0.17.0+2.2.1 (#38)

* chore(year): update year to 2026

* update containerd to v2.2.1

* feat(dropin): add conf.d include support in the default config

* CNI bin_dir in CRI runtime config: Change bin_dir to bin_dirs in the same section which supports a list of directories

Author: githubixx

.gitignore

@@ -1,4 +1,4 @@
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 molecule/kvm/.vagrant

.yamllint

@@ -1,5 +1,5 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 extends: default

CHANGELOG.md

@@ -1,10 +1,22 @@
 <!--
-Copyright (C) 2021-2025 Robert Wimmer
+Copyright (C) 2021-2026 Robert Wimmer
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
 # Changelog
 
+- **BREAKING**
+  - CNI `bin_dir` in CRI runtime config is deprecated (`plugins.'io.containerd.cri.v1.runtime'.cni.bin_dir`) and will be removed in containerd `v2.3`. It was replaced with `bin_dirs` in the same section which supports a list of directories. So, `plugins.'io.containerd.cri.v1.runtime'.cni.bin_dir = '/opt/cni/bin'` was changed to `plugins.'io.containerd.cri.v1.runtime'.cni.bin_dirs = ['/opt/cni/bin']` in `containerd_config` variable.
+
+- **UPDATE**
+  - update `containerd` to `v2.2.1`
+
+- **FEATURE**
+  - support `conf.d` include in the [default config](https://github.com/containerd/containerd/pull/12323)
+
+- **MOLECULE**
+  - add test for `conf.d` include feature
+
 ## 0.16.0+2.1.4
 
 - **Breaking**

README.md

@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2021-2025 Robert Wimmer
+Copyright (C) 2021-2026 Robert Wimmer
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
@@ -15,6 +15,20 @@ See full [CHANGELOG](https://github.com/githubixx/ansible-role-containerd/blob/m
 
 **Recent changes:**
 
+## 0.17.0+2.2.1
+
+- **BREAKING**
+  - CNI `bin_dir` in CRI runtime config is deprecated (`plugins.'io.containerd.cri.v1.runtime'.cni.bin_dir`) and will be removed in containerd `v2.3`. It was replaced with `bin_dirs` in the same section which supports a list of directories. So, `plugins.'io.containerd.cri.v1.runtime'.cni.bin_dir = '/opt/cni/bin'` was changed to `plugins.'io.containerd.cri.v1.runtime'.cni.bin_dirs = ['/opt/cni/bin']` in `containerd_config` variable.
+
+- **UPDATE**
+  - update `containerd` to `v2.2.1`
+
+- **FEATURE**
+  - support `conf.d` include in the [default config](https://github.com/containerd/containerd/pull/12323)
+
+- **MOLECULE**
+  - add test for `conf.d` include feature
+
 ## 0.16.0+2.1.4
 
 - **Breaking**
@@ -67,7 +81,7 @@ See full [CHANGELOG](https://github.com/githubixx/ansible-role-containerd/blob/m
 roles:
   - name: githubixx.containerd
     src: https://github.com/githubixx/ansible-role-containerd.git
-    version: 0.16.0+2.1.4
+    version: 0.17.0+2.2.1
 ```
 
 ## Role Variables
@@ -77,7 +91,7 @@ roles:
 containerd_flavor: "base"
 
 # containerd version to install
-containerd_version: "2.1.4"
+containerd_version: "2.2.1"
 
 # Directory where to store "containerd" binaries
 containerd_binary_directory: "/usr/local/bin"
@@ -159,8 +173,51 @@ containerd_config: |
               BinaryName = '/usr/local/sbin/runc'
               SystemdCgroup = true
       [plugins.'io.containerd.cri.v1.runtime'.cni]
-        bin_dir = '/opt/cni/bin'
+        bin_dirs = ['/opt/cni/bin']
         conf_dir = '/etc/cni/net.d'
+
+# Optional: containerd config drop-ins via `imports` (containerd >= v2.2.0)
+#
+# If you set `containerd_config_imports`, the role will:
+# - add `imports = [ ... ]` to the generated `config.toml` (unless your
+#   `containerd_config` already contains an `imports = ...` line)
+# - optionally create the referenced directories and manage `.toml` drop-in files
+#   defined under `configs`.
+#
+# Example 1: Enable imports and manage a few drop-in files in `/etc/containerd/conf.d`
+#
+# containerd_config_imports:
+#   - glob: "/etc/containerd/conf.d/*.toml"
+#     configs:
+#       10-nvidia.toml: |
+#         # Example override (use dotted keys to avoid table re-definition issues)
+#         disabled_plugins = []
+#
+#       20-cni.toml: |
+#         plugins.'io.containerd.cri.v1.runtime'.cni.bin_dirs = ['/opt/cni/bin']
+#         plugins.'io.containerd.cri.v1.runtime'.cni.conf_dir = '/etc/cni/net.d'
+#
+# Example 2: Import additional directories but manage files elsewhere
+#
+# containerd_config_imports:
+#   - glob: "/etc/containerd/conf.d/*.toml"
+#   - glob: "/etc/containerd/conf2.d/*.toml"
+#
+# Example 3: Override an existing default setting via a drop-in
+# (here: switch SystemdCgroup to false)
+#
+# containerd_config_imports:
+#   - glob: "/etc/containerd/conf.d/*.toml"
+#     configs:
+#       10-runc-options.toml: |
+#         plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.runc.options.SystemdCgroup = false
+#
+# Variable definition (default: disabled)
+containerd_config_imports: []
+
+# Validate the combined config (main config + imported drop-ins).
+# Uses: `containerd --config <path> config dump`. If invalid, the play fails.
+containerd_validate_config: false
 ```
 
