Bug 1290487
| Summary: | [DOCS] Document OverlayFS support for OpenShift | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Eduardo Minguez <eminguez> |
| Component: | Documentation | Assignee: | brice <bfallonf> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Vikram Goyal <vigoyal> |
| Severity: | medium | Docs Contact: | Vikram Goyal <vigoyal> |
| Priority: | low | ||
| Version: | 3.1.0 | CC: | adellape, aos-bugs, bbreard, eminguez, erich, jokerman, misalunk, mmccomas |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-25 00:59:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Eduardo Minguez
2015-12-10 16:20:52 UTC
We should document https://bugzilla.redhat.com/show_bug.cgi?id=1361535#c6 (In reply to Eric Rich from comment #3) > We should document https://bugzilla.redhat.com/show_bug.cgi?id=1361535#c6 Documenation should include the statement (in some form): > without selinux, there is an increased risk of one container reading the contents of another and we can't claim to have a true multi-tenant system. It's only valid to use OpenShift in this way if all users of the system are trusted. I've submitted a PR for this: https://github.com/openshift/openshift-docs/pull/2787 However, I'm not actually sure if this is what we're after. I think it'd be silly to put in the same content from the RHEL docs, so I went with this option. Eric, Eduardo, can I get an ack or a nack that this is fulfilling this BZ? Also, if the placement is correct? Thanks! I'd say we should add some statement about it is tech-preview and that selinux is not supported ATM. Eduardo, I'm not sure what you mean. SELinux is used very much within OpenShift, correct? Do you mean that SELinux working with OverlayFS is not supported? So maybe I should be adding something like: "Using OverlayFS in conjunction with SELinux is currently in tech preview." ? I think there are different issues: * OverlayFS is tech-preview in RHEL and requires disabling SELinux * Disabling SELinux in OpenShift is kind of not supported * OverlayFS + SELinux doesn't work AFAIK ( https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html says SELinux support for OverlayFS is being worked on upstream, and is expected in a future release.) (In reply to Eduardo Minguez from comment #8) > I think there are different issues: > > * OverlayFS is tech-preview in RHEL and requires disabling SELinux > * Disabling SELinux in OpenShift is kind of not supported > * OverlayFS + SELinux doesn't work AFAIK ( > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ > html/7.2_Release_Notes/technology-preview-file_systems.html says SELinux > support for OverlayFS is being worked on upstream, and is expected in a > future release.) This should be answered by https://bugzilla.redhat.com/show_bug.cgi?id=1361535 Thanks Eric. Documenting it is delayed till this is fully supported. Leaving the BZ open till then but removing it from the sprint. New PR for this: https://github.com/openshift/openshift-docs/pull/4969 Verified that the information is all there. If there's any thoughts, please let me know. Now on peer review. Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/0be825ade1eb0e1c3ce795cf67738a6fd5a527b5 Merge pull request #4969 from bfallonf/overlay_1290487 Bug 1290487 Added section on overlayfs |