Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add coreos and sle micro to selinux support #6945

Merged
merged 6 commits into from
Apr 6, 2023
Merged

Add coreos and sle micro to selinux support #6945

merged 6 commits into from
Apr 6, 2023

Conversation

galal-hussein
Copy link
Contributor

Signed-off-by: galal-hussein [email protected]

Proposed Changes

  • Modify install.sh script to add coreos and sle micro rpms

Types of Changes

new feature

Verification

Testing

  • Fresh installation method

1- install k3s with selinux enabled on EL7
2- install k3s with selinux enabled on EL8
3- install k3s with selinux enabled on coreos fedora (experimental)
4- install k3s with selinux enabled on microos and SLE
5- install k3s with selinux enabled on SLE micro

  • Upgrade

We need to make sure that k3s-selinux is updated correctly on all systems with existing installations

Linked Issues

User-Facing Change

Further Comments

@galal-hussein galal-hussein requested a review from a team as a code owner February 10, 2023 19:19
@brandond
Copy link
Member

LGTM syntactically!

brandond
brandond reviewed Feb 10, 2023
View reviewed changes
install.sh Outdated
@@ -470,16 +470,29 @@ setup_selinux() {
rpm_target=sle
rpm_site_infix=microos
package_installer=zypper
if [ "${ID_LIKE:-}" == suse ] && [ "${VARIANT_ID:-}" == sle-micro ]; then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: do we need to check for suse again when we're already in a suse-specific block?

@VestigeJ
Copy link

Posting here just for tracking until other issues get created.

Single node install is good - SLES 15SP4
Single node upgrade on existing install is good - SLES 15SP4

@rancher-max rancher-max mentioned this pull request Feb 14, 2023
Closed
@rancher-max
Copy link
Contributor

Current issues noticed in testing:

Fedora:

  1. Not registering channel properly in that it is also trying to pull from stable. I believe this is due to line 489 in the currently live install script that has not been changed in this PR:
...
Added:
  k3s-selinux-1.3-4.coreos.noarch
Changes queued for next boot. Run "systemctl reboot" to start a reboot
[WARN]  Failed to find the k3s-selinux policy, please install:
    rpm-ostree install -y container-selinux
    rpm-ostree install -y https://rpm-testing.rancher.io/k3s/testing/common/coreos/noarch/k3s-selinux-1.2-2.coreos.noarch.rpm
...
  1. Shouldn't start k3s automatically. This should be more like the transactional-update
  2. Uninstall needs to take rpm-ostree into account as well

SLE Micro:

  1. Failed to install k3s-selinux:
...
(1/1) Installing: k3s-selinux-1.3-4.slemicro.noarch [......
libsemanage.semanage_pipe_data: Child process /usr/lib/selinux/hll/pp failed with code: 255. (No such file or directory).
k3s: libsepol.policydb_read: policydb module version 21 does not match my version range 4-20
k3s: libsepol.sepol_module_package_read: invalid module in module package (at section 0)
k3s: Failed to read policy package
libsemanage.semanage_direct_commit: Failed to compile hll files into cil files.
 (No such file or directory).
/usr/sbin/semodule:  Failed!
done]
Executing %posttrans script 'k3s-selinux-1.3-4.slemicro.noarch.rpm' [....done]
2023-02-23 05:44:16 Application returned with exit status 0.
2023-02-23 05:44:19 Transaction completed.
...

dlouzan
dlouzan reviewed Feb 24, 2023
View reviewed changes
install.sh Outdated Show resolved Hide resolved
@brandond brandond self-requested a review March 9, 2023 01:20
@est-suse
Copy link
Contributor

est-suse commented Apr 5, 2023

Validated On:

rhel8 *
rhel9 (v1.26) *
ubuntu *
sles15 RPM install (instead of default tar) *
centos7 *
Fedora coreos
sle micro

Scenarios:

Single installation

Upgrade from previous version to current commit - Deploying Workloads

Cluster config:

1 server - 1 agent

Commits:

1.26 4182dcaac8da225dd004737db2aae1393308c79d

1.25 c25f611eed749c15a51c6858480b84047974ab63

1.24 53e5d566b5a415544e8c501d34588bdb0a815f40

galal-hussein and others added 6 commits April 6, 2023 21:46
@galal-hussein galal-hussein force-pushed the support_extra_os_rpms branch from bfb19ba to 62eab2c Compare April 6, 2023 19:46
@galal-hussein galal-hussein merged commit 027cc18 into k3s-io:master Apr 6, 2023
@akshaychopra5207
Copy link

This change is not working for flatcar container linux

@xsen84
Copy link

xsen84 commented Apr 11, 2023

On flatcar the k3s.service is not created anymore.

@cguertin14 cguertin14 mentioned this pull request Apr 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlouzan dlouzan dlouzan left review comments

@brandond brandond brandond approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@galal-hussein @brandond @VestigeJ @rancher-max @est-suse @akshaychopra5207 @xsen84 @dlouzan @dereknola