Bug 1537872
Summary: | Azure need set virt_use_samba | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Wenqi He <wehe> |
Component: | Installer | Assignee: | Kenny Woodson <kwoodson> |
Status: | CLOSED ERRATA | QA Contact: | Wenqi He <wehe> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 3.9.0 | CC: | aos-bugs, hchen, jokerman, mmccomas, xtian |
Target Milestone: | --- | ||
Target Release: | 3.9.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
To enable support for storage devices on Azure the seboolean virt_use_samba is required.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-27 18:01:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Wenqi He
2018-01-24 03:10:29 UTC
Possible dupe or at least related to https://bugzilla.redhat.com/show_bug.cgi?id=1536362 Huamin, can you help us figure out the right fix for this and your bug? Are they dupes? do we need to add all these additional packages as dependencies? Hi Scott, Yes, we need cifs-utils but we don't need samba-common or samba-client to turn on samba selinux. The openshift doc [1] appears to come from Azure file Linux requirement [2]. It is a general requirement for Linux hosts that use either samba or mount.cifs to mount cifs share. But on openshift/kubernetes, we don't use samba command at all. We don't need these packages. 1. https://github.com/openshift/openshift-docs/blame/master/install_config/persistent_storage/persistent_storage_azure_file.adoc 2. https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux I tried with below version: openshift v3.9.0-0.36.0 kubernetes v1.9.1+a0ce1bc657 I think we need at least to enable the SELinux booleans of virt_use_samba, otherwise, azure file cannot be used. Please see bug #1536362#c9 Suggested fix: https://github.com/openshift/openshift-ansible/pull/7246 Tested with below version: openshift-ansible-3.9.1-1.git.0.9862628.el7.noarch.rpm $oc version openshift v3.9.1 kubernetes v1.9.1+a0ce1bc657 Now the virt_use_samba is on by default: # getsebool -a | grep virt_use_samba virt_use_samba --> on I have problem testing with 3.9.14 on Azure using Azure file 1. $getsebool -a |grep virt_use_samb virt_use_samba --> on 2. pv apiVersion: "v1" kind: "PersistentVolume" metadata: name: "pv0001" spec: capacity: storage: "1Gi" accessModes: - "ReadWriteMany" azureFile: secretName: azure-secret shareName: ocptestfile readOnly: false mountOptions: - uid=1000150000 - dir_mode=0777 - file_mode=0777 3. what container is running, I am still getting permission denied. h-4.2$ ls -lZ -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 README.md drwxrwxr-x. default root system_u:object_r:container_file_t:s0:c9,c12 css drwxrwxr-x. default root system_u:object_r:container_file_t:s0:c9,c12 includes -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 index.php -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 info.php -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 listfiles.php -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 upload.php drwxrwxrwx. 1000150000 1000150000 system_u:object_r:cifs_t:s0 uploaded sh-4.2$ cd upload upload.php uploaded/ sh-4.2$ cd upload upload.php uploaded/ sh-4.2$ cd uploaded sh-4.2$ ls ls: cannot open directory .: Permission denied sh-4.2$ (In reply to Shanna Chan from comment #6) > I have problem testing with 3.9.14 on Azure using Azure file What's your id in you project? $ id The project has a user id range, you need to adjust it and set it accordingly. I suggest you just remove the "- uid=1000150000" in the pv mountOptions, and then try again. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2013 |