Add auto-install capability to install.sh for k3s-selinux

Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-19 13:24:02 -07:00 · 2020-10-19 13:24:02 -07:00 · 38109e6c9d
parent 03f05f9337
commit 38109e6c9d
1 changed files with 38 additions and 1 deletions
--- a/install.sh
+++ b/install.sh
@ -76,6 +76,9 @@ set -e
 #   - INSTALL_K3S_SELINUX_WARN
 #     If set to true will continue if k3s-selinux policy is not found.
 #
+#   - INSTALL_K3S_SKIP_SELINUX_RPM
+#     If set to true will skip automatic installation of the k3s RPM.
+#
 #   - INSTALL_K3S_CHANNEL_URL
 #     Channel URL for fetching k3s download URL.
 #     Defaults to 'https://update.k3s.io/v1-release/channels'.
@ -429,15 +432,27 @@ setup_binary() {

 # --- setup selinux policy ---
 setup_selinux() {
+
+    rpm_site="rpm.rancher.io"
+    if [ "${INSTALL_K3S_CHANNEL}" = "testing" ]; then
+        rpm_site="rpm-${INSTALL_K3S_CHANNEL}.rancher.io"
+    fi
+
    policy_hint="please install:
    yum install -y container-selinux selinux-policy-base
-    yum install -y https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm
+    yum install -y https://${rpm_site}/k3s/${INSTALL_K3S_CHANNEL}/common/centos/7/noarch/k3s-selinux-0.2-1.el7_8.noarch.rpm
 "
    policy_error=fatal
    if [ "$INSTALL_K3S_SELINUX_WARN" = true ]; then
        policy_error=warn
    fi

+    if [ "$INSTALL_K3S_SKIP_SELINUX_RPM" = true ] || can_skip_download; then
+        info "Skipping installation of SELinux RPM"
+    else
+        install_selinux_rpm ${rpm_site}
+    fi
+
    if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/k3s >/dev/null 2>&1; then
        if $SUDO grep '^\s*SELINUX=enforcing' /etc/selinux/config >/dev/null 2>&1; then
            $policy_error "Failed to apply container_runtime_exec_t to ${BIN_DIR}/k3s, ${policy_hint}"
@ -449,6 +464,28 @@ setup_selinux() {
    fi
 }

+# --- if on an el7/el8 system, install k3s-selinux
+install_selinux_rpm() {
+    if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ]; then
+        dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
+        maj_ver=$(echo "$dist_version" | sed -E -e "s/^([0-9]+)\.?[0-9]*$/\1/")
+        if [ -r /etc/redhat-release ] && [ "${maj_ver}" = "7" ]; then
+            yum -y install yum-utils
+            yum-config-manager --enable rhel-7-server-extras-rpms
+        fi
+        cat <<-EOF >"/etc/yum.repos.d/rancher-k3s-common-${INSTALL_K3S_CHANNEL}.repo"
+[rancher-k3s-common-${INSTALL_K3S_CHANNEL}]
+name=Rancher K3s Common (${INSTALL_K3S_CHANNEL})
+baseurl=https://${1}/k3s/${INSTALL_K3S_CHANNEL}/common/centos/${maj_ver}/noarch
+enabled=1
+gpgcheck=1
+gpgkey=https://${1}/public.key
+EOF
+        yum -y install "k3s-selinux"
+    fi
+    return
+}
+
 # --- download and verify k3s ---
 download_and_verify() {
    if can_skip_download; then