diff --git a/manifests/fedora-coreos.yaml b/manifests/fedora-coreos.yaml index edd8679cb9..c40a8c2af0 100644 --- a/manifests/fedora-coreos.yaml +++ b/manifests/fedora-coreos.yaml @@ -36,6 +36,7 @@ conditional-include: ostree-layers: - overlay/15fcos + - overlay/14container automatic-version-prefix: "${releasever}..dev" mutate-os-release: "${releasever}" diff --git a/overlay.d/14container/usr/lib/systemd/system-preset/14-fcos.preset b/overlay.d/14container/usr/lib/systemd/system-preset/14-fcos.preset new file mode 100644 index 0000000000..28f419bc04 --- /dev/null +++ b/overlay.d/14container/usr/lib/systemd/system-preset/14-fcos.preset @@ -0,0 +1 @@ +enable coreos-cni-networking-check.service diff --git a/overlay.d/14container/usr/lib/systemd/system/coreos-cni-networking-check.service b/overlay.d/14container/usr/lib/systemd/system/coreos-cni-networking-check.service new file mode 100644 index 0000000000..2b243e8cc1 --- /dev/null +++ b/overlay.d/14container/usr/lib/systemd/system/coreos-cni-networking-check.service @@ -0,0 +1,11 @@ +# This service checks if the system nodes are still using +# CNI networking. If so, they will be warned to move +# their nodes to netavark respectively. +[Unit] +Description=Check if nodes are still using CNI networking +[Service] +Type=oneshot +ExecStart=/usr/libexec/coreos-cni-networking-check +RemainAfterExit=yes +[Install] +WantedBy=multi-user.target diff --git a/overlay.d/14container/usr/libexec/coreos-cni-networking-check b/overlay.d/14container/usr/libexec/coreos-cni-networking-check new file mode 100755 index 0000000000..cb62266605 --- /dev/null +++ b/overlay.d/14container/usr/libexec/coreos-cni-networking-check @@ -0,0 +1,30 @@ +#!/usr/bin/bash +# Podman is dropping support for CNI networking. +# Podman 5 changes: https://fedoraproject.org/wiki/Changes/Podman5 +# This script checks if the system nodes are still using CNI +# networking. If so, they will warned to move their nodes to netavark. + +# Change the output color to yellow +warn=$(echo -e '\033[0;33m') +# No color +nc=$(echo -e '\033[0m') + +# Podman supports two network backends Netavark and CNI. +# Netavark is the default network backend and was added in +# Podman version 4.0. CNI is deprecated and is removed +# in Podman version 5.0, in preference of Netavark. +podmanBackend=$(podman info --format "{{.Host.NetworkBackend}}") + +if [[ $podmanBackend != "netavark" ]]; then + motd_path=/run/motd.d/35_cni_warning.motd + + cat << EOF > "${motd_path}" +${warn} +########################################################################### +WARNING: This system is using CNI networking. CNI is deprecated and will be +removed in the upcoming Podman v5.0, in preference of netavark. To switch +from CNI networking to netavark, you must run 'podman system reset --force' +command. This will delete all of your images, containers, and custom networks. +${nc} +EOF +fi diff --git a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index 12ca639f39..27780787c9 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -1,5 +1,5 @@ enable coreos-check-ssh-keys.service # Check if cgroupsv1 is still being used -enable coreos-check-cgroups.service +enable coreos-check-cgroups-version.service # https://fedoraproject.org/wiki/Changes/EnableFwupdRefreshByDefault enable fwupd-refresh.timer diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups-version.service similarity index 83% rename from overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service rename to overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups-version.service index 08055efe73..2aff8f6cdb 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups-version.service @@ -5,7 +5,7 @@ Description=Check if cgroupsv1 Is Still Being Used ConditionControlGroupController=v1 [Service] Type=oneshot -ExecStart=/usr/libexec/coreos-check-cgroups +ExecStart=/usr/libexec/coreos-check-cgroups-version RemainAfterExit=yes [Install] WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-cgroups b/overlay.d/15fcos/usr/libexec/coreos-check-cgroups-version similarity index 63% rename from overlay.d/15fcos/usr/libexec/coreos-check-cgroups rename to overlay.d/15fcos/usr/libexec/coreos-check-cgroups-version index 39a68b7178..533f99d8bb 100755 --- a/overlay.d/15fcos/usr/libexec/coreos-check-cgroups +++ b/overlay.d/15fcos/usr/libexec/coreos-check-cgroups-version @@ -11,15 +11,14 @@ motd_path=/run/motd.d/30_cgroupsv1_warning.motd cat << EOF > "${motd_path}" ${warn} -############################################################################ -WARNING: This system is using cgroups v1. For increased reliability -it is strongly recommended to migrate this system and your workloads -to use cgroups v2. For instructions on how to adjust kernel arguments -to use cgroups v2, see: +########################################################################## +WARNING: This system is using cgroups v1. Podman has dropped support for +cgroups v1. Move your nodes to cgroups v2 if not already. For instructions +on how to adjust kernel arguments to use cgroups v2, see: https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/ To disable this warning, use: -sudo systemctl disable coreos-check-cgroups.service -############################################################################ +sudo systemctl disable coreos-check-cgroups-version.service +########################################################################### ${nc} EOF