diff --git a/docs/centos8.md b/docs/centos8.md
index 695789a5c8a82d97e609a05f876525a82eca7008..ac52897c8afeaccc079ac5e6bce367129a393083 100644
--- a/docs/centos8.md
+++ b/docs/centos8.md
@@ -1,6 +1,6 @@
-# CentOS 8
+# CentOS 8 / AlmaLinux 8
-CentOS 8 ships only with iptables-nft (ie without iptables-legacy)
+CentOS 8 / AlmaLinux 8 ships only with iptables-nft (ie without iptables-legacy)
The only tested configuration for now is using Calico CNI
You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` or `calico_iptables_backend: "Auto"` to your configuration
diff --git a/docs/offline-environment.md b/docs/offline-environment.md
index f8fc5dc888e69b0adcb345aa8acabf0de6b59cab..5e86b56675b3df861726096c7953e93563ae2320 100644
--- a/docs/offline-environment.md
+++ b/docs/offline-environment.md
@@ -31,7 +31,7 @@ calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_ctl_versio
# If using Calico with kdd
calico_crds_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_version }}.tar.gz"
-# CentOS/Redhat
+# CentOS/Redhat/AlmaLinux
## Docker / Containerd
docker_rh_repo_base_url: "{{ yum_repo }}/docker-ce/$releasever/$basearch"
docker_rh_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"
diff --git a/inventory/sample/group_vars/all/offline.yml b/inventory/sample/group_vars/all/offline.yml
index 901d290c156270cf0b5a8dbf0bf1f972dd509b4c..3bdefcded5c1a2dae22b66a05e9a5445a0bd3f57 100644
--- a/inventory/sample/group_vars/all/offline.yml
+++ b/inventory/sample/group_vars/all/offline.yml
@@ -3,7 +3,7 @@
### Private Container Image Registry
# registry_host: "myprivateregisry.com"
# files_repo: "http://myprivatehttpd"
-### If using CentOS, RedHat or Fedora
+### If using CentOS, RedHat, AlmaLinux or Fedora
# yum_repo: "http://myinternalyumrepo"
### If using Debian
# debian_repo: "http://myinternaldebianrepo"
@@ -44,7 +44,7 @@
# [Optional] kata: only if you set kata_containers_enabled: true
# kata_containers_download_url: "{{ files_repo }}/kata-containers/runtime/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
-## CentOS/Redhat
+## CentOS/Redhat/AlmaLinux
### For EL7, base and extras repo must be available, for EL8, baseos and appstream
### By default we enable those repo automatically
# rhel_enable_repos: false
diff --git a/requirements.txt b/requirements.txt
index 06eacf1da7ea72a4707b7b8e3a14c4afab7e2eb9..2a42e7ed5ca97bd579cf3a1893814832f2d0b8e4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-ansible==2.9.18
+ansible==2.9.20
cryptography==2.8
jinja2==2.11.3
netaddr==0.7.19
diff --git a/roles/bootstrap-os/README.md b/roles/bootstrap-os/README.md
index c791850a044d7894c52eca016f55f5d5f57871bf..ae14a1a00e7a15d69285a15cb5c866fb9b5aff46 100644
--- a/roles/bootstrap-os/README.md
+++ b/roles/bootstrap-os/README.md
@@ -35,7 +35,7 @@ Variables are listed with their default values, if applicable.
* `coreos_locksmithd_disable: false`
Whether `locksmithd` (responsible for rolling restarts) should be disabled or be left alone.
-#### CentOS/RHEL
+#### CentOS/RHEL/AlmaLinux
* `centos_fastestmirror_enabled: false`
Whether the [fastestmirror](https://wiki.centos.org/PackageManagement/Yum/FastestMirror) yum plugin should be enabled.
diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml
index 649919b3a42e7345fb300f437749b06dc4da1acb..e9f33b670cdb117e37ed1eba4d4ca2e8d9e1d029 100644
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -1,5 +1,5 @@
---
-## CentOS/RHEL specific variables
+## CentOS/RHEL/AlmaLinux specific variables
# Use the fastestmirror yum plugin
centos_fastestmirror_enabled: false
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index 7b8ffb10e71eadb42f444c6245659a40fd9f2de1..5016b96c84ef98eb8247361ce935c467eba7fce7 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -7,7 +7,7 @@
check_mode: false
- include_tasks: bootstrap-centos.yml
- when: '''ID="centos"'' in os_release.stdout_lines or ''ID="ol"'' in os_release.stdout_lines'
+ when: '''ID="centos"'' in os_release.stdout_lines or ''ID="ol"'' in os_release.stdout_lines or ''ID="almalinux"'' in os_release.stdout_lines'
- include_tasks: bootstrap-redhat.yml
when: '''ID="rhel"'' in os_release.stdout_lines'
diff --git a/roles/container-engine/containerd/tasks/containerd_repo.yml b/roles/container-engine/containerd/tasks/containerd_repo.yml
index 4c03cf7d1588fbee60208d4dbd6233bb9acd51ac..6c4a0470ae097cbf99c03bcddba67b15e32b5462 100644
--- a/roles/container-engine/containerd/tasks/containerd_repo.yml
+++ b/roles/container-engine/containerd/tasks/containerd_repo.yml
@@ -25,8 +25,10 @@
dest: "{{ yum_repo_dir }}/containerd.repo"
when: ansible_distribution == "Fedora"
-- name: Configure containerd repository on RedHat/OracleLinux/CentOS
+- name: Configure containerd repository on RedHat/OracleLinux/CentOS/AlmaLinux
template:
src: "rh_containerd.repo.j2"
dest: "{{ yum_repo_dir }}/containerd.repo"
- when: ansible_distribution in ["CentOS", "OracleLinux", "RedHat"]
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution != "Fedora"
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index 6aacec08d2bba2d0f0a65738b6a88940914787e3..fd6811ae5036e2002775a0f5ee2ca90b77500128 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -16,7 +16,7 @@
fail:
msg: "{{ ansible_distribution }} is not supported by containerd."
