0
これはchefとmysqlの一般的な質問です。私は、mysqlファイルを格納するためにカスタムの場所を使用するようにmysqlを設定したいと思います。centos 7 chef mysqlカスタムディレクトリ
私が遭遇する問題は、MySQLをインストールした後にディレクトリを作成することです。私もselinuxのコンテキストを設定しましたが、mysqlのコンテキストがディレクトリに適用されていないため、mysqlは起動できません。それは罰金を開始し、私は、サーバー
を再起動する場合は、ディレクトリのみMySQLの後に作成されたMySQLユーザが所有する必要があるため、私は、MySQLをインストールする前にディレクトリを作成することはできません私のレシピ
をインストールされています
yum_package 'Install MySQL dev' do
package_name 'mysql-community-devel'
version node['mysql']['server_package_version']
arch 'x86_64'
action :install
end
template '/etc/my.cnf' do
source 'my.cnf.erb'
mode '0644'
notifies :restart, 'service[mysqld]', :delayed
end
template '/etc/systemd/system/mysqld.service' do
source 'mysqld.service.erb'
mode '0644'
action :create
end
# we put mysql on the /data/ filesytem
directory '/data/var/lib/' do
mode '0755'
recursive true
action :create
end
directory '/data/var/lib/mysql' do
owner 'mysql'
group 'mysql'
mode '0755'
action :create
end
directory '/data/var/lib/mysql/bin_logs' do
owner 'mysql'
group 'mysql'
mode '0755'
action :create
end
directory '/data/var/lib/mysql/relay_logs' do
owner 'mysql'
group 'mysql'
mode '0755'
action :create
end
# allow mysql to write to the new directory
selinux_policy_fcontext '/data/var/lib/mysql(/.*)?' do
secontext 'mysqld_db_t'
action :addormodify
end
service 'mysqld' do
action [:enable, :start]
end
MySQLのエラーログ
170822 12:49:44 mysqld_safe Logging to '/var/log/mysql/mysqld.log'.
170822 12:49:44 mysqld_safe Starting mysqld daemon with databases from /data/var/lib/mysql
2017-08-22 12:49:45 0 [Warning] 'THREAD_CONCURRENCY' is deprecated and will be removed in a future release.
2017-08-22 12:49:45 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-08-22 12:49:45 0 [Warning] Insecure configuration for --secure-file-priv: Data directory is accessible through --secure-file-priv. Consider choosing a different directory.
2017-08-22 12:49:45 0 [Warning] Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory.
2017-08-22 12:49:45 0 [Note] /usr/sbin/mysqld (mysqld 5.6.35-log) starting as process 9001 ...
2017-08-22 12:49:45 9001 [Warning] Buffered warning: Changed limits: max_open_files: 1024 (requested 5000)
2017-08-22 12:49:45 9001 [Warning] Buffered warning: Changed limits: table_open_cache: 457 (requested 1024)
/usr/sbin/mysqld: File '/data/var/lib/mysql/bin_logs/bin_logs.index' not found (Errcode: 13 - Permission denied)
2017-08-22 12:49:45 9001 [ERROR] Aborting
2017-08-22 12:49:45 9001 [Note] Binlog end
2017-08-22 12:49:45 9001 [Note] /usr/sbin/mysqld: Shutdown complete
170822 12:49:45 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
監査ログエントリ
grep mysqld /var/log/audit/audit.log
type=USER_MAC_CONFIG_CHANGE msg=audit(1503420569.572:176): pid=8302 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=fcontext op=add tglob="/data/var/lib/mysql(/.*)?" ftype=any tcontext=system_u:object_r:mysqld_db_t:s0 comm="semanage" exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1503420585.113:205): avc: **denied** { read write } for pid=9001 comm="mysqld" name="bin_logs.index" dev="xvdb" ino=22544533 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file
このエラーを解決するにはどうすればよいですか?