 ## Dependencies
@@ -184,7 +241,7 @@ More examples are available in the [Molecule tests](https://github.com/githubixx
 
 ## Testing
 
-This role has a small test setup that is created using [Molecule](https://github.com/ansible-community/molecule), libvirt (vagrant-libvirt) and QEMU/KVM. Please see my blog post [Testing Ansible roles with Molecule, libvirt (vagrant-libvirt) and QEMU/KVM](https://www.tauceti.blog/posts/testing-ansible-roles-with-molecule-libvirt-vagrant-qemu-kvm/) how to setup. The test configuration is [here](https://github.com/githubixx/ansible-role-containerd/tree/master/molecule/kvm).
+This role has a small test setup that is created using [Molecule](https://github.com/ansible-community/molecule), libvirt (vagrant-libvirt) and QEMU/KVM. Please see my blog post [Testing Ansible roles with Molecule, libvirt (vagrant-libvirt) and QEMU/KVM](https://www.tauceti.blog/posts/testing-ansible-roles-with-molecule-libvirt-vagrant-qemu-kvm/) how to setup. The test configuration is in [molecule/kvm](https://github.com/githubixx/ansible-role-containerd/tree/master/molecule/kvm).
 
 Afterwards molecule can be executed:
 

defaults/main.yml

@@ -1,12 +1,12 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 # Only value "base" is currently supported
 containerd_flavor: "base"
 
 # containerd version to install
-containerd_version: "2.1.4"
+containerd_version: "2.2.1"
 
 # Directory where to store "containerd" binaries
 containerd_binary_directory: "/usr/local/bin"
@@ -88,5 +88,48 @@ containerd_config: |
               BinaryName = '/usr/local/sbin/runc'
               SystemdCgroup = true
       [plugins.'io.containerd.cri.v1.runtime'.cni]
-        bin_dir = '/opt/cni/bin'
+        bin_dirs = ['/opt/cni/bin']
         conf_dir = '/etc/cni/net.d'
+
+# Optional: containerd config drop-ins via `imports` (containerd >= v2.2.0)
+#
+# If you set `containerd_config_imports`, the role will:
+# - add `imports = [ ... ]` to the generated `config.toml` (unless your
+#   `containerd_config` already contains an `imports = ...` line)
+# - optionally create the referenced directories and manage `.toml` drop-in files
+#   defined under `configs`.
+#
+# Example 1: Enable imports and manage a few drop-in files in `/etc/containerd/conf.d`
+#
+# containerd_config_imports:
+#   - glob: "/etc/containerd/conf.d/*.toml"
+#     configs:
+#       10-nvidia.toml: |
+#         # Example override (use dotted keys to avoid table re-definition issues)
+#         disabled_plugins = []
+#
+#       20-cni.toml: |
+#         plugins.'io.containerd.cri.v1.runtime'.cni.bin_dirs = ['/opt/cni/bin']
+#         plugins.'io.containerd.cri.v1.runtime'.cni.conf_dir = '/etc/cni/net.d'
+#
+# Example 2: Import additional directories but manage files elsewhere
+#
+# containerd_config_imports:
+#   - glob: "/etc/containerd/conf.d/*.toml"
+#   - glob: "/etc/containerd/conf2.d/*.toml"
+#
+# Example 3: Override an existing default setting via a drop-in
+# (here: switch SystemdCgroup to false)
+#
+# containerd_config_imports:
+#   - glob: "/etc/containerd/conf.d/*.toml"
+#     configs:
+#       10-runc-options.toml: |
+#         plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.runc.options.SystemdCgroup = false
+#
+# Variable definition (default: disabled)
+containerd_config_imports: []
+
+# Validate the combined config (main config + imported drop-ins).
+# Uses: `containerd --config <path> config dump`. If invalid, the play fails.
+containerd_validate_config: false

handlers/main.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Reload systemd

meta/main.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 galaxy_info:

molecule/default/converge.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Install containerd

molecule/default/molecule.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 dependency:
@@ -36,6 +36,18 @@ platforms:
         network_name: private_network
         type: static
         ip: 172.16.10.30
+  - name: test-cd-ubuntu2404-conf-d
+    box: alvistack/ubuntu-24.04
+    memory: 2048
+    cpus: 2
+    groups:
+      - ubuntu
+      - confd
+    interfaces:
+      - auto_config: true
+        network_name: private_network
+        type: static
+        ip: 172.16.10.40
   - name: test-cd-arch-base
     box: generic/arch
     memory: 2048
@@ -46,7 +58,7 @@ platforms:
       - auto_config: true
         network_name: private_network
         type: static
-        ip: 172.16.10.40
+        ip: 172.16.10.50
 
 provisioner:
   name: ansible
@@ -60,6 +72,14 @@ provisioner:
       all:
         containerd_tmp_directory: "/opt/tmp/containerd"
         containerd_binary_directory: "/usr/local/sbin"
+      test-cd-ubuntu2404-conf-d:
+        containerd_validate_config: true
+        containerd_config_imports:
+          - glob: "/etc/containerd/conf.d/*.toml"
+            configs:
+              10-molecule.toml: |
+                # Simple, non-critical override to prove imports work
+                plugins."io.containerd.cri.v1.runtime".max_container_log_line_size = 32768
 
 scenario:
   name: default

molecule/default/prepare.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright (C) 2021-2025 Robert Wimmer
+# Copyright (C) 2021-2026 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Run tasks for Archlinux