when:
- - not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora"]
+ - not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux"]
- name: gather os specific variables
include_vars: "{{ item }}"
diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml
index 13903e488870b9e598e657a99080679abbd69f14..ee779279e3964e95a265f9201ec891451f50c9dc 100644
--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@@ -82,11 +82,14 @@
dest: "{{ yum_repo_dir }}/docker.repo"
when: ansible_distribution == "Fedora" and not is_ostree
-- name: Configure docker repository on RedHat/CentOS/Oracle Linux
+- name: Configure docker repository on RedHat/CentOS/Oracle/AlmaLinux Linux
template:
src: "rh_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker-ce.repo"
- when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution != "Fedora"
+ - not is_ostree
- name: Remove dpkg hold
dpkg_selections:
diff --git a/roles/container-engine/docker/tasks/pre-upgrade.yml b/roles/container-engine/docker/tasks/pre-upgrade.yml
index d614220f47c8266eed1a7deef91d093d87676da8..d344b222d69fed1c56d899a8e7df353595504699 100644
--- a/roles/container-engine/docker/tasks/pre-upgrade.yml
+++ b/roles/container-engine/docker/tasks/pre-upgrade.yml
@@ -4,7 +4,7 @@
path: "{{ yum_repo_dir }}/docker.repo"
state: absent
when:
- - ansible_distribution in ["CentOS","RedHat","OracleLinux"]
+ - ansible_os_family == 'RedHat'
- not is_ostree
- name: Ensure old versions of Docker are not installed. | Debian
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 594d7e459b76b7a6afa87a27da0a24793c7eaeaa..5c041b8de76c6557080ed599aa5d0875f9390f37 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -24,8 +24,8 @@
- name: Stop if unknown OS
assert:
- that: ansible_os_family in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'Flatcar Container Linux by Kinvolk', 'Suse', 'ClearLinux', 'OracleLinux']
- msg: "{{ ansible_os_family }} is not a known OS"
+ that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'Flatcar Container Linux by Kinvolk', 'Suse', 'ClearLinux', 'OracleLinux', 'AlmaLinux']
+ msg: "{{ ansible_distribution }} is not a known OS"
when: not ignore_assert_errors
- name: Stop if unknown network plugin
diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
index c35cc0b0585ef21a453d7e8806fa41b51feeaa13..ec77ade5986cb2056ad78605b428ab9c9df32d17 100644
--- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
+++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -22,7 +22,7 @@
path: "{{ yum_repo_dir }}/docker.repo"
state: absent
when:
- - ansible_distribution in ["CentOS","RedHat","OracleLinux"]
+ - ansible_os_family == "RedHat"
- not is_fedora_coreos
- name: Install python3-dnf for latest RedHat versions
@@ -39,12 +39,12 @@
tags:
- bootstrap-os
-- name: Install epel-release on RedHat/CentOS
+- name: Install epel-release on RHEL derivatives
package:
name: epel-release
state: present
when:
- - ansible_distribution in ["CentOS","RedHat"]
+ - ansible_os_family == "RedHat"
- not is_fedora_coreos
- epel_enabled|bool
tags:
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 2a3418b0ea199700778d89cfcce055af94679da0..3d345122179e238b23866600156d7f81d0613492 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -109,6 +109,6 @@
when:
- not dns_late
- azure_check.stat.exists
- - ansible_distribution in ["CentOS","RedHat","OracleLinux"]
+ - ansible_os_family == "RedHat"
tags:
- bootstrap-os
diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml
index 191df8ceff0e7e3068a57631ccc5fa0599ce343b..a3364935e5b8880f05df6afbad4bf5b389f54032 100644
--- a/roles/network_plugin/macvlan/tasks/main.yml
+++ b/roles/network_plugin/macvlan/tasks/main.yml
@@ -35,7 +35,7 @@
mode: "0755"
with_fileglob:
- files/*
- when: ansible_os_family in ["CentOS","RedHat"]
+ when: ansible_os_family == "RedHat"
- name: Macvlan | Install post-up script on centos
copy:
@@ -44,7 +44,7 @@
owner: root
group: root
mode: "0755"
- when: ansible_os_family in ["CentOS","RedHat"] and enable_nat_default_gateway
+ when: ansible_os_family == "RedHat" and enable_nat_default_gateway
- name: Macvlan | Install network gateway interface on centos
template:
@@ -55,7 +55,7 @@
- {src: centos-routes-macvlan.cfg, dst: route-mac0 }
- {src: centos-postup-macvlan.cfg, dst: post-up-mac0 }
notify: Macvlan | restart network
- when: ansible_os_family in ["CentOS","RedHat"]
+ when: ansible_os_family == "RedHat"
- name: Macvlan | Install service nat via gateway on Flatcar Container Linux
template: