k3s-ansible icon indicating copy to clipboard operation
k3s-ansible copied to clipboard

Published 20 hours ago verified publisher icon k3s-io

Add support for SELinux

Open tylergmuir opened this issue 2 years ago • 1 comments

Adds support for SELinux on CentOS 7 and 8 as well as RedHat Enterprise Linux 7 and 8.

tylergmuir avatar Jul 26 '22 07:07 tylergmuir

#199

tylergmuir avatar Jul 26 '22 07:07 tylergmuir

SELinux support is now automatically handled by using the K3s install script, added in https://github.com/k3s-io/k3s-ansible/pull/228

dereknola avatar Nov 09 '23 21:11 dereknola

@dereknola The install script does handle the installation of the selinux rpm now, but in the prereqs task in this repo, the first step is to disable SELinux. In addition to that, it would probably be good to document that --selinux would need to be added to the extra_server_args and extra_agent_args for it to work appropriately.

Also, if you look at the changed files for this PR, it also fixes some issues that someone running a RHEL distro would run into, such as firewalld being enabled (which conflicts with k3s) and that the distro name in the when statements is incorrect for modern versions of ansible.

I would be happy to update my fork or open an updated PR if you would like, but I feel there are still issues here that should be addressed.

tylergmuir avatar Nov 09 '23 22:11 tylergmuir

Hey @tylergmuir Those issues you mentioned are valid. I have an open issue for https://github.com/k3s-io/k3s-ansible/issues/234. I will open another issue to track SELinux working properly and make sure that it works correctly. As for the RHEL distro when statements, https://github.com/k3s-io/k3s-ansible/commit/45289ba7d9ffd6e99dea1cfd7e5c63f266a599be merged today and should handle them correctly now.

Lookout for stuff tomorrow and next week.

dereknola avatar Nov 09 '23 23:11 dereknola