You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
= Configuring SELinux for the hostpath provisioner on Red Hat Enterprise Linux CoreOS 8
6
+
= Configuring SELinux for the hostpath provisioner on {op-system-first} 8
7
7
8
-
You must configure SELinux before you create the `HostPathProvisioner` custom
9
-
resource. To configure SELinux on Red Hat Enterprise Linux CoreOS 8 workers, you
10
-
must create a `MachineConfig` object on each node.
8
+
You must configure SELinux before you create the `HostPathProvisioner` custom resource. To configure SELinux on {op-system-first} 8 workers, you must create a `MachineConfig` object on each node.
11
9
12
10
.Prerequisites
13
11
14
-
* Create a backing directory on each node for the persistent volumes (PVs)
15
-
that the hostpath provisioner creates.
12
+
* Create a backing directory on each node for the persistent volumes (PVs) that the hostpath provisioner creates.
13
+
+
14
+
[IMPORTANT]
15
+
====
16
+
The backing directory must not be located in the filesystem's root directory because the `/` partition is read-only on {op-system}. For example, you can use `/var/<directory_name>` but not `/<directory_name>`.
17
+
====
16
18
17
19
18
20
.Procedure
@@ -25,8 +27,7 @@ that the hostpath provisioner creates.
25
27
$ touch machineconfig.yaml
26
28
----
27
29
28
-
. Edit the file, ensuring that you include the directory where you want the
29
-
hostpath provisioner to create PVs. For example:
30
+
. Edit the file, ensuring that you include the directory where you want the hostpath provisioner to create PVs. For example:
<1> Specify the backing directory where you want the provisioner to create PVs.
60
+
<1> Specify the backing directory where you want the provisioner to create PVs. This directory must not be located in the filesystem's root directory (`/`).
Copy file name to clipboardExpand all lines: modules/virt-creating-storage-class.adoc
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,7 +48,7 @@ do not specify a value, the storage class defaults to `Delete`.
48
48
binding occur. Specify `WaitForFirstConsumer` to delay the binding and provisioning
49
49
of a PV until after a pod that uses the persistent volume claim (PVC)
50
50
is created. This ensures that the PV meets the pod's scheduling requirements.
51
-
51
+
+
52
52
[NOTE]
53
53
====
54
54
Virtual machines use data volumes that are based on local PVs. Local PVs are bound to specific nodes. While the disk image is prepared for consumption by the virtual machine, it is possible that the virtual machine cannot be scheduled to the node where the local storage PV was previously pinned.
@@ -63,6 +63,6 @@ To solve this problem, use the Kubernetes pod scheduler to bind the PVC to a PV
Copy file name to clipboardExpand all lines: modules/virt-using-hostpath-provisioner.adoc
+15-18Lines changed: 15 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,26 +5,27 @@
5
5
[id="virt-using-hostpath-provisioner_{context}"]
6
6
= Using the hostpath provisioner to enable local storage
7
7
8
-
To deploy the hostpath provisioner and enable your virtual machines to use local
9
-
storage, first create a `HostPathProvisioner` custom resource.
8
+
To deploy the hostpath provisioner and enable your virtual machines to use local storage, first create a `HostPathProvisioner` custom resource.
10
9
11
10
.Prerequisites
12
11
13
-
* Create a backing directory on each node for the persistent volumes (PVs)
14
-
that the hostpath provisioner creates.
12
+
* Create a backing directory on each node for the persistent volumes (PVs) that the hostpath provisioner creates.
13
+
+
14
+
[IMPORTANT]
15
+
====
16
+
The backing directory must not be located in the filesystem's root directory because the `/` partition is read-only on {op-system-first}. For example, you can use `/var/<directory_name>` but not `/<directory_name>`.
17
+
====
15
18
16
-
* Apply the SELinux context `container_file_t` to the PV
17
-
backing directory on each node. For example:
19
+
* Apply the SELinux context `container_file_t` to the PV backing directory on each node. For example:
If you use Red Hat Enterprise Linux CoreOS 8 workers, you must configure SELinux
27
-
by using a `MachineConfig` manifest instead.
28
+
If you use {op-system-first} 8 workers, you must configure SELinux by using a `MachineConfig` manifest instead.
28
29
====
29
30
30
31
.Procedure
@@ -36,8 +37,7 @@ by using a `MachineConfig` manifest instead.
36
37
$ touch hostpathprovisioner_cr.yaml
37
38
----
38
39
39
-
. Edit the file, ensuring that the `spec.pathConfig.path` value is the directory
40
-
where you want the hostpath provisioner to create PVs. For example:
40
+
. Edit the file, ensuring that the `spec.pathConfig.path` value is the directory where you want the hostpath provisioner to create PVs. For example:
41
41
+
42
42
[source,yaml]
43
43
----
@@ -48,20 +48,17 @@ metadata:
48
48
spec:
49
49
imagePullPolicy: IfNotPresent
50
50
pathConfig:
51
-
path: "</path/to/backing/directory>" <1>
51
+
path: "<backing_directory_path>" <1>
52
52
useNamingPrefix: false <2>
53
53
workload: <3>
54
54
----
55
-
<1> Specify the backing directory where you want the provisioner to create PVs.
56
-
<2> Change this value to `true` if you want to use the name of the persistent volume claim (PVC)
57
-
that is bound to the created PV as the prefix of the directory name.
55
+
<1> Specify the backing directory where you want the provisioner to create PVs. This directory must not be located in the filesystem's root directory (`/`).
56
+
<2> Change this value to `true` if you want to use the name of the persistent volume claim (PVC) that is bound to the created PV as the prefix of the directory name.
58
57
<3> Optional: You can use the `spec.workload` field to configure node placement rules for the hostpath provisioner.
59
58
+
60
59
[NOTE]
61
60
====
62
-
If you did not create the backing directory, the provisioner attempts to create
63
-
it for you. If you did not apply the `container_file_t` SELinux context, this can cause
64
-
`Permission denied` errors.
61
+
If you did not create the backing directory, the provisioner attempts to create it for you. If you did not apply the `container_file_t` SELinux context, this can cause `Permission denied` errors.
65
62
====
66
63
67
64
. Create the custom resource in the `openshift-cnv` namespace:
0 commit comments