Red Hat Summit15.4. Configuration Examples
15.4.1. Labeling Gluster Bricks
A Gluster brick is an export directory on a server in the trusted storage pool. In case that the brick is not labeled with the correct SELinux context,
glusterd_brick_t, SELinux denies certain file access operations and generates various AVC messages.
The following procedure shows how to label Gluster bricks with the correct SELinux context. The procedure assumes that you previously created and formatted a logical volume, for example
/dev/rhgs/gluster, to be used as the Gluster brick.
For detailed information about Gluster bricks, see the Red Hat Gluster Storage Volumes chapter in the Administration Guide for Red Hat Gluster Storage.
Procedure 15.1. How to Label a Gluster Brick
- Create a directory to mount the previously formatted logical volume. For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# mkdir /mnt/brick1
~]# mkdir /mnt/brick1 - Mount the logical volume, in this case
/dev/vg-group/gluster, to the/mnt/brick1/directory created in the previous step.Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# mount /dev/vg-group/gluster /mnt/brick1/
~]# mount /dev/vg-group/gluster /mnt/brick1/Note that themountcommand mounts devices only temporarily. To mount the device permanently, add an entry similar as the following one to the/etc/fstabfile:Copy to Clipboard Copied! Toggle word wrap Toggle overflow /dev/vg-group/gluster /mnt/brick1 xfs rw,inode64,noatime,nouuid 1 2
/dev/vg-group/gluster /mnt/brick1 xfs rw,inode64,noatime,nouuid 1 2For more information, see the fstab(5) manual page. - Check the SELinux context of
/mnt/brick1/:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ ls -lZd /mnt/brick1/ drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /mnt/brick1/
~]$ ls -lZd /mnt/brick1/ drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /mnt/brick1/The directory is labeled with theunlabeled_tSELinux type. - Change the SELinux type of
/mnt/brick1/to theglusterd_brick_tSELinux type:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# semanage fcontext -a -t glusterd_brick_t "/mnt/brick1(/.*)?"
~]# semanage fcontext -a -t glusterd_brick_t "/mnt/brick1(/.*)?" - Use the
restoreconutility to apply the changes:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# restorecon -Rv /mnt/brick1
~]# restorecon -Rv /mnt/brick1 - Finally, verify that the context has been successfully changed:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ ls -lZd /mnt/brick1 drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 /mnt/brick1/
~]$ ls -lZd /mnt/brick1 drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 /mnt/brick1/
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}