アップデート1:
シェフのクライアントの出力
12:49:09 [ 10.201.3.197] Recipe: cartera-mysql::default
12:49:25 [ 10.201.3.197] * yum_package[Install MySQL] action install
12:49:25 [ 10.201.3.197] - install version 5.6.35-2.el7 of package mysql-community-server
12:49:27 [ 10.201.3.197] * yum_package[Install MySQL dev] action install
12:49:27 [ 10.201.3.197] - install version 5.6.35-2.el7 of package mysql-community-devel
12:49:27 [ 10.201.3.197] * template[/etc/my.cnf] action create
12:49:27 [ 10.201.3.197] - update content in file /etc/my.cnf from ad0361 to 8a9530
12:49:27 [ 10.201.3.197] --- /etc/my.cnf 2016-11-28 18:13:43.000000000 -0500
12:49:27 [ 10.201.3.197] +++ /etc/.chef-my.cnf20170822-2540-1nsliu0 2017-08-22 12:49:27.495530842 -0400
12:49:27 [ 10.201.3.197] @@ -1,32 +1,59 @@
12:49:27 [ 10.201.3.197] # For advice on how to change settings please see
12:49:27 [ 10.201.3.197] # http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] +[mysql]
12:49:27 [ 10.201.3.197] +skip-secure-auth
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] [mysqld]
12:49:27 [ 10.201.3.197] -#
12:49:27 [ 10.201.3.197] -# Remove leading # and set to the amount of RAM for the most important data
12:49:27 [ 10.201.3.197] -# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
12:49:27 [ 10.201.3.197] -# innodb_buffer_pool_size = 128M
12:49:27 [ 10.201.3.197] -#
12:49:27 [ 10.201.3.197] -# Remove leading # to turn on a very important data integrity option: logging
12:49:27 [ 10.201.3.197] -# changes to the binary log between backups.
12:49:27 [ 10.201.3.197] -# log_bin
12:49:27 [ 10.201.3.197] -#
12:49:27 [ 10.201.3.197] -# Remove leading # to set options mainly useful for reporting servers.
12:49:27 [ 10.201.3.197] -# The server defaults are faster for transactions and fast SELECTs.
12:49:27 [ 10.201.3.197] -# Adjust sizes as needed, experiment to find the optimal values.
12:49:27 [ 10.201.3.197] -# join_buffer_size = 128M
12:49:27 [ 10.201.3.197] -# sort_buffer_size = 2M
12:49:27 [ 10.201.3.197] -# read_rnd_buffer_size = 2M
12:49:27 [ 10.201.3.197] -datadir=/var/lib/mysql
12:49:27 [ 10.201.3.197] +datadir=/data/var/lib/mysql
12:49:27 [ 10.201.3.197] socket=/var/lib/mysql/mysql.sock
12:49:27 [ 10.201.3.197] +secure_file_priv=/data
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] # Disabling symbolic-links is recommended to prevent assorted security risks
12:49:27 [ 10.201.3.197] symbolic-links=0
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] # Recommended in standard MySQL setup
12:49:27 [ 10.201.3.197] -sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
12:49:27 [ 10.201.3.197] +# sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
12:49:27 [ 10.201.3.197] +ft_min_word_len = 3
12:49:27 [ 10.201.3.197] +max_allowed_packet = 16M
12:49:27 [ 10.201.3.197] +table_open_cache = 1024
12:49:27 [ 10.201.3.197] +thread_concurrency = 8
12:49:27 [ 10.201.3.197] +log-bin=/data/var/lib/mysql/bin_logs/bin_logs
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] +# slow query logging
12:49:27 [ 10.201.3.197] +slow_query_log=1
12:49:27 [ 10.201.3.197] +slow_query_log_file=/var/log/mysql/slow_query.log
12:49:27 [ 10.201.3.197] +long_query_time=1
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +key_buffer_size = 384M
12:49:27 [ 10.201.3.197] +sort_buffer_size = 8M
12:49:27 [ 10.201.3.197] +read_buffer_size = 2M
12:49:27 [ 10.201.3.197] +read_rnd_buffer_size = 8M
12:49:27 [ 10.201.3.197] +myisam_sort_buffer_size = 64M
12:49:27 [ 10.201.3.197] +max_connections = 100
12:49:27 [ 10.201.3.197] +max_connect_errors = 1000
12:49:27 [ 10.201.3.197] +default-storage-engine = InnoDB
12:49:27 [ 10.201.3.197] +innodb_buffer_pool_size = 2G
12:49:27 [ 10.201.3.197] +innodb_file_per_table = 1
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# turn on the query cache
12:49:27 [ 10.201.3.197] +query_cache_type = 1
12:49:27 [ 10.201.3.197] +query_cache_size = 256M
12:49:27 [ 10.201.3.197] +#query_cache_limit = 2M
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Replication
12:49:27 [ 10.201.3.197] +server-id = 2
12:49:27 [ 10.201.3.197] +relay-log = /data/var/lib/mysql/relay_logs/relay_logs
12:49:27 [ 10.201.3.197] +relay_log_index = /data/var/lib/mysql/relay_logs/relay-log.index
12:49:27 [ 10.201.3.197] +relay-log-info-file = relay-log.info
12:49:27 [ 10.201.3.197] +replicate-do-db = transactions
12:49:27 [ 10.201.3.197] +expire-logs-days = 3
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +innodb_log_file_size = 256M
