From: John Mulligan <jmulligan@redhat.com>
Date: Mon, 31 Mar 2025 18:39:26 +0000 (-0400)
Subject: qa/cephadm/smb: run setsebool with sudo
X-Git-Tag: v20.3.0~170^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8924d7b11e304307daf4d8baf9ec44d2e612ef79;p=ceph.git

qa/cephadm/smb: run setsebool with sudo

Change 06fc55b0a4d994550f05625f10d8f7f0b11863eb added a setsebool
command to nodes setup on ctdb enabled test. This should have
prevented additional errors like:
```
failure_reason: 'SELinux denials found on
ubuntu@smithi066.front.sepia.ceph.com: [''type=AVC
  msg=audit(1743168241.024:10142): avc:  denied  { nlmsg_read } for
pid=60223 comm="ss"
  scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
  tclass=netlink_tcpdiag_socket permissive=1'', ''type=AVC
msg=audit(1743168185.768:10101):
  avc:  denied  { nlmsg_read } for  pid=58817 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
  tcontext=system_u:system_r:container_t:s0:c491,c612
tclass=netlink_tcpdiag_socket
  permissive=1'', ''type=AVC msg=audit(1743168210.896:10137): avc:
denied  { nlmsg_read
  } for  pid=59798 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
  tclass=netlink_tcpdiag_socket permissive=1'']'
```
But these were seen again:
https://qa-proxy.ceph.com/teuthology/adking-2025-03-28_12:13:17-orch:cephadm-wip-adk-testing-2025-03-27-1430-distro-default-smithi/8214681/teuthology.log

I think that the commands may not be getting run correctly because they
need to be run with privs. Other pexec commands in the cephadm suite run
with sudo, so try it here.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
index e05869d93e3a..6513d9b4bbc4 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
index 45ed41e8212a..62eebc03d73c 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
@@ -28,7 +28,7 @@ tasks:
     count: 1
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
index aab74b1692be..3ae2002af9dd 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
index 20a10a7cbc04..70f762983323 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
index 4f3bcb0a7351..7221c6a8577c 100644
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
@@ -28,7 +28,7 @@ tasks:
     count: 2
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell: