在Drone CI中测试Ansible角色,系统服务无法正常工作

时间:2017-12-04 21:17:49

标签: docker ansible drone

测试Ansible角色时,我的systemd服务无法启动。这是我得到的错误,

TASK [memcached : Packages Present] ********************************************
changed: [localhost] => (item=[u'memcached', u'libmemcached'])

TASK [memcached : Service Enabled] *********************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find the requested service memcached: host"}

我的.drone.yml

pipeline:
  build:
    image: samdoran/centos7-ansible
    privileged: true
    commands:
      - echo 'sslverify=0' >> /etc/yum.conf
      - yum install -y redhat-lsb-core python-devel openldap-devel git gcc gcc-c++ python2-pip
      - pip install -U pip tox
      - tox

我的docker-compose.yml

version: '2'

services:
  drone-server:
    image: drone/drone:0.8

    ports:
      - 8000:8000
      - 9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
      - /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
    restart: always
    environment:
      - DRONE_OPEN=true
      - DRONE_HOST=https://example.server
      - DRONE_ADMIN=drone
      - DRONE_VOLUME=/etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
      - DRONE_GOGS_GIT_USERNAME=drone
      - DRONE_GOGS_GIT_PASSWORD=XXXXXXXX
      - DRONE_GOGS=true
      - DRONE_GOGS_URL=https://example.gogs
      - DRONE_SECRET=${DRONE_SECRET}

  drone-agent:
    image: drone/agent:0.8

    command: agent
    restart: always
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_SERVER=drone-server:9000
      - DRONE_SECRET=${DRONE_SECRET}
      - DOCKER_API_VERSION=1.24

我尝试手动执行memcached安装,从我的fedora工作站启动一个基础centos:7 docker容器,并且当--privileged时,服务按预期启动。无人机码头工人正在RHEL 7主机上运行。我已经在Drone界面中将存储库设置为trusted。

3 个答案:

答案 0 :(得分:0)

/sys/fs/cgroup的只读权限添加到volumes部分: - /sys/fs/cgroup:/sys/fs/cgroup:ro

完整的解释here

答案 1 :(得分:0)

事实证明,问题与如何实现entrycommands有关,如果你覆盖它没有像预期那样初始化的命令。因此,解决方法是启动容器,分离,然后将命令发送到正在运行的容器。

---

pipeline:
  system:
    image: cyberpunkspike/docker-centos7-ansible:latest
    labels:
      com.amtrustna.it.infr.serv.system: "true"
    cap_add:
      - SYS_ADMIN
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    init: /usr/lib/systemd/systemd
    detach: true

  exec:
    image: docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - CONTAINER_ID="$(docker ps -qf "label=com.amtrustna.it.infr.serv.system")"
      - test -n "$CONTAINER_ID" || { echo "Container Not Found"; exit 1 ;}
      - docker exec -t "$CONTAINER_ID" sh -c "export TERM=xterm-256color; cd $PWD && tox"

答案 2 :(得分:0)

有时你可以通过用systemctl.py替换init-command来删除整个特权/系统内容。它甚至可以为您提供不同的错误诊断。