这是一个关于 Chef 和 mysql 的一般问题。我想将 mysql 配置为使用自定义位置来存储 mysql 文件。
我遇到的问题是我在安装 MySQL 后创建了目录。我也设置了selinux上下文,但是mysql无法启动,因为selinux上下文没有应用到目录。如果我重新启动服务器,它就会正常启动
我无法在安装 MySQL 之前创建该目录,因为该目录需要由 MySQL 用户拥有,只有在安装 MySQL 后才会创建
我的 Recipe
yum_package 'Install MySQL dev' do
package_name 'mysql-community-devel'
version node['mysql']['server_package_version']
arch 'x86_64'
action :install
end
template '/etc/my.cnf' do
source 'my.cnf.erb'
mode '0644'
notifies :restart, 'service[mysqld]', :delayed
end
template '/etc/systemd/system/mysqld.service' do
source 'mysqld.service.erb'
mode '0644'
action :create
end
# we put mysql on the /data/ filesytem
directory '/data/var/lib/' do
mode '0755'
recursive true
action :create
end
directory '/data/var/lib/mysql' do
owner 'mysql'
group 'mysql'
mode '0755'
action :create
end
directory '/data/var/lib/mysql/bin_logs' do
owner 'mysql'
group 'mysql'
mode '0755'
action :create
end
directory '/data/var/lib/mysql/relay_logs' do
owner 'mysql'
group 'mysql'
mode '0755'
action :create
end
# allow mysql to write to the new directory
selinux_policy_fcontext '/data/var/lib/mysql(/.*)?' do
secontext 'mysqld_db_t'
action :addormodify
end
service 'mysqld' do
action [:enable, :start]
end
MySQL错误日志
170822 12:49:44 mysqld_safe Logging to '/var/log/mysql/mysqld.log'.
170822 12:49:44 mysqld_safe Starting mysqld daemon with databases from /data/var/lib/mysql
2017-08-22 12:49:45 0 [Warning] 'THREAD_CONCURRENCY' is deprecated and will be removed in a future release.
2017-08-22 12:49:45 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-08-22 12:49:45 0 [Warning] Insecure configuration for --secure-file-priv: Data directory is accessible through --secure-file-priv. Consider choosing a different directory.
2017-08-22 12:49:45 0 [Warning] Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory.
2017-08-22 12:49:45 0 [Note] /usr/sbin/mysqld (mysqld 5.6.35-log) starting as process 9001 ...
2017-08-22 12:49:45 9001 [Warning] Buffered warning: Changed limits: max_open_files: 1024 (requested 5000)
2017-08-22 12:49:45 9001 [Warning] Buffered warning: Changed limits: table_open_cache: 457 (requested 1024)
/usr/sbin/mysqld: File '/data/var/lib/mysql/bin_logs/bin_logs.index' not found (Errcode: 13 - Permission denied)
2017-08-22 12:49:45 9001 [ERROR] Aborting
2017-08-22 12:49:45 9001 [Note] Binlog end
2017-08-22 12:49:45 9001 [Note] /usr/sbin/mysqld: Shutdown complete
170822 12:49:45 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
审核日志条目
grep mysqld /var/log/audit/audit.log
type=USER_MAC_CONFIG_CHANGE msg=audit(1503420569.572:176): pid=8302 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=fcontext op=add tglob="/data/var/lib/mysql(/.*)?" ftype=any tcontext=system_u:object_r:mysqld_db_t:s0 comm="semanage" exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1503420585.113:205): avc: **denied** { read write } for pid=9001 comm="mysqld" name="bin_logs.index" dev="xvdb" ino=22544533 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file
如何修复此错误?
