From 7636dd048ed4a582e90884240cc0334a7fdfe213 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Tue, 8 Feb 2022 21:57:13 -0500 Subject: [PATCH] Using /usr/sbin instead of /usr/local/bin to accommodate RHEL $PATH defaults (#300) --- assets/scripts/k3s.service | 2 +- assets/scripts/zarf-clean-k3s.sh | 16 ++++++++-------- cli/cmd/destroy.go | 5 +++-- examples/big-bang/README.md | 2 +- examples/big-bang/zarf.yaml | 6 +++--- test/e2e/e2e_data_injection_test.go | 4 ++-- zarf.yaml | 16 ++++++++-------- 7 files changed, 26 insertions(+), 25 deletions(-) diff --git a/assets/scripts/k3s.service b/assets/scripts/k3s.service index ddbf47b8c3..deae056648 100644 --- a/assets/scripts/k3s.service +++ b/assets/scripts/k3s.service @@ -24,4 +24,4 @@ RestartSec=5s ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service' ExecStartPre=-/sbin/modprobe br_netfilter ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/local/bin/k3s server --write-kubeconfig-mode=700 --disable traefik +ExecStart=/usr/sbin/k3s server --write-kubeconfig-mode=700 --disable traefik diff --git a/assets/scripts/zarf-clean-k3s.sh b/assets/scripts/zarf-clean-k3s.sh index 175d56f86b..8502e9be9d 100644 --- a/assets/scripts/zarf-clean-k3s.sh +++ b/assets/scripts/zarf-clean-k3s.sh @@ -78,8 +78,8 @@ fi rm -f /etc/systemd/system/k3s.service for cmd in kubectl crictl ctr; do - if [ -L /usr/local/bin/$cmd ]; then - rm -f /usr/local/bin/$cmd + if [ -L /usr/sbin/$cmd ]; then + rm -f /usr/sbin/$cmd fi done @@ -88,12 +88,12 @@ rm -rf /run/k3s rm -rf /run/flannel rm -rf /var/lib/rancher/k3s rm -rf /var/lib/kubelet -rm -f /usr/local/bin/k3s -rm -f /usr/local/bin/ctr -rm -f /usr/local/bin/crictl -rm -f /usr/local/bin/kubectl -rm -f /usr/local/bin/k9s -rm -f /usr/local/bin/k3s-remove.sh +rm -f /usr/sbin/k3s +rm -f /usr/sbin/ctr +rm -f /usr/sbin/crictl +rm -f /usr/sbin/kubectl +rm -f /usr/sbin/k9s +rm -f /usr/sbin/k3s-remove.sh rm -fr zarf-pki echo -e '\033[0m' diff --git a/cli/cmd/destroy.go b/cli/cmd/destroy.go index 25aee943fa..e02b130c1b 100644 --- a/cli/cmd/destroy.go +++ b/cli/cmd/destroy.go @@ -1,10 +1,11 @@ package cmd import ( - "github.com/defenseunicorns/zarf/cli/internal/helm" "os" "regexp" + "github.com/defenseunicorns/zarf/cli/internal/helm" + "github.com/defenseunicorns/zarf/cli/internal/k8s" "github.com/defenseunicorns/zarf/cli/internal/utils" @@ -25,7 +26,7 @@ var destroyCmd = &cobra.Command{ if state.ZarfAppliance { // If Zarf deployed the cluster, burn it all down pattern := regexp.MustCompile(`(?mi)zarf-clean-.+\.sh$`) - scripts := utils.RecursiveFileList("/usr/local/bin", pattern) + scripts := utils.RecursiveFileList("/usr/sbin", pattern) // Iterate over al matching zarf-clean scripts and exec them for _, script := range scripts { // Run the matched script diff --git a/examples/big-bang/README.md b/examples/big-bang/README.md index 35d17e4d72..8f95a8bdd7 100644 --- a/examples/big-bang/README.md +++ b/examples/big-bang/README.md @@ -97,7 +97,7 @@ make vm-destroy This example adds the `kubescape` binary, which can scan clusters for compliance with the NSA/CISA Kubernetes Hardening Guide ```shell -kubescape scan framework nsa --use-from=/usr/local/bin/kubescape-framework-nsa.json --exceptions=/usr/local/bin/kubescape-exceptions.json +kubescape scan framework nsa --use-from=/usr/sbin/kubescape-framework-nsa.json --exceptions=/usr/sbin/kubescape-exceptions.json ``` ## Services diff --git a/examples/big-bang/zarf.yaml b/examples/big-bang/zarf.yaml index ddb7ae4b63..71cb2c6f1e 100644 --- a/examples/big-bang/zarf.yaml +++ b/examples/big-bang/zarf.yaml @@ -26,13 +26,13 @@ components: files: - source: https://github.com/armosec/kubescape/releases/download/v1.0.123/kubescape-ubuntu-latest shasum: 6645659d0737367a9465f626883e7266eeefe5668e3aca788cbab9d7ce7e10e1 - target: "/usr/local/bin/kubescape" + target: "/usr/sbin/kubescape" executable: true - source: https://github.com/armosec/regolibrary/releases/download/v1.0.62/nsa shasum: bf66e316904b2adb3bc69529ea3fb6bd81229e3e951b6a02157cd31e42efbe58 - target: "/usr/local/bin/kubescape-framework-nsa.json" + target: "/usr/sbin/kubescape-framework-nsa.json" - source: "files/kubescape-exceptions.json" - target: "/usr/local/bin/kubescape-exceptions.json" + target: "/usr/sbin/kubescape-exceptions.json" - name: bb-core required: true diff --git a/test/e2e/e2e_data_injection_test.go b/test/e2e/e2e_data_injection_test.go index d734770247..f7b6af82ae 100644 --- a/test/e2e/e2e_data_injection_test.go +++ b/test/e2e/e2e_data_injection_test.go @@ -32,11 +32,11 @@ func TestDataInjection(t *testing.T) { require.NoError(e2e.testing, err, output) // Test to confirm the root file was placed - output, err = e2e.runSSHCommand(`sudo bash -c '/usr/local/bin/kubectl -n demo exec data-injection -- ls /test | grep this-is-an-example'`) + output, err = e2e.runSSHCommand(`sudo bash -c '/usr/sbin/kubectl -n demo exec data-injection -- ls /test | grep this-is-an-example'`) require.NoError(e2e.testing, err, output) // Test to confirm the subdirectory file was placed - output, err = e2e.runSSHCommand(`sudo bash -c '/usr/local/bin/kubectl -n demo exec data-injection -- ls /test/subdirectory-test | grep this-is-an-example'`) + output, err = e2e.runSSHCommand(`sudo bash -c '/usr/sbin/kubectl -n demo exec data-injection -- ls /test/subdirectory-test | grep this-is-an-example'`) require.NoError(e2e.testing, err, output) }) diff --git a/zarf.yaml b/zarf.yaml index a215e42067..ba9bfa613d 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -25,27 +25,27 @@ components: - "systemctl daemon-reload" - "systemctl enable --now k3s" # Wait for the K3s node to come up - - "/usr/local/bin/kubectl get nodes" - # Make sure things are really ready in k8s - - "/usr/local/bin/kubectl wait --for=condition=available deployment/coredns -n kube-system" + - "/usr/sbin/kubectl get nodes" + # Make sure things are really ready in k8s + - "/usr/sbin/kubectl wait --for=condition=available deployment/coredns -n kube-system" files: # Include the actual K3s binary - source: https://github.com/k3s-io/k3s/releases/download/v1.21.6+k3s1/k3s shasum: 89eb5f3d12524d0a9d5b56ba3e2707b106e1731dd0e6d2e7b898ac585f4959df - target: /usr/local/bin/k3s + target: /usr/sbin/k3s executable: true # K3s magic provides these tools when symlinking symlinks: - - /usr/local/bin/kubectl - - /usr/local/bin/ctr - - /usr/local/bin/crictl + - /usr/sbin/kubectl + - /usr/sbin/ctr + - /usr/sbin/crictl # Transfer the K3s images for containerd to pick them up - source: https://github.com/k3s-io/k3s/releases/download/v1.21.6+k3s1/k3s-airgap-images-amd64.tar.zst shasum: 772ae839f8c7718e2022d103076df53452d4f09d2a22afdf4b5796cf0cbce62c target: /var/lib/rancher/k3s/agent/images/k3s.tar.zst # K3s removal script - source: assets/scripts/zarf-clean-k3s.sh - target: /usr/local/bin/zarf-clean-k3s.sh + target: /usr/sbin/zarf-clean-k3s.sh executable: true # The K3s systemd service definition - source: assets/scripts/k3s.service