First off, please don't run 1.5.5, the current version of Ansible is 1.6.7, and this contains security fixes which you most definitely want applied.
if you still see issues there, let us know. I'd like to see the command from your playbook line and both the expected SELinux state and the desired SELinux state, or what you think the above problem is. I am unclear in " tried specifying the SE options to force it, but that doesn't appear to work." what "doesn't work" means, in other words. I'm of course not saying there is a problem, but this helps me understand more what you are looking for. Thanks! On Tue, Jul 22, 2014 at 2:35 AM, Melissa Tan <[email protected]> wrote: > Has anyone been able to resolve an SELinux issue when using the copy > module when writing to an NFS mount? > > I tried specifying the SE options to force it, but that doesn't appear to > work. My /tmp is local disk where Ansible first uploads the file, but the > final destination /u01/app/oracle/product/fmw/wl_server_10.3/server/lib is > on an NFS mount (hosted on Netapp). This issue only comes up on NFS. > Using the copy module on a destination that is local disk like > /home/applmgr has no issues. > > I am thinking my work around is going to have to be issuing a move command > after uploading the file to a path that is on the local file system. I am > using Ansible 1.5.5. > > > - name: Install JKS for SSL > copy: src={{ item.source }} dest={{ item.destination }} owner=applmgr > group=oinstall mode=0644 backup=yes seuser=_default serole=_default > setype_default > with_items: > - { source: 'files/CAtrust.jks', destination: > '/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks' } > sudo_user: applmgr > > TASK: [Install JKS for SSL] > *************************************************** > <stg-intmon-app-02> ESTABLISH CONNECTION FOR USER: systems on PORT 22 TO > stg-intmon-app-02 > <stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via > ansible, key=hyfpcveiujdsjplloxksrkpnccgbctjl] password: " -u applmgr > /bin/sh -c '"'"'echo SUDO-SUCCESS-hyfpcveiujdsjplloxksrkpnccgbctjl; rc=0; [ > -r "/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks" ] || > rc=2; [ -f > "/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks" ] || > rc=1; [ -d > "/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks" ] && > echo 3 && exit 0; (/usr/bin/md5sum > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/sbin/md5sum -q > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/usr/bin/digest -a md5 > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/sbin/md5 -q > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/usr/bin/md5 -n > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/bin/md5 -q > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/usr/bin/csum -h MD5 > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (/bin/csum -h MD5 > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks > 2>/dev/null) || (echo "${rc} > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks")'"'"'' > <stg-intmon-app-02> EXEC /bin/sh -c 'mkdir -p > /tmp/ansible-tmp-1406010170.17-83664497534334 && chmod a+rx > /tmp/ansible-tmp-1406010170.17-83664497534334 && echo > /tmp/ansible-tmp-1406010170.17-83664497534334' > <stg-intmon-app-02> PUT > /opt/playbook/intmon/roles/weblogic/tasks/files/CAtrust.jks TO > /tmp/ansible-tmp-1406010170.17-83664497534334/source > <stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r > /tmp/ansible-tmp-1406010170.17-83664497534334/source' > <stg-intmon-app-02> PUT /tmp/tmpTUjBR9 TO > /tmp/ansible-tmp-1406010170.17-83664497534334/copy > <stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r > /tmp/ansible-tmp-1406010170.17-83664497534334/copy' > <stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via > ansible, key=nyamsxiowxjuicxewlbnfaojqzneyfhj] password: " -u applmgr > /bin/sh -c '"'"'echo SUDO-SUCCESS-nyamsxiowxjuicxewlbnfaojqzneyfhj; > /usr/bin/python /tmp/ansible-tmp-1406010170.17-83664497534334/copy'"'"'' > <stg-intmon-app-02> EXEC /bin/sh -c 'rm -rf > /tmp/ansible-tmp-1406010170.17-83664497534334/ >/dev/null 2>&1' > failed: [stg-intmon-app-02] => (item={'source': 'files/CAtrust.jks', > 'destination': > '/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks'}) => > {"cur_context": ["system_u", "object_r", "nfs_t", "s0"], "failed": true, > "gid": 