-
Notifications
You must be signed in to change notification settings - Fork 857
What if /usr is (mostly) read-only #150
Comments
What if the systemd unit was installed to /etc instead? Or is that also (Just brainstorming) On Friday, September 9, 2016, Jérémy Lecour notifications@github.com
|
For the moment, I do the remount as "read-write" before executing the tasks, so it works,but it would be great to have it done in an automatic way "in the role". Writing the unit in Thanks for your advice. |
IMHO this should be handle in a role/task dedicated to your env. It's kind of a special case related to your env and not directly related to ES. thoughts @gingerwizard @jpcarey ? |
I see your point, but it's more and more a common case to have When you have Maybe putting the service file in |
I'd add this, from the Filesystem Hierarchy Standard :
It seems quite clear that the SystemD service file shouldn't be written to |
FHS is a very poorly detailed document. Let's leave that out. It is not common to have a read-only mount for /usr. Debian and red hat On systemd systems, unit files can go in /etc or the systemd directory On Tuesday, September 13, 2016, Jérémy Lecour notifications@github.com
|
Well it wasn't us who decided to install the systemd files in that location by default, that probably something the distros decided. (Esp on RHEL/Fedora) I'm also against moving it to Can't you just remount rw when the playbook start and remount ro at the end? We discussed this internally and decided not to include such a mechanism in this role. Sorry. |
I disagree but understand that you don't want to take that use case into account. In fact I can't mount the partition as "read-write" before the role is executed because Apt has a hook around a package install and will remount as "read-only" right away. Since there is no hook in the role, I'm screwed. I guess I'll have to fork the role and maintain my own version. Thanks anyway for the discussion about this. |
I don't understand, |
Exactly ! That's what I was trying to explain, but I guess I wasn't very convincing. |
Guys, we are just following the convention of the Elasticsearch RPM/DEB package here. |
Sorry, I shouldn't have commented on the decision. This discussion came up when I searched for general information. RPM/DEB packages using |
Hi,
I'm used to have the
/usr
partition as "read-only". It's a security policy.I'm using Debian and with apt there is an easy way to remount the partition as "read-write" before installing a package and then back to read-only after. In the Debian ecosystem it's quite an usual habit and it's more and more taken into account at the distribution level.
With this Ansible role, I can't install the SystemD unit.
I think we can deal with this with a couple of action that would detect if
/usr
is a separate partition and if it's read-only. Then it would do the remount dance around installing the SystemD unit.What do you think about this?
The text was updated successfully, but these errors were encountered: