improvements
This commit is contained in:
mike
parent
724d415fc8
commit
512c76ea0d
2 changed files with 52 additions and 9 deletions
|
|
@ -5,6 +5,7 @@ set -euo pipefail
|
|||
# Configuration
|
||||
DATA_DIR="/var/lib/k0s"
|
||||
SCRIPT_NAME="$(basename "$0")"
|
||||
COMPLETION_FLAG="$HOME/.k0s-selinuxsetup-complete"
|
||||
|
||||
# Logging function
|
||||
log() {
|
||||
|
|
@ -55,7 +56,44 @@ check_tools() {
|
|||
fi
|
||||
}
|
||||
|
||||
# Check if data directory exists
|
||||
# Check if script has already been run successfully
|
||||
check_completion_flag() {
|
||||
if [[ -f "$COMPLETION_FLAG" ]]; then
|
||||
log "SKIP: SELinux setup has already been completed successfully"
|
||||
log "Completion flag found at: $COMPLETION_FLAG"
|
||||
log "If you need to re-run this setup, remove the flag file and run again:"
|
||||
log " rm '$COMPLETION_FLAG'"
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
# Create completion flag file
|
||||
create_completion_flag() {
|
||||
cat > "$COMPLETION_FLAG" << 'EOF'
|
||||
# k0s SELinux Setup Completion Flag
|
||||
#
|
||||
# This file indicates that the k0s SELinux configuration script has been
|
||||
# run successfully. It prevents the script from running multiple times.
|
||||
#
|
||||
# The script configures SELinux file contexts for:
|
||||
# - /var/lib/k0s/bin/containerd.* (container_runtime_exec_t)
|
||||
# - /var/lib/k0s/bin/runc (container_runtime_exec_t)
|
||||
# - /var/lib/k0s/containerd directory tree (container_var_lib_t)
|
||||
# - /var/lib/k0s/containerd snapshots (container_ro_file_t)
|
||||
#
|
||||
# If you remove this file, the SELinux script will run again on the next
|
||||
# k0sapply execution.
|
||||
#
|
||||
# Created: $(date)
|
||||
# Script: $(readlink -f "$0" 2>/dev/null || echo "$0")
|
||||
EOF
|
||||
|
||||
if [[ $? -eq 0 ]]; then
|
||||
log "SUCCESS: Created completion flag at $COMPLETION_FLAG"
|
||||
else
|
||||
log "WARNING: Failed to create completion flag at $COMPLETION_FLAG"
|
||||
fi
|
||||
}
|
||||
check_data_dir() {
|
||||
if [[ ! -d "$DATA_DIR" ]]; then
|
||||
error_exit "Data directory $DATA_DIR does not exist"
|
||||
|
|
@ -143,6 +181,9 @@ verify_contexts() {
|
|||
main() {
|
||||
log "Starting $SCRIPT_NAME"
|
||||
|
||||
# Check if already completed
|
||||
check_completion_flag
|
||||
|
||||
# Pre-flight checks
|
||||
check_privileges
|
||||
check_selinux
|
||||
|
|
@ -175,6 +216,9 @@ main() {
|
|||
log "You may want to run 'sudo restorecon -R -v $DATA_DIR' manually."
|
||||
fi
|
||||
|
||||
# Create completion flag to prevent future runs
|
||||
create_completion_flag
|
||||
|
||||
log "Completed $SCRIPT_NAME successfully"
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue