow to override crio configuration - fix path for ubuntu * allow to override crio configuration - fix cni path for fcos
2026-03-09 19:58:07 +03:00 · 2020-04-11 08:51:47 +02:00
parent 7d6ef61491
commit 9c3b573f8e
10 changed files with 60 additions and 27 deletions
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -102,20 +102,14 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}

 # Path to the seccomp.json profile which is used as the default seccomp profile
 # for the runtime.
-{% if ansible_os_family == "ClearLinux" %}
-seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
-{% elif ansible_distribution == "Ubuntu" or is_fedora_coreos %}
-seccomp_profile = ""
-{% else %}
-seccomp_profile = "/etc/crio/seccomp.json"
-{% endif %}
+seccomp_profile = "{{crio_seccomp_profile}}"

 # Used to change the name of the default AppArmor profile of CRI-O. The default
 # profile name is "crio-default-" followed by the version string of CRI-O.
 apparmor_profile = "crio-default"

 # Cgroup management implementation used for the runtime.
-cgroup_manager = "cgroupfs"
+cgroup_manager = "{{crio_cgroup_manager}}"

 # List of default capabilities for containers. If it is empty or commented out,
 # only the capabilities defined in the containers json file by the user/kube
@@ -218,13 +212,7 @@ ctr_stop_timeout = 0
  # of trust of the workload.

  [crio.runtime.runtimes.runc]
-{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
-  runtime_path = "/usr/bin/runc"
-{% elif ansible_distribution == "Ubuntu" %}
-  runtime_path = "/usr/lib/cri-o-runc/sbin/runc"
-{% else %}
-  runtime_path = "/usr/sbin/runc"
-{% endif %}
+  runtime_path = "{{ crio_runc_path }}"
  runtime_type = "oci"


@@ -293,7 +281,7 @@ network_dir = "/etc/cni/net.d/"
 # Paths to directories where CNI plugin binaries are located.
 plugin_dirs = [
 	"/usr/libexec/cni",
-{% if ansible_os_family == "ClearLinux" %}
+{% if ansible_os_family == "ClearLinux" or is_ostree %}
 	"/opt/cni/bin/",
 {% endif %}
 ]