From 512c76ea0d864d9e4859bc957ac4b38fdb1cf061 Mon Sep 17 00:00:00 2001
From: mike <mike@windows>
Date: Wed, 18 Jun 2025 19:42:39 -0400
Subject: [PATCH] improvements

---
 k0sctl.yaml       | 15 +++++++--------
 selinux-script.sh | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/k0sctl.yaml b/k0sctl.yaml
index 891b953..bc5e10d 100644
--- a/k0sctl.yaml
+++ b/k0sctl.yaml
@@ -22,8 +22,6 @@ spec:
         src: selinux.conf
         dstDir: /etc/containerd.d/selinux-containers.conf
         perm: 0644
-      - name: seaweedfs-crds
-        src: 
   - ssh:
       address: k2.lab.smig.tech
       user: smig
@@ -32,7 +30,7 @@ spec:
     role: worker
     files:
       - name: selinux-script
-        src: selinux-script
+        src: ./selinux-script.sh
         dstDir: /home/smig/selinux-script.sh
         perm: 0700
         user: smig
@@ -42,7 +40,7 @@ spec:
         after:
           - date > k0s-selinux.log
           - echo "Starting SELinux Script" >> k0s-selinux.log
-          - bash /home/smig/script.sh &>> k0s-selinux.log
+          - bash /home/smig/selinux-script.sh &>> k0s-selinux.log
   - ssh:
       address: k3.lab.smig.tech
       user: smig
@@ -51,7 +49,7 @@ spec:
     role: worker
     files:
       - name: selinux-script
-        src: selinux-script
+        src: ./selinux-script.sh
         dstDir: /home/smig/selinux-script.sh
         perm: 0700
         user: smig
@@ -61,7 +59,7 @@ spec:
         after:
           - date > k0s-selinux.log
           - echo "Starting SELinux Script" >> k0s-selinux.log
-          - bash /home/smig/script.sh &>> k0s-selinux.log
+          - bash /home/smig/selinux-script.sh &>> k0s-selinux.log
   - ssh:
       address: k4.lab.smig.tech
       user: smig
@@ -70,7 +68,7 @@ spec:
     role: worker
     files:
       - name: selinux-script
-        src: selinux-script
+        src: ./selinux-script.sh
         dstDir: /home/smig/selinux-script.sh
         perm: 0700
         user: smig
@@ -80,7 +78,7 @@ spec:
         after:
           - date > k0s-selinux.log
           - echo "Starting SELinux Script" >> k0s-selinux.log
-          - bash /home/smig/script.sh &>> k0s-selinux.log
+          - bash /home/smig/selinux-script.sh &>> k0s-selinux.log
   k0s:
     config:
       apiVersion: k0s.k0sproject.io/v1beta1
@@ -138,6 +136,7 @@ spec:
                 chartname: seaweedfs-operator/seaweedfs-operator
                 version: "0.1.1"
                 order: 2
+                namespace: seaweefs-operator-system
                 values: |
                   image:
                     registry: git.thecodedom.com
diff --git a/selinux-script.sh b/selinux-script.sh
index 83e0759..81557e3 100644
--- a/selinux-script.sh
+++ b/selinux-script.sh
@@ -5,6 +5,7 @@ set -euo pipefail
 # Configuration
 DATA_DIR="/var/lib/k0s"
 SCRIPT_NAME="$(basename "$0")"
+COMPLETION_FLAG="$HOME/.k0s-selinuxsetup-complete"
 
 # Logging function
 log() {
@@ -55,7 +56,44 @@ check_tools() {
     fi
 }
 
-# Check if data directory exists
+# Check if script has already been run successfully
+check_completion_flag() {
+    if [[ -f "$COMPLETION_FLAG" ]]; then
+        log "SKIP: SELinux setup has already been completed successfully"
+        log "Completion flag found at: $COMPLETION_FLAG"
+        log "If you need to re-run this setup, remove the flag file and run again:"
+        log "  rm '$COMPLETION_FLAG'"
+        exit 0
+    fi
+}
+
+# Create completion flag file
+create_completion_flag() {
+    cat > "$COMPLETION_FLAG" << 'EOF'
+# k0s SELinux Setup Completion Flag
+#
+# This file indicates that the k0s SELinux configuration script has been
+# run successfully. It prevents the script from running multiple times.
+#
+# The script configures SELinux file contexts for:
+# - /var/lib/k0s/bin/containerd.* (container_runtime_exec_t)
+# - /var/lib/k0s/bin/runc (container_runtime_exec_t)
+# - /var/lib/k0s/containerd directory tree (container_var_lib_t)
+# - /var/lib/k0s/containerd snapshots (container_ro_file_t)
+#
+# If you remove this file, the SELinux script will run again on the next
+# k0sapply execution.
+#
+# Created: $(date)
+# Script: $(readlink -f "$0" 2>/dev/null || echo "$0")
+EOF
+    
+    if [[ $? -eq 0 ]]; then
+        log "SUCCESS: Created completion flag at $COMPLETION_FLAG"
+    else
+        log "WARNING: Failed to create completion flag at $COMPLETION_FLAG"
+    fi
+}
 check_data_dir() {
     if [[ ! -d "$DATA_DIR" ]]; then
         error_exit "Data directory $DATA_DIR does not exist"
@@ -143,6 +181,9 @@ verify_contexts() {
 main() {
     log "Starting $SCRIPT_NAME"
     
+    # Check if already completed
+    check_completion_flag
+    
     # Pre-flight checks
     check_privileges
     check_selinux
@@ -175,6 +216,9 @@ main() {
         log "You may want to run 'sudo restorecon -R -v $DATA_DIR' manually."
     fi
     
+    # Create completion flag to prevent future runs
+    create_completion_flag
+    
     log "Completed $SCRIPT_NAME successfully"
 }