|
|
@ -72,6 +72,9 @@ set -e
|
|
|
|
# - INSTALL_K3S_TYPE
|
|
|
|
# - INSTALL_K3S_TYPE
|
|
|
|
# Type of systemd service to create, will default from the k3s exec command
|
|
|
|
# Type of systemd service to create, will default from the k3s exec command
|
|
|
|
# if not specified.
|
|
|
|
# if not specified.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# - INSTALL_K3S_SELINUX_WARN
|
|
|
|
|
|
|
|
# If set to true will continue if k3s-selinux policy is not found.
|
|
|
|
|
|
|
|
|
|
|
|
GITHUB_URL=https://github.com/rancher/k3s/releases
|
|
|
|
GITHUB_URL=https://github.com/rancher/k3s/releases
|
|
|
|
STORAGE_URL=https://storage.googleapis.com/k3s-ci-builds
|
|
|
|
STORAGE_URL=https://storage.googleapis.com/k3s-ci-builds
|
|
|
@ -82,6 +85,10 @@ info()
|
|
|
|
{
|
|
|
|
{
|
|
|
|
echo '[INFO] ' "$@"
|
|
|
|
echo '[INFO] ' "$@"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
warn()
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
echo '[WARN] ' "$@" >&2
|
|
|
|
|
|
|
|
}
|
|
|
|
fatal()
|
|
|
|
fatal()
|
|
|
|
{
|
|
|
|
{
|
|
|
|
echo '[ERROR] ' "$@" >&2
|
|
|
|
echo '[ERROR] ' "$@" >&2
|
|
|
@ -389,10 +396,26 @@ setup_binary() {
|
|
|
|
info "Installing k3s to ${BIN_DIR}/k3s"
|
|
|
|
info "Installing k3s to ${BIN_DIR}/k3s"
|
|
|
|
$SUDO chown root:root ${TMP_BIN}
|
|
|
|
$SUDO chown root:root ${TMP_BIN}
|
|
|
|
$SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s
|
|
|
|
$SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/k3s 2>/dev/null 2>&1; then
|
|
|
|
# --- setup selinux policy ---
|
|
|
|
|
|
|
|
setup_selinux() {
|
|
|
|
|
|
|
|
policy_hint="please install:
|
|
|
|
|
|
|
|
yum install -y container-selinux selinux-policy-base
|
|
|
|
|
|
|
|
rpm -i https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm
|
|
|
|
|
|
|
|
"
|
|
|
|
|
|
|
|
policy_error=fatal
|
|
|
|
|
|
|
|
if [ "$INSTALL_K3S_SELINUX_WARN" = true ]; then
|
|
|
|
|
|
|
|
policy_error=warn
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/k3s >/dev/null 2>&1; then
|
|
|
|
if $SUDO grep SELINUX=enforcing /etc/selinux/config >/dev/null 2>&1; then
|
|
|
|
if $SUDO grep SELINUX=enforcing /etc/selinux/config >/dev/null 2>&1; then
|
|
|
|
fatal "Failed to apply container_runtime_exec_t to ${BIN_DIR}/k3s, please install k3s-selinux RPM"
|
|
|
|
$policy_error "Failed to apply container_runtime_exec_t to ${BIN_DIR}/k3s, ${policy_hint}"
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
if [ ! -f /usr/share/selinux/packages/k3s.pp ]; then
|
|
|
|
|
|
|
|
$policy_error "Failed to find the k3s-selinux policy, ${policy_hint}"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -733,6 +756,7 @@ eval set -- $(escape "${INSTALL_K3S_EXEC}") $(quote "$@")
|
|
|
|
verify_system
|
|
|
|
verify_system
|
|
|
|
setup_env "$@"
|
|
|
|
setup_env "$@"
|
|
|
|
download_and_verify
|
|
|
|
download_and_verify
|
|
|
|
|
|
|
|
setup_selinux
|
|
|
|
create_symlinks
|
|
|
|
create_symlinks
|
|
|
|
create_killall
|
|
|
|
create_killall
|
|
|
|
create_uninstall
|
|
|
|
create_uninstall
|
|
|
|