Bug 1466502

Summary: [DOC] Need to recommend setting mount-time context on SELINUX 1.3.2+ clusters
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Mike Hackett <mhackett>
Component: DocumentationAssignee: ceph-docs <ceph-docs>
Status: CLOSED CURRENTRELEASE QA Contact: Tejas <tchandra>
Severity: low Docs Contact:
Priority: low    
Version: 1.3.3CC: hnallurv, kdreyer, mhackett
Target Milestone: rc   
Target Release: 1.3.3   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-22 12:16:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Hackett 2017-06-29 20:14:10 UTC
Description of problem:
We should strongly encourage any customer running with SELinux enforcing to add a static SELinux context to the OSD mount options in the install guide.

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/1.3/html-single/installation_guide_for_red_hat_enterprise_linux/#selinux

[osd]
osd_mount_options_xfs=rw,noatime,inode64,context="system_u:object_r:ceph_var_lib_t:s0"

We see in environments with a large number of objects per PG, the directory enumeration speed is negatively impacted by the addition of xattr queries which accompany SELinux context verification.  Setting the context at the mount option removes the xattr lookups for context and helps overall disk performance, especially on slower disks.

Version-Release number of selected component (if applicable):
1.3.2+

Comment 3 Harish NV Rao 2017-07-21 09:00:33 UTC
@Mike, please change the target release if it has to be fixed in 1.3.x docs.

Comment 4 Harish NV Rao 2017-08-02 10:32:07 UTC
(In reply to Harish NV Rao from comment #3)
> @Mike, please change the target release if it has to be fixed in 1.3.x docs.

@Mike, a gentle reminder.

Comment 7 Giridhar Ramaraju 2019-08-05 13:09:04 UTC
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. 

Regards,
Giri

Comment 8 Giridhar Ramaraju 2019-08-05 13:10:25 UTC
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. 

Regards,
Giri