smig/k0s-cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

improvements

Browse source
This commit is contained in:
mike 2025-06-18 19:42:39 -04:00
parent 724d415fc8
commit 512c76ea0d
2 changed files with 52 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

15
k0sctl.yaml
View file

@ -22,8 +22,6 @@ spec:
src: selinux.conf src: selinux.conf
dstDir: /etc/containerd.d/selinux-containers.conf dstDir: /etc/containerd.d/selinux-containers.conf
perm: 0644 perm: 0644
- name: seaweedfs-crds
src:
- ssh: - ssh:
address: k2.lab.smig.tech address: k2.lab.smig.tech
user: smig user: smig
@ -32,7 +30,7 @@ spec:
role: worker role: worker
files: files:
- name: selinux-script - name: selinux-script
src: selinux-script src: ./selinux-script.sh
dstDir: /home/smig/selinux-script.sh dstDir: /home/smig/selinux-script.sh
perm: 0700 perm: 0700
user: smig user: smig
@ -42,7 +40,7 @@ spec:
after: after:
- date > k0s-selinux.log - date > k0s-selinux.log
- echo "Starting SELinux Script" >> k0s-selinux.log - echo "Starting SELinux Script" >> k0s-selinux.log
- bash /home/smig/script.sh &>> k0s-selinux.log - bash /home/smig/selinux-script.sh &>> k0s-selinux.log
- ssh: - ssh:
address: k3.lab.smig.tech address: k3.lab.smig.tech
user: smig user: smig
@ -51,7 +49,7 @@ spec:
role: worker role: worker
files: files:
- name: selinux-script - name: selinux-script
src: selinux-script src: ./selinux-script.sh
dstDir: /home/smig/selinux-script.sh dstDir: /home/smig/selinux-script.sh
perm: 0700 perm: 0700
user: smig user: smig
@ -61,7 +59,7 @@ spec:
after: after:
- date > k0s-selinux.log - date > k0s-selinux.log
- echo "Starting SELinux Script" >> k0s-selinux.log - echo "Starting SELinux Script" >> k0s-selinux.log
- bash /home/smig/script.sh &>> k0s-selinux.log - bash /home/smig/selinux-script.sh &>> k0s-selinux.log
- ssh: - ssh:
address: k4.lab.smig.tech address: k4.lab.smig.tech
user: smig user: smig
@ -70,7 +68,7 @@ spec:
role: worker role: worker
files: files:
- name: selinux-script - name: selinux-script
src: selinux-script src: ./selinux-script.sh
dstDir: /home/smig/selinux-script.sh dstDir: /home/smig/selinux-script.sh
perm: 0700 perm: 0700
user: smig user: smig
@ -80,7 +78,7 @@ spec:
after: after:
- date > k0s-selinux.log - date > k0s-selinux.log
- echo "Starting SELinux Script" >> k0s-selinux.log - echo "Starting SELinux Script" >> k0s-selinux.log
- bash /home/smig/script.sh &>> k0s-selinux.log - bash /home/smig/selinux-script.sh &>> k0s-selinux.log
k0s: k0s:
config: config:
apiVersion: k0s.k0sproject.io/v1beta1 apiVersion: k0s.k0sproject.io/v1beta1
@ -138,6 +136,7 @@ spec:
chartname: seaweedfs-operator/seaweedfs-operator chartname: seaweedfs-operator/seaweedfs-operator
version: "0.1.1" version: "0.1.1"
order: 2 order: 2
namespace: seaweefs-operator-system
values: | values: |
image: image:
registry: git.thecodedom.com registry: git.thecodedom.com

46
selinux-script.sh
View file

@ -5,6 +5,7 @@ set -euo pipefail
# Configuration # Configuration
DATA_DIR="/var/lib/k0s" DATA_DIR="/var/lib/k0s"
SCRIPT_NAME="$(basename "$0")" SCRIPT_NAME="$(basename "$0")"
COMPLETION_FLAG="$HOME/.k0s-selinuxsetup-complete"
# Logging function # Logging function
log() { log() {
@ -55,7 +56,44 @@ check_tools() {
fi fi
} }
# Check if data directory exists # Check if script has already been run successfully
check_completion_flag() {
if [[ -f "$COMPLETION_FLAG" ]]; then
log "SKIP: SELinux setup has already been completed successfully"
log "Completion flag found at: $COMPLETION_FLAG"
log "If you need to re-run this setup, remove the flag file and run again:"
log " rm '$COMPLETION_FLAG'"
exit 0
fi
}
# Create completion flag file
create_completion_flag() {
cat > "$COMPLETION_FLAG" << 'EOF'
# k0s SELinux Setup Completion Flag
#
# This file indicates that the k0s SELinux configuration script has been
# run successfully. It prevents the script from running multiple times.
#
# The script configures SELinux file contexts for:
# - /var/lib/k0s/bin/containerd.* (container_runtime_exec_t)
# - /var/lib/k0s/bin/runc (container_runtime_exec_t)
# - /var/lib/k0s/containerd directory tree (container_var_lib_t)
# - /var/lib/k0s/containerd snapshots (container_ro_file_t)
#
# If you remove this file, the SELinux script will run again on the next
# k0sapply execution.
#
# Created: $(date)
# Script: $(readlink -f "$0" 2>/dev/null || echo "$0")
EOF
if [[ $? -eq 0 ]]; then
log "SUCCESS: Created completion flag at $COMPLETION_FLAG"
else
log "WARNING: Failed to create completion flag at $COMPLETION_FLAG"
fi
}
check_data_dir() { check_data_dir() {
if [[ ! -d "$DATA_DIR" ]]; then if [[ ! -d "$DATA_DIR" ]]; then
error_exit "Data directory $DATA_DIR does not exist" error_exit "Data directory $DATA_DIR does not exist"
@ -143,6 +181,9 @@ verify_contexts() {
main() { main() {
log "Starting $SCRIPT_NAME" log "Starting $SCRIPT_NAME"
# Check if already completed
check_completion_flag
# Pre-flight checks # Pre-flight checks
check_privileges check_privileges
check_selinux check_selinux
@ -175,6 +216,9 @@ main() {
log "You may want to run 'sudo restorecon -R -v $DATA_DIR' manually." log "You may want to run 'sudo restorecon -R -v $DATA_DIR' manually."
fi fi
# Create completion flag to prevent future runs
create_completion_flag
log "Completed $SCRIPT_NAME successfully" log "Completed $SCRIPT_NAME successfully"
} }