Has anyone been able to resolve an SELinux issue when using the copy module
when writing to an NFS mount?
I tried specifying the SE options to force it, but that doesn't appear to
work. My /tmp is local disk where Ansible first uploads the file, but the
final destination /u01/app/oracle/product/fmw/wl_server_10.3/server/lib is
on an NFS mount (hosted on Netapp). This issue only comes up on NFS.
Using the copy module on a destination that is local disk like
/home/applmgr has no issues.
I am thinking my work around is going to have to be issuing a move command
after uploading the file to a path that is on the local file system. I am
using Ansible 1.5.5.
- name: Install JKS for SSL
copy: src={{ item.source }} dest={{ item.destination }} owner=applmgr
group=oinstall mode=0644 backup=yes seuser=_default serole=_default
setype_default
with_items:
- { source: 'files/CAtrust.jks', destination:
'/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks' }
sudo_user: applmgr
TASK: [Install JKS for SSL]
***************************************************
<stg-intmon-app-02> ESTABLISH CONNECTION FOR USER: systems on PORT 22 TO
stg-intmon-app-02
<stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
ansible, key=hyfpcveiujdsjplloxksrkpnccgbctjl] password: " -u applmgr
/bin/sh -c '"'"'echo SUDO-SUCCESS-hyfpcveiujdsjplloxksrkpnccgbctjl; rc=0; [
-r "/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks" ] ||
rc=2; [ -f
"/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks" ] ||
rc=1; [ -d
"/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks" ] &&
echo 3 && exit 0; (/usr/bin/md5sum
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/sbin/md5sum -q
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/usr/bin/digest -a md5
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/sbin/md5 -q
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/usr/bin/md5 -n
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/bin/md5 -q
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/usr/bin/csum -h MD5
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (/bin/csum -h MD5
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks
2>/dev/null) || (echo "${rc}
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks")'"'"''
<stg-intmon-app-02> EXEC /bin/sh -c 'mkdir -p
/tmp/ansible-tmp-1406010170.17-83664497534334 && chmod a+rx
/tmp/ansible-tmp-1406010170.17-83664497534334 && echo
/tmp/ansible-tmp-1406010170.17-83664497534334'
<stg-intmon-app-02> PUT
/opt/playbook/intmon/roles/weblogic/tasks/files/CAtrust.jks TO
/tmp/ansible-tmp-1406010170.17-83664497534334/source
<stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r
/tmp/ansible-tmp-1406010170.17-83664497534334/source'
<stg-intmon-app-02> PUT /tmp/tmpTUjBR9 TO
/tmp/ansible-tmp-1406010170.17-83664497534334/copy
<stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r
/tmp/ansible-tmp-1406010170.17-83664497534334/copy'
<stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
ansible, key=nyamsxiowxjuicxewlbnfaojqzneyfhj] password: " -u applmgr
/bin/sh -c '"'"'echo SUDO-SUCCESS-nyamsxiowxjuicxewlbnfaojqzneyfhj;
/usr/bin/python /tmp/ansible-tmp-1406010170.17-83664497534334/copy'"'"''
<stg-intmon-app-02> EXEC /bin/sh -c 'rm -rf
/tmp/ansible-tmp-1406010170.17-83664497534334/ >/dev/null 2>&1'
failed: [stg-intmon-app-02] => (item={'source': 'files/CAtrust.jks',
'destination':
'/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks'}) =>
{"cur_context": ["system_u", "object_r", "nfs_t", "s0"], "failed": true,
"gid": 501, "group": "oinstall", "input_was": ["system_u", "object_r", "
default_t", "s0"], "item": {"destination":
"/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks",
"source": "files/CAtrust.jks"}, "md5sum":
"6927b8279d5265ff0c97a9efee474ee6", "mode": "0664", "new_context": ["system_u",
"object_r", "default_t", "s0"], "owner": "applmgr", "path":
