Bug 1152606
| Summary: | [RFE] Provide a way to move pulp content to NFS share with SELinux turned on | |||
|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Lukas Zapletal <lzap> | |
| Component: | Documentation | Assignee: | Dan Macpherson <dmacpher> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Andrew Dahms <adahms> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.0.4 | CC: | bbuckingham, bkearney, bmbouter, daviddavis, dkliban, dlackey, dmacpher, ggainey, ipanova, lzap, mhrivnak, pcreech, rchan, satellite6-bugs, swadeley, ttereshc | |
| Target Milestone: | Unspecified | Keywords: | FutureFeature | |
| Target Release: | Unused | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Enhancement | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1175483 (view as bug list) | Environment: | ||
| Last Closed: | 2016-11-02 01:19:13 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1175483 | |||
| Bug Blocks: | 1175448 | |||
|
Description
Lukas Zapletal
2014-10-14 13:56:48 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. Ok it turns out this is not doco-only feature. This goes to the Pulp team, it's a SELinux feature, but I am setting the "Content management" component. What does not work: 1. Mount /var/lib/pulp via NFS 2. Try to sync or consume content SELinux will not allow due to incorrect file labels. The recommended way is to implement similar tool like this one: https://github.com/spacewalkproject/spacewalk/blob/master/spacewalk/setup/bin/spacewalk-make-mount-points to correct labels and sets required booleans. We also need to add instructions to the Satellite 6 documentation once this is done. The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug. The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug. The Pulp upstream bug status is at ON_QA. Updating the external tracker on this bug. There is nothing to cherry pick here because it's all docs. Katello needs to use additional options as it mounts the different parts of Pulp. Specifically go read: https://github.com/pulp/pulp/blob/master/docs/user-guide/scaling.rst#selinux-requirements and https://github.com/pulp/pulp/blob/master/docs/user-guide/scaling.rst#sharing-with-nfs The Pulp upstream bug status is at VERIFIED. Updating the external tracker on this bug. The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug. The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug. The Pulp upstream bug priority is at High. Updating the external tracker on this bug. Sat6 should go with option B. For a variety of reasons, there are no plans to provide an upstream tool to fix incorrect SELinux labels. Brian, can you show me Pulp documentation chapter that describes how to install Pulp with /var/lib/pulp mounted via NFS the step by step? Do I install Pulp normally and then move the contents onto the NFS server? Usually people do the install and then move files onto the NFS mount points and then remount those files into the places Pulp expects them to be. There are three paths that need this kind of treatment [0]. When you put the files onto NFS, if you haven't already configured the NFS volume to create the files with the correct selinux context (see below), then you'll have to rerun them with a manual chcon. Regardless of how its done, here are the expected selinux labels [1]. When configuring NFS you'll need to use the NFS options 'context' which will force new files to be written using the correct selinux labels. You'll also need to use fsid to workaround the problem of mounts having the same directory name. More details are here [2]. Send more specific questions as they come up. We don't have a step-by-step specific for NFS upstream. There are many different clustered filesystems that people want to use. We identify filesystem requirements that way the documentation is relevant for all filesystem types. We have tested with NFS though, and the 'fsid' and 'context' were the only "pulp specific" aspects besides the normal uid/gid matching that NFS usually relies on. [0]: http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#filesystem-requirements [1]: http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#selinux-requirements [2]: http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#sharing-with-nfs Ok, thanks, setting back to doco only. We are not going to automate this. Please document what Brian described in comment 17 in our installer guide (?) perhaps. Mass re-assign of all content / lifecycle related bugs to Dan MacPherson for the new content management guide. ++++ IMPORTANT +++++ These bugs are being reassigned to Dan MacPherson as part of his work on creating a content management guide. ///////////////////////////// DO NOT REASSIGN TO THE QUEUE. ///////////////////////////// Hi Stephen, Sorry for the late reply. Will be including this in the Content Management Guide. - Dan This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions The bugs were included as part of technical review of the full guide. In addition, the guide has been peer reviewed. Setting the QA contact to adahms and flipping the status to ON_QA. Looks good to move, and this content is now live on the Customer Portal. Closing. |