Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1537872 - Azure need set virt_use_samba
Azure need set virt_use_samba
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.9.0
Unspecified Unspecified
high Severity high
: ---
: 3.9.0
Assigned To: Kenny Woodson
Wenqi He
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-23 22:10 EST by Wenqi He
Modified: 2018-06-27 14:01 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
To enable support for storage devices on Azure the seboolean virt_use_samba is required.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-06-27 14:01:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2013 None None None 2018-06-27 14:01 EDT

  None (edit)
Description Wenqi He 2018-01-23 22:10:29 EST 
Description of problem:
To test and use azure file storage, need to install samba-client, samba-common, and cifs-utils on all nodes by defualt and enable the SELinux booleans
$ /usr/sbin/setsebool -P virt_use_samba on


Version-Release number of the following components:
rpm -q openshift-ansible
openshift-ansible-3.9.0-0.22.0.git.0.0e9d896.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install OCP on Azure
2.
3.

Actual results:
No packages of samba-client, samba-common, and cifs-utils installed by default

Expected results:
Install these package by default and enable the SELinux booleans
$ /usr/sbin/setsebool -P virt_use_samba on

Official doc is here: https://docs.openshift.com/container-platform/latest/install_config/persistent_storage/persistent_storage_azure_file.html


Additional info:
Comment 1 Scott Dodson 2018-01-24 13:37:36 EST 
Possible dupe or at least related to https://bugzilla.redhat.com/show_bug.cgi?id=1536362

Huamin, can you help us figure out the right fix for this and your bug? Are they dupes? do we need to add all these additional packages as dependencies?
Comment 2 hchen 2018-01-29 13:55:51 EST 
Hi Scott, 
Yes, we need cifs-utils but we don't need samba-common or samba-client to turn on samba selinux. 

The openshift doc [1] appears to come from Azure file Linux requirement [2]. It is a general requirement for Linux hosts that use either samba or mount.cifs to mount cifs share. But on openshift/kubernetes, we don't use samba command at all. We don't need these packages.

1. https://github.com/openshift/openshift-docs/blame/master/install_config/persistent_storage/persistent_storage_azure_file.adoc
2. https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux
Comment 3 Wenqi He 2018-02-06 04:49:21 EST 
I tried with below version:
openshift v3.9.0-0.36.0
kubernetes v1.9.1+a0ce1bc657

I think we need at least to enable the SELinux booleans of virt_use_samba, otherwise, azure file cannot be used. Please see bug #1536362#c9
Comment 4 Kenny Woodson 2018-02-22 09:41:59 EST 
Suggested fix: https://github.com/openshift/openshift-ansible/pull/7246
Comment 5 Wenqi He 2018-02-28 02:32:19 EST 
Tested with below version:
openshift-ansible-3.9.1-1.git.0.9862628.el7.noarch.rpm

$oc version
openshift v3.9.1
kubernetes v1.9.1+a0ce1bc657

Now the virt_use_samba is on by default:
# getsebool -a | grep virt_use_samba
virt_use_samba --> on
Comment 6 Shanna Chan 2018-04-25 19:59:49 EDT 
I have problem testing with 3.9.14 on Azure using Azure file
1. $getsebool -a |grep virt_use_samb
   virt_use_samba --> on
2. pv
apiVersion: "v1"
kind: "PersistentVolume"
metadata:
  name: "pv0001" 
spec:
  capacity:
    storage: "1Gi" 
  accessModes:
    - "ReadWriteMany"
  azureFile: 
    secretName: azure-secret 
    shareName: ocptestfile
    readOnly: false 
  mountOptions:
    - uid=1000150000
    - dir_mode=0777
    - file_mode=0777 
3. what container is running, I am still getting permission denied.
h-4.2$ ls -lZ
-rw-rw-r--. default    root       system_u:object_r:container_file_t:s0:c9,c12 README.md
drwxrwxr-x. default    root       system_u:object_r:container_file_t:s0:c9,c12 css
drwxrwxr-x. default    root       system_u:object_r:container_file_t:s0:c9,c12 includes
-rw-rw-r--. default    root       system_u:object_r:container_file_t:s0:c9,c12 index.php
-rw-rw-r--. default    root       system_u:object_r:container_file_t:s0:c9,c12 info.php
-rw-rw-r--. default    root       system_u:object_r:container_file_t:s0:c9,c12 listfiles.php
-rw-rw-r--. default    root       system_u:object_r:container_file_t:s0:c9,c12 upload.php
drwxrwxrwx. 1000150000 1000150000 system_u:object_r:cifs_t:s0      uploaded
sh-4.2$ cd upload
upload.php  uploaded/
sh-4.2$ cd upload
upload.php  uploaded/
sh-4.2$ cd uploaded
sh-4.2$ ls
ls: cannot open directory .: Permission denied
sh-4.2$
Comment 7 Wenqi He 2018-04-25 22:37:48 EDT 
(In reply to Shanna Chan from comment #6)
> I have problem testing with 3.9.14 on Azure using Azure file

What's your id in you project?
$ id 

The project has a user id range, you need to adjust it and set it accordingly.
I suggest you just remove the "- uid=1000150000" in the pv mountOptions, and then try again.
Comment 9 errata-xmlrpc 2018-06-27 14:01:30 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2013
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.