tf/userdata: Install CRI-O from Fedora base

The *cri-o* package has moved from its own module into the base Fedora repository, as Fedora is [eliminating modules][0]. The last modular version was 1.25, which is too old to run pods with user namespaces. Version 1.26 is available in the base repository, which does support user namespaces. [0]: https://fedoraproject.org/wiki/Changes/RetireModularity
2024-01-13 10:07:03 -06:00 · 2024-01-13 10:07:03 -06:00 · 5a79680b22
parent 02772f17dd
commit 5a79680b22
2 changed files with 103 additions and 10 deletions
--- a/terraform/terraform.tfstate
+++ b/terraform/terraform.tfstate
@ -1,10 +1,102 @@
 {
  "version": 4,
  "terraform_version": "1.6.2",
-  "serial": 94,
+  "serial": 96,
  "lineage": "a100be74-c98e-0769-2d6a-bf6a2c5f3ebf",
  "outputs": {},
  "resources": [
+    {
+      "mode": "data",
+      "type": "aws_ami",
+      "name": "latest-fedora",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "architecture": "arm64",
+            "arn": "arn:aws:ec2:us-east-2::image/ami-0dcd72048e69236de",
+            "block_device_mappings": [
+              {
+                "device_name": "/dev/sda1",
+                "ebs": {
+                  "delete_on_termination": "true",
+                  "encrypted": "false",
+                  "iops": "0",
+                  "snapshot_id": "snap-01034e15b97a1b584",
+                  "throughput": "0",
+                  "volume_size": "6",
+                  "volume_type": "gp2"
+                },
+                "no_device": "",
+                "virtual_name": ""
+              }
+            ],
+            "boot_mode": "",
+            "creation_date": "2023-04-14T00:16:49.000Z",
+            "deprecation_time": "2025-04-14T00:16:49.000Z",
+            "description": "Fedora AMI Description",
+            "ena_support": true,
+            "executable_users": null,
+            "filter": [
+              {
+                "name": "architecture",
+                "values": [
+                  "arm64"
+                ]
+              },
+              {
+                "name": "name",
+                "values": [
+                  "Fedora-Cloud-Base-38-1.*"
+                ]
+              },
+              {
+                "name": "virtualization-type",
+                "values": [
+                  "hvm"
+                ]
+              }
+            ],
+            "hypervisor": "xen",
