*** Wartungsfenster jeden ersten Mittwoch vormittag im Monat ***

Skip to content
Snippets Groups Projects
Commit 3aae0b7e authored by entlein's avatar entlein
Browse files

trying to add a wait condition to switch on SELinux once Openstack has booted

parent 62535095
Branches
No related tags found
1 merge request!1Restore main as the default branch
Hide whitespace changes
Inline Side-by-side
roles/rke2/tasks/fix_selinux.yml
+ 11
1
View file @ 3aae0b7e
...@@ -52,4 +52,14 @@ ...@@ -52,4 +52,14 @@
- setroubleshoot - setroubleshoot
- python3-libselinux - python3-libselinux
- policycoreutils-python-utils - policycoreutils-python-utils
state: absent state: absent
\ No newline at end of file #rancher 40814 0.1 0.3 751524 58892 ? Ssl 05:02 0:16 /bin/openstack-cloud-controller-manager --v=2 --cloud-config=/etc/config/cloud.conf --cluster-name=kubernetes --cloud-provider=openstack --use-service-account-credentials=true --controllers=cloud-node,cloud-node-lifecycle,route,service --bind-address=127.0.0.1 --cluster-name=rke2-cluster-beta
- name: wait for openstack-cloud-controller to have booted (very indirect and stupid method)
wait_for:
path: /var/lib/kubelet/pods/*/containers/rke2-ingress-nginx-controller
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
\ No newline at end of file
roles/rke2/tasks/setup_host.yml
+ 8
38
View file @ 3aae0b7e
...@@ -69,44 +69,20 @@ ...@@ -69,44 +69,20 @@
- name: Enable SELinux - name: Enable SELinux
selinux: selinux:
policy: targeted policy: targeted
#state: permissive state: permissive
state: enforcing #state: enforcing
#Download the mozilla root CA into the right directory, and update the trust chain #Download the mozilla root CA into the right directory, and update the trust chain
- name: Download root CA #- name: Download root CA
get_url: # get_url:
url: https://curl.se/ca/cacert.pem # url: https://curl.se/ca/cacert.pem
dest: /etc/ssl/certs # dest: /etc/ssl/certs
- name: Update CA trust #- name: Update CA trust
shell: update-ca-trust # shell: update-ca-trust
#yes, I know....
#- name: Copy SELinux Policies- Master
# template:
# src: ../selinux/my-openstackcloud-mgmt.pp
# dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
# when: "'master' in group_names"
#- name: Copy SELinux Policies - Server 1
# template:
# src: ../selinux/my-openstackcloud-server1.pp
# dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
# when: inventory_hostname=="k8s-server-001"
#- name: Copy SELinux Policies - Server 2
# template:
# src: ../selinux/my-openstackcloud-server2.pp
# dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
# when: inventory_hostname=="k8s-server-002"
#- name: Activate SELinux Policies Exceptions on ControlPlane
# shell: semodule -i /etc/selinux/targeted/policy/my-openstackcloud.pp
# when: "'control-plane' in group_names"
- name: Ensure /var/lib/rancher/rke2/server/manifests - name: Ensure /var/lib/rancher/rke2/server/manifests
file: file:
path: /var/lib/rancher/rke2/server/manifests path: /var/lib/rancher/rke2/server/manifests
...@@ -118,12 +94,6 @@ ...@@ -118,12 +94,6 @@
path: /etc/rancher/rke2 path: /etc/rancher/rke2
state: directory state: directory
recurse: yes recurse: yes
#TODO needs to be rewritten for dnf
#- name: update package cache
# apt:
# update_cache: yes
# when: dist_upgrade
#- name: upgrade packages #- name: upgrade packages
# apt: # apt:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

[ 15.Nov 1h : 4,475 users | 1,081 groups | 6,377 projects ]