Changes to local system are troubling

[gmarcy]

I was surprised that the make start-iso was so destructive to the local machine I was running on.
In particular, the changes to the local NetworkManager service in virt-create-net.sh. I would only
expect changes to my sno-workdir and in the virtual machine being created to run the cluster.

[omertuc]

Sorry about that, I'll patch it shortly with a prompt / warning and later on figure out how to make it less destructive. Thank you

[omertuc]

Patched 22b518a

[gmarcy]

thanks. I've started to prototype standing up a container as described at https://matchbox.psdn.io/network-setup/#poseidondnsmasq which is how I provide the local network services for matchbox. the other approach I have seen is to put a dnsmasq configuration inside of your own images like at https://github.com/metal3-io/ironic-image/blob/master/scripts/rundnsmasq. in both cases the services are running in a container so the configuration is set there rather than on the local machine. cleanup is also a lot easier.

[eranco74]

@gmarcy thanks for noticing.
The long-term plan is to set up DNS inside the node (similar to what baremetal platform is doing).
If you have a working prototype, a pull request is welcome.

[gmarcy]

I've come across a few SELinux issues. Are you running the make start-iso under setenforce 0 ?

[omertuc]

I believe it worked okay for me even when Enforcing (Fedora 33 if that matters). I mean, it installed and there was a control plane, didn't really make use of the cluster after that

[gmarcy]

running in centos 8.3, getting messages like

SELinux is preventing /usr/libexec/libvirt_leaseshelper from remove_name access on the directory labeled user_home_t.

with suggestions like

ausearch -c 'libvirt_leasesh' --raw | audit2allow -M my-libvirtleasesh
semodule -X 300 -i my-libvirtleasesh.pp