+            "id": "ami-0dcd72048e69236de",
+            "image_id": "ami-0dcd72048e69236de",
+            "image_location": "125523088429/Fedora-Cloud-Base-38-1.6.aarch64-hvm-us-east-2-gp2-0",
+            "image_owner_alias": "",
+            "image_type": "machine",
+            "include_deprecated": false,
+            "kernel_id": "",
+            "most_recent": true,
+            "name": "Fedora-Cloud-Base-38-1.6.aarch64-hvm-us-east-2-gp2-0",
+            "name_regex": null,
+            "owner_id": "125523088429",
+            "owners": [
+              "125523088429"
+            ],
+            "platform": "",
+            "platform_details": "Linux/UNIX",
+            "product_codes": [],
+            "public": true,
+            "ramdisk_id": "",
+            "root_device_name": "/dev/sda1",
+            "root_device_type": "ebs",
+            "root_snapshot_id": "snap-01034e15b97a1b584",
+            "sriov_net_support": "",
+            "state": "available",
+            "state_reason": {
+              "code": "UNSET",
+              "message": "UNSET"
+            },
+            "tags": {},
+            "timeouts": null,
+            "tpm_support": "",
+            "usage_operation": "RunInstances",
+            "virtualization_type": "hvm"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
    {
      "mode": "data",
      "type": "aws_caller_identity",
@ -15,9 +107,9 @@
          "schema_version": 0,
          "attributes": {
            "account_id": "566967686773",
-            "arn": "arn:aws:sts::566967686773:assumed-role/dynk8s-terraform/aws-go-sdk-1699926524617521431",
+            "arn": "arn:aws:sts::566967686773:assumed-role/dynk8s-terraform/aws-go-sdk-1705162223321505341",
            "id": "566967686773",
-            "user_id": "AROAYIAPIKZ25DFDOYZHT:aws-go-sdk-1699926524617521431"
+            "user_id": "AROAYIAPIKZ25DFDOYZHT:aws-go-sdk-1705162223321505341"
          },
          "sensitive_attributes": []
        }
@ -126,7 +218,7 @@
            "context": "",
            "default_cooldown": 300,
            "default_instance_warmup": 0,
-            "desired_capacity": 0,
+            "desired_capacity": 1,
            "enabled_metrics": [],
            "force_delete": false,
            "force_delete_warm_pool": false,
@ -181,7 +273,8 @@
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDAsInVwZGF0ZSI6NjAwMDAwMDAwMDAwfX0=",
          "dependencies": [
            "aws_launch_template.k8s-aarch64",
