etcd stuck in crash loop on selinux-enabled rhel 7.9 #20
Comments
This will require custom policy and/or an adaptation of #11 |
|
We had some success in the following
The first server we tried it on was still having difficulty (likely due to artifacts of all our other failed attempts), so we just used audit2allow to correct the remaining issues there. However, it worked flawlessly on the second server. The third server we tried it on did not seem to have permissions issues, but was still having a hard time connecting to the etcd cluster. We're going to try to get a fourth server running today. |
Is there a missing transition? |
I did forget to write that we did a restorecon on the new data dir, if that's what you are asking? I do know that this RKE did not seem to attempt making those selinux changes for the custom data directory. |
There seems to be a problem with SELinux on STIG'd RHEL 7.9 servers, such that prevents etcd from starting. This is what I've been dealing with:
rancher/rke2#1494
TL;DR;
With selinux in enforcing mode, I cannot start rke2 with selinux=true OR profile=cis-.... With selinux in permissive mode, I can.
A requirement not noted in the above issue is that I will eventually need to relocate the rke2 data dir outside of /var (due to disk partition issues). I just need to get it started first.
The text was updated successfully, but these errors were encountered: