Bug 1588009
| Summary: | Deploying logging on a system where /tmp mounted with noexec option fails | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Birol Bilgin <bbilgin> | |
| Component: | Logging | Assignee: | ewolinet | |
| Status: | CLOSED ERRATA | QA Contact: | Anping Li <anli> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | low | |||
| Version: | 3.9.0 | CC: | aos-bugs, bleanhar, ewolinet, jokerman, mmccomas, rmeggins | |
| Target Milestone: | --- | |||
| Target Release: | 3.9.z | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause: To label nodes for Fluentd, we were running a script out of /tmp
Consequence: When noexec option was set for /tmp the playbook failed.
Fix: Instead of running a script where we paused, we labeled with a pause using the 'shell' Ansible task.
Result: We are able to pause and run to completion.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1600685 (view as bug list) | Environment: | ||
| Last Closed: | 2018-06-27 18:02:09 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1600685 | |||
looks like a problem in roles/openshift_logging_fluentd/tasks/label_and_wait.yaml work well with ose-ansible/images/v3.9.31-2.
The following message are printed when use openshift-ansible:v3.9.29
TASK [openshift_logging_fluentd : Execute the fluentd temporary labeling script] ***
^[[0;31mfailed: [10.66.146.153] (item=10.66.146.153) => {"changed": false, "cmd": "/tmp/fluentd_label.temp.sh 10.66.146.153", "failed": true, "fluentd_host": "10.66.146.153", "msg": "[Errno 13] Permission denied", "rc": 13}^[[0m
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2013 |
Description of problem: Deploying logging on a system where /tmp mounted with noexec option fails In the file below there is task executes a script o /tmp directory, this is hardcoded to be executed on /tmp directory. openshift/openshift-ansible/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml - name: Execute the fluentd temporary labeling script command: "/tmp/fluentd_label.temp.sh {{ fluentd_host }}" with_items: "{{ openshift_logging_fluentd_hosts }}" loop_control: loop_var: fluentd_host When a system mounts the /tmp directory with noexec option this task fails with the error below, 2018-06-01 15:34:15,427 p=626 u=karel | failed: [i********************] (item=hrrlyicplv005.msnet.railb.be) => { "changed": false, "cmd": "/tmp/fluentd_label.temp.sh h****************", "fluentd_host": "h***********", "invocation": { "module_args": { "_raw_params": "/tmp/fluentd_label.temp.sh h****************", "_uses_shell": false, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "warn": true } }, "msg": "[Errno 13] Permission denied", "rc": 13 } Version-Release number of the following components: Ansible: ansible 2.5.3 Git: openshift-ansible-3.9.29-1 How reproducible: Allways Steps to Reproduce: 1. Mount the /tmp directory with noexec option 2. Install the looging component Actual results: ansible log will be added to the case. Upstream issue: https://github.com/openshift/openshift-ansible/issues/8517