Bugfix/selinux enforcing centos

[julienlau]

Hi, Thanks for this useful tool.

I am performing some tests for on premise deployment. Currently I spawn Centos7 VM in a virtualbox. If I try with selinux=enforcing, this is not working and I get the error below:

TASK [DCOS.master : Installation: Run DC/OS master installation] >****************************************************** fatal: [192.168.56.3]: FAILED! => {"changed": true, "cmd": "set -o pipefail; bash >/tmp/dcos/1.12.0/dcos_install.sh master | systemd-cat -t dcos-install", "delta": "0:00:00.252115", "end": "2019-03-25 10:01:22.825347", "msg": "non-zero return code", "rc": 1, "start": "2019-03-25 10:01:22.573232", "stderr": "WARNING: bridge-nf-call-iptables is disabled\nWARNING: bridge-nf-call-ip6tables is disabled", "stderr_lines": ["WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled"], "stdout": "", "stdout_lines": []}

The sysctl adjustement enclosed in this pull request enable to solve this issue.

I did not manage to apply them only when selinux_mode==enforcing, so they are applied to all centos systems.

Regards Julien

[julienlau]

It may be specific to VMs running on virtualbox ? It seems to work without this trick on openstack VMs.

[fatz]

thanks for the PR. We'll have a look into this. Actually I thought this is already set by the docker package.

We'll do some test trying to find out what went wrong here