Closed jalogisch closed 6 years ago
Tested with CentOS 7 and these SELinux settings:
[root@ubuntu vagrant]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
and still got the same error:
TASK [Graylog2.graylog-ansible-role : Package dependencies should be installed] ****************************************
ok: [127.0.0.1] => (item=[u'libselinux-python'])
TASK [Graylog2.graylog-ansible-role : MongoDB should be installed] *****************************************************
changed: [127.0.0.1]
TASK [Graylog2.graylog-ansible-role : MongoDB should be configured] ****************************************************
changed: [127.0.0.1]
TASK [Graylog2.graylog-ansible-role : set SELinux MongoDB Port access allowed] *****************************************
changed: [127.0.0.1]
RUNNING HANDLER [jdauphant.nginx : restart nginx] **********************************************************************
ok: [127.0.0.1] => {
"msg": "checking config first"
}
RUNNING HANDLER [jdauphant.nginx : reload nginx] ***********************************************************************
ok: [127.0.0.1] => {
"msg": "checking config first"
}
RUNNING HANDLER [jdauphant.nginx : check nginx configuration] **********************************************************
[DEPRECATION WARNING]: always_run is deprecated. Use check_mode = no instead..
This feature will be removed in version
2.4. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [127.0.0.1]
RUNNING HANDLER [jdauphant.nginx : restart nginx - after config check] *************************************************
changed: [127.0.0.1]
RUNNING HANDLER [jdauphant.nginx : reload nginx - after config check] **************************************************
changed: [127.0.0.1]
RUNNING HANDLER [Graylog2.graylog-ansible-role : restart mongod] *******************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service mongod: Job for mongod.service failed because a timeout was exceeded. See \"systemctl status mongod.service\" and \"journalctl -xe\" for details.\n"}
to retry, use: --limit @/tmp/ansible/playbook.retry
PLAY RECAP *************************************************************************************************************
127.0.0.1 : ok=67 changed=35 unreachable=0 failed=1
I have created this PR: https://github.com/Graylog2/graylog-ansible-role/pull/87 With these changes MongoDB was installed successfully on CentOS7 with
SELINUX=enforcing
SELINUXTYPE=targeted
Regression tested with Ubuntu 16.04 and Debian 8
Couls someone please test the changes so that we can merge them?
Closing in favour of https://github.com/Graylog2/graylog-ansible-role/pull/87#issuecomment-378901786
tested the above on RHEL 6.9 and CentOS 7 - on both SELinux runs on default.
Ansible might complain about a missing package (
yum install policycoreutils-python
) but I did not include automatic install of that - as even elastic did not have that for the selinux parts.