Bug 1463641 - [Ganesha] Ganesha service failed to start on new node added in existing ganeshacluster
Summary: [Ganesha] Ganesha service failed to start on new node added in existing gane...
Keywords:
Status: CLOSED EOL
Alias: None
Product: GlusterFS
Classification: Community
Component: common-ha
Version: 3.10
Hardware: Unspecified
OS: Unspecified
urgent
unspecified
Target Milestone: ---
Assignee: Kaleb KEITHLEY
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: glusterfs-3.10.4 1461098 1461186 1465605
TreeView+ depends on / blocked
 
Reported: 2017-06-21 12:11 UTC by Kaleb KEITHLEY
Modified: 2018-06-20 18:23 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1461098
Environment:
Last Closed: 2018-06-20 18:23:54 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:


Attachments (Terms of Use)

Comment 1 Kaleb KEITHLEY 2017-06-21 12:24:41 UTC
Looking at all the various selinux-policy packages in RHEL and Fedora, there are policies for glusterd and nfs-ganesha in selinux-policy for RHEL7.3.z, RHEL7.4, and Fedora 26 and 27.

Since they're not in Fedora 25 (and before I saw that they're in F26 and F27) I was tempted lift the policy bits from RHEL7 and add -selinux subpackages to gluster and nfs-ganesha. I'm not sure that's a good idea though at this point.

In the mean time it appears that all I need to do is add either
  semanage boolean -m ganesha_use_fusefs --on
or the
  %selinux_{set,unset}_booleans
to %post ganesha and %postun ganesha in the glusterfs.spec.

for Fedora 26 and later. Until {RHEL,CentOS} 7.4 ships this can't be added for RHEL as rpm packaging is not able to discriminate between there are no CentOS Z-Stream releases and rpm packages don't distinguish between 7.3 and 7.4

Comment 2 Worker Ant 2017-06-21 14:29:52 UTC
REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#1) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)

Comment 3 Worker Ant 2017-06-21 15:41:21 UTC
REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#2) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)

Comment 4 Worker Ant 2017-06-22 10:33:33 UTC
REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#3) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)

Comment 5 Worker Ant 2017-06-22 15:05:51 UTC
COMMIT: https://review.gluster.org/17597 committed in release-3.10 by Kaleb KEITHLEY (kkeithle) 
------
commit 5ad6e1e07f5304deb022ebd54dbbdac6f9c651fb
Author: Kaleb S. KEITHLEY <kkeithle>
Date:   Wed Jun 21 10:01:20 2017 -0400

    common-ha: enable and disable selinux ganesha_use_fusefs
    
    Starting in Fedora 26 and RHEL 7.4 there are new targeted policies
    in selinux which include a tuneable to allow ganesha.nfsd to access
    the gluster (FUSE) shared_storage volume where ganesha maintains its
    state.
    
    N.B. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
    so it can't be enabled for RHEL at this time. /usr/sbin/semanage is
    in policycoreutils-python in RHEL (versus policycoreutils-python-utils
    in Fedora.) Once RHEL 7.4 GAs we may also wish to specify the version
    for RHEL 7 explicitly, i.e.
      Requires: selinux-policy >= 3.13.1-160.
    But beware, the corresponding version in Fedora 26 seems to be
    selinux-policy-3.13.1.258 or so. (Maybe earlier versions, but that's
    what's currently in the F26 beta.
    
    release-3.10 is the upstream master branch for glusterfs-ganesha. For
    release-3.11 and later storhaug needs a similar change, which is
    tracked by https://github.com/linux-ha-storage/storhaug/issues/11
    
    Maybe at some point we would want to consider migrating the targeted
    policies for glusterfs (and nfs-ganesha) from selinux-policy to a
    glusterfs-selinux (and nfs-ganesha-selinux) subpackage?
    
    Change-Id: I04a5443edd00636cbded59a2baddfa98095bf7ac
    BUG: 1463641
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle>
    Reviewed-on: https://review.gluster.org/17597
    Smoke: Gluster Build System <jenkins.org>
    Reviewed-by: Niels de Vos <ndevos>
    Reviewed-by: jiffin tony Thottan <jthottan>
    CentOS-regression: Gluster Build System <jenkins.org>

Comment 6 Shyamsundar 2018-06-20 18:23:54 UTC
This bug reported is against a version of Gluster that is no longer maintained (or has been EOL'd). See https://www.gluster.org/release-schedule/ for the versions currently maintained.

As a result this bug is being closed.

If the bug persists on a maintained version of gluster or against the mainline gluster repository, request that it be reopened and the Version field be marked appropriately.


Note You need to log in before you can comment on or make changes to this bug.