Bug 1419040
Summary: | The change to /var/log mounting breaks the running of services that require a folder in /var/log created at docker build time | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | James Hogarth <james.hogarth> |
Component: | oci-systemd-hook | Assignee: | Lokesh Mandvekar <lsm5> |
Status: | CLOSED ERRATA | QA Contact: | Martin Jenner <mjenner> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | ddarrah, dornelas, dwalsh, redhat-bugzilla, robert.scheck, tsweeney |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: oci-systemd-hook was running as container_t, (svirt_lxc_net_t) and should not have been.
Consequence: This caused systemctl is-active to show failures when mariadb tried to start within a container and other selinux errors.
Fix: This was corrected in oci-systemd-hook-0.1.6-1.gitfe22236.el7.x86_64.
Result: mariadb containers now start as expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-04-12 14:51:02 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1423502 |
Description
James Hogarth
2017-02-03 14:04:00 UTC
Okay I just tested using rpm to force installing the older package and accepting the dependency issues for now ... I can definitely confirm that the build&run works then and that this update is a regression that breaks anything that expects something in /var/log already to exist - such as mariadb Confirming in my tests that the recent build in Fedora fixes this: https://koji.fedoraproject.org/koji/buildinfo?buildID=839423 If this could be built and rolled out to RHEL Extras it'd be appreciated. Aside of this, the update of oci-systemd-hook to 0.1.4-9.git671c428.el7.x86_64 leads to bug #1423502 here, while 0.1.5-1.git16f7c8a.fc25.x86_64 (as mentioned in comment #3) indeed fixes it, thus I also would like to see the fix in RHEL Extras. Cross-filed case 01794554 on the Red Hat customer portal for both issues. Btw, let me clarify this: The SELinux errors show up with both packages, - oci-systemd-hook-0.1.4-9.git671c428.el7.x86_64 - oci-systemd-hook-0.1.5-1.git16f7c8a.fc25.x86_64 but not with the old oci-systemd-hook-0.1.4-6.git337078c.el7.c86_64. However, yes, oci-systemd-hook-0.1.5-1.git16f7c8a.fc25.x86_64, makes MariaDB instances working again. As conclusion on bug #1423502 comment #5, 0.1.5-1.git16f7c8a.fc25.x86_64 for RHEL Extras is not the ultimate solution, oci-systemd-hook still needs to be fixed instead (to avoid the behavior described in bug #1423502). Fixed in oci-systemd-hook-0.1.6-1.gitfe22236.el7 (In reply to Daniel Walsh from comment #7) > Fixed in oci-systemd-hook-0.1.6-1.gitfe22236.el7 It appears to be fixed. Test results follow. Dan I'll touch base with you Monday about closing. [root@rhel73bz ~]# cat > Dockerfile.mariadb << EOF > FROM centos:latest > STOPSIGNAL SIGRTMIN+3 > > RUN yum -y install mariadb-server && yum clean all > > RUN systemctl enable mariadb > > VOLUME /var/lib/mysql > > CMD ["/sbin/init"] > EOF [root@rhel73bz ~]# docker volume create --name localtest-mdb localtest-mdb [root@rhel73bz ~]# docker build -f Dockerfile.mariadb -t localtest-mdb . Sending build context to Docker daemon 14.85 kB Step 1 : FROM centos:latest ---> 98d35105a391 Step 2 : STOPSIGNAL SIGRTMIN+3 ---> Using cache ---> d21037da37ed Step 3 : RUN yum -y install mariadb-server && yum clean all ---> Using cache ---> 4440f237aa2b Step 4 : RUN systemctl enable mariadb ---> Using cache ---> 007cbeb7dcff Step 5 : VOLUME /var/lib/mysql ---> Using cache ---> dc7109037dbf Step 6 : CMD /sbin/init ---> Using cache ---> 53e981575dd6 Successfully built 53e981575dd6 [root@rhel73bz ~]# docker run -dt -v localtest-mdb:/var/lib/mysql --name localtest-mdb localtest-mdb e54bcedff15d675fecba00e74a302a2a0948dc99c17afd575992ee501675a114 [root@rhel73bz ~]# docker exec -t localtest-mdb /bin/bash -c 'for i in {1..30}; do if systemctl is-active mariadb ; then break ; else sleep 1 ; fi done;' activating activating activating active [root@rhel73bz ~]# docker exec -t localtest-mdb mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'testuser'@'%' IDENTIFIED BY 'testpassword' WITH GRANT OPTION;" [root@rhel73bz ~]# docker stop localtest-mdb localtest-mdb [root@rhel73bz ~]# docker rm localtest-mdb localtest-mdb [root@rhel73bz ~]# uname -a Linux rhel73bz.localdomain 3.10.0-625.el7.x86_64 #1 SMP Thu Mar 23 11:04:30 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux [root@rhel73bz ~]# [root@rhel73bz ~]# [root@rhel73bz ~]# rpm -qa | grep oci-systemd-hook oci-systemd-hook-0.1.6-1.gitfe22236.el7.x86_64 Verified as above on RHEL with remote db service access across the network. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0949 |