RKE2 Fails To Start If fapolicyd Is Enabled

Resolution when RKE2 fails to start if fapolicyd is enabled .

Issue Description: RKE2 fails to start if fapolicyd is enabled and running as a process, and this causes an infra installation of Automation Suite (AS) to fail.

Root Cause: RKE2 is using containerd as its container engine and it uses runc as its container runtime.

  • fapolicyd--seemingly one of the security tools required by organizations practicing STIGS-- blocks an execution of runc which causes RKE2 to fail. Also, podman, which is used for validating prereqs and managing container images in offline setup, uses runc as well, so fapolicyd also causes podman to fail.

Resolution:

  1. Disable fapolicyd
  • sudo systemctl stop fapolicyd && sudo systemctl disable fapolicyd
  1. Then resume infra installation .