12:49:27 [ 10.201.3.197] +innodb_log_files_in_group = 4
12:49:27 [ 10.201.3.197] +innodb_sort_buffer_size = 128M
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] [mysqld_safe]
12:49:27 [ 10.201.3.197] -log-error=/var/log/mysqld.log
12:49:27 [ 10.201.3.197] +log-error=/var/log/mysql/mysqld.log
12:49:27 [ 10.201.3.197] pid-file=/var/run/mysqld/mysqld.pid
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * template[/etc/systemd/system/mysqld.service] action create
12:49:27 [ 10.201.3.197] - create new file /etc/systemd/system/mysqld.service
12:49:27 [ 10.201.3.197] - update content in file /etc/systemd/system/mysqld.service from none to fb5916
12:49:27 [ 10.201.3.197] --- /etc/systemd/system/mysqld.service 2017-08-22 12:49:27.533531086 -0400
12:49:27 [ 10.201.3.197] +++ /etc/systemd/system/.chef-mysqld.service20170822-2540-1e7mcj6 2017-08-22 12:49:27.532531080 -0400
12:49:27 [ 10.201.3.197] @@ -1 +1,50 @@
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# Simple MySQL systemd service file
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# systemd supports lots of fancy features, look here (and linked docs) for a full list:
12:49:27 [ 10.201.3.197] +# http://www.freedesktop.org/software/systemd/man/systemd.exec.html
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# Note: this file (/usr/lib/systemd/system/mysql.service)
12:49:27 [ 10.201.3.197] +# will be overwritten on package upgrade, please copy the file to
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# /etc/systemd/system/mysql.service
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# to make needed changes.
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# systemd-delta can be used to check differences between the two mysql.service files.
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +[Unit]
12:49:27 [ 10.201.3.197] +Description=MySQL Community Server
12:49:27 [ 10.201.3.197] +After=network.target
12:49:27 [ 10.201.3.197] +After=syslog.target
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +[Install]
12:49:27 [ 10.201.3.197] +WantedBy=multi-user.target
12:49:27 [ 10.201.3.197] +Alias=mysql.service
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +[Service]
12:49:27 [ 10.201.3.197] +User=mysql
12:49:27 [ 10.201.3.197] +Group=mysql
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Execute pre and post scripts as root
12:49:27 [ 10.201.3.197] +PermissionsStartOnly=true
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Needed to create system tables etc.
12:49:27 [ 10.201.3.197] +ExecStartPre=/usr/bin/mysql-systemd-start pre
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Start main service
12:49:27 [ 10.201.3.197] +ExecStart=/usr/bin/mysqld_safe
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Don't signal startup success before a ping works
12:49:27 [ 10.201.3.197] +ExecStartPost=/usr/bin/mysql-systemd-start post
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Give up if ping don't get an answer
12:49:27 [ 10.201.3.197] +TimeoutSec=600
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +Restart=always
12:49:27 [ 10.201.3.197] +PrivateTmp=false
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# allow more open files
12:49:27 [ 10.201.3.197] +LimitNOFILE=5000
12:49:27 [ 10.201.3.197] - change mode from '' to '0644'
12:49:27 [ 10.201.3.197] - change owner from '' to 'root'
12:49:27 [ 10.201.3.197] - change group from '' to 'root'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'root'
12:49:27 [ 10.201.3.197] - change group from '' to 'root'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/mysql] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/mysql
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:27 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/mysql/bin_logs] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/mysql/bin_logs
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:27 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/mysql/relay_logs] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/mysql/relay_logs
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:27 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * selinux_policy_fcontext[/data/var/lib/mysql(/.*)?] action addormodify
12:49:29 [ 10.201.3.197] * execute[selinux-fcontext-mysqld_db_t-add] action run
12:49:29 [ 10.201.3.197] - execute /usr/sbin/semanage fcontext -a -t mysqld_db_t '/data/var/lib/mysql(/.*)?'
