*** Wartungsfenster jeden ersten Mittwoch vormittag im Monat ***

Skip to content
Snippets Groups Projects
Commit d528cfa7 authored by Lahmer, Thomas's avatar Lahmer, Thomas
Browse files

loading of added selinux policies

parent c85680e0
No related branches found
No related tags found
1 merge request!1Restore main as the default branch
Hide whitespace changes
Inline Side-by-side
roles/rke2/tasks/setup_host.yml
+ 25
4
View file @ d528cfa7
...@@ -88,22 +88,43 @@ ...@@ -88,22 +88,43 @@
dest: /etc/selinux/targeted/policy/my-kube-apiserver.te dest: /etc/selinux/targeted/policy/my-kube-apiserver.te
when: ( 'control-plane' in group_names ) when: ( 'control-plane' in group_names )
- name: Build SELinux exception module (kube-apiserver)
shell: |
checkmodule -M -m -o /etc/selinux/targeted/policy/my-kube-apiserver.mod /etc/selinux/targeted/policy/my-kube-apiserver.te
semodule_package -o /etc/selinux/targeted/policy/my-kube-apiserver.pp -m /etc/selinux/targeted/policy/my-kube-apiserver.mod
semodule -i /etc/selinux/targeted/policy/my-kube-apiserver.pp
when: ( 'control-plane' in group_names )
- name: Copy SELinux Policies (prometheus/node_exporter) - name: Copy SELinux Policies (prometheus/node_exporter)
template: template:
src: ../selinux/my-prometheus_master.te src: ../selinux/my-prometheus_master.te
dest: /etc/selinux/targeted/policy/my-prometheus.te dest: /etc/selinux/targeted/policy/my-prometheus.te
when: ( 'control-plane' in group_names ) when: ( 'control-plane' in group_names )
- name: Copy SELinux Policies (prometheus/node_exporter) on agents
template:
src: ../selinux/my-prometheus_agent.te
dest: /etc/selinux/targeted/policy/my-prometheus.te
when: ( 'control-plane' not in group_names )
- name: Build SELinux exception module (prometheus/node_exporter)
shell: |
checkmodule -M -m -o /etc/selinux/targeted/policy/my-prometheus.mod /etc/selinux/targeted/policy/my-prometheus.te
semodule_package -o /etc/selinux/targeted/policy/my-prometheus.pp -m /etc/selinux/targeted/policy/my-prometheus.mod
semodule -i /etc/selinux/targeted/policy/my-prometheus.pp
- name: Copy SELinux Policies (hubble) on agents - name: Copy SELinux Policies (hubble) on agents
template: template:
src: ../selinux/my-hubble.te src: ../selinux/my-hubble.te
dest: /etc/selinux/targeted/policy/my-hubble.te dest: /etc/selinux/targeted/policy/my-hubble.te
when: ( 'control-plane' not in group_names ) when: ( 'control-plane' not in group_names )
- name: Copy SELinux Policies (prometheus/node_exporter) on agents - name: Build SELinux exception module (hubble)
template: shell: |
src: ../selinux/my-prometheus_agent.te checkmodule -M -m -o /etc/selinux/targeted/policy/my-hubble.mod /etc/selinux/targeted/policy/my-hubble.te
dest: /etc/selinux/targeted/policy/my-prometheus.te semodule_package -o /etc/selinux/targeted/policy/my-hubble.pp -m /etc/selinux/targeted/policy/my-hubble.mod
semodule -i /etc/selinux/targeted/policy/my-hubble.pp
when: ( 'control-plane' not in group_names ) when: ( 'control-plane' not in group_names )
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

[ 17.Mar 19h : 3,690 users | 903 groups | 4,946 projects ]