forked from coreos/fedora-coreos-config
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Podman v5 breaking changes checks
Podman 5 will come with breaking changes affecting upgradability. CGroups v1 environments will be required to switch to CGroups v2 and CNI plugin environemnts will need to switch to netavark. Updated the existing cgroups-version check and added the check for CNI networking
- Loading branch information
1 parent
2819e82
commit 3668ce5
Showing
9 changed files
with
72 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# https://github.com/coreos/fedora-coreos-tracker/issues/1629 | ||
# Delete this file once we are on Podman v5 everywhere. | ||
# i.e. We have moved past F39. | ||
ostree-layers: | ||
- overlay/14podman-v5 |
1 change: 1 addition & 0 deletions
1
overlay.d/14podman-v5/usr/lib/systemd/system-preset/14-fcos.preset
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
enable coreos-cni-networking-check.service |
11 changes: 11 additions & 0 deletions
11
overlay.d/14podman-v5/usr/lib/systemd/system/coreos-cni-networking-check.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# This service checks if the system nodes are still using | ||
# CNI networking. If so, they will be warned to move | ||
# their nodes to netavark respectively. | ||
[Unit] | ||
Description=Check If Podman Is Still Using CNI Networking | ||
[Service] | ||
Type=oneshot | ||
ExecStart=/usr/libexec/coreos-cni-networking-check | ||
RemainAfterExit=yes | ||
[Install] | ||
WantedBy=multi-user.target |
37 changes: 37 additions & 0 deletions
37
overlay.d/14podman-v5/usr/libexec/coreos-cni-networking-check
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
#!/usr/bin/bash | ||
set -euo pipefail | ||
# Podman is dropping support for CNI networking. | ||
# Podman 5 changes: https://fedoraproject.org/wiki/Changes/Podman5 | ||
# This script checks if the system nodes are still using CNI | ||
# networking. If so, they will warned to move their nodes to Netavark. | ||
|
||
# Change the output color to yellow | ||
warn=$(echo -e '\033[0;33m') | ||
# No color | ||
nc=$(echo -e '\033[0m') | ||
|
||
# Podman supports two network backends Netavark and CNI. | ||
# Netavark is the default network backend and was added in | ||
# Podman version 4.0. CNI is deprecated and is removed | ||
# in Podman version 5.0, in preference of Netavark. | ||
podmanBackend=$(podman info --format "{{.Host.NetworkBackend}}") | ||
|
||
if [[ $podmanBackend != "netavark" ]]; then | ||
motd_path=/run/motd.d/35_cni_warning.motd | ||
|
||
cat << EOF > "${motd_path}" | ||
${warn} | ||
############################################################################## | ||
WARNING: Podman is using CNI networking. CNI is deprecated and will be | ||
removed in the upcoming Podman v5.0, in preference of Netavark. To switch | ||
from CNI networking to Netavark, you must run 'podman system reset --force'. | ||
This will delete all of your images, containers, and custom networks. | ||
Depending on your setup it may be preferable to reprovision the whole machine | ||
from the latest images. | ||
To disable this warning, use: | ||
sudo systemctl disable coreos-cni-networking-check.service | ||
############################################################################## | ||
${nc} | ||
EOF | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
enable coreos-check-ssh-keys.service | ||
# Check if cgroupsv1 is still being used | ||
enable coreos-check-cgroups.service | ||
enable coreos-check-cgroups-version.service | ||
# https://fedoraproject.org/wiki/Changes/EnableFwupdRefreshByDefault | ||
enable fwupd-refresh.timer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters