Merge pull request #206 from alexander-demicev/cherrypick-selinux

alexander-demicev · web-flow · commit 0663c43f47c5 · 2023-11-22T17:02:00.000+01:00
[release-0.2] Fix selinux in ignition for SLE micro
diff --git a/bootstrap/internal/ignition/ignition.go b/bootstrap/internal/ignition/ignition.go
@@ -32,13 +32,21 @@ const (
 
 var (
 	serverSystemdServices = []string{
+		"semanage fcontext -a -t systemd_unit_file_t  /usr/lib/systemd/system/rke2-server.service",
+		"setenforce 0",
 		"systemctl enable rke2-server.service",
 		"systemctl start rke2-server.service",
+		"restorecon /etc/systemd/system/rke2-server.service",
+		"setenforce 1",
 	}
 
 	workerSystemdServices = []string{
+		"semanage fcontext -a -t systemd_unit_file_t  /usr/lib/systemd/system/rke2-agent.service",
+		"setenforce 0",
 		"systemctl enable rke2-agent.service",
 		"systemctl start rke2-agent.service",
+		"restorecon /etc/systemd/system/rke2-agent.service",
+		"setenforce 1",
 	}
 )
 
diff --git a/bootstrap/internal/ignition/ignition_test.go b/bootstrap/internal/ignition/ignition_test.go
@@ -207,15 +207,15 @@ var _ = Describe("getControlPlaneRKE2Commands", func() {
 	It("should return slice of control plane commands", func() {
 		commands, err := getControlPlaneRKE2Commands(baseUserData)
 		Expect(err).ToNot(HaveOccurred())
-		Expect(commands).To(HaveLen(3))
+		Expect(commands).To(HaveLen(7))
 		Expect(commands).To(ContainElements(fmt.Sprintf(controlPlaneCommand, baseUserData.RKE2Version), serverSystemdServices[0], serverSystemdServices[1]))
 	})
 
 	It("should return slice of control plane commands with air gapped", func() {
 		baseUserData.AirGapped = true
 		commands, err := getControlPlaneRKE2Commands(baseUserData)
 		Expect(err).ToNot(HaveOccurred())
-		Expect(commands).To(HaveLen(3))
+		Expect(commands).To(HaveLen(7))
 		Expect(commands).To(ContainElements(airGappedControlPlaneCommand, serverSystemdServices[0], serverSystemdServices[1]))
 	})
 
@@ -247,15 +247,15 @@ var _ = Describe("getWorkerRKE2Commands", func() {
 	It("should return slice of worker commands", func() {
 		commands, err := getWorkerRKE2Commands(baseUserData)
 		Expect(err).ToNot(HaveOccurred())
-		Expect(commands).To(HaveLen(3))
+		Expect(commands).To(HaveLen(7))
 		Expect(commands).To(ContainElements(fmt.Sprintf(workerCommand, baseUserData.RKE2Version), workerSystemdServices[0], workerSystemdServices[1]))
 	})
 
 	It("should return slice of worker commands with air gapped", func() {
 		baseUserData.AirGapped = true
 		commands, err := getWorkerRKE2Commands(baseUserData)
 		Expect(err).ToNot(HaveOccurred())
-		Expect(commands).To(HaveLen(3))
+		Expect(commands).To(HaveLen(7))
 		Expect(commands).To(ContainElements(airGappedWorkerCommand, workerSystemdServices[0], workerSystemdServices[1]))
 	})
 

Original file line number	Diff line number	Diff line change
`@@ -32,13 +32,21 @@ const (`
`32`	`32`
`33`	`33`	`var (`
`34`	`34`	`serverSystemdServices = []string{`
	`35`	`+ "semanage fcontext -a -t systemd_unit_file_t /usr/lib/systemd/system/rke2-server.service",`
	`36`	`+ "setenforce 0",`
`35`	`37`	`"systemctl enable rke2-server.service",`
`36`	`38`	`"systemctl start rke2-server.service",`
	`39`	`+ "restorecon /etc/systemd/system/rke2-server.service",`
	`40`	`+ "setenforce 1",`
`37`	`41`	`}`
`38`	`42`
`39`	`43`	`workerSystemdServices = []string{`
	`44`	`+ "semanage fcontext -a -t systemd_unit_file_t /usr/lib/systemd/system/rke2-agent.service",`
	`45`	`+ "setenforce 0",`
`40`	`46`	`"systemctl enable rke2-agent.service",`
`41`	`47`	`"systemctl start rke2-agent.service",`
	`48`	`+ "restorecon /etc/systemd/system/rke2-agent.service",`
	`49`	`+ "setenforce 1",`
`42`	`50`	`}`
`43`	`51`	`)`
`44`	`52`