在 Drone CI 中测试 Ansible 角色,systemd 服务不工作
Testing Ansible roles in Drone CI, systemd services not working
在测试 Ansible 角色时,我的 systemd 服务无法启动。这是我得到的错误,
TASK [memcached : Packages Present] ********************************************
changed: [localhost] => (item=[u'memcached', u'libmemcached'])
TASK [memcached : Service Enabled] *********************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find the requested service memcached: host"}
我的.drone.yml
pipeline:
build:
image: samdoran/centos7-ansible
privileged: true
commands:
- echo 'sslverify=0' >> /etc/yum.conf
- yum install -y redhat-lsb-core python-devel openldap-devel git gcc gcc-c++ python2-pip
- pip install -U pip tox
- tox
我的docker-compose.yml
version: '2'
services:
drone-server:
image: drone/drone:0.8
ports:
- 8000:8000
- 9000
volumes:
- /var/lib/drone:/var/lib/drone/
- /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
restart: always
environment:
- DRONE_OPEN=true
- DRONE_HOST=https://example.server
- DRONE_ADMIN=drone
- DRONE_VOLUME=/etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
- DRONE_GOGS_GIT_USERNAME=drone
- DRONE_GOGS_GIT_PASSWORD=XXXXXXXX
- DRONE_GOGS=true
- DRONE_GOGS_URL=https://example.gogs
- DRONE_SECRET=${DRONE_SECRET}
drone-agent:
image: drone/agent:0.8
command: agent
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_SERVER=drone-server:9000
- DRONE_SECRET=${DRONE_SECRET}
- DOCKER_API_VERSION=1.24
我尝试手动安装 memcached,从我的 fedora 工作站启动一个基础 centos:7 docker 容器,服务在 --privileged 时按预期启动。无人机 docker 在 RHEL 7 主机上是 运行。我已经在 Drone 界面中将存储库设置为受信任。
将 /sys/fs/cgroup 的只读权限添加到您的 volumes 部分:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
完整解释here。
原来问题与入口命令的实现方式有关,如果您覆盖命令,它不会像预期的那样初始化。因此,解决方法是启动容器,分离,然后将命令发送到 运行 容器。
---
pipeline:
system:
image: cyberpunkspike/docker-centos7-ansible:latest
labels:
com.amtrustna.it.infr.serv.system: "true"
cap_add:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
init: /usr/lib/systemd/systemd
detach: true
exec:
image: docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- CONTAINER_ID="$(docker ps -qf "label=com.amtrustna.it.infr.serv.system")"
- test -n "$CONTAINER_ID" || { echo "Container Not Found"; exit 1 ;}
- docker exec -t "$CONTAINER_ID" sh -c "export TERM=xterm-256color; cd $PWD && tox"
有时您可以通过将 init 命令替换为 systemctl.py 来删除整个 priviledged/systemd 内容。它甚至可能为您提供不同的错误诊断。
在测试 Ansible 角色时,我的 systemd 服务无法启动。这是我得到的错误,
TASK [memcached : Packages Present] ********************************************
changed: [localhost] => (item=[u'memcached', u'libmemcached'])
TASK [memcached : Service Enabled] *********************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find the requested service memcached: host"}
我的.drone.yml
pipeline:
build:
image: samdoran/centos7-ansible
privileged: true
commands:
- echo 'sslverify=0' >> /etc/yum.conf
- yum install -y redhat-lsb-core python-devel openldap-devel git gcc gcc-c++ python2-pip
- pip install -U pip tox
- tox
我的docker-compose.yml
version: '2'
services:
drone-server:
image: drone/drone:0.8
ports:
- 8000:8000
- 9000
volumes:
- /var/lib/drone:/var/lib/drone/
- /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
restart: always
environment:
- DRONE_OPEN=true
- DRONE_HOST=https://example.server
- DRONE_ADMIN=drone
- DRONE_VOLUME=/etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
- DRONE_GOGS_GIT_USERNAME=drone
- DRONE_GOGS_GIT_PASSWORD=XXXXXXXX
- DRONE_GOGS=true
- DRONE_GOGS_URL=https://example.gogs
- DRONE_SECRET=${DRONE_SECRET}
drone-agent:
image: drone/agent:0.8
command: agent
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_SERVER=drone-server:9000
- DRONE_SECRET=${DRONE_SECRET}
- DOCKER_API_VERSION=1.24
我尝试手动安装 memcached,从我的 fedora 工作站启动一个基础 centos:7 docker 容器,服务在 --privileged 时按预期启动。无人机 docker 在 RHEL 7 主机上是 运行。我已经在 Drone 界面中将存储库设置为受信任。
将 /sys/fs/cgroup 的只读权限添加到您的 volumes 部分:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
完整解释here。
原来问题与入口命令的实现方式有关,如果您覆盖命令,它不会像预期的那样初始化。因此,解决方法是启动容器,分离,然后将命令发送到 运行 容器。
---
pipeline:
system:
image: cyberpunkspike/docker-centos7-ansible:latest
labels:
com.amtrustna.it.infr.serv.system: "true"
cap_add:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
init: /usr/lib/systemd/systemd
detach: true
exec:
image: docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- CONTAINER_ID="$(docker ps -qf "label=com.amtrustna.it.infr.serv.system")"
- test -n "$CONTAINER_ID" || { echo "Container Not Found"; exit 1 ;}
- docker exec -t "$CONTAINER_ID" sh -c "export TERM=xterm-256color; cd $PWD && tox"
有时您可以通过将 init 命令替换为 systemctl.py 来删除整个 priviledged/systemd 内容。它甚至可能为您提供不同的错误诊断。