I'm trying to install Ranche RKE on some Fedora CoreOS 37 VMs. The installation happens through a SSH bastion host and I set up SSH key pairs correctly.
I got the following error during the installation process:
Failed running cluster err:[[selinux] Host [192.168.2.111] does not recognize SELinux label [label=type:rke_container_t]. This is required for Kubernetes version [>=1.22.0-rancher0]. Please install rancher-selinux RPM package and try again]
I tried to install the rancher-selinux package from the Butane configuration file:
systemd:
units:
# Installing rancher-selinux
- name: rpm-ostree-install-rancher-selinux.service
enabled: true
contents: |
[Unit]
Description=Layer rancher-selinux with rpm-ostree
Wants=network-online.target
After=network-online.target
# We run before `zincati.service` to avoid conflicting rpm-ostree transactions.
Before=zincati.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
# `--allow-inactive` ensures that rpm-ostree does not return an error
# if the package is already installed. This is useful if the package is
# added to the root image in a future Fedora CoreOS release as it will
# prevent the service from failing.
ExecStart=/usr/bin/rpm-ostree install --allow-inactive --reboot rancher-selinux
ExecStart=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
But nothing, even if I do a cold restart of the VMs.
I tried also to disable Docker SELinux, even if I do not want to disable that security layer, but it did not work:
systemd:
units:
- name: "docker.service"
enabled: true
dropins:
- name: "01-selinux.conf"
contents: |
[Service]
Environment=DOCKER_SELINUX=--selinux-enabled=false
I searched a bit on the we and I found 2 open issues:
- coreos/butane Adding a package to OS install
- coreos/fedora-coreos-tracker Improve package layering UX
Is there a way to install this package or to do make SELinux work in some way? Thanks
