Description of problem: Deploying logging on a system where /tmp mounted with noexec option fails In the file below there is task executes a script o /tmp directory, this is hardcoded to be executed on /tmp directory. openshift/openshift-ansible/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml - name: Execute the fluentd temporary labeling script command: "/tmp/fluentd_label.temp.sh {{ fluentd_host }}" with_items: "{{ openshift_logging_fluentd_hosts }}" loop_control: loop_var: fluentd_host When a system mounts the /tmp directory with noexec option this task fails with the error below, 2018-06-01 15:34:15,427 p=626 u=karel | failed: [i********************] (item=hrrlyicplv005.msnet.railb.be) => { "changed": false, "cmd": "/tmp/fluentd_label.temp.sh h****************", "fluentd_host": "h***********", "invocation": { "module_args": { "_raw_params": "/tmp/fluentd_label.temp.sh h****************", "_uses_shell": false, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "warn": true } }, "msg": "[Errno 13] Permission denied", "rc": 13 } Version-Release number of the following components: Ansible: ansible 2.5.3 Git: openshift-ansible-3.9.29-1 How reproducible: Allways Steps to Reproduce: 1. Mount the /tmp directory with noexec option 2. Install the looging component Actual results: ansible log will be added to the case. Upstream issue: https://github.com/openshift/openshift-ansible/issues/8517
looks like a problem in roles/openshift_logging_fluentd/tasks/label_and_wait.yaml
https://github.com/openshift/openshift-ansible/pull/8676
https://github.com/openshift/openshift-ansible/pull/8688
work well with ose-ansible/images/v3.9.31-2. The following message are printed when use openshift-ansible:v3.9.29 TASK [openshift_logging_fluentd : Execute the fluentd temporary labeling script] *** ^[[0;31mfailed: [10.66.146.153] (item=10.66.146.153) => {"changed": false, "cmd": "/tmp/fluentd_label.temp.sh 10.66.146.153", "failed": true, "fluentd_host": "10.66.146.153", "msg": "[Errno 13] Permission denied", "rc": 13}^[[0m
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2013