Set up SELinux
In case of same hardware upgrade using RHEL, it is recommended to upgrade the OS to RHEL 8.10.
Log on as root or use a root shell while setting up SELinux.
TeamForge SELinux Policies
TeamForge implements SELinux policies for most of its services such as JBoss, Apache, ETL, Tomcat and so on. However, you can use these instructions to revert these policies (not recommended) if required.
Here's a list of SELinux modules that are implemented (use the semodule -l|grep tf_ command to see the list of TeamForge SELinux modules):
- tf_apache
- tf_branding
- tf_daemon-base
- tf_etl
- tf_integration-base
- tf_jboss
- tf_phoenix
- tf_postgresql
- tf_runtime-base
- tf_subversion
- tf_tomcat
While you can revert these policies, you can contact Digital.ai Support to get help in fixing the issue with TeamForge SELinux policies.
- To Revert the TeamForge SELinux Policies:
/opt/collabnet/teamforge/runtime/scripts/fix_data_selinux_permissions.sh - If JBoss is using agents such as takipi, run the following command to apply selinux context for the takipi agent:
semanage fcontext --add -t tf_jboss_rw_t '/opt/takipi(/.*)?'
restorecon -R /opt/takipi
Do This If SELinux Is disabled
Verify SELinux mode using getenforce command. Do this if you have SELinux running in disabled mode.
-
Stop TeamForge.
importantStop TeamForge on all the servers in a distributed setup.
teamforge stop - Edit the file
/etc/sysconfig/selinuxand setSELINUX=enforcing. - Turn off TeamForge startup on boot.
chkconfig collabnet off - Reboot the server and verify if SELInux is set to
enforcingmode.getenforce - Turn on TeamForge startup on boot.
chkconfig collabnet on - Apply TeamForge SELinux policies.
teamforge apply-selinux -
Provision services.
teamforge provision
Do This If SELinux Is permissive
Verify SELinux mode using getenforce command. Do this if you have SELinux running in permissive mode.
-
Set SELinux to run in
enforcingmode again.setenforce 1 -
Restart TeamForge.
teamforge restart