更新1:
Chef 客户端输出
12:49:09 [ 10.201.3.197] Recipe: cartera-mysql::default
12:49:25 [ 10.201.3.197] * yum_package[Install MySQL] action install
12:49:25 [ 10.201.3.197] - install version 5.6.35-2.el7 of package mysql-community-server
12:49:27 [ 10.201.3.197] * yum_package[Install MySQL dev] action install
12:49:27 [ 10.201.3.197] - install version 5.6.35-2.el7 of package mysql-community-devel
12:49:27 [ 10.201.3.197] * template[/etc/my.cnf] action create
12:49:27 [ 10.201.3.197] - update content in file /etc/my.cnf from ad0361 to 8a9530
12:49:27 [ 10.201.3.197] --- /etc/my.cnf 2016-11-28 18:13:43.000000000 -0500
12:49:27 [ 10.201.3.197] +++ /etc/.chef-my.cnf20170822-2540-1nsliu0 2017-08-22 12:49:27.495530842 -0400
12:49:27 [ 10.201.3.197] @@ -1,32 +1,59 @@
12:49:27 [ 10.201.3.197] # For advice on how to change settings please see
12:49:27 [ 10.201.3.197] # http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] +[mysql]
12:49:27 [ 10.201.3.197] +skip-secure-auth
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] [mysqld]
12:49:27 [ 10.201.3.197] -#
12:49:27 [ 10.201.3.197] -# Remove leading # and set to the amount of RAM for the most important data
12:49:27 [ 10.201.3.197] -# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
12:49:27 [ 10.201.3.197] -# innodb_buffer_pool_size = 128M
12:49:27 [ 10.201.3.197] -#
12:49:27 [ 10.201.3.197] -# Remove leading # to turn on a very important data integrity option: logging
12:49:27 [ 10.201.3.197] -# changes to the binary log between backups.
12:49:27 [ 10.201.3.197] -# log_bin
12:49:27 [ 10.201.3.197] -#
12:49:27 [ 10.201.3.197] -# Remove leading # to set options mainly useful for reporting servers.
12:49:27 [ 10.201.3.197] -# The server defaults are faster for transactions and fast SELECTs.
12:49:27 [ 10.201.3.197] -# Adjust sizes as needed, experiment to find the optimal values.
12:49:27 [ 10.201.3.197] -# join_buffer_size = 128M
12:49:27 [ 10.201.3.197] -# sort_buffer_size = 2M
12:49:27 [ 10.201.3.197] -# read_rnd_buffer_size = 2M
12:49:27 [ 10.201.3.197] -datadir=/var/lib/mysql
12:49:27 [ 10.201.3.197] +datadir=/data/var/lib/mysql
12:49:27 [ 10.201.3.197] socket=/var/lib/mysql/mysql.sock
12:49:27 [ 10.201.3.197] +secure_file_priv=/data
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] # Disabling symbolic-links is recommended to prevent assorted security risks
12:49:27 [ 10.201.3.197] symbolic-links=0
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] # Recommended in standard MySQL setup
12:49:27 [ 10.201.3.197] -sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
12:49:27 [ 10.201.3.197] +# sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
12:49:27 [ 10.201.3.197] +ft_min_word_len = 3
12:49:27 [ 10.201.3.197] +max_allowed_packet = 16M
12:49:27 [ 10.201.3.197] +table_open_cache = 1024
12:49:27 [ 10.201.3.197] +thread_concurrency = 8
12:49:27 [ 10.201.3.197] +log-bin=/data/var/lib/mysql/bin_logs/bin_logs
12:49:27 [ 10.201.3.197]
12:49:27 [ 10.201.3.197] +# slow query logging
12:49:27 [ 10.201.3.197] +slow_query_log=1
12:49:27 [ 10.201.3.197] +slow_query_log_file=/var/log/mysql/slow_query.log
12:49:27 [ 10.201.3.197] +long_query_time=1
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +key_buffer_size = 384M
12:49:27 [ 10.201.3.197] +sort_buffer_size = 8M
12:49:27 [ 10.201.3.197] +read_buffer_size = 2M
12:49:27 [ 10.201.3.197] +read_rnd_buffer_size = 8M
12:49:27 [ 10.201.3.197] +myisam_sort_buffer_size = 64M
12:49:27 [ 10.201.3.197] +max_connections = 100
12:49:27 [ 10.201.3.197] +max_connect_errors = 1000
12:49:27 [ 10.201.3.197] +default-storage-engine = InnoDB
12:49:27 [ 10.201.3.197] +innodb_buffer_pool_size = 2G
12:49:27 [ 10.201.3.197] +innodb_file_per_table = 1
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# turn on the query cache
12:49:27 [ 10.201.3.197] +query_cache_type = 1
12:49:27 [ 10.201.3.197] +query_cache_size = 256M
12:49:27 [ 10.201.3.197] +#query_cache_limit = 2M
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Replication
12:49:27 [ 10.201.3.197] +server-id = 2
12:49:27 [ 10.201.3.197] +relay-log = /data/var/lib/mysql/relay_logs/relay_logs
12:49:27 [ 10.201.3.197] +relay_log_index = /data/var/lib/mysql/relay_logs/relay-log.index
12:49:27 [ 10.201.3.197] +relay-log-info-file = relay-log.info
12:49:27 [ 10.201.3.197] +replicate-do-db = transactions
12:49:27 [ 10.201.3.197] +expire-logs-days = 3
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +innodb_log_file_size = 256M
12:49:27 [ 10.201.3.197] +innodb_log_files_in_group = 4
12:49:27 [ 10.201.3.197] +innodb_sort_buffer_size = 128M
