Hello, first of all: happy new year! ;-)
A bug report was submitted today [1], stating that, on CentOS 7 VMs, the temporary enabling and disabling of SELinux that ElastiCluster does (e.g., when enabling iptables firewall rules) renders `journald` non-functional -- and possibly creates other problems too. A workaround [2] posted on ServerFault is also reported to cause trouble in the same issue report. I do not know enough of SELinux myself to be able to take an informed decision here. As far as I can see there are these options: 1. Just disable SELinux altogether (`setenforce 0`) at the start of ElastiCluster playbooks. This makes life simpler for anyone (well, makes *my* life simpler at least) but may be not what experienced CentOS/RHEL admins expect? Also, is somebody replying on SELinux in production clusters built with ElastiCluster? 2. Try to use a workaround like `restorecon -r /` (assuming one exists that works reliably). I have no idea what this workaround can be, though. 3. Try to do things correctly "the SELinux way". Last time I checked Red Hat's docs this involved rebooting the VM, which is not something we can do in the middle of an Ansible playbook. But maybe I read wrong? Any opinions? [1]: https://github.com/gc3-uzh-ch/elasticluster/issues/370 [2]: http://serverfault.com/questions/764687/systemd-journald-fails-to-start-on-centos-7 Ciao, R -- Riccardo Murri, Schwerzenbacherstrasse 2, CH-8606 Nänikon, Switzerland -- You received this message because you are subscribed to the Google Groups "elasticluster" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
