maany
commented
5 years ago @maarten-litmaath @ejr004 should be an automated step or should we insist a site admin to manually disable selinux?
Open maany opened 5 years ago
maany
commented
5 years ago @maarten-litmaath @ejr004 should be an automated step or should we insist a site admin to manually disable selinux?
maarten-litmaath
commented
5 years ago Hi all,
should be an automated step or should we insist a site admin to manually disable selinux?
Disabling SELinux must not be a long-term approach! It exists for good reasons...
esilvaju
commented
5 years ago Changing to get_selinux_status and raise an exception.
puppet module install puppet-selinux --version 2.0.0 required
maany
commented
5 years ago @ejr004 Can you create a PR. Also, we will have to update the metadata.json for the puppet module. https://github.com/WLCG-Lightweight-Sites/simple_grid_puppet_module/blob/master/metadata.json (dependencies section)
maany
commented
4 years ago This is still open for discussion. Pushing to 1.1
SELinux prevents containers from attaching to overlay networks. Could use the puppet module below in pre_deploy stage: https://forge.puppet.com/puppet/selinux And then issue a reboot before deploy stage.