Skip to main content
Version: TeamForge 22.0

Set up SELinux

In case of same hardware upgrade using RHEL, it is recommended to upgrade the OS to RHEL 8.5.
Log on as root or use a root shell while setting up SELinux.

TeamForge SELinux Policies

TeamForge implements SELinux policies for most of its services such as JBoss, Apache, ETL, Tomcat and so on. However, you can use these instructions to revert these policies (not recommended) if required.

Here's a list of SELinux modules that are implemented (use the semodule -l|grep tf_ command to see the list of TeamForge SELinux modules):

  • tf_apache
  • tf_branding
  • tf_daemon-base
  • tf_etl
  • tf_integration-base
  • tf_jboss
  • tf_phoenix
  • tf_postgresql
  • tf_runtime-base
  • tf_subversion
  • tf_tomcat

While you can revert these policies, you can contact Digital.ai Support to get help in fixing the issue with TeamForge SELinux policies.

  • To Revert the TeamForge SELinux Policies:
    /opt/collabnet/teamforge/runtime/scripts/fix_data_selinux_permissions.sh
  • If JBoss is using agents such as takipi, run the following command to apply selinux context for the takipi agent:
    semanage fcontext --add -t tf_jboss_rw_t '/opt/takipi(/.*)?'
    restorecon -R /opt/takipi

Do This If SELinux Is disabled

Verify SELinux mode using getenforce command. Do this if you have SELinux running in disabled mode.

  1. Stop TeamForge.

    important

    Stop TeamForge on all the servers in a distributed setup.

    teamforge stop
  2. Edit the file /etc/sysconfig/selinux and set SELINUX=enforcing.
  3. Turn off TeamForge startup on boot.
    chkconfig collabnet off
  4. Reboot the server and verify if SELInux is set to enforcing mode.
    getenforce
  5. Turn on TeamForge startup on boot.
    chkconfig collabnet on
  6. Apply TeamForge SELinux policies.
    teamforge apply-selinux
  7. Provision services.

    teamforge provision

Do This If SELinux Is permissive

Verify SELinux mode using getenforce command. Do this if you have SELinux running in permissive mode.

  1. Set SELinux to run in enforcing mode again.

    setenforce 1
  2. Restart TeamForge.

    teamforge restart