Document URL: https://docs.openshift.com/enterprise/3.1/install_config/install/index.html ? I really don't know if it fits there... Section Number and Name: Overview? Describe the issue: There is no words about overlayfs support in OSE3 (but in RHEL7.2), and it would be nice to have a paragraph explaining how it works, if it is supported or not (selinux is not supported, posix is not supported,...) Suggestions for improvement: Additional information:
We should document https://bugzilla.redhat.com/show_bug.cgi?id=1361535#c6
(In reply to Eric Rich from comment #3) > We should document https://bugzilla.redhat.com/show_bug.cgi?id=1361535#c6 Documenation should include the statement (in some form): > without selinux, there is an increased risk of one container reading the contents of another and we can't claim to have a true multi-tenant system. It's only valid to use OpenShift in this way if all users of the system are trusted.
I've submitted a PR for this: https://github.com/openshift/openshift-docs/pull/2787 However, I'm not actually sure if this is what we're after. I think it'd be silly to put in the same content from the RHEL docs, so I went with this option. Eric, Eduardo, can I get an ack or a nack that this is fulfilling this BZ? Also, if the placement is correct? Thanks!
I'd say we should add some statement about it is tech-preview and that selinux is not supported ATM.
Eduardo, I'm not sure what you mean. SELinux is used very much within OpenShift, correct? Do you mean that SELinux working with OverlayFS is not supported? So maybe I should be adding something like: "Using OverlayFS in conjunction with SELinux is currently in tech preview." ?
I think there are different issues: * OverlayFS is tech-preview in RHEL and requires disabling SELinux * Disabling SELinux in OpenShift is kind of not supported * OverlayFS + SELinux doesn't work AFAIK ( https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html says SELinux support for OverlayFS is being worked on upstream, and is expected in a future release.)
(In reply to Eduardo Minguez from comment #8) > I think there are different issues: > > * OverlayFS is tech-preview in RHEL and requires disabling SELinux > * Disabling SELinux in OpenShift is kind of not supported > * OverlayFS + SELinux doesn't work AFAIK ( > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ > html/7.2_Release_Notes/technology-preview-file_systems.html says SELinux > support for OverlayFS is being worked on upstream, and is expected in a > future release.) This should be answered by https://bugzilla.redhat.com/show_bug.cgi?id=1361535
Thanks Eric. Documenting it is delayed till this is fully supported. Leaving the BZ open till then but removing it from the sprint.
New PR for this: https://github.com/openshift/openshift-docs/pull/4969 Verified that the information is all there. If there's any thoughts, please let me know. Now on peer review.
Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/0be825ade1eb0e1c3ce795cf67738a6fd5a527b5 Merge pull request #4969 from bfallonf/overlay_1290487 Bug 1290487 Added section on overlayfs
Link to published docs: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html-single/installation_and_configuration/#install-prerequisites-overlayfs