search

ansible / galaxy-issues

This repository exists solely for the tracking of user issues with Ansible Galaxy.
20 stars 3 forks source link

Container build will fail on CentOS or RHEL because of SELinux #203

Closed rabem00 closed 7 years ago

rabem00 commented 7 years ago

When doing a build (using make refresh) on CentOS / RHEL 7 the build will fail with the following error:

ansible-container_1  | PLAY [django] ******************************************************************
ansible-container_1  | 
ansible-container_1  | TASK [Download postgres repo package] ******************************************
ansible-container_1  | fatal: [django]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo $HOME/.ansible/tmp/ansible-tmp-1476640411.34-91323859000389 `\" && echo ansible-tmp-1476640411.34-91323859000389=\"` echo $HOME/.ansible/tmp/ansible-tmp-1476640411.34-91323859000389 `\" ), exited with result 1", "unreachable": true}
ansible-container_1  |  [WARNING]: Could not create retry file 'main.retry'.         [Errno 2] No such
ansible-container_1  | file or directory: ''

In the closed pull-requests 16 and 17 we already looked at this issue. Many of the SELinux problems where fixed by adding :z and :Z behind the volume lines, but the build still fails with the message you see above.

If adding privileged: yes in the container.yml than the build goes well. But this is not acceptable (but a workaround for now).

My system is up to date and running: CentOS Linux release 7.2.1511 (Core) (Always using a minimal install). No packages marked for update

chouseknecht commented 7 years ago

Not sure why, but I'm not having the same experience. I'm able to build the container images without any issues:

Built a fresh vagrant box:

vagrant init centos/7; vagrant up --provider virtualbox

Installed the following packages:

epel-release
"@Development tools"
python-devel
python-pip

Installed Docker from the Docker yum repo:

tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF

# yum install docker-engine

Created a docker group and added it to the vagrant user, and started and enabled the docker service.

Upgrade setuptools: sudo pip install --upgrade setuptools

Cloned the ansible/ansible, ansible/galaxy and ansible/ansbile-container repos. Running the latest code from the develop or devel branch of each.

And finally, run make build from inside the galaxy directory. Build runs to completion without an issues:

PLAY RECAP *********************************************************************
ansible-container_1  | django                     : ok=26   changed=25   unreachable=0    failed=0
ansible-container_1  | gulp                       : ok=5    changed=5    unreachable=0    failed=0
ansible-container_1  |
ansible_ansible-container_1 exited with code 0
Aborting on container exit...
Stopping ansible_django_1 ... done
Stopping ansible_rabbit_1 ... done
Stopping ansible_memcache_1 ... done
Stopping ansible_postgres_1 ... done
Stopping ansible_elastic_1 ... done
Stopping ansible_gulp_1 ... done
Exporting built containers as images...
Committing image...

Centos version: 

$ hostnamectl
   Static hostname: localhost.localdomain
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 6b7ccd6c9e294529ab65b8a48888d0d9
           Boot ID: 5924175262da42abb11091caf765275f
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-229.14.1.el7.x86_64
      Architecture: x86-64

Docker version:

$ docker version
Client:
 Version:      1.12.2
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   bb80604
 Built:
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.2
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   bb80604
 Built:
 OS/Arch:      linux/amd64
rabem00 commented 7 years ago

I will verify. My build steps where a little different, so i will do your steps now.

rabem00 commented 7 years ago

The only difference i see is the docker version that are installed from the repos. The steps i used:

yum -y install git docker gcc python-debug openssl-devel
yum -y install epel-release
yum -y install python-pip
pip install --upgrade pip
systemctl enable docker;systemctl start docker

git clone https://github.com/ansible/ansible-container.git
cd ansible-container
pip install --upgrade setuptools
python ./setup.py install

git clone https://github.com/ansible/galaxy.git
cd galaxy
python ./setup.py install
make requirements
make build  or a make refresh

My docker version is: 

[root@galaxy ~]# docker version
Client:
 Version:         1.10.3            <---------Lower then yours
 API version:     1.22            <---------Lower then yours
 Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
 Go version:      go1.6.3
 Git commit:      cb079f6-unsupported
 Built:           Fri Sep 16 13:24:25 2016
 OS/Arch:         linux/amd64

Server:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
 Go version:      go1.6.3
 Git commit:      cb079f6-unsupported
 Built:           Fri Sep 16 13:24:25 2016
 OS/Arch:         linux/amd64
[root@galaxy ~]#

Your described steps are working. For later use (and for other users):

$ vagrant init centos/7; vagrant up --provider virtualbox
$ vagrant ssh
vagrant@localhost ~]$ sudo -i
# yum -y install epel-release "@Development tools" python-devel python-pip
# tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF

# yum -y install docker-engine
# usermod -G docker vagrant
# systemctl enable docker;systemctl start docker
# pip install --upgrade setuptools
# pip install --upgrade pip
# git clone https://github.com/ansible/galaxy.git
# git clone https://github.com/ansible/ansible-container.git
# git clone https://github.com/ansible/ansible.git
# cd ansible
# source ./hacking/env-setup
# cd ../ansible-container
# python ./setup.py develop
# cd ../galaxy
# make build

Will close the issue, thx for the work!

rabem00 commented 7 years ago

Thx!