fixed k3s selinux

2022-03-03 01:56:04 +01:00 · 2022-03-03 01:56:04 +01:00 · a0d3cb2ffd
commit a0d3cb2ffd
parent 117daeb9c3
5 changed files with 24 additions and 41 deletions
--- a/agents.tf
+++ b/agents.tf
@ -59,19 +59,6 @@ resource "null_resource" "agents" {
    inline = local.install_k3s_agent
  }

-  # Issue a reboot command and wait for MicroOS to reboot and be ready
-  # so that the new snapshot with k3s-selinux kicks in
-  provisioner "local-exec" {
-    command = <<-EOT
-      ssh ${local.ssh_args} root@${module.agents[each.key].ipv4_address} '(sleep 2; reboot)&'; sleep 3
-      until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${module.agents[each.key].ipv4_address} true 2> /dev/null
-      do
-        echo "Waiting for MicroOS to reboot and become available..."
-        sleep 3
-      done
-    EOT
-  }
-
  # Start the k3s agent and wait for it to have started
  provisioner "remote-exec" {
    inline = [
--- a/control_planes.tf
+++ b/control_planes.tf
@ -65,19 +65,6 @@ resource "null_resource" "control_planes" {
    inline = local.install_k3s_server
  }

-  # Issue a reboot command and wait for MicroOS to reboot and be ready,
-  # so that the new snapshot with k3s-selinux kicks in, only if k3s has never been initialized on the node
-  provisioner "local-exec" {
-    command = <<-EOT
-      ssh ${local.ssh_args} root@${module.control_planes[count.index].ipv4_address} '[[ ! -f /etc/rancher/k3s/k3s.yaml ]] && (sleep 2; reboot)&'; sleep 3
-      until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${module.control_planes[count.index].ipv4_address} true 2> /dev/null
-      do
-        echo "Waiting for MicroOS to reboot and become available..."
-        sleep 3
-      done
-    EOT
-  }
-
  # Start the k3s server and wait for it to have started correctly
  provisioner "remote-exec" {
    inline = [
--- a/init.tf
+++ b/init.tf
@ -30,19 +30,6 @@ resource "null_resource" "first_control_plane" {
    inline = local.install_k3s_server
  }

-  # so that the new snapshot with k3s-selinux kicks in
-  # Issue a reboot command and wait for MicroOS to reboot and be ready
-  provisioner "local-exec" {
-    command = <<-EOT
-      ssh ${local.ssh_args} root@${module.control_planes[0].ipv4_address} '(sleep 2; reboot)&'; sleep 3
-      until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${module.control_planes[0].ipv4_address} true 2> /dev/null
-      do
-        echo "Waiting for MicroOS to reboot and become available..."
-        sleep 3
-      done
-    EOT
-  }
-
  # Upon reboot verify start k3s and wait for it to be ready to receive commands
  provisioner "remote-exec" {
    inline = [
--- a/locals.tf
+++ b/locals.tf
@ -145,8 +145,10 @@ locals {
    "[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0",
  ]

-  install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"])
-  install_k3s_agent  = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"])
+  apply_k3s_selinux = ["/sbin/semodule -v -i /usr/share/selinux/packages/k3s.pp"]
+
+  install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"], local.apply_k3s_selinux)
+  install_k3s_agent  = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"], local.apply_k3s_selinux)

  agent_nodepools = merge([
    for nodepool_name, nodepool_obj in var.agent_nodepools : {
--- a/modules/host/main.tf
+++ b/modules/host/main.tf
@ -51,6 +51,26 @@ resource "hcloud_server" "server" {
      done
    EOT
  }
+
+  # Install k3s-selinux (compatible version)
+  provisioner "remote-exec" {
+    inline = [
+      "set -ex",
+      "transactional-update pkg install -y k3s-selinux"
+    ]
+  }
+
+  # Issue a reboot command and wait for MicroOS to reboot and be ready
+  provisioner "local-exec" {
+    command = <<-EOT
+      ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3
+      until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null
+      do
+        echo "Waiting for MicroOS to reboot and become available..."
+        sleep 3
+      done
+    EOT
+  }
 }

 resource "hcloud_server_network" "server" {