Configuring a containerized cluster with SELinux
You can configure a containerized cluster with SELinux to enable it to run the Embedded Container Service (ECS).
- Ensure that the hosts you use for the containerized cluster meet all hardware and software requirements for use with CDP Private Cloud Data Services.
- Enable SELinux in Permissive mode by updating the
/etc/selinux/config
file on all ECS hosts by running the following commands:sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config reboot
- Add the SELinux policies provided by RKE2 by installing the
RPMs on all ECS hosts. Use the following commands:
yum localinstall -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm wget https://github.com/rancher/rke2-selinux/releases/download/v0.8.stable.2/rke2-selinux-0.8-2.el7.noarch.rpm yum install -y rke2-selinux-0.8-2.el7.noarch.rpm
- Uninstall the
nscd
service by running the following command on all ECS hosts :yum erase -y nscd
- Install a containerized cluster on all hosts. See Adding a CDP Private Cloud Data Services cluster.
- Enable SELinux in Enforced mode by running the following
commands on all ECS hosts:
setenforce 1
You can confirm that SELinux is running in Enforced mode by running the following command:getenforce
-
Verify that the ECS cluster hosts are sending heartbeats to the Cloudera Manager
server.
- Open the Cloudera Manager Admin Console.
- Click Hosts > All Hosts.
- Check the Last Heartbeat column for heartbeat status.
- Verify that your workloads are functioning as expected.