12:49:29 [ 10.201.3.197]
12:49:29 [ 10.201.3.197] * execute[selinux-fcontext-mysqld_db_t-modify] action run/data/var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0
12:49:30 [ 10.201.3.197] /data/var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0
12:49:30 [ 10.201.3.197] (skipped due to not_if)
12:49:30 [ 10.201.3.197]
12:49:30 [ 10.201.3.197]
12:49:30 [ 10.201.3.197] * directory[/var/log/mysql] action create
12:49:30 [ 10.201.3.197] - create new directory /var/log/mysql
12:49:30 [ 10.201.3.197] - change mode from '' to '0755'
12:49:30 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:30 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:30 [ 10.201.3.197] - restore selinux security context
12:49:30 [ 10.201.3.197] * template[/etc/logrotate.d/mysql] action create
12:49:30 [ 10.201.3.197] - update content in file /etc/logrotate.d/mysql from 7beb57 to 5a22fd
12:49:30 [ 10.201.3.197] --- /etc/logrotate.d/mysql 2016-11-28 18:13:43.000000000 -0500
12:49:30 [ 10.201.3.197] +++ /etc/logrotate.d/.chef-mysql20170822-2540-hkv8l8 2017-08-22 12:49:30.160547978 -0400
12:49:30 [ 10.201.3.197] @@ -4,35 +4,55 @@
12:49:30 [ 10.201.3.197] # follows:
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # [mysqld]
12:49:30 [ 10.201.3.197] -# log-error=/var/lib/mysql/mysqld.log
12:49:30 [ 10.201.3.197] +# log-error=/var/log/mysql/mysqld.log
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # In case the root user has a password, then you
12:49:30 [ 10.201.3.197] # have to create a /root/.my.cnf configuration file
12:49:30 [ 10.201.3.197] # with the following content:
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # [mysqladmin]
12:49:30 [ 10.201.3.197] -# password = <secret>
12:49:30 [ 10.201.3.197] +# password = <secret>
12:49:30 [ 10.201.3.197] # user= root
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] -# where "<secret>" is the password.
12:49:30 [ 10.201.3.197] +# where "<secret>" is the password.
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # ATTENTION: The /root/.my.cnf file should be readable
12:49:30 [ 10.201.3.197] # _ONLY_ by root !
12:49:30 [ 10.201.3.197]
12:49:30 [ 10.201.3.197] -/var/lib/mysql/mysqld.log {
12:49:30 [ 10.201.3.197] +/var/log/mysql/mysqld.log {
12:49:30 [ 10.201.3.197] # create 600 mysql mysql
12:49:30 [ 10.201.3.197] notifempty
12:49:30 [ 10.201.3.197] daily
12:49:30 [ 10.201.3.197] - rotate 5
12:49:30 [ 10.201.3.197] + rotate 30
12:49:30 [ 10.201.3.197] missingok
12:49:30 [ 10.201.3.197] compress
12:49:30 [ 10.201.3.197] + delaycompress
12:49:30 [ 10.201.3.197] postrotate
12:49:30 [ 10.201.3.197] - # just if mysqld is really running
12:49:30 [ 10.201.3.197] - if test -x /usr/bin/mysqladmin && \
12:49:30 [ 10.201.3.197] - /usr/bin/mysqladmin ping &>/dev/null
12:49:30 [ 10.201.3.197] - then
12:49:30 [ 10.201.3.197] - /usr/bin/mysqladmin flush-logs
12:49:30 [ 10.201.3.197] - fi
12:49:30 [ 10.201.3.197] + # just if mysqld is really running
12:49:30 [ 10.201.3.197] + if test -x /usr/bin/mysqladmin && \
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin ping &>/dev/null
12:49:30 [ 10.201.3.197] + then
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin flush-logs
