From: John Mulligan <jmulligan@redhat.com>
Date: Mon, 31 Mar 2025 18:39:26 +0000 (-0400)
Subject: qa/cephadm/smb: run setsebool with sudo
X-Git-Tag: testing/wip-vshankar-testing-20250407.173548-debug~16^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8924d7b11e304307daf4d8baf9ec44d2e612ef79;p=ceph-ci.git

qa/cephadm/smb: run setsebool with sudo

Change 06fc55b0a4d994550f05625f10d8f7f0b11863eb added a setsebool
command to nodes setup on ctdb enabled test. This should have
prevented additional errors like:
```
failure_reason: 'SELinux denials found on
ubuntu@smithi066.front.sepia.ceph.com: [''type=AVC
  msg=audit(1743168241.024:10142): avc:  denied  { nlmsg_read } for
pid=60223 comm="ss"
  scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
  tclass=netlink_tcpdiag_socket permissive=1'', ''type=AVC
msg=audit(1743168185.768:10101):
  avc:  denied  { nlmsg_read } for  pid=58817 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
  tcontext=system_u:system_r:container_t:s0:c491,c612
tclass=netlink_tcpdiag_socket
  permissive=1'', ''type=AVC msg=audit(1743168210.896:10137): avc:
denied  { nlmsg_read
  } for  pid=59798 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
  tclass=netlink_tcpdiag_socket permissive=1'']'
```
But these were seen again:
https://qa-proxy.ceph.com/teuthology/adking-2025-03-28_12:13:17-orch:cephadm-wip-adk-testing-2025-03-27-1430-distro-default-smithi/8214681/teuthology.log

I think that the commands may not be getting run correctly because they
need to be run with privs. Other pexec commands in the cephadm suite run
with sudo, so try it here.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
index e05869d93e3..6513d9b4bbc 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
index 45ed41e8212..62eebc03d73 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
@@ -28,7 +28,7 @@ tasks:
     count: 1
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
index aab74b1692b..3ae2002af9d 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
index 20a10a7cbc0..70f76298332 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
index 4f3bcb0a735..7221c6a8577 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
@@ -28,7 +28,7 @@ tasks:
     count: 2
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell: