Update selinux.md to add a note on a possible required reboot for CentOS/RHEL systems #232
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tOS/RHEL systems After installing the required packages, he noticed that the canal & coredns installation failed at some point: # kubectl get nodes NAME STATUS ROLES AGE VERSION mgxrk8sinf339 NotReady control-plane,etcd,master 120m v1.27.10+rke2r1 # kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system cloud-controller-manager-mgxrk8sinf339 1/1 Running 0 40s kube-system etcd-mgxrk8sinf339 1/1 Running 0 16s kube-system helm-install-rke2-canal-r4rgk 0/1 RunContainerError 2 (13s ago) 35s kube-system helm-install-rke2-coredns-d9c4c 0/1 RunContainerError 2 (12s ago) 35s kube-system helm-install-rke2-ingress-nginx-4ppm2 0/1 Pending 0 35s kube-system helm-install-rke2-metrics-server-nsq55 0/1 Pending 0 35s kube-system helm-install-rke2-snapshot-controller-crd-pvgfc 0/1 Pending 0 35s kube-system helm-install-rke2-snapshot-controller-p94xh 0/1 Pending 0 35s kube-system helm-install-rke2-snapshot-validation-webhook-lbnwz 0/1 Pending 0 35s kube-system kube-apiserver-mgxrk8sinf339 1/1 Running 0 41s kube-system kube-controller-manager-mgxrk8sinf339 1/1 Running 0 39s kube-system kube-proxy-mgxrk8sinf339 1/1 Running 0 35s kube-system kube-scheduler-mgxrk8sinf339 1/1 Running 0 39s With these notable errors: repeated in /var/lib/rancher/rke2/agent/containerd/containerd.log time="2024-03-04T12:32:12.023610851+01:00" level=error msg="StartContainer for \"f8294bc42fb256a129dcbc0fef03a71ea4cf5687bb424c077fb07bc5bcf793a1\" failed" error="failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: \"entry\": executable file not found in $PATH: unknown" Although I could not reproduce this issue in a Laboratory, the customer reported that he solved the issue by rebooting the server after installing the rke2-selinux rpm package and before performing the rke2 installation. So he is suggesting updating this specific RKE2 documentation https://docs.rke2.io/security/selinux https://docs.rke2.io/install/methods#rpm Adding a specific mention that a reboot of the server may be required after installing the rke2-selinux package, even if it doesn't apply to 100% of the cases - note that I was not able to reproduce this issue-
dereknola
approved these changes
Jul 1, 2024
brandond
changed the title
brandond
requested changes
Jul 1, 2024
Co-authored-by: Brad Davidson <[email protected]>
dereknola
approved these changes
Jul 8, 2024
brandond
approved these changes
Jul 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After installing the required packages, he noticed that the canal & coredns installation failed at some point:
With these notable errors:
repeated in /var/lib/rancher/rke2/agent/containerd/containerd.log
time="2024-03-04T12:32:12.023610851+01:00" level=error msg="StartContainer for \"f8294bc42fb256a129dcbc0fef03a71ea4cf5687bb424c077fb07bc5bcf793a1\" failed" error="failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: \"entry\": executable file not found in $PATH: unknown"Although I could not reproduce this issue in a Laboratory, the customer reported that he solved the issue by rebooting the server after installing the rke2-selinux rpm package and before performing the rke2 installation.
So he is suggesting updating this specific RKE2 documentation
https://docs.rke2.io/security/selinux
https://docs.rke2.io/install/methods#rpm
Adding a specific mention that a reboot of the server may be required after installing the rke2-selinux package, even if it doesn't apply to 100% of the cases - note that I was not able to reproduce this issue-