Check for k3s policy and provide install hints

pull/1611/head
Erik Wilson 5 years ago committed by Craig Jellick
parent 3c98290f0b
commit ce10c1f080

@ -72,6 +72,9 @@ set -e
# - INSTALL_K3S_TYPE # - INSTALL_K3S_TYPE
# Type of systemd service to create, will default from the k3s exec command # Type of systemd service to create, will default from the k3s exec command
# if not specified. # if not specified.
#
# - INSTALL_K3S_SELINUX_WARN
# If set to true will continue if k3s-selinux policy is not found.
GITHUB_URL=https://github.com/rancher/k3s/releases GITHUB_URL=https://github.com/rancher/k3s/releases
STORAGE_URL=https://storage.googleapis.com/k3s-ci-builds STORAGE_URL=https://storage.googleapis.com/k3s-ci-builds
@ -82,6 +85,10 @@ info()
{ {
echo '[INFO] ' "$@" echo '[INFO] ' "$@"
} }
warn()
{
echo '[WARN] ' "$@" >&2
}
fatal() fatal()
{ {
echo '[ERROR] ' "$@" >&2 echo '[ERROR] ' "$@" >&2
@ -389,10 +396,26 @@ setup_binary() {
info "Installing k3s to ${BIN_DIR}/k3s" info "Installing k3s to ${BIN_DIR}/k3s"
$SUDO chown root:root ${TMP_BIN} $SUDO chown root:root ${TMP_BIN}
$SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s $SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s
}
if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/k3s 2>/dev/null 2>&1; then # --- setup selinux policy ---
setup_selinux() {
policy_hint="please install:
yum install -y container-selinux selinux-policy-base
rpm -i https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm
"
policy_error=fatal
if [ "$INSTALL_K3S_SELINUX_WARN" = true ]; then
policy_error=warn
fi
if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/k3s >/dev/null 2>&1; then
if $SUDO grep SELINUX=enforcing /etc/selinux/config >/dev/null 2>&1; then if $SUDO grep SELINUX=enforcing /etc/selinux/config >/dev/null 2>&1; then
fatal "Failed to apply container_runtime_exec_t to ${BIN_DIR}/k3s, please install k3s-selinux RPM" $policy_error "Failed to apply container_runtime_exec_t to ${BIN_DIR}/k3s, ${policy_hint}"
fi
else
if [ ! -f /usr/share/selinux/packages/k3s.pp ]; then
$policy_error "Failed to find the k3s-selinux policy, ${policy_hint}"
fi fi
fi fi
} }
@ -733,6 +756,7 @@ eval set -- $(escape "${INSTALL_K3S_EXEC}") $(quote "$@")
verify_system verify_system
setup_env "$@" setup_env "$@"
download_and_verify download_and_verify
setup_selinux
create_symlinks create_symlinks
create_killall create_killall
create_uninstall create_uninstall

Loading…
Cancel
Save