When itz is running on a RHEL VM with SELINUX enabled you need an additonal parm added in .itz/cli-config.yaml

Question

When itz is running on a RHEL VM with SELINUX enabled you need an additonal parm added in .itz/cli-config.yaml

Closed this issue a year ago · 4 comments

When running ocpi from within itz workspace ocpinstaller you need an extra parm if you are running on RHEL with SELINUX enabled. (Which is the default). Without the parm you get an error.

type ocpi to start...
(app-root) [root@docker] OCPi # ocpi
Traceback (most recent call last):
File "/opt/app-root/bin/ocpi", line 33, in
sys.exit(load_entry_point('OCPInstaller==1.0', 'console_scripts', 'ocpi')())
File "/usr/src/ocpnow/ocpi.py", line 23, in main
init()
File "/usr/src/ocpnow/ocpi.py", line 12, in init
projectController = ProjectController()
File "/usr/src/ocpnow/controllers/ProjectController.py", line 46, in init
os.makedirs(PROJECTS_DIR, exist_ok = True)
File "/usr/lib64/python3.9/os.py", line 225, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: './save/projects/'

The update necessary is in .itz/cli-config.yaml. You need to add :Z on to the end of the volumes: line
itz:
workspace:
ocpinstaller:
image: quay.io/ibmtz/ocpinstaller:stable
local: true
name: ocp-installer
type: interactive
volumes:
- /root/.itz/save:/usr/src/ocpnow/save:Z

Instructions for running ocpinstaller under podman should also be modified to reflect the need for the parm when running on RHEL.
'podman run -it
--name workspace
--mount type=bind,source="$(pwd)"/save,target=/usr/src/ocpnow/save:Z
quay.io/ibmtz/ocpinstaller'

Not sure what happens if you add the flag on a non-RHEL system. For now at least an update to the install doc warning RHEL users to add the flag.

Answer 1 · 2023-05-16T12:16:37.000Z

This is a regression--it is functionality that was once there. It used to the default to having :Z "turned on" and then would roll to not have it in the file if it didn't work. I think it's best if we add a flag to itz doctor to fix this so the user doesn't have to be worried about fixing it manually in a YAML file.

Answer 2 · 2023-07-17T12:17:18.000Z

This should now be resolved in the upcoming v.0.1.26 release. See PR #43

Answer 3 · 2023-07-17T15:10:31.000Z

Included in merge to main #46

Answer 4 · 2023-07-18T12:59:22.000Z

This was released in v0.1.26.