Discourse on CentOS 7


(keelan) #1

I’m running CentOS 7 with a docker RPM found here:

http://copr-be.cloud.fedoraproject.org/results/goldmann/docker-io/epel-7-x86_64/

When I go to bootstrap it, this happens:

# docker -v
Docker version 1.2.0, build fa7b24f/1.2.0
# cat /etc/redhat-release 
CentOS Linux release 7.0.1406 (Core) 
# pwd
/var/discourse
# ./launcher bootstrap app
--- SNIP ---
cd /pups && git pull && /pups/bin/pups --stdin
Already up-to-date.
I, [2014-10-02T22:04:21.505493 #37]  INFO -- : Loading --stdin
I, [2014-10-02T22:04:21.512477 #37]  INFO -- : > mkdir -p /shared/postgres_run
mkdir: cannot create directory ‘/shared/postgres_run’: Permission denied
FAILED
--------------------
RuntimeError: mkdir -p /shared/postgres_run failed with return #<Process::Status: pid 39 exit 1>
Location of failure: /pups/lib/pups/exec_command.rb:85:in `spawn'
exec failed with the params "mkdir -p /shared/postgres_run"
I, [2014-10-02T22:04:21.524181 #37]  INFO -- : 
8962e76325b9e03d9dff6631c9f8c68828b366de7adea9aeb6855293c8503995
FAILED TO BOOTSTRAP

I’ve found this error documented a few times here when setting up Discourse on Ubuntu, but the solution(reboot!) doesn’t work for me. I’ve blown away my VM and re-installed, same error both times.

What am I doing wrong?


(Jeff Atwood) #2

What does docker info report?


(keelan) #3

docker info

Containers: 0
Images: 6
Storage Driver: devicemapper
 Pool Name: docker-253:1-1771-pool
 Pool Blocksize: 64 Kb
 Data file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
 Data Space Used: 1495.2 Mb
 Data Space Total: 102400.0 Mb
 Metadata Space Used: 1.4 Mb
 Metadata Space Total: 2048.0 Mb
Execution Driver: native-0.2
Kernel Version: 3.10.0-123.el7.x86_64
Operating System: CentOS Linux 7 (Core)

(keelan) #4

This is solved!

SELinux was the problem. I set it to permissive (setenforce permissive), and it removed the roadblock!

Looks like I’ll need to do some reading on docker+SELinux.


(Sam Saffron) #5

device mapper is very random, glad it is working now, but I have yet to see stable setups on it.


(keelan) #6

Sam,

Thanks for the follow-up. Which backend is the best to use with Discourse?


(Jeff Atwood) #7

If by “backend” you mean…

  • filesystem, anything but device mapper.

  • OS, we use Ubuntu Server 14.04 LTS x64 to great success.


(Kane York) #8

AUFS is the recommended container filesystem storage driver, and is what you get if you follow the ‘beginners guide’.


(Sébastien Santoro) #9

Could you add the procedure to achieve the relevant SELinux configuration on CentOS?


(keelan) #10

No SELinux config yet, still running as an internal test. I’ve talked with our sec guys about it, and we’ll be ploughing in to that when the time comes.


(eriko) #11

@keelan did you ever document the selinux config that you used?


(Sébastien Santoro) #12

Okay, there are three solutions pending a specific SELinux config:

  1. Run Docker without SELinux: in /etc/sysconfig/docker remove the --selinux-enabled option.
  2. Disable SELinux enforcement in the system: setenforce Permissive, SELinux violations will be then allowed, but logged.
  3. Probably the more interesting, apply a sandbox permission to the directory on your host system mounted as a volume in Docker: chcon -Rt svirt_sandbox_file_t /var/discourse/shared.