目前已有超过 12 台机器出现此问题。既有配置较旧的 CentOS7 机器,也有全新安装的 ISO 机器。
当我运行 OKD prerequisites install, branch 时release-3.11
,一切都运行正常,直到我执行任务
TASK [container_runtime : Fixup SELinux permissions for docker]
失败的地方
{
"changed": true,
"cmd": "semanage fcontext -a -e /var/lib/docker/overlay2 \"/var/lib/docker/overlay2\"\n restorecon -R -v \"/var/lib/docker/overlay2\"",
"delta": "0:00:00.005386",
"end": "2019-03-22 15:52:19.990999",
"invocation": {
"module_args": {
"_raw_params": "semanage fcontext -a -e /var/lib/docker/overlay2 \"/var/lib/docker/overlay2\"\n restorecon -R -v \"/var/lib/docker/overlay2\"",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"warn": true
}
},
"msg": "non-zero return code",
"rc": 127,
"start": "2019-03-22 15:52:19.985613",
"stderr": "/bin/sh: semanage: command not found\n/bin/sh: line 1: restorecon: command not found",
"stderr_lines": [
"/bin/sh: semanage: command not found",
"/bin/sh: line 1: restorecon: command not found"
],
"stdout": "",
"stdout_lines": []
}
我已经在这个问题上纠结了将近一个月了。我做了所有事情,包括废弃我们公司的 centos7 映像(它是为禁用 SELinux 而构建的),然后从头开始构建一个新的。似乎什么都不起作用。最让我恼火的是,如果我使用这两个命令行,ssh 进入目标框并执行
sudo semanage fcontext -a -e /var/lib/docker/overlay2 "/var/lib/docker/overlay2"
sudo restorecon -R -v "/var/lib/docker/overlay2"
它运行得很好。
这是我的库存文件
all:
children:
etcd:
hosts:
cent1.lab.mycompany.com:
masters:
hosts:
cent1.lab.mycompany.com:
nodes:
hosts:
cent1.lab.mycompany.com:
openshift_node_group_name: node-config-master-infra
cent2.lab.mycompany.com:
openshift_node_group_name: node-config-compute
openshift_schedulable: True
OSEv3:
children:
etcd:
masters:
nodes:
vars:
openshift_deployment_type: origin
openshift_master_cluster_method: native
openshift_master_cluster_hostname: console.lab.mycompany.com
openshift_master_default_subdomain: apps.lab.mycompany.com
ansible_ssh_user: automation_user
ansible_become_method: sudo
ansible_become: true
ansible_become_flags: '-S'
答案1
似乎是 ansible 用户的权限或 PATH 问题,应使用--become
ansible playbook 执行标志根据和使用--become
或进行修复。这应该正确设置 PATH,以便可以找到和。-b
--become-method=sudo
--become-user=root
restorecon
semanage
https://docs.ansible.com/ansible/2.4/become.html
restorecon
和semanage
通常存储在或中/sbin
,而/usr/sbin
对于普通用户来说,它们不在 $PATH 中。使用sudo
和become
withroot
应该正确设置 $PATH,以便可以找到可执行文件。