501, "group": "oinstall", "input_was": ["system_u", "object_r", " > default_t", "s0"], "item": {"destination": > "/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/CAtrust.jks", > "source": "files/CAtrust.jks"}, "md5sum": > "6927b8279d5265ff0c97a9efee474ee6", "mode": "0664", "new_context": > ["system_u", > "object_r", "default_t", "s0"], "owner": "applmgr", "path": > "/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/.CAtrust.jks.4439.1406010170.72", > "secontext": "system_u:object_r:nfs_t:s0", "size": 15070, "state": > "file", "uid": 503} > msg: invalid selinux context > > FATAL: all hosts have already failed -- aborting > > [root@stg-intmon-app-02 tmp]# ls -lZ > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/*.jks > -rwxr-x---. applmgr oinstall system_u:object_r:nfs_t:s0 > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoIdentity.jks > -rwxr-x---. applmgr oinstall system_u:object_r:nfs_t:s0 > /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks > > But this is OK when not on NFS > > - name: Upload Weblogic silent install config > copy: src=files/standard_silent_wls_java6u45.xml > dest=/home/applmgr/standard_silent_wls_java6u45.xml owner=applmgr > group=oinstall mode=0644 backup=no > sudo_user: applmgr > > TASK: [Upload Weblogic silent install config] > ********************************* > <stg-intmon-app-02> ESTABLISH CONNECTION FOR USER: systems on PORT 22 TO > stg-intmon-app-02 > <stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via > ansible, key=prjkakodhdaeiuduuzbbnbanwvumzjyc] password: " -u applmgr > /bin/sh -c '"'"'echo SUDO-SUCCESS-prjkakodhdaeiuduuzbbnbanwvumzjyc; rc=0; [ > -r "/home/applmgr/standard_silent_wls_java6u45.xml" ] || rc=2; [ -f > "/home/applmgr/standard_silent_wls_java6u45.xml" ] || rc=1; [ -d > "/home/applmgr/standard_silent_wls_java6u45.xml" ] && echo 3 && exit 0; > (/usr/bin/md5sum /home/applmgr/standard_silent_wls_java6u45.xml > 2>/dev/null) || (/sbin/md5sum -q > /home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) || > (/usr/bin/digest -a md5 /home/applmgr/standard_silent_wls_java6u45.xml > 2>/dev/null) || (/sbin/md5 -q > /home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) || > (/usr/bin/md5 -n /home/applmgr/standard_silent_wls_java6u45.xml > 2>/dev/null) || (/bin/md5 -q /home/applmgr/standard_silent_wls_java6u45.xml > 2>/dev/null) || (/usr/bin/csum -h MD5 > /home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) || (/bin/csum > -h MD5 /home/applmgr/standard_silent_wls_java6u45.xml 2>/dev/null) || (echo > "${rc} /home/applmgr/standard_silent_wls_java6u45.xml")'"'"'' > <stg-intmon-app-02> EXEC /bin/sh -c 'mkdir -p > /tmp/ansible-tmp-1406009753.63-205073731489156 && chmod a+rx > /tmp/ansible-tmp-1406009753.63-205073731489156 && echo > /tmp/ansible-tmp-1406009753.63-205073731489156' > <stg-intmon-app-02> PUT > /opt/playbook/intmon/roles/weblogic/tasks/files/standard_silent_wls_java6u45.xml > TO /tmp/ansible-tmp-1406009753.63-205073731489156/source > <stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r > /tmp/ansible-tmp-1406009753.63-205073731489156/source' > <stg-intmon-app-02> PUT /tmp/tmpjajnpT TO > /tmp/ansible-tmp-1406009753.63-205073731489156/copy > <stg-intmon-app-02> EXEC /bin/sh -c 'chmod a+r > /tmp/ansible-tmp-1406009753.63-205073731489156/copy' > <stg-intmon-app-02> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via > ansible, key=zjfkqcclaxexsimgzzuwwintokanbidr] password: " -u applmgr > /bin/sh -c '"'"'echo SUDO-SUCCESS-zjfkqcclaxexsimgzzuwwintokanbidr; > /usr/bin/python /tmp/ansible-tmp-1406009753.63-205073731489156/copy'"'"'' > <stg-intmon-app-02> EXEC /bin/sh -c 'rm -rf > /tmp/ansible-tmp-1406009753.63-205073731489156/ >/dev/null 2>&1' > changed: [stg-intmon-app-02] => {"changed": true, "dest": > "/home/applmgr/standard_silent_wls_java6u45.xml", "gid": 501, "group": > "oinstall", "md5sum": "1acef40ba022448b0f61b6b82384c96e", "mode": "0644", > "owner": "applmgr", "secontext": "unconfined_u:object_r:user_home_t:s0", > "size": 4059, "src": > "/tmp/ansible-tmp-1406009753.63-205073731489156/source", "state": "file", > "uid": 503} > > [root@stg-intmon-app-02 applmgr]# ls -lZ /home/applmgr/*.xml > -rw-r--r--. applmgr oinstall unconfined_u:object_r:user_home_t:s0 > /home/applmgr/standard_silent_wls_java6u45.xml > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/4515336c-d4dd-4baa-94bb-95f7d0a43340%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/4515336c-d4dd-4baa-94bb-95f7d0a43340%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgysLW%2B4M6P3xpnHo2FGC7WHeUVyDfH01fFyLF%2BijDk40Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
