systemctl enable + systemctl start can be combined into one. also
move it after the restorecon. This potentially allows dropping the
setenforce disablement
Signed-off-by: Dirk Müller <dmueller@suse.com>
the rke2 install script installs the service in /etc/systemd/service
and the restorecon call already sets the proper context on it (but since
we start the service beforehand, that doesn't seem to be necessary..).
semanage(1) isn't always preinstalled in the operating system image, and
if this service exists, the relabeling at boot will restore the context.
Signed-off-by: Dirk Müller <dmueller@suse.com>
By writing into /etc/ssh/sshd_config we override default config which
usually defines include /etc/ssh/sshd_config.d/*.conf. This breaks an
ability to cusomize config further. And disables include any files dropped
into sshd_config.d directory.
This commit moves RKE2 sshd config into subdirectory with 010 index
so it will be loaded first.
Signed-off-by: Dinar Valeev <k0da@opensuse.org>
- Perform etcd memebership management only when the local certificates
were created, and skip otherwise.
Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
This is not mounted by default, therefore we cannot write the
/opt/rke2-cis-script.sh script.
So add configuration to mount the subvolume, as described in
https://en.opensuse.org/Portal:MicroOS/Ignition#Mounts
Signed-off-by: Steven Hardy <steven.hardy@suse.com>
This aligns with the default cloud-init behavior and enables e.g
overwriting distro-default files via RKE2ConfigTemplate using the
spec.template.spec.files API.
Signed-off-by: Steven Hardy <steven.hardy@suse.com>
ensures that cluster-etcd secret can be created if host does not have kubectl installed
fixes#403
Signed-off-by: Simplysoft GmbH <1588210+simplysoft@users.noreply.github.com>
The rke2-install.sh script sets the exit on error flag ('set -e'), however
the script might fail to exit when a command in a pipe fails.
Add the '-u' and '-o pipefail' flags to better identify errors within the
install script.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Furkat Gofurov
Dirk Müller
Dinar Valeev
Andrea Mazzotti
Alexandr Demicev
Danil-Grigorev
Steven Hardy
Simplysoft GmbH
Alberto Morgante Medina
Marco Chiappero
Alberto Morgante Medina