-            "aws_security_group.k8s-node"
+            "aws_security_group.k8s-node",
+            "data.aws_ami.latest-fedora"
          ]
        }
      ]
@ -264,7 +357,7 @@
            "capacity_reservation_specification": [],
            "cpu_options": [],
            "credit_specification": [],
-            "default_version": 19,
+            "default_version": 21,
            "description": "",
            "disable_api_stop": false,
            "disable_api_termination": false,
@ -287,7 +380,7 @@
            "instance_type": "t4g.medium",
            "kernel_id": "",
            "key_name": "dustin@rosalina",
-            "latest_version": 19,
+            "latest_version": 21,
            "license_specification": [],
            "maintenance_options": [],
            "metadata_options": [],
@ -311,13 +404,14 @@
            "tags": {},
            "tags_all": {},
            "update_default_version": true,
-            "user_data": "I2Nsb3VkLWNvbmZpZwpib290Y21kOgotIFsgZG5mLCBtb2R1bGUsIGVuYWJsZSwgJ2NyaS1vOjEuMjUnLCAteSBdCi0gWyBsbiwgLXNmLCAvcnVuL3N5c3RlbWQvcmVzb2x2ZS9zdHViLXJlc29sdi5jb25mLCAvZXRjL3Jlc29sdi5jb25mIF0KCnBhY2thZ2VzOgotIGNyaS1vCi0gY3JpLXRvb2xzCi0gZXRodG9vbAotIGlwdGFibGVzLW5mdAotIGlzY3NpLWluaXRpYXRvci11dGlscwotIGt1YmVybmV0ZXMta3ViZWFkbQotIGt1YmVybmV0ZXMtbm9kZQotIHJ1bmMKLSB3aXJlZ3VhcmQtdG9vbHMKCndyaXRlX2ZpbGVzOgotIHBhdGg6IC9ldGMvZG5mL2RuZi5jb25mCiAgY29udGVudDogfCsKICAgIGluc3RhbGxfd2Vha19kZXBzPUZhbHNlCiAgYXBwZW5kOiB0cnVlCi0gcGF0aDogL2V0Yy9tb2R1bGVzLWxvYWQuZC9rOHMuY29uZgogIGNvbnRlbnQ6IHwrCiAgICBicl9uZXRmaWx0ZXIKLSBwYXRoOiAvZXRjL3N5c2N0bC5kL2s4cy5jb25mCiAgY29udGVudDogfCsKICAgIG5ldC5icmlkZ2UuYnJpZGdlLW5mLWNhbGwtaXB0YWJsZXMgPSAxCiAgICBuZXQuYnJpZGdlLmJyaWRnZS1uZi1jYWxsLWlwNnRhYmxlcyA9IDEKICAgIG5ldC5pcHY0LmlwX2ZvcndhcmQgPSAxCi0gcGF0aDogL3Zhci9saWIvY2xvdWQvc2NyaXB0cy9wZXItaW5zdGFuY2Uva3ViZWFkbS1qb2luCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGNvbnRlbnQ6IHwrCiAgICAjIS9iaW4vc2gKCiAgICBCQVNFX1VSTD1odHRwczovL2R5bms4cy1wcm92aXNpb25lci5weXJvY3VmZmxpbmsubmV0CgogICAgaW5zdGFuY2VfaWQ9JChjdXJsIC1zIDE2OS4yNTQuMTY5LjI1NC9sYXRlc3QvbWV0YS1kYXRhL2luc3RhbmNlLWlkKQogICAgYXo9JChjdXJsIC1zIDE2OS4yNTQuMTY5LjI1NC9sYXRlc3QvbWV0YS1kYXRhL3BsYWNlbWVudC9hdmFpbGFiaWxpdHktem9uZSkKCiAgICBjdXJsIC1mcyAiJHtCQVNFX1VSTH0iL3dpcmVndWFyZC9jb25maWcvJHtpbnN0YW5jZV9pZH0gXAogICAgICAgIC1vIC9ldGMvd2lyZWd1YXJkL3dnMC5jb25mIHx8IGV4aXQKICAgIHN5c3RlbWN0bCBlbmFibGUgLS1ub3cgd2ctcXVpY2tAd2cwIHx8IGV4aXQKCiAgICByZXNvbHZlY3RsIHJldmVydCBldGgwCgogICAgbW9kcHJvYmUgYnJfbmV0ZmlsdGVyIHx8IGV4aXQKICAgIHN5c2N0bCAtdyAtZiAvZXRjL3N5c2N0bC5kL2s4cy5jb25mIHx8IGV4aXQKCiAgICBzd2Fwb2ZmIC1hIHx8IGV4aXQKICAgIHRvdWNoIC9ldGMvc3lzdGVtZC96cmFtLWdlbmVyYXRvci5jb25mIHx8IGV4aXQKICAgIHN5c3RlbWN0bCBkYWVtb24tcmVsb2FkIHx8IGV4aXQKICAgIHN5c3RlbWN0bCBzdG9wICdzeXN0ZW1kLXpyYW0tc2V0dXBAKicgfHwgZXhpdAoKICAgIHN5c3RlbWN0bCBlbmFibGUgY3JpbyBpc2NzaWQga3ViZWxldCB8fCBleGl0CiAgICBzeXN0ZW1jdGwgc3RhcnQgY3JpbyBpc2NzaWQgfHwgZXhpdAoKICAgIGludGVybmFsX2lwPSQoCiAgICAgIGlwIGFkZHJlc3Mgc2hvdyBkZXYgd2cwIHByaW1hcnkgfCBcCiAgICAgIHNlZCAtcm4gJ3MvLippbmV0IChbMC05Ll0rKS4qL1wxL3AnCiAgICApCgogICAgY2F0ID4gbG9uZ2hvcm4taXNzdWU0OTg4LmNpbCA8PEVPRgogICAgKGFsbG93IGlzY3NpZF90IHNlbGYgKGNhcGFiaWxpdHkgKGRhY19vdmVycmlkZSkpKQogICAgRU9GCiAgICBzZW1vZHVsZSAtaSBsb25naG9ybi1pc3N1ZTQ5ODguY2lsCgogICAgY2F0ID4gL3J1bi9qb2luY29uZmlndXJhdGlvbiA8PEVPRgogICAgYXBpVmVyc2lvbjoga3ViZWFkbS5rOHMuaW8vdjFiZXRhMwogICAga2luZDogSm9pbkNvbmZpZ3VyYXRpb24KICAgIG5vZGVSZWdpc3RyYXRpb246CiAgICAgIGt1YmVsZXRFeHRyYUFyZ3M6CiAgICAgICAgcHJvdmlkZXItaWQ6IGF3czovLy8ke2F6fS8ke2luc3RhbmNlX2lkfQogICAgICAgIG5vZGUtaXA6ICR7aW50ZXJuYWxfaXB9CiAgICAgICAgY29uZmlnOiAvdmFyL2xpYi9rdWJlbGV0L2NvbmZpZy55YW1sCiAgICBkaXNjb3Zlcnk6CiAgICAgIGZpbGU6CiAgICAgICAga3ViZUNvbmZpZ1BhdGg6ICR7QkFTRV9VUkx9L2t1YmVhZG0va3ViZWNvbmZpZy8ke2luc3RhbmNlX2lkfQogICAgRU9GCiAgICBrdWJlYWRtIGpvaW4gLS1jb25maWc9L3J1bi9qb2luY29uZmlndXJhdGlvbgoKcnVuY21kOgotIFsgZG5mLCByZW1vdmUsIC15LCB6cmFtLWdlbmVyYXRvciBdCg==",
+            "user_data": "I2Nsb3VkLWNvbmZpZwpib290Y21kOgotIFsgbG4sIC1zZiwgL3J1bi9zeXN0ZW1kL3Jlc29sdmUvc3R1Yi1yZXNvbHYuY29uZiwgL2V0Yy9yZXNvbHYuY29uZiBdCgpwYWNrYWdlczoKLSBjcmktbwotIGNyaS10b29scwotIGV0aHRvb2wKLSBpcHRhYmxlcy1uZnQKLSBpc2NzaS1pbml0aWF0b3ItdXRpbHMKLSBrdWJlcm5ldGVzLWt1YmVhZG0KLSBrdWJlcm5ldGVzLW5vZGUKLSBydW5jCi0gd2lyZWd1YXJkLXRvb2xzCgp3cml0ZV9maWxlczoKLSBwYXRoOiAvZXRjL2RuZi9kbmYuY29uZgogIGNvbnRlbnQ6IHwrCiAgICBpbnN0YWxsX3dlYWtfZGVwcz1GYWxzZQogIGFwcGVuZDogdHJ1ZQotIHBhdGg6IC9ldGMvbW9kdWxlcy1sb2FkLmQvazhzLmNvbmYKICBjb250ZW50OiB8KwogICAgYnJfbmV0ZmlsdGVyCi0gcGF0aDogL2V0Yy9zeXNjdGwuZC9rOHMuY29uZgogIGNvbnRlbnQ6IHwrCiAgICBuZXQuYnJpZGdlLmJyaWRnZS1uZi1jYWxsLWlwdGFibGVzID0gMQogICAgbmV0LmJyaWRnZS5icmlkZ2UtbmYtY2FsbC1pcDZ0YWJsZXMgPSAxCiAgICBuZXQuaXB2NC5pcF9mb3J3YXJkID0gMQotIHBhdGg6IC92YXIvbGliL2Nsb3VkL3NjcmlwdHMvcGVyLWluc3RhbmNlL2t1YmVhZG0tam9pbgogIHBlcm1pc3Npb25zOiAnMDc1NScKICBjb250ZW50OiB8KwogICAgIyEvYmluL3NoCgogICAgQkFTRV9VUkw9aHR0cHM6Ly9keW5rOHMtcHJvdmlzaW9uZXIucHlyb2N1ZmZsaW5rLm5ldAoKICAgIGluc3RhbmNlX2lkPSQoY3VybCAtcyAxNjkuMjU0LjE2OS4yNTQvbGF0ZXN0L21ldGEtZGF0YS9pbnN0YW5jZS1pZCkKICAgIGF6PSQoY3VybCAtcyAxNjkuMjU0LjE2OS4yNTQvbGF0ZXN0L21ldGEtZGF0YS9wbGFjZW1lbnQvYXZhaWxhYmlsaXR5LXpvbmUpCgogICAgY3VybCAtZnMgIiR7QkFTRV9VUkx9Ii93aXJlZ3VhcmQvY29uZmlnLyR7aW5zdGFuY2VfaWR9IFwKICAgICAgICAtbyAvZXRjL3dpcmVndWFyZC93ZzAuY29uZiB8fCBleGl0CiAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IHdnLXF1aWNrQHdnMCB8fCBleGl0CgogICAgcmVzb2x2ZWN0bCByZXZlcnQgZXRoMAoKICAgIG1vZHByb2JlIGJyX25ldGZpbHRlciB8fCBleGl0CiAgICBzeXNjdGwgLXcgLWYgL2V0Yy9zeXNjdGwuZC9rOHMuY29uZiB8fCBleGl0CgogICAgc3dhcG9mZiAtYSB8fCBleGl0CiAgICB0b3VjaCAvZXRjL3N5c3RlbWQvenJhbS1nZW5lcmF0b3IuY29uZiB8fCBleGl0CiAgICBzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZCB8fCBleGl0CiAgICBzeXN0ZW1jdGwgc3RvcCAnc3lzdGVtZC16cmFtLXNldHVwQConIHx8IGV4aXQKCiAgICBzeXN0ZW1jdGwgZW5hYmxlIGNyaW8gaXNjc2lkIGt1YmVsZXQgfHwgZXhpdAogICAgc3lzdGVtY3RsIHN0YXJ0IGNyaW8gaXNjc2lkIHx8IGV4aXQKCiAgICBpbnRlcm5hbF9pcD0kKAogICAgICBpcCBhZGRyZXNzIHNob3cgZGV2IHdnMCBwcmltYXJ5IHwgXAogICAgICBzZWQgLXJuICdzLy4qaW5ldCAoWzAtOS5dKykuKi9cMS9wJwogICAgKQoKICAgIGNhdCA+IGxvbmdob3JuLWlzc3VlNDk4OC5jaWwgPDxFT0YKICAgIChhbGxvdyBpc2NzaWRfdCBzZWxmIChjYXBhYmlsaXR5IChkYWNfb3ZlcnJpZGUpKSkKICAgIEVPRgogICAgc2Vtb2R1bGUgLWkgbG9uZ2hvcm4taXNzdWU0OTg4LmNpbAoKICAgIGNhdCA+IC9ydW4vam9pbmNvbmZpZ3VyYXRpb24gPDxFT0YKICAgIGFwaVZlcnNpb246IGt1YmVhZG0uazhzLmlvL3YxYmV0YTMKICAgIGtpbmQ6IEpvaW5Db25maWd1cmF0aW9uCiAgICBub2RlUmVnaXN0cmF0aW9uOgogICAgICBrdWJlbGV0RXh0cmFBcmdzOgogICAgICAgIHByb3ZpZGVyLWlkOiBhd3M6Ly8vJHthen0vJHtpbnN0YW5jZV9pZH0KICAgICAgICBub2RlLWlwOiAke2ludGVybmFsX2lwfQogICAgICAgIGNvbmZpZzogL3Zhci9saWIva3ViZWxldC9jb25maWcueWFtbAogICAgZGlzY292ZXJ5OgogICAgICBmaWxlOgogICAgICAgIGt1YmVDb25maWdQYXRoOiAke0JBU0VfVVJMfS9rdWJlYWRtL2t1YmVjb25maWcvJHtpbnN0YW5jZV9pZH0KICAgIEVPRgogICAga3ViZWFkbSBqb2luIC0tY29uZmlnPS9ydW4vam9pbmNvbmZpZ3VyYXRpb24KCnJ1bmNtZDoKLSBbIGRuZiwgcmVtb3ZlLCAteSwgenJhbS1nZW5lcmF0b3IgXQo=",
            "vpc_security_group_ids": []
          },
          "sensitive_attributes": [],
          "private": "bnVsbA==",
          "dependencies": [
-            "aws_security_group.k8s-node"
+            "aws_security_group.k8s-node",
+            "data.aws_ami.latest-fedora"
          ]
        }
      ]
--- a/terraform/userdata.yml
+++ b/terraform/userdata.yml
@ -1,6 +1,5 @@
 #cloud-config
 bootcmd:
- [ dnf, module, enable, 'cri-o:1.25', -y ]
 - [ ln, -sf, /run/systemd/resolve/stub-resolv.conf, /etc/resolv.conf ]

 packages: