7.6. Troubleshooting the K3s Installer
The LOCKSS Installer's install-lockss script installs K3s by executing SUSE's official K3s Installer from https://get.k3s.io/, after checking that various system, firewall and DNS prerequisites are addressed (see Running the LOCKSS Installer). However, the installation can still run into issues and fail. Some of the error messages you might encounter are documented below, but you may need to refer to the official K3s documentation or use a search engine to look up a specific error message.
7.6.1. Enabling User Namespaces in RHEL 7 and CentOS 7
K3s requires user namespaces, a feature generally available and enabled in many Linux flavors. However, some RHEL 7 and CentOS 7 systems do not have user namespace enabled by default. This can cause the Checking K3s Prerequisites or Testing the K3s Node phases of install-lockss or the optional Checking the K3s Configuration phase to fail.
To resolve this issue in RHEL 7 or CentOS 7 [1]:
Edit the file
/etc/default/grubasroot[2].Look for the line beginning with
GRUB_CMDLINE_LINUX=, for example:GRUB_CMDLINE_LINUX="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop crashkernel=auto"
This line defines a space-separated list of boot arguments.
Add
user_namespace.enable=1to the beginning of the space-separated list, for instance:GRUB_CMDLINE_LINUX="user_namespace.enable=1 no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop crashkernel=auto"
Run the following command as
root:grub2-mkconfig -o /boot/grub2/grub.cfg
Note
If EFI is in use, the file to use for the
-ooption will not be/boot/grub2/grub.cfgexactly. For example on CentOS, it may be/boot/efi/EFI/centos/grub.cfg.Reboot the system.
Check that the change took effect. To do so, look at the contents of
/proc/cmdline(for example typecat /proc/cmdline) and verify that it now containsuser_namespace.enable=1.Note
If the change did not take effect, it could be an indication that a different
grub.cfgfile is needed for the-ooption of grub2-mkconfig command above.
7.6.2. Installing apparmor_parser
K3s uses Apparmor in systems where it is enabled. However, some systems, especially OpenSUSE systems, have Apparmor enabled but apparmor_parser is not installed by default. This can cause the Checking K3s Prerequisites or Installing K3s phases of install-lockss or the optional Checking the K3s Configuration phase to fail.
To resolve this issue in OpenSUSE, run these zypper commands as root [2]:
zypper refresh
zypper --non-interactive install apparmor-parser
or equivalently:
zypper refresh
zypper -n install apparmor-parser
Tip
In other Linux flavors, use similar package installation commands.
7.6.3. Failed to apply container_runtime_exec_t to /usr/local/bin/k3s
In some Fedora systems, the K3s installer may fail with an error message similar to the following:
[ERROR] Failed to apply container_runtime_exec_t to /usr/local/bin/k3s, please install:
yum install -y container-selinux selinux-policy-base
yum install -y https://rpm.rancher.io/k3s/stable/common/centos/8/noarch/k3s-selinux-0.3-0.el8.noarch.rpm
The specific commands and version numbers may vary from the example above.
To resolve this problem, run the recommended commands as root [2].
7.6.4. k3s-selinux requires container-selinux
In some Oracle Linux 7 systems, you may see an error message similar to the following:
Error: Package: k3s-selinux-0.3-0.el7.noarch (rancher-k3s-common-stable)
Requires: container-selinux >= 2.107-3
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
The specific commands and version numbers may vary from the example above.
This can occur in environments where the Oracle Linux 7 Addons Yum repository is not enabled by default, so SUSE's official K3s installer is unable to install the package container-selinux automatically.
To resolve this problem in Oracle Linux 7, run the following command as root [2]:
yum-config-manager --enable ol7_addons
Footnotes