[QA] Testing tasks - CentOS7/RHEL7 and Rancher on SELinux-enabled K3s

[davidnuzik]

• Retest installation on CentOS 7 and RHEL 7.
  § Is documentation sufficient to get it up and running properly? [if not create docs issue(s)]
  § Can workloads successfully launch?

• Test if Rancher 2.4 runs successfully on K3s that has been installed on an SELinux enabled system.
  § Compare to rke + docker + selinux
  § Need to understand the repercussions of having it turned on

• Additionally, clear docs are needed for disabling SELinux [create docs issue if needed]

[ShylajaDevadiga]

Node OS CentOS 7
k3s v1.18.4+k3s1
Rancher version 2.4.5
With selinux set to Enforcing mode:

• Installation on singlecontrol and multicontrol with mysql backend was successful.
• Import k3s cluster into Rancher was successful.
• K3s as local management cluster in Rancher was successful
• Upgrade using SUC from v1.18.3+k3s1 to v1.18.4+k3s1 was successful

[davidnuzik]

This is sort-of a duplicate of #1371 but we have called out some things around documentation and testing Rancher 2.4 running on K3s. This might not be relevant anymore and we'll need to think on this some.

[davidnuzik]

@ShylajaDevadiga could you briefly test this again with latest k3s v1.19.1 as a medium priority. This does not need to be tested for v1.19.1 k3s release - you can test after it releases. We basically want to double-check that all is well running Rancher 2.5 on SELinux enforcing k3s cluster running on CENT7 or RHEL7. We need to ensure this is fine before R 2.5 release and if there are any special requirements / steps that these get documented in a separate docs issue for Catherine.

[ShylajaDevadiga]

Linking Docs issue here #2058 to mention the need to explicitly enable selinux.

Validated using k3s v1.19.1-rc1+k3s1

cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.8 (Maipo)

import k3s to rancher is successful.

cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml |grep selinux
enable_selinux = true

K3s as local management cluster in Rancher was successful

k3s -v
k3s version v1.19.1-rc1+k3s1 (041f18f6)
sudo kubectl get nodes
NAME                                          STATUS   ROLES    AGE     VERSION
ip-172-31-29-130.us-east-2.compute.internal   Ready    master   3h46m   v1.19.1-rc1+k3s1
ip-172-31-22-33.us-east-2.compute.internal    Ready    master   3h42m   v1.19.1-rc1+k3s1
sudo cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml |grep selinux
  enable_selinux = true

[ShylajaDevadiga]

Retesting SUC, found selinux is disabled after upgrade.
In v1.19.1-rc1+k3s1 selinux needs to be explicitly enabled.
Related issue #2248

[ShylajaDevadiga]

Closing as validated. SUC issue is tracked separately.