https://rancher.com/ logo
m

many-nightfall-61858

09/18/2023, 11:36 PM
Hi, we have been running into some pain points with installing RKE2 in an air gapped environment on SELinux for Red Hat. Is there any guidance on how this should be done? We need the RKE2 rpms associated with the version of the tarballed container images. E.g. if I am using RKE2 v1.25.12, I need to make sure I also tarball those image versions. Additionally,
install.sh
errors with a method conflict when RPMs are downloaded, but we need the images and the other settings in install.sh, such as
fapolicyd
rules.
c

creamy-pencil-82913

09/18/2023, 11:39 PM
method conflict?
you can get the tarballs from github for any given version; are you specifying the version when installing so that you can match the RPM to the tarballs?
m

many-nightfall-61858

09/18/2023, 11:42 PM
method conflict: https://github.com/rancher/rke2/blob/master/install.sh#L137 But the yum repos setup in the script point to repos that you need internet connectivity for
this doesnt seem to work (maybe I’m doing something wrong): https://github.com/rancher/rke2/blob/master/install.sh#L579
this works: https://github.com/rancher/rke2/blob/master/install.sh#L577, but its kind of buried on how to construct these env variables to pick up the version correctly
c

creamy-pencil-82913

09/18/2023, 11:46 PM
Why are you installing tars on top of RPMs?
m

many-nightfall-61858

09/18/2023, 11:46 PM
so we end up just forking the install script, removing
check_method
conflict, and doing
Copy code
rke2_rpm_version=$(echo "${INSTALL_RKE2_VERSION}" | sed -E -e "s/[\+-]/~/g" | sed -E -e "s/v(.*)/\1/")
yum install -y rke2-server-${rke2_rpm_version}~rke2r1-0.el8.x86_64
this seems like the wrong way we should be doing things
c

creamy-pencil-82913

09/18/2023, 11:47 PM
yeah I’m really confused by what you’re doing here
m

many-nightfall-61858

09/18/2023, 11:47 PM
yeah 😓 thats why I’m coming here for help
is there a different way we can load images without doing
INSTALL_RKE2_ARTIFACT_PATH=/root/rke2-artifacts sh install.sh
c

creamy-pencil-82913

09/18/2023, 11:50 PM
try with
INSTALL_RKE2_METHOD=rpm INSTALL_RKE2_VERSION=v1.25.12+rke2r1 INSTALL_RKE2_ARTIFACT_PATH=/where/you/put/stuff
although that might not work exactly right, I’m not sure that handles the RPM stuff correctly.
The error you were getting indicates that you previously installed from tarballs, so make sure you don’t have any of that left behind when running it
I mean, if you’re doing RPMs you can just install them normally, and place the images in /var/lib/rancher/rke2/agent/images yourself
with RPMs, that’s really all the install script is doing for you - since you don’t need it to go out and grab stuff from GH for you
the install script doesn’t add much value if you already know which version you want, and have all the files downloaded
m

many-nightfall-61858

09/18/2023, 11:53 PM
yeah but we need some of the other configuration that’s done in install.sh, such as https://github.com/rancher/rke2/blob/master/install.sh#L625
c

creamy-pencil-82913

09/18/2023, 11:56 PM
is that it? you just need the fapolicy rules, and the tarballs copied over?
m

many-nightfall-61858

09/18/2023, 11:56 PM
yeah I tried this
INSTALL_RKE2_METHOD=rpm INSTALL_RKE2_VERSION=v1.25.12+rke2r1 INSTALL_RKE2_ARTIFACT_PATH=/where/you/put/stuff,
but it wont handle the rpms in air gapped unfortunately, because they’re pointing to the upstream rke2 yum repo: https://github.com/rancher/rke2/blob/master/install.sh#L537
we have to do a reposync on those, and bring them in
is that it? you just need the fapolicy rules, and the tarballs copied over?
I think so? not sure what else the installer does that we might need. if we dont need it, then we can copy paste the fapolicyd stuff
c

creamy-pencil-82913

09/19/2023, 12:05 AM
Yeah, I think your best bet is just to handle it yourself