From 1afdb05ea9e1678b97e0224191d0a9341ce84f41 Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Sat, 28 Aug 2021 00:20:53 +0300
Subject: [PATCH] Fedora and RHEL use etc_t and the convention is <type_name>_t
 (#7891)

* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
---
 .gitlab-ci/packet.yml                          |  7 +++++++
 docs/ci.md                                     |  2 +-
 docs/vars.md                                   |  2 +-
 roles/kubernetes/node/tasks/kubelet.yml        |  2 +-
 tests/files/packet_fedora34-calico-selinux.yml | 14 ++++++++++++++
 5 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 tests/files/packet_fedora34-calico-selinux.yml

diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml
index 5d9387618..30daff2b4 100644
--- a/.gitlab-ci/packet.yml
+++ b/.gitlab-ci/packet.yml
@@ -180,6 +180,13 @@ packet_fedora33-calico:
   variables:
     MITOGEN_ENABLE: "true"
 
+packet_fedora34-calico-selinux:
+  stage: deploy-part2
+  extends: .packet_periodic
+  when: on_success
+  variables:
+    MITOGEN_ENABLE: "true"
+
 packet_amazon-linux-2-aio:
   stage: deploy-part2
   extends: .packet_pr
diff --git a/docs/ci.md b/docs/ci.md
index 1a3ccc5e5..6f2112a2d 100644
--- a/docs/ci.md
+++ b/docs/ci.md
@@ -12,7 +12,7 @@ centos8 |  :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x:
 debian10 |  :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 debian9 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: |
 fedora33 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-fedora34 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
+fedora34 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
 opensuse |  :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 oracle7 |  :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 ubuntu16 |  :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: |
diff --git a/docs/vars.md b/docs/vars.md
index a275783ca..93c366f5d 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -26,7 +26,7 @@ Some variables of note include:
 * *kube_version* - Specify a given Kubernetes version
 * *searchdomains* - Array of DNS domains to search when looking up hostnames
 * *nameservers* - Array of nameservers to use for DNS lookup
-* *preinstall_selinux_state* - Set selinux state, permitted values are permissive and disabled.
+* *preinstall_selinux_state* - Set selinux state, permitted values are permissive, enforcing and disabled.
 
 ## Addressing variables
 
diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index 26560a72b..6e0052db9 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -17,7 +17,7 @@
   template:
     src: "kubelet.env.{{ kubeletConfig_api_version }}.j2"
     dest: "{{ kube_config_dir }}/kubelet.env"
-    setype: "{{ (preinstall_selinux_state == 'enforcing') | ternary('t_etc', omit) }}"
+    setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
     backup: yes
     mode: 0640
   notify: Node | restart kubelet
diff --git a/tests/files/packet_fedora34-calico-selinux.yml b/tests/files/packet_fedora34-calico-selinux.yml
new file mode 100644
index 000000000..882d503f6
--- /dev/null
+++ b/tests/files/packet_fedora34-calico-selinux.yml
@@ -0,0 +1,14 @@
+---
+# Instance settings
+cloud_image: fedora-34
+mode: default
+
+# Kubespray settings
+deploy_netchecker: true
+dns_min_replicas: 1
+kube_network_plugin: calico
+
+auto_renew_certificates: true
+
+# Test with SELinux in enforcing mode
+preinstall_selinux_state: enforcing
-- 
GitLab