systemctl enable + systemctl start can be combined into one. also
move it after the restorecon. This potentially allows dropping the
setenforce disablement
Signed-off-by: Dirk Müller <dmueller@suse.com>
the rke2 install script installs the service in /etc/systemd/service
and the restorecon call already sets the proper context on it (but since
we start the service beforehand, that doesn't seem to be necessary..).
semanage(1) isn't always preinstalled in the operating system image, and
if this service exists, the relabeling at boot will restore the context.
Signed-off-by: Dirk Müller <dmueller@suse.com>
By writing into /etc/ssh/sshd_config we override default config which
usually defines include /etc/ssh/sshd_config.d/*.conf. This breaks an
ability to cusomize config further. And disables include any files dropped
into sshd_config.d directory.
This commit moves RKE2 sshd config into subdirectory with 010 index
so it will be loaded first.
Signed-off-by: Dinar Valeev <k0da@opensuse.org>
- Perform etcd memebership management only when the local certificates
were created, and skip otherwise.
Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
Dirk Müller
Dinar Valeev
Furkat Gofurov
Danil-Grigorev
Steven Hardy
Alberto Morgante Medina
Alexandr Demicev
Alberto Morgante Medina