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] [mysqld_safe]
12:49:27 [ 10.201.3.197] -log-error=/var/log/mysqld.log
12:49:27 [ 10.201.3.197] +log-error=/var/log/mysql/mysqld.log
12:49:27 [ 10.201.3.197] pid-file=/var/run/mysqld/mysqld.pid
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * template[/etc/systemd/system/mysqld.service] action create
12:49:27 [ 10.201.3.197] - create new file /etc/systemd/system/mysqld.service
12:49:27 [ 10.201.3.197] - update content in file /etc/systemd/system/mysqld.service from none to fb5916
12:49:27 [ 10.201.3.197] --- /etc/systemd/system/mysqld.service 2017-08-22 12:49:27.533531086 -0400
12:49:27 [ 10.201.3.197] +++ /etc/systemd/system/.chef-mysqld.service20170822-2540-1e7mcj6 2017-08-22 12:49:27.532531080 -0400
12:49:27 [ 10.201.3.197] @@ -1 +1,50 @@
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# Simple MySQL systemd service file
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# systemd supports lots of fancy features, look here (and linked docs) for a full list:
12:49:27 [ 10.201.3.197] +# http://www.freedesktop.org/software/systemd/man/systemd.exec.html
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# Note: this file ( /usr/lib/systemd/system/mysql.service )
12:49:27 [ 10.201.3.197] +# will be overwritten on package upgrade, please copy the file to
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# /etc/systemd/system/mysql.service
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# to make needed changes.
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +# systemd-delta can be used to check differences between the two mysql.service files.
12:49:27 [ 10.201.3.197] +#
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +[Unit]
12:49:27 [ 10.201.3.197] +Description=MySQL Community Server
12:49:27 [ 10.201.3.197] +After=network.target
12:49:27 [ 10.201.3.197] +After=syslog.target
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +[Install]
12:49:27 [ 10.201.3.197] +WantedBy=multi-user.target
12:49:27 [ 10.201.3.197] +Alias=mysql.service
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +[Service]
12:49:27 [ 10.201.3.197] +User=mysql
12:49:27 [ 10.201.3.197] +Group=mysql
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Execute pre and post scripts as root
12:49:27 [ 10.201.3.197] +PermissionsStartOnly=true
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Needed to create system tables etc.
12:49:27 [ 10.201.3.197] +ExecStartPre=/usr/bin/mysql-systemd-start pre
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Start main service
12:49:27 [ 10.201.3.197] +ExecStart=/usr/bin/mysqld_safe
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Don't signal startup success before a ping works
12:49:27 [ 10.201.3.197] +ExecStartPost=/usr/bin/mysql-systemd-start post
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# Give up if ping don't get an answer
12:49:27 [ 10.201.3.197] +TimeoutSec=600
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +Restart=always
12:49:27 [ 10.201.3.197] +PrivateTmp=false
12:49:27 [ 10.201.3.197] +
12:49:27 [ 10.201.3.197] +# allow more open files
12:49:27 [ 10.201.3.197] +LimitNOFILE=5000
12:49:27 [ 10.201.3.197] - change mode from '' to '0644'
12:49:27 [ 10.201.3.197] - change owner from '' to 'root'
12:49:27 [ 10.201.3.197] - change group from '' to 'root'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'root'
12:49:27 [ 10.201.3.197] - change group from '' to 'root'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/mysql] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/mysql
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:27 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/mysql/bin_logs] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/mysql/bin_logs
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:27 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * directory[/data/var/lib/mysql/relay_logs] action create
12:49:27 [ 10.201.3.197] - create new directory /data/var/lib/mysql/relay_logs
12:49:27 [ 10.201.3.197] - change mode from '' to '0755'
12:49:27 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:27 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:27 [ 10.201.3.197] - restore selinux security context
12:49:27 [ 10.201.3.197] * selinux_policy_fcontext[/data/var/lib/mysql(/.*)?] action addormodify
12:49:29 [ 10.201.3.197] * execute[selinux-fcontext-mysqld_db_t-add] action run
12:49:29 [ 10.201.3.197] - execute /usr/sbin/semanage fcontext -a -t mysqld_db_t '/data/var/lib/mysql(/.*)?'
