mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
83 lines
2.4 KiB
Plaintext
83 lines
2.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-multus-tap-setting-boolean.adoc_{context}"]
|
|
= Setting SELinux boolean for the TAP CNI plugin
|
|
|
|
[role="_abstract"]
|
|
To create the tap device with the `container_t` SELinux context, enable the `container_use_devices` boolean on the host by using the Machine Config Operator (MCO).
|
|
|
|
.Prerequisites
|
|
|
|
* You have installed the {oc-first}.
|
|
|
|
.Procedure
|
|
|
|
. Create a new YAML file with the following details:
|
|
+
|
|
.Example `setsebool-container-use-devices.yaml`
|
|
[source, yaml]
|
|
----
|
|
apiVersion: machineconfiguration.openshift.io/v1
|
|
kind: MachineConfig
|
|
metadata:
|
|
labels:
|
|
machineconfiguration.openshift.io/role: worker
|
|
name: 99-worker-setsebool
|
|
spec:
|
|
config:
|
|
ignition:
|
|
version: 3.2.0
|
|
systemd:
|
|
units:
|
|
- enabled: true
|
|
name: setsebool.service
|
|
contents: |
|
|
[Unit]
|
|
Description=Set SELinux boolean for the TAP CNI plugin
|
|
Before=kubelet.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/sbin/setsebool container_use_devices=on
|
|
RemainAfterExit=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target graphical.target
|
|
----
|
|
|
|
. Create the new `MachineConfig` object by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f setsebool-container-use-devices.yaml
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
Applying any changes to the `MachineConfig` object causes all affected nodes to gracefully reboot after the change is applied. The MCO might take some time to apply the update.
|
|
====
|
|
|
|
.Verification
|
|
|
|
* Verify that the change is applied by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get machineconfigpools
|
|
----
|
|
+
|
|
[source,terminal,options="nowrap",role="white-space-pre"]
|
|
----
|
|
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
|
|
master rendered-master-e5e0c8e8be9194e7c5a882e047379cfa True False False 3 3 3 0 7d2h
|
|
worker rendered-worker-d6c9ca107fba6cd76cdcbfcedcafa0f2 True False False 3 3 3 0 7d
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
All nodes should be in the `Updated` and `Ready` state.
|
|
====
|