Install of module k3s.pp fails when creating cluster

[ifeulner]

Just trying to build a small cluster with 1.9.0, node installation throws following error:

module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): + /sbin/semodule -v -i /usr/share/selinux/packages/k3s.pp
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): Attempting to install module '/usr/share/selinux/packages/k3s.pp':
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): libsemanage.map_compressed_file: Unable to open /usr/share/selinux/packages/k3s.pp
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec):  (No such file or directory).
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): libsemanage.semanage_direct_install_file: Unable to read file /usr/share/selinux/packages/k3s.pp
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec):  (No such file or directory).
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): /sbin/semodule:  Failed on /usr/share/selinux/packages/k3s.pp!

Anyone experienced this already?

[ifeulner]

Looks like the install of transactional-update shell <<< "zypper --no-gpg-checks --non-interactive install https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/raw/master/.extra/k3s-selinux-next.rpm" didn't work.. or the reboot...
It seems to worked for the control plane.

[mysticaltech]

@ifeulner Weird. It definitely failed when you tried. Please terraform init -upgrade and try again. Also, if it happens again, try to see in the logs if there is an error in the HTTP request to the RPM.

[mysticaltech]

Just FYI, the fix is coming to the main rancher repo, so that's just a quick patch. Please retry again!

More info on this here k3s-io/k3s-selinux#36

[mysticaltech]

@ifeulner I'm considering this issue fixed, as just tried again and no one else complained. Also, the k3s folks just deployed the new testing rpm, so soon it's coming to stable, as soon as we have that, I will revert to using the rancher repo to fetch it.

[gerwim]

I'm currently hitting this issue. The agent nodes (all three of them) have this error. Using stable as release channel. The control planes worked though.

[mysticaltech]

@gerwim Please update your cluster to the latest and greatest version of the module, see pinned discussions.

[gerwim]

@mysticaltech Ah, I updated my previous message (but did not save it 🤡):

The issue is caused because of signature validation issue. The arm version worked fine, the x86 is returning an error. Removing the snapshots and rebuilding them (packer build hcloud-microos-snapshots.pkr.hcl) fixed it! 👍

hcloud.microos-x86-snapshot: Retrieving: k3s-selinux-1.4-1.sle.noarch (Plain RPM files cache) (1/1),  20.5 KiB
    hcloud.microos-x86-snapshot: k3s-selinux-1.4-1.sle.noarch.rpm:
    hcloud.microos-x86-snapshot:     Header V3 RSA/SHA256 Signature, key ID 925ea29ae257814a: NOKEY
    hcloud.microos-x86-snapshot:     V3 RSA/SHA256 Signature, key ID 925ea29ae257814a: NOKEY
==> hcloud.microos-x86-snapshot: warning: /var/tmp/zypp.qZPNOY/zypper/_tmpRPMcache_/%CLI%/k3s-selinux-1.4-1.sle.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID e257814a: NOKEY
    hcloud.microos-x86-snapshot:
==> hcloud.microos-x86-snapshot: k3s-selinux-1.4-1.sle.noarch (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available]