12:49:30 [ 10.201.3.197] + fi
12:49:30 [ 10.201.3.197] + endscript
12:49:30 [ 10.201.3.197] +}
12:49:30 [ 10.201.3.197] +
12:49:30 [ 10.201.3.197] +/var/log/mysql/slow_query.log {
12:49:30 [ 10.201.3.197] + compress
12:49:30 [ 10.201.3.197] + delaycompress
12:49:30 [ 10.201.3.197] + create 660 mysql mysql
12:49:30 [ 10.201.3.197] + daily
12:49:30 [ 10.201.3.197] + rotate 30
12:49:30 [ 10.201.3.197] + dateext
12:49:30 [ 10.201.3.197] + missingok
12:49:30 [ 10.201.3.197] + sharedscripts
12:49:30 [ 10.201.3.197] + postrotate
12:49:30 [ 10.201.3.197] + # just if mysqld is really running
12:49:30 [ 10.201.3.197] + if test -x /usr/bin/mysqladmin && \
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin ping &>/dev/null
12:49:30 [ 10.201.3.197] + then
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin flush-logs
12:49:30 [ 10.201.3.197] + fi
12:49:30 [ 10.201.3.197] endscript
12:49:30 [ 10.201.3.197] }
12:49:30 [ 10.201.3.197] - restore selinux security context
12:49:30 [ 10.201.3.197] * service[mysqld] action enable (up to date)
12:56:24 Result: 2147483647
12:56:25 Failed: NonZeroResultCode: Result code was 2147483647
12:56:25 Execution failed: 4229: [Workflow result: , step failures: {4=JobFailed: Job [ops/Chef Tasks/Bootstrap Environment] failed}, flow control: Continue, status: failed]
アップデート2:あなたはあなたがそこに持っているものへの料理のための最新のコードを比較する場合 selinux_policy 0.9.6
# Run restorecon to fix label
action :relabel do
execute "selinux-fcontext-relabel-#{new_resource.secontext}" do
command restorecon(new_resource.file_spec)
not_if "test -z \"$(#{restorecon(new_resource.file_spec)} -vn)\""
end
end
# Create if doesnt exist, do not touch if fcontext is already registered
action :add do
escaped_file_spec = Regexp.escape(new_resource.file_spec)
execute "selinux-fcontext-#{new_resource.secontext}-add" do
command "/usr/sbin/semanage fcontext -a -t #{new_resource.secontext} '#{new_resource.file_spec}'"
not_if fcontext_defined(new_resource.file_spec)
only_if {use_selinux}
notifies :relabel, new_resource
end
end
# Delete if exists
action :delete do
escaped_file_spec = Regexp.escape(new_resource.file_spec)
execute "selinux-fcontext-#{new_resource.secontext}-delete" do
command "/usr/sbin/semanage fcontext -d '#{new_resource.file_spec}'"
only_if fcontext_defined(new_resource.file_spec, new_resource.secontext)
only_if {use_selinux}
notifies :relabel, new_resource
end
end
action :modify do
execute "selinux-fcontext-#{new_resource.secontext}-modify" do
command "/usr/sbin/semanage fcontext -m -t #{new_resource.secontext} '#{new_resource.file_spec}'"
only_if {use_selinux}
only_if fcontext_defined(new_resource.file_spec)
not_if fcontext_defined(new_resource.file_spec, new_resource.secontext)
notifies :relabel, new_resource
end
end
action :addormodify do
run_action(:add)
run_action(:modify)
end
'chef-client'ログ出力を含めて、':relabel'アクションが正しく起こったかどうか確認できますか? – coderanger
はっきりとラベルがついたものがあります。私はそのコードに飛び込み、あなたが見ているコマンドの出力を確認します。 not_ifが原因で実行がスキップされたことがわかります。これは、relabelも発生しないことを意味します。出力には、selinuxのポリシーコマンドのようなものがあります。 – coderanger
@codeder not_ifは、addormodifyアクションを使用しているためです。addはそれを追加したので、それをスキップします。 –