Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1152606 - [RFE] Provide a way to move pulp content to NFS share with SELinux turned on
Summary: [RFE] Provide a way to move pulp content to NFS share with SELinux turned on
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Documentation
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: Unspecified
Assignee: Dan Macpherson
QA Contact: Andrew Dahms
URL:
Whiteboard:
Depends On: 1175483
Blocks: 1175448
TreeView+ depends on / blocked
 
Reported: 2014-10-14 13:56 UTC by Lukas Zapletal
Modified: 2021-04-06 18:27 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1175483 (view as bug list)
Environment:
Last Closed: 2016-11-02 01:19:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Pulp Redmine 282 0 High CLOSED - CURRENTRELEASE As a user, I have docs on how to cluster Pulp with NFS for httpd and worker scaling purposes Never
Red Hat Bugzilla 1159270 1 None None None 2021-01-20 06:05:38 UTC

Internal Links: 1159270

Description Lukas Zapletal 2014-10-14 13:56:48 UTC 
Things need to be relabeled or some booleans turned on.
Comment 1 RHEL Program Management 2014-10-14 14:03:16 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 4 Lukas Zapletal 2014-10-15 07:06:18 UTC 
Ok it turns out this is not doco-only feature.

This goes to the Pulp team, it's a SELinux feature, but I am setting the "Content management" component.

What does not work:

1. Mount /var/lib/pulp via NFS
2. Try to sync or consume content

SELinux will not allow due to incorrect file labels.

The recommended way is to implement similar tool like this one:

https://github.com/spacewalkproject/spacewalk/blob/master/spacewalk/setup/bin/spacewalk-make-mount-points

to correct labels and sets required booleans. We also need to add instructions to the Satellite 6 documentation once this is done.
Comment 6 pulp-infra@redhat.com 2015-04-07 20:30:41 UTC 
The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug.
Comment 7 pulp-infra@redhat.com 2015-04-14 17:30:46 UTC 
The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.
Comment 8 pulp-infra@redhat.com 2015-04-14 18:00:49 UTC 
The Pulp upstream bug status is at ON_QA. Updating the external tracker on this bug.
Comment 9 Brian Bouterse 2015-04-14 18:34:38 UTC 
There is nothing to cherry pick here because it's all docs. Katello needs to use additional options as it mounts the different parts of Pulp. Specifically go read:

https://github.com/pulp/pulp/blob/master/docs/user-guide/scaling.rst#selinux-requirements

and

https://github.com/pulp/pulp/blob/master/docs/user-guide/scaling.rst#sharing-with-nfs
Comment 10 pulp-infra@redhat.com 2015-04-28 15:30:49 UTC 
The Pulp upstream bug status is at VERIFIED. Updating the external tracker on this bug.
Comment 11 pulp-infra@redhat.com 2015-05-05 13:30:53 UTC 
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.
Comment 12 pulp-infra@redhat.com 2015-10-02 13:13:35 UTC 
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.
Comment 13 pulp-infra@redhat.com 2015-10-02 13:13:37 UTC 
The Pulp upstream bug priority is at High. Updating the external tracker on this bug.
Comment 15 Brian Bouterse 2015-10-12 11:37:29 UTC 
Sat6 should go with option B. For a variety of reasons, there are no plans to provide an upstream tool to fix incorrect SELinux labels.
Comment 16 Lukas Zapletal 2015-10-13 13:17:22 UTC 
Brian, can you show me Pulp documentation chapter that describes how to install Pulp with /var/lib/pulp mounted via NFS the step by step? Do I install Pulp normally and then move the contents onto the NFS server?
Comment 17 Brian Bouterse 2015-10-13 16:14:02 UTC 
Usually people do the install and then move files onto the NFS mount points and then remount those files into the places Pulp expects them to be. There are three paths that need this kind of treatment [0]. When you put the files onto NFS, if you haven't already configured the NFS volume to create the files with the correct selinux context (see below), then you'll have to rerun them with a manual chcon. Regardless of how its done, here are the expected selinux labels [1].

When configuring NFS you'll need to use the NFS options 'context' which will force new files to be written using the correct selinux labels. You'll also need to use fsid to workaround the problem of mounts having the same directory name. More details are here [2]. Send more specific questions as they come up.

We don't have a step-by-step specific for NFS upstream. There are many different clustered filesystems that people want to use. We identify filesystem requirements that way the documentation is relevant for all filesystem types. We have tested with NFS though, and the 'fsid' and 'context' were the only "pulp specific" aspects besides the normal uid/gid matching that NFS usually relies on.

[0]: http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#filesystem-requirements

[1]: http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#selinux-requirements

[2]: http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#sharing-with-nfs
Comment 18 Lukas Zapletal 2015-10-15 11:49:48 UTC 
Ok, thanks, setting back to doco only. We are not going to automate this. Please document what Brian described in comment 17 in our installer guide (?) perhaps.
Comment 19 Deon Ballard 2015-12-02 19:35:53 UTC 
Mass re-assign of all content / lifecycle related bugs to Dan MacPherson for the new content management guide.
Comment 21 Deon Ballard 2015-12-10 17:21:23 UTC 
++++ IMPORTANT +++++

These bugs are being reassigned to Dan MacPherson as part of his work on creating a content management guide.


/////////////////////////////
DO NOT REASSIGN TO THE QUEUE.
/////////////////////////////
Comment 22 Dan Macpherson 2016-02-03 04:54:14 UTC 
Hi Stephen,

Sorry for the late reply. Will be including this in the Content Management Guide.

- Dan
Comment 26 Mike McCune 2016-03-28 22:28:36 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 27 Dan Macpherson 2016-05-06 03:24:47 UTC 
The bugs were included as part of technical review of the full guide. In addition, the guide has been peer reviewed.

Setting the QA contact to adahms and flipping the status to ON_QA.
Comment 28 Andrew Dahms 2016-11-02 01:19:13 UTC 
Looks good to move, and this content is now live on the Customer Portal.

Closing.
Note You need to log in before you can comment on or make changes to this bug.