cluster: make SELinux and THP check auto-fixes work on non-RHEL hosts

[yahonda]

What problem does this PR solve?

Two recently-merged checks added auto-fix commands that assume a RHEL-family host. They break tiup cluster check --apply (and the cluster/dm integration tests) on Debian/Ubuntu, where the assumed tools/files don't exist. Both currently fail on master.

1. SELinux status check (#2496). CheckSELinuxStatus runs getenforce. On hosts without the SELinux userspace tools (most Debian/Ubuntu, incl. the CI containers) the command is missing, so the check is reported as Fail. With --apply that triggers the SELinux fix:

sed -i 's/.../' /etc/selinux/config && setenforce 0

but /etc/selinux/config doesn't exist there → sed: can't read /etc/selinux/config: No such file or directory → the run aborts.

2. THP check (#2498). The THP auto-fix was extended with:

grubby --update-kernel=ALL --args="transparent_hugepage=never"

grubby is a RHEL-family tool and is absent on Debian/Ubuntu → grubby: command not found (exit 127) → the run aborts.

What is changed and how it works?

• CheckSELinuxStatus: treat a getenforce execution error (binary absent → SELinux not installed/enforcing) as disabled rather than a failure, restoring the lenient pre-cluster: check both SELinux status and config #2496 behavior. Enforcing still fails and Permissive still warns. The configuration is still validated independently by CheckSELinuxConf.
• THP auto-fix: guard the grubby call with command -v grubby so the persistent kernel argument is set where grubby exists, but skipped on hosts without it. The runtime setting (echo never > .../enabled) still applies everywhere.

Together these make the SELinux and THP checks Debian/non-RHEL safe and unblock the cluster/dm integration tests.

Check List

Tests

• Unit test (go test ./pkg/cluster/operation/... ./pkg/cluster/manager/...)
• Integration test (cluster/dm CI on this PR)

Side effects

• None on RHEL-family hosts; behavior there is unchanged.

Related changes

• Follow-up to cluster: check both SELinux status and config #2496 and cluster: Persistently disable THP #2498.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bb7133 for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 42.30%. Comparing base (9bdae04) to head (48f3e74).

Files with missing lines	Patch %	Lines
pkg/cluster/operation/check.go	0.00%	2 Missing ⚠️
pkg/cluster/manager/check.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2712      +/-   ##
==========================================
- Coverage   42.72%   42.30%   -0.42%     
==========================================
  Files         424      424              
  Lines       49744    47146    -2598     
==========================================
- Hits        21253    19943    -1310     
+ Misses      25797    24504    -1293     
- Partials     2694     2699       +5     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.