"/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/.CAtrust.jks.4439.1406010170.72",
"secontext": "system_u:object_r:nfs_t:s0", "size": 15070, "state": "file",
"uid": 503}
msg: invalid selinux context
FATAL: all hosts have already failed -- aborting
[root@stg-intmon-app-02 tmp]# ls -lZ
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/*.jks
-rwxr-x---. applmgr oinstall system_u:object_r:nfs_t:s0
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoIdentity.jks
-rwxr-x---. applmgr oinstall system_u:object_r:nfs_t:s0
/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks
But this is OK when not on NFS
- name: Upload Weblogic silent install config
copy: src=files/standard_silent_wls_java6u45.xml
dest=/home/applmgr/standard_silent_wls_java6u45.xml owner=applmgr
group=oinstall mode=0644 backup=no
sudo_user: applmgr
TASK: [Upload Weblogic silent install config]
*********************************
<stg-intmon-app-02> ESTABLISH CONNECTION FOR USER: systems on PORT 22 TO
stg-intmon-app-02
<stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
ansible, key=prjkakodhdaeiuduuzbbnbanwvumzjyc] password: " -u applmgr
/bin/sh -c '"'"'echo SUDO-SUCCESS-prjkakodhdaeiuduuzbbnbanwvumzjyc; rc=0; [
-r "/home/applmgr/standard_silent_wls_java6u45.xml" ] || rc=2; [ -f
"/home/applmgr/standard_silent_wls_java6u45.xml" ] || rc=1; [ -d
"/home/applmgr/standard_silent_wls_java6u45.xml" ] && echo 3 && exit 0;
(/usr/bin/md5sum /home/applmgr/standard_silent_wls_java6u45.xml
2>/dev/null) || (/sbin/md5sum -q
/home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) ||
(/usr/bin/digest -a md5 /home/applmgr/standard_silent_wls_java6u45.xml
2>/dev/null) || (/sbin/md5 -q
/home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) ||
(/usr/bin/md5 -n /home/applmgr/standard_silent_wls_java6u45.xml
2>/dev/null) || (/bin/md5 -q /home/applmgr/standard_silent_wls_java6u45.xml
2>/dev/null) || (/usr/bin/csum -h MD5
/home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) || (/bin/csum
-h MD5 /home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) || (echo
"${rc} /home/applmgr/standard_silent_wls_java6u45.xml")'"'"''
<stg-intmon-app-02> EXEC /bin/sh -c 'mkdir -p
/tmp/ansible-tmp-1406009753.63-205073731489156 && chmod a+rx
/tmp/ansible-tmp-1406009753.63-205073731489156 && echo
/tmp/ansible-tmp-1406009753.63-205073731489156'
<stg-intmon-app-02> PUT
/opt/playbook/intmon/roles/weblogic/tasks/files/standard_silent_wls_java6u45.xml
TO /tmp/ansible-tmp-1406009753.63-205073731489156/source
<stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r
/tmp/ansible-tmp-1406009753.63-205073731489156/source'
<stg-intmon-app-02> PUT /tmp/tmpjajnpT TO
/tmp/ansible-tmp-1406009753.63-205073731489156/copy
<stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r
/tmp/ansible-tmp-1406009753.63-205073731489156/copy'
<stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
ansible, key=zjfkqcclaxexsimgzzuwwintokanbidr] password: " -u applmgr
/bin/sh -c '"'"'echo SUDO-SUCCESS-zjfkqcclaxexsimgzzuwwintokanbidr;
/usr/bin/python /tmp/ansible-tmp-1406009753.63-205073731489156/copy'"'"''
<stg-intmon-app-02> EXEC /bin/sh -c 'rm -rf
/tmp/ansible-tmp-1406009753.63-205073731489156/ >/dev/null 2>&1'
changed: [stg-intmon-app-02] => {"changed": true, "dest":
"/home/applmgr/standard_silent_wls_java6u45.xml", "gid": 501, "group":
"oinstall", "md5sum": "1acef40ba022448b0f61b6b82384c96e", "mode": "0644",
"owner": "applmgr", "secontext": "unconfined_u:object_r:user_home_t:s0",
"size": 4059, "src":
"/tmp/ansible-tmp-1406009753.63-205073731489156/source", "state": "file",
"uid": 503}
[root@stg-intmon-app-02 applmgr]# ls -lZ /home/applmgr/*.xml
-rw-r--r--. applmgr oinstall unconfined_u:object_r:user_home_t:s0
/home/applmgr/standard_silent_wls_java6u45.xml
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4515336c-d4dd-4baa-94bb-95f7d0a43340%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
