diff --git a/README.md b/README.md index 0097680c..b6d201d9 100644 --- a/README.md +++ b/README.md @@ -52,10 +52,11 @@ There are three scenarios to use KubeKey. * `sudo`/`curl`/`openssl` should be used in all nodes. * `ebtables`/`socat`/`ipset`/`conntrack` should be installed in all nodes. * `docker` can be installed by yourself or by KubeKey. - + * `Red Hat` includes `SELinux` in its `Linux release`. It is recommended to close SELinux or [switch the mode of SELinux](./docs/turn-off-SELinux.md) to `Permissive` > * It's recommended that Your OS is clean (without any other software installed), otherwise there may be conflicts. > * A container image mirror (accelerator) is recommended to be prepared if you have trouble downloading images from dockerhub.io. [Configure registry-mirrors for the Docker daemon](https://docs.docker.com/registry/recipes/mirror/#configure-the-docker-daemon). > * KubeKey will install [OpenEBS](https://openebs.io/) to provision LocalPV for development and testing environment by default, this is convenient for new users. For production, please use NFS / Ceph / GlusterFS or commercial products as persistent storage, and install the [relevant client](docs/storage-client.md) in all nodes. +> * If you encounter `Permission denied` when copying, it is recommended to check [SELinux and turn off it](./docs/turn-off-SELinux.md) first * Networking and DNS requirements: * Make sure the DNS address in `/etc/resolv.conf` is available. Otherwise, it may cause some issues of DNS in cluster. diff --git a/README_zh-CN.md b/README_zh-CN.md index d0d8cda6..76211e31 100644 --- a/README_zh-CN.md +++ b/README_zh-CN.md @@ -52,10 +52,12 @@ * `sudo`/`curl`/`openssl` 应在所有节点使用。 * `ebtables`/`socat`/`ipset`/`conntrack` 应安装在所有节点。 * `docker` 可以自己安装,也可以通过 KubeKey 安装。 + * `Red Hat` 在其 `Linux` 发行版本中包括了`SELinux`,建议[关闭SELinux](./docs/turn-off-SELinux_zh-CN.md)或者将[SELinux的模式切换](./docs/turn-off-SELinux_zh-CN.md)为Permissive[宽容]工作模式 > * 建议您的操作系统环境足够干净 (不安装任何其他软件),否则可能会发生冲突。 > * 如果在从 dockerhub.io 下载镜像时遇到问题,建议准备一个容器镜像仓库 (加速器)。[为 Docker 守护程序配置镜像加速](https://docs.docker.com/registry/recipes/mirror/#configure-the-docker-daemon)。 > * 默认情况下,KubeKey 将安装 [OpenEBS](https://openebs.io/) 来为开发和测试环境配置 LocalPV,这对新用户来说非常方便。对于生产,请使用 NFS/Ceph/GlusterFS 或商业化存储作为持久化存储,并在所有节点中安装[相关的客户端](./docs/storage-client.md) 。 +> * 如果遇到拷贝时报权限问题Permission denied,建议优先考虑查看[SELinux的原因](./docs/turn-off-SELinux_zh-CN.md)。 * 网络和 DNS 要求: * 确保 `/etc/resolv.conf` 中的 DNS 地址可用。否则,可能会导致群集中出现某些 DNS 问题。 diff --git a/docs/turn-off-SELinux.md b/docs/turn-off-SELinux.md new file mode 100644 index 00000000..e8c7e3ae --- /dev/null +++ b/docs/turn-off-SELinux.md @@ -0,0 +1,21 @@ +# How to turn off SELinux +## turn off SELinux +```shell script +# Edit the configuration +sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config +#restart the system +reboot +# check SELinux +getenforce +``` +> Edit the configuration file /etc/selinux/config, change SELINUX= to SELINUX=disabled, then restart the system, SELinux will be disabled + +## Temporarily shut down SELinux +```shell script +# Temporarily closing SELinux is to switch between enforcing and permissive modes +setenforce 0 #Switch to tolerance mode +setenforce 1 #Switch to mandatory mode +# check SELinux +getenforce +``` +> Temporary shutdown enforcing, invalid after restarting the system diff --git a/docs/turn-off-SELinux_zh-CN.md b/docs/turn-off-SELinux_zh-CN.md new file mode 100644 index 00000000..ee520d7f --- /dev/null +++ b/docs/turn-off-SELinux_zh-CN.md @@ -0,0 +1,21 @@ +# 如何关闭SELinux +## 永久关闭SELinux +```shell script +# 永久关闭SELinux +sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config +#关闭后需要重启系统 +reboot +# 查看SELinux的状态 +getenforce +``` +> 编辑配置文件/etc/selinux/config,把 SELINUX= 更改为 SELINUX=disabled ,然后重启系统,SELinux 就被禁用了 + +## 临时关闭SELinux +```shell script +# 临时关闭SELinux就是enforcing 和 permissive 两种模式之间进行切换 +setenforce 0 #切换成宽容模式 +setenforce 1 #切换成强制模式 +# check SELinux +getenforce +``` +> 临时切换工作模式,重启系统生失效