Red Hat Summit15.4. Configuration Examples
15.4.1. Labeling Gluster Bricks
リンクのコピーリンクがクリップボードにコピーされました!
A Gluster brick is an export directory on a server in the trusted storage pool. In case that the brick is not labeled with the correct SELinux context,
glusterd_brick_t, SELinux denies certain file access operations and generates various AVC messages.
The following procedure shows how to label Gluster bricks with the correct SELinux context. The procedure assumes that you previously created and formatted a logical volume, for example
/dev/rhgs/gluster, to be used as the Gluster brick.
For detailed information about Gluster bricks, see the Red Hat Gluster Storage Volumes chapter in the Administration Guide for Red Hat Gluster Storage.
Procedure 15.1. How to Label a Gluster Brick
- Create a directory to mount the previously formatted logical volume. For example:
mkdir /mnt/brick1
~]# mkdir /mnt/brick1Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Mount the logical volume, in this case
/dev/vg-group/gluster, to the/mnt/brick1/directory created in the previous step.mount /dev/vg-group/gluster /mnt/brick1/
~]# mount /dev/vg-group/gluster /mnt/brick1/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note that themountcommand mounts devices only temporarily. To mount the device permanently, add an entry similar as the following one to the/etc/fstabfile:/dev/vg-group/gluster /mnt/brick1 xfs rw,inode64,noatime,nouuid 1 2
/dev/vg-group/gluster /mnt/brick1 xfs rw,inode64,noatime,nouuid 1 2Copy to Clipboard Copied! Toggle word wrap Toggle overflow For more information, see the fstab(5) manual page. - Check the SELinux context of
/mnt/brick1/:ls -lZd /mnt/brick1/ drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /mnt/brick1/
~]$ ls -lZd /mnt/brick1/ drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /mnt/brick1/Copy to Clipboard Copied! Toggle word wrap Toggle overflow The directory is labeled with theunlabeled_tSELinux type. - Change the SELinux type of
/mnt/brick1/to theglusterd_brick_tSELinux type:semanage fcontext -a -t glusterd_brick_t "/mnt/brick1(/.*)?"
~]# semanage fcontext -a -t glusterd_brick_t "/mnt/brick1(/.*)?"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Use the
restoreconutility to apply the changes:restorecon -Rv /mnt/brick1
~]# restorecon -Rv /mnt/brick1Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Finally, verify that the context has been successfully changed:
ls -lZd /mnt/brick1 drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 /mnt/brick1/
~]$ ls -lZd /mnt/brick1 drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 /mnt/brick1/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}