Hello,
I have a simple service definition file - nginx-test.service and located in user *core* home directory (/var/home/core) :
[Unit] Description=This a basic Nginx service for a testing After=docker.service Requires=docker.service
[Install] WantedBy=multi-user.target
[Service] RestartSec=10 Restart=always ExecStartPre=-/usr/bin/docker kill nginx-test ExecStartPre=-/usr/bin/docker rm nginx-test ExecStart=/usr/bin/docker run \ --name=nginx-test \ --network=host \ --volume=/var/home/core/nginx/config:/etc/nginx/conf \ --volume=/var/home/core/nginx/html:/usr/share/nginx/html \ nginx:1.17.2-alpine nginx -c /etc/nginx/conf/nginx.conf -g "daemon off;" ExecStop=/usr/bin/docker stop nginx-test
This file is: $ sudo cp nginx-test.service /etc/systemd/system/ $ sudo systemctl daemon-reload $ sudo systemctl start nginx-test $ pwd /var/home/core $ tree nginx nginx ├── config │ └── nginx.conf └── html └── index.html
This exact configuration works on my CoreOS AMI on AWS - which we use for the last couple of years. But, it does not work with Fedora CoreOS on my bare metal hardware. I even changed directory/file permissions on nginx from core to root and still get the errors:
Aug 24 02:53:36 rhino docker[28805]: nginx-test Aug 24 02:53:36 rhino systemd[1]: Started This a basic Nginx service for a testing. Aug 24 02:53:37 rhino docker[28813]: 2019/08/24 02:53:37 [emerg] 1#1: open() "/etc/nginx/conf/nginx.conf" failed (13: Permission denied) Aug 24 02:53:37 rhino docker[28813]: nginx: [emerg] open() "/etc/nginx/conf/nginx.conf" failed (13: Permission denied) Aug 24 02:53:38 rhino systemd[1]: nginx-test.service: Main process exited, code=exited, status=1/FAILURE Aug 24 02:53:38 rhino systemd[1]: nginx-test.service: Failed with result 'exit-code'.
$ ls -l nginx/config/ total 4 -rw-r--r--. 1 root root 3735 Aug 24 01:08 nginx.conf
Is there a new way to make this work?
Thanks & Regards
/Shivaram
Hey Shivaram!
I don't have my laptop so just guessing, with the hope of unblocking you before you get a better answer ;)
It could be an selinux denial? Container Linux never had selinux configured meaningfully. You can check with "sestatus". Try adding ":z" to your --volume flags, which might help until you can properly label the files for selinux. Or maybe selinux is not enforcing and it's something totally different.
Good luck!
On Fri, Aug 23, 2019, 7:58 PM Shivaram Mysore shivaram.mysore@gmail.com wrote:
Hello,
I have a simple service definition file - nginx-test.service and located in user *core* home directory (/var/home/core) :
[Unit] Description=This a basic Nginx service for a testing After=docker.service Requires=docker.service
[Install] WantedBy=multi-user.target
[Service] RestartSec=10 Restart=always ExecStartPre=-/usr/bin/docker kill nginx-test ExecStartPre=-/usr/bin/docker rm nginx-test ExecStart=/usr/bin/docker run \ --name=nginx-test \ --network=host \ --volume=/var/home/core/nginx/config:/etc/nginx/conf \ --volume=/var/home/core/nginx/html:/usr/share/nginx/html \ nginx:1.17.2-alpine nginx -c /etc/nginx/conf/nginx.conf -g "daemon off;" ExecStop=/usr/bin/docker stop nginx-test
This file is: $ sudo cp nginx-test.service /etc/systemd/system/ $ sudo systemctl daemon-reload $ sudo systemctl start nginx-test $ pwd /var/home/core $ tree nginx nginx ├── config │ └── nginx.conf └── html └── index.html
This exact configuration works on my CoreOS AMI on AWS - which we use for the last couple of years. But, it does not work with Fedora CoreOS on my bare metal hardware. I even changed directory/file permissions on nginx from core to root and still get the errors:
Aug 24 02:53:36 rhino docker[28805]: nginx-test Aug 24 02:53:36 rhino systemd[1]: Started This a basic Nginx service for a testing. Aug 24 02:53:37 rhino docker[28813]: 2019/08/24 02:53:37 [emerg] 1#1: open() "/etc/nginx/conf/nginx.conf" failed (13: Permission denied) Aug 24 02:53:37 rhino docker[28813]: nginx: [emerg] open() "/etc/nginx/conf/nginx.conf" failed (13: Permission denied) Aug 24 02:53:38 rhino systemd[1]: nginx-test.service: Main process exited, code=exited, status=1/FAILURE Aug 24 02:53:38 rhino systemd[1]: nginx-test.service: Failed with result 'exit-code'.
