tripleo

Deploying openshift fails on RHEL8 due to selinux issues

Bug #1821437 reported by Martin André
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Undecided
Martin André
tripleo stein-rc1

Bug Description

Originally reported by Marius Cornea at https://bugzilla.redhat.com/show_bug.cgi?id=1691879

Deployment on RHEL8 fails while running /usr/bin/tripleo-deploy-openshift:

 [root@undercloud-0 stack]# cat /var/lib/mistral/openshift/openshift/playbook.log
--config-download-dir is deprecated, use --plan instead
Trying to pull 192.168.24.1:8787/openshift3/ose-ansible:v3.11...Getting image source signatures
Copying blob 2cb1196a3b27: 72.31 MiB / 72.31 MiB 5s
Copying blob c9c433594a59: 1.21 KiB / 1.21 KiB 5s
Copying blob b9bf6fa9627f: 128.46 MiB / 128.46 MiB 5s
Copying config 0498430e0cc8: 5.57 KiB / 5.57 KiB 0s
Writing manifest to image destination
Storing signatures
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftInfra_groups.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftInfra_hosts.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftInfra_openshift_glusterfs.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftMaster_groups.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftMaster_hosts.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftMaster_openshift_master.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftWorker_groups.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftWorker_hosts.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/OpenShiftWorker_openshift_glusterfs.yml': Permission denied
cp: cannot stat '/var/lib/mistral/openshift/openshift/inventory/groups.yml': Permission denied

Additional debugging shows we need to add 'z' option while mounting the /var/lib/mistral/openshift:

(undercloud) [stack@undercloud-0 ~]$ ls -l /var/lib/mistral/openshift/openshift
total 20
-rw-rw-r--. 1 tripleo-admin tripleo-admin 383 Mar 22 16:00 global_gluster_vars.yml
-rw-rw-r--. 1 tripleo-admin tripleo-admin 3206 Mar 22 16:01 global_vars.yml
drwxr-xr-x. 2 tripleo-admin root 4096 Mar 22 16:01 inventory
-rw-rw-r--. 1 tripleo-admin tripleo-admin 1190 Mar 22 16:01 playbook.log
-rw-rw-r--. 1 tripleo-admin tripleo-admin 1262 Mar 22 16:01 playbook.yml

(undercloud) [stack@undercloud-0 ~]$ sudo podman run --net=host -u 0 -v /var/lib/mistral/openshift:/var/lib/mistral/openshift -t 192.168.24.1:8787/openshift3/ose-ansible:v3.11 ls -l /var/lib/mistral/openshift/openshift/
ls: cannot access /var/lib/mistral/openshift/openshift/global_gluster_vars.yml: Permission denied
ls: cannot access /var/lib/mistral/openshift/openshift/global_vars.yml: Permission denied
ls: cannot access /var/lib/mistral/openshift/openshift/playbook.yml: Permission denied
total 8
-?????????? ? ? ? ? ? global_gluster_vars.yml
-?????????? ? ? ? ? ? global_vars.yml
drwxr-xr-x. 2 1002 root 4096 Mar 22 20:01 inventory
-rw-rw-r--. 1 1002 1003 1190 Mar 22 20:01 playbook.log
-?????????? ? ? ? ? ? playbook.yml

(undercloud) [stack@undercloud-0 ~]$ sudo podman run --net=host -u 0 -v /var/lib/mistral/openshift:/var/lib/mistral/openshift:z -t 192.168.24.1:8787/openshift3/ose-ansible:v3.11 ls -l /var/lib/mistral/openshift/openshift/
total 20
-rw-rw-r--. 1 1002 1003 383 Mar 22 20:00 global_gluster_vars.yml
-rw-rw-r--. 1 1002 1003 3206 Mar 22 20:01 global_vars.yml
drwxr-xr-x. 2 1002 root 4096 Mar 22 20:01 inventory
-rw-rw-r--. 1 1002 1003 1190 Mar 22 20:01 playbook.log
-rw-rw-r--. 1 1002 1003 1262 Mar 22 20:01 playbook.yml

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.openstack.org/645979

Changed in tripleo:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.openstack.org/645979
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=e732fff8fd5533eeb0d8b714c53ce6174c215ed6
Submitter: Zuul
Branch: master

commit e732fff8fd5533eeb0d8b714c53ce6174c215ed6
Author: Martin André <email address hidden>
Date: Sat Mar 23 08:28:44 2019 +0100

    Mount openshift-ansible working dir with 'z' option

    On RHEL8, deployment fails with a bunch of permission issue while the
    openshift-ansible container image tries to read files from /var/lib/mistral/openshift/openshift/inventory/.

    We need to add 'z' option while mounting the
    /var/lib/mistral/openshift volume.

    Change-Id: I24067f97eb36e475f873e3a3ea06a488fef95d90
    Closes-Bug: #1821437

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 10.6.1

This issue was fixed in the openstack/tripleo-common 10.6.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.