Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copperfist: lor deploy #689

Merged
merged 1 commit into from
Dec 20, 2022
Merged

Copperfist: lor deploy #689

merged 1 commit into from
Dec 20, 2022

Conversation

scimerman
Copy link
Contributor

Copperfist LOR deployed ✔️
Added few files for copperfist and renamed some others. ✔️
Networking changed (updated for both BB and CF) from /24 to /23 to include the ldap server network ✔️

The important note is that the roles/admin_users/tasks/main.yml is doing now SE-labeling, and it works only if there is a package policycoreutils-python pre-installed. If missing, the problem appears:

TASK [admin_users : Put SELinux in permissive mode] ****************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ImportError: u'selinux' is present in the Mitogen importer blacklist, therefore this context will not attempt to request it from the master, as the request will always be refused.
fatal: [nb-vcompute04]: FAILED! => changed=false 
  msg: Failed to import the required Python library (libselinux-python) on nb-vcompute04's Python /usr/bin/python2.7. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter

if I manually install package, then problem is resolved. I added yum installation in the admin role, BUT this introduce new problem:

  1. we first do yum install
  2. then configure SE labeling
  3. and at the end we configure repositories
  4. (much later in the playbook) we update system

this will work in fresh cluster deployment. But will be problematic if some node is later redeployed

  • as it will use at step 1 default public repository and install package with latest upstream version,
  • then it will configure our local repositories, and will fail at system update due to the: policycoreutils-python (and few of it's dependencies) installed duplicates

Possible solutions:

  • move SE labeling somewhere to later configuration,
  • check if policycoreutils-python is available and run command only then,
  • potentially change the roles order: first repository configuration and then admin configuration
    need to discuss.

@scimerman scimerman requested a review from pneerincx December 20, 2022 16:13
@pneerincx pneerincx merged commit dbe7650 into rug-cit-hpc:develop Dec 20, 2022
@scimerman scimerman deleted the deploy_cf branch December 21, 2022 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pneerincx pneerincx pneerincx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@scimerman @pneerincx