12:49:29 [ 10.201.3.197]
12:49:29 [ 10.201.3.197] * execute[selinux-fcontext-mysqld_db_t-modify] action run/data/var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0
12:49:30 [ 10.201.3.197] /data/var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0
12:49:30 [ 10.201.3.197] (skipped due to not_if)
12:49:30 [ 10.201.3.197]
12:49:30 [ 10.201.3.197]
12:49:30 [ 10.201.3.197] * directory[/var/log/mysql] action create
12:49:30 [ 10.201.3.197] - create new directory /var/log/mysql
12:49:30 [ 10.201.3.197] - change mode from '' to '0755'
12:49:30 [ 10.201.3.197] - change owner from '' to 'mysql'
12:49:30 [ 10.201.3.197] - change group from '' to 'mysql'
12:49:30 [ 10.201.3.197] - restore selinux security context
12:49:30 [ 10.201.3.197] * template[/etc/logrotate.d/mysql] action create
12:49:30 [ 10.201.3.197] - update content in file /etc/logrotate.d/mysql from 7beb57 to 5a22fd
12:49:30 [ 10.201.3.197] --- /etc/logrotate.d/mysql 2016-11-28 18:13:43.000000000 -0500
12:49:30 [ 10.201.3.197] +++ /etc/logrotate.d/.chef-mysql20170822-2540-hkv8l8 2017-08-22 12:49:30.160547978 -0400
12:49:30 [ 10.201.3.197] @@ -4,35 +4,55 @@
12:49:30 [ 10.201.3.197] # follows:
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # [mysqld]
12:49:30 [ 10.201.3.197] -# log-error=/var/lib/mysql/mysqld.log
12:49:30 [ 10.201.3.197] +# log-error=/var/log/mysql/mysqld.log
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # In case the root user has a password, then you
12:49:30 [ 10.201.3.197] # have to create a /root/.my.cnf configuration file
12:49:30 [ 10.201.3.197] # with the following content:
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # [mysqladmin]
12:49:30 [ 10.201.3.197] -# password = <secret>
12:49:30 [ 10.201.3.197] +# password = <secret>
12:49:30 [ 10.201.3.197] # user= root
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] -# where "<secret>" is the password.
12:49:30 [ 10.201.3.197] +# where "<secret>" is the password.
12:49:30 [ 10.201.3.197] #
12:49:30 [ 10.201.3.197] # ATTENTION: The /root/.my.cnf file should be readable
12:49:30 [ 10.201.3.197] # _ONLY_ by root !
12:49:30 [ 10.201.3.197]
12:49:30 [ 10.201.3.197] -/var/lib/mysql/mysqld.log {
12:49:30 [ 10.201.3.197] +/var/log/mysql/mysqld.log {
12:49:30 [ 10.201.3.197] # create 600 mysql mysql
12:49:30 [ 10.201.3.197] notifempty
12:49:30 [ 10.201.3.197] daily
12:49:30 [ 10.201.3.197] - rotate 5
12:49:30 [ 10.201.3.197] + rotate 30
12:49:30 [ 10.201.3.197] missingok
12:49:30 [ 10.201.3.197] compress
12:49:30 [ 10.201.3.197] + delaycompress
12:49:30 [ 10.201.3.197] postrotate
12:49:30 [ 10.201.3.197] - # just if mysqld is really running
12:49:30 [ 10.201.3.197] - if test -x /usr/bin/mysqladmin && \
12:49:30 [ 10.201.3.197] - /usr/bin/mysqladmin ping &>/dev/null
12:49:30 [ 10.201.3.197] - then
12:49:30 [ 10.201.3.197] - /usr/bin/mysqladmin flush-logs
12:49:30 [ 10.201.3.197] - fi
12:49:30 [ 10.201.3.197] + # just if mysqld is really running
12:49:30 [ 10.201.3.197] + if test -x /usr/bin/mysqladmin && \
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin ping &>/dev/null
12:49:30 [ 10.201.3.197] + then
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin flush-logs
12:49:30 [ 10.201.3.197] + fi
12:49:30 [ 10.201.3.197] + endscript
12:49:30 [ 10.201.3.197] +}
12:49:30 [ 10.201.3.197] +
12:49:30 [ 10.201.3.197] +/var/log/mysql/slow_query.log {
12:49:30 [ 10.201.3.197] + compress
12:49:30 [ 10.201.3.197] + delaycompress
12:49:30 [ 10.201.3.197] + create 660 mysql mysql
12:49:30 [ 10.201.3.197] + daily
12:49:30 [ 10.201.3.197] + rotate 30
12:49:30 [ 10.201.3.197] + dateext
12:49:30 [ 10.201.3.197] + missingok
12:49:30 [ 10.201.3.197] + sharedscripts
12:49:30 [ 10.201.3.197] + postrotate
12:49:30 [ 10.201.3.197] + # just if mysqld is really running
12:49:30 [ 10.201.3.197] + if test -x /usr/bin/mysqladmin && \
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin ping &>/dev/null
12:49:30 [ 10.201.3.197] + then
12:49:30 [ 10.201.3.197] + /usr/bin/mysqladmin flush-logs
12:49:30 [ 10.201.3.197] + fi
12:49:30 [ 10.201.3.197] endscript
12:49:30 [ 10.201.3.197] }
12:49:30 [ 10.201.3.197] - restore selinux security context
12:49:30 [ 10.201.3.197] * service[mysqld] action enable (up to date)
12:56:24 Result: 2147483647
12:56:25 Failed: NonZeroResultCode: Result code was 2147483647
12:56:25 Execution failed: 4229: [Workflow result: , step failures: {4=JobFailed: Job [ops/Chef Tasks/Bootstrap Environment] failed}, flow control: Continue, status: failed]
更新2: selinux_policy 0.9.6
# Run restorecon to fix label
action :relabel do
execute "selinux-fcontext-relabel-#{new_resource.secontext}" do
command restorecon(new_resource.file_spec)
not_if "test -z \"$(#{restorecon(new_resource.file_spec)} -vn)\""
end
end
# Create if doesnt exist, do not touch if fcontext is already registered
action :add do
escaped_file_spec = Regexp.escape(new_resource.file_spec)
execute "selinux-fcontext-#{new_resource.secontext}-add" do
command "/usr/sbin/semanage fcontext -a -t #{new_resource.secontext} '#{new_resource.file_spec}'"
not_if fcontext_defined(new_resource.file_spec)
only_if {use_selinux}
notifies :relabel, new_resource
end
end
# Delete if exists
action :delete do
escaped_file_spec = Regexp.escape(new_resource.file_spec)
execute "selinux-fcontext-#{new_resource.secontext}-delete" do
command "/usr/sbin/semanage fcontext -d '#{new_resource.file_spec}'"
only_if fcontext_defined(new_resource.file_spec, new_resource.secontext)
only_if {use_selinux}
notifies :relabel, new_resource
end
end
action :modify do
execute "selinux-fcontext-#{new_resource.secontext}-modify" do
command "/usr/sbin/semanage fcontext -m -t #{new_resource.secontext} '#{new_resource.file_spec}'"
only_if {use_selinux}
only_if fcontext_defined(new_resource.file_spec)
not_if fcontext_defined(new_resource.file_spec, new_resource.secontext)
notifies :relabel, new_resource
end
end
action :addormodify do
run_action(:add)
run_action(:modify)
end
最佳答案
如果您将 Recipe 的最新代码与您那里的代码进行比较,您可以看到relabel触发器已从延迟计时(默认)更改为即时。由于它被延迟,它会在运行结束时发生,即在服务尝试启动之后。如果您获取更新的代码,应该会更高兴。
关于mysql - centos 7 Chef mysql 自定义目录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45823217/