Bug 1466502 - [DOC] Need to recommend setting mount-time context on SELINUX 1.3.2+ clusters
[DOC] Need to recommend setting mount-time context on SELINUX 1.3.2+ clusters
Status: NEW
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: Documentation (Show other bugs)
1.3.3
All Linux
low Severity low
: rc
: 1.3.3
Assigned To: ceph-docs@redhat.com
ceph-qe-bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-29 16:14 EDT by Mike Hackett
Modified: 2017-08-08 02:33 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike Hackett 2017-06-29 16:14:10 EDT
Description of problem:
We should strongly encourage any customer running with SELinux enforcing to add a static SELinux context to the OSD mount options in the install guide.

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/1.3/html-single/installation_guide_for_red_hat_enterprise_linux/#selinux

[osd]
osd_mount_options_xfs=rw,noatime,inode64,context="system_u:object_r:ceph_var_lib_t:s0"

We see in environments with a large number of objects per PG, the directory enumeration speed is negatively impacted by the addition of xattr queries which accompany SELinux context verification.  Setting the context at the mount option removes the xattr lookups for context and helps overall disk performance, especially on slower disks.

Version-Release number of selected component (if applicable):
1.3.2+
Comment 3 Harish NV Rao 2017-07-21 05:00:33 EDT
@Mike, please change the target release if it has to be fixed in 1.3.x docs.
Comment 4 Harish NV Rao 2017-08-02 06:32:07 EDT
(In reply to Harish NV Rao from comment #3)
> @Mike, please change the target release if it has to be fixed in 1.3.x docs.

@Mike, a gentle reminder.

Note You need to log in before you can comment on or make changes to this bug.