Hide Forgot
Description of problem: To test and use azure file storage, need to install samba-client, samba-common, and cifs-utils on all nodes by defualt and enable the SELinux booleans $ /usr/sbin/setsebool -P virt_use_samba on Version-Release number of the following components: rpm -q openshift-ansible openshift-ansible-3.9.0-0.22.0.git.0.0e9d896.el7.noarch How reproducible: Always Steps to Reproduce: 1. Install OCP on Azure 2. 3. Actual results: No packages of samba-client, samba-common, and cifs-utils installed by default Expected results: Install these package by default and enable the SELinux booleans $ /usr/sbin/setsebool -P virt_use_samba on Official doc is here: https://docs.openshift.com/container-platform/latest/install_config/persistent_storage/persistent_storage_azure_file.html Additional info:
Possible dupe or at least related to https://bugzilla.redhat.com/show_bug.cgi?id=1536362 Huamin, can you help us figure out the right fix for this and your bug? Are they dupes? do we need to add all these additional packages as dependencies?
Hi Scott, Yes, we need cifs-utils but we don't need samba-common or samba-client to turn on samba selinux. The openshift doc [1] appears to come from Azure file Linux requirement [2]. It is a general requirement for Linux hosts that use either samba or mount.cifs to mount cifs share. But on openshift/kubernetes, we don't use samba command at all. We don't need these packages. 1. https://github.com/openshift/openshift-docs/blame/master/install_config/persistent_storage/persistent_storage_azure_file.adoc 2. https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux
I tried with below version: openshift v3.9.0-0.36.0 kubernetes v1.9.1+a0ce1bc657 I think we need at least to enable the SELinux booleans of virt_use_samba, otherwise, azure file cannot be used. Please see bug #1536362#c9
Suggested fix: https://github.com/openshift/openshift-ansible/pull/7246
Tested with below version: openshift-ansible-3.9.1-1.git.0.9862628.el7.noarch.rpm $oc version openshift v3.9.1 kubernetes v1.9.1+a0ce1bc657 Now the virt_use_samba is on by default: # getsebool -a | grep virt_use_samba virt_use_samba --> on
I have problem testing with 3.9.14 on Azure using Azure file 1. $getsebool -a |grep virt_use_samb virt_use_samba --> on 2. pv apiVersion: "v1" kind: "PersistentVolume" metadata: name: "pv0001" spec: capacity: storage: "1Gi" accessModes: - "ReadWriteMany" azureFile: secretName: azure-secret shareName: ocptestfile readOnly: false mountOptions: - uid=1000150000 - dir_mode=0777 - file_mode=0777 3. what container is running, I am still getting permission denied. h-4.2$ ls -lZ -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 README.md drwxrwxr-x. default root system_u:object_r:container_file_t:s0:c9,c12 css drwxrwxr-x. default root system_u:object_r:container_file_t:s0:c9,c12 includes -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 index.php -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 info.php -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 listfiles.php -rw-rw-r--. default root system_u:object_r:container_file_t:s0:c9,c12 upload.php drwxrwxrwx. 1000150000 1000150000 system_u:object_r:cifs_t:s0 uploaded sh-4.2$ cd upload upload.php uploaded/ sh-4.2$ cd upload upload.php uploaded/ sh-4.2$ cd uploaded sh-4.2$ ls ls: cannot open directory .: Permission denied sh-4.2$
(In reply to Shanna Chan from comment #6) > I have problem testing with 3.9.14 on Azure using Azure file What's your id in you project? $ id The project has a user id range, you need to adjust it and set it accordingly. I suggest you just remove the "- uid=1000150000" in the pv mountOptions, and then try again.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2013