From 2de6a5676d2b7f6a60adbb862abbf09b7b2b1162 Mon Sep 17 00:00:00 2001
From: spaced <spaced.wombat@gmail.com>
Date: Mon, 7 Sep 2020 11:27:41 +0200
Subject: [PATCH] Fedora coreos networkmanager global dns and bootstrapping fix
 (#6577)

* remove podman cni plugin

* configure networkamanger global dns

* allow installation of python3-libselinux by disabling update repo temporary

* remove ipv4 section because it is not a valid configuration
---
 roles/bootstrap-os/defaults/main.yml          |  2 +-
 .../tasks/bootstrap-fedora-coreos.yml         | 23 ++++++++++++++-
 .../preinstall/tasks/0062-networkmanager.yml  | 28 ++++++-------------
 3 files changed, 32 insertions(+), 21 deletions(-)

diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml
index 40054b2e3..b9aee516a 100644
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -13,7 +13,7 @@ use_oracle_public_repo: true
 
 fedora_coreos_packages:
   - python
-  - libselinux-python3
+  - python3-libselinux
   - ethtool                 # required in kubeadm preflight phase for verifying the environment
   - ipset                   # required in kubeadm preflight phase for verifying the environment
   - conntrack-tools         # required by kube-proxy
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
index 39acdcc7f..0d70a3398 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
@@ -8,17 +8,38 @@
   tags:
     - facts
 
+- name: Remove podman network cni
+  raw: "podman network rm podman"
+  become: true
+  ignore_errors: yes
+  when: need_bootstrap.rc != 0
+
 - name: Clean up possible pending packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree cleanup -p }}"
   become: true
   when: need_bootstrap.rc != 0
 
+  # Because the package "python3-libselinux" has a dependency on libselinux,
+  # which is a base package in Fedora CoreOS and cannot be upgraded.
+  # Temporary disabling update repo allows to install python3-libselinux
+  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
+- name: Temporary disable fedora updates repo because of base packages conflicts
+  raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo"
+  become: true
+  when: need_bootstrap.rc != 0
+
 - name: Install required packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install {{ fedora_coreos_packages|join(' ') }}"
   become: true
   when: need_bootstrap.rc != 0
 
-# playbook fails because connection lost
+  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
+- name: Enable fedora updates repo
+  raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo"
+  become: true
+  when: need_bootstrap.rc != 0
+
+  # playbook fails because connection lost
 - name: Reboot immediately for updated ostree, please run playbook again if failed first time.
   raw: "nohup bash -c 'sleep 5s && shutdown -r now'"
   become: true
diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
index 4d94231aa..0676f9c8e 100644
--- a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
+++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
@@ -1,9 +1,9 @@
 ---
 - name: NetworkManager | Add nameservers to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns-domain-*
+    option: servers
     value: "{{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(';') }}"
     mode: '0600'
     backup: yes
@@ -11,9 +11,9 @@
 
 - name: NetworkManager | Add DNS search to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns-search
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns
+    option: searches
     value: "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(';') }}"
     mode: '0600'
     backup: yes
@@ -21,20 +21,10 @@
 
 - name: NetworkManager | Add DNS options to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns-options
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns
+    option: options
     value: "ndots:{{ ndots }};timeout:2;attempts:2;"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for Fedora CoreOS
-
-- name: NetworkManager | Ignore DNS auto configuration
-  ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: ignore-auto-dns
-    value: 'true'
-    mode: '0600'
-    backup: yes
-  notify: Preinstall | update resolvconf for Fedora CoreOS
-- 
GitLab