$ ls -l nginx/config/ total 4 -rw-r--r--. 1 root root 3735 Aug 24 01:08 nginx.conf
Is there a new way to make this work?
Thanks & Regards
/Shivaram _______________________________________________ CoreOS mailing list -- coreos@lists.fedoraproject.org To unsubscribe send an email to coreos-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org
Hi Nick, Thanks very much for the response. The suggestion greatly helped and I am now unblocked.
Also, based on https://github.com/coreos/fedora-coreos-tracker/issues/256 , I also ran the below commands
$ sudo echo "$(getent group docker)" >> /etc/group $ sudo usermod -aG docker core
Thanks again for the help.
Regards
/Shivaram
On Fri, Aug 23, 2019 at 10:49 PM Nick Stielau nstielau@redhat.com wrote:
Hey Shivaram!
I don't have my laptop so just guessing, with the hope of unblocking you before you get a better answer ;)
It could be an selinux denial? Container Linux never had selinux configured meaningfully. You can check with "sestatus". Try adding ":z" to your --volume flags, which might help until you can properly label the files for selinux. Or maybe selinux is not enforcing and it's something totally different.
Good luck!
On Fri, Aug 23, 2019, 7:58 PM Shivaram Mysore shivaram.mysore@gmail.com wrote:
Hello,
I have a simple service definition file - nginx-test.service and located in user *core* home directory (/var/home/core) :
[Unit] Description=This a basic Nginx service for a testing After=docker.service Requires=docker.service
[Install] WantedBy=multi-user.target
[Service] RestartSec=10 Restart=always ExecStartPre=-/usr/bin/docker kill nginx-test ExecStartPre=-/usr/bin/docker rm nginx-test ExecStart=/usr/bin/docker run \ --name=nginx-test \ --network=host \ --volume=/var/home/core/nginx/config:/etc/nginx/conf \ --volume=/var/home/core/nginx/html:/usr/share/nginx/html \ nginx:1.17.2-alpine nginx -c /etc/nginx/conf/nginx.conf -g "daemon off;" ExecStop=/usr/bin/docker stop nginx-test
This file is: $ sudo cp nginx-test.service /etc/systemd/system/ $ sudo systemctl daemon-reload $ sudo systemctl start nginx-test $ pwd /var/home/core $ tree nginx nginx ├── config │ └── nginx.conf └── html └── index.html
This exact configuration works on my CoreOS AMI on AWS - which we use for the last couple of years. But, it does not work with Fedora CoreOS on my bare metal hardware. I even changed directory/file permissions on nginx from core to root and still get the errors:
Aug 24 02:53:36 rhino docker[28805]: nginx-test Aug 24 02:53:36 rhino systemd[1]: Started This a basic Nginx service for a testing. Aug 24 02:53:37 rhino docker[28813]: 2019/08/24 02:53:37 [emerg] 1#1: open() "/etc/nginx/conf/nginx.conf" failed (13: Permission denied) Aug 24 02:53:37 rhino docker[28813]: nginx: [emerg] open() "/etc/nginx/conf/nginx.conf" failed (13: Permission denied) Aug 24 02:53:38 rhino systemd[1]: nginx-test.service: Main process exited, code=exited, status=1/FAILURE Aug 24 02:53:38 rhino systemd[1]: nginx-test.service: Failed with result 'exit-code'.
$ ls -l nginx/config/ total 4 -rw-r--r--. 1 root root 3735 Aug 24 01:08 nginx.conf
Is there a new way to make this work?
Thanks & Regards
/Shivaram _______________________________________________ CoreOS mailing list -- coreos@lists.fedoraproject.org To unsubscribe send an email to coreos-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org
coreos@lists.fedoraproject.org
-
Nick Stielau -
Shivaram Mysore