From d25d5bcb66e970ec2022616b27b81d732e818b21 Mon Sep 17 00:00:00 2001 From: Xavi Hernandez Date: Mon, 11 Mar 2024 10:02:35 +0000 Subject: [PATCH] Add support for 'gpfs.vfs' backend variant Now it's possible to use the 'vfs' variant of the GPFS backend. With it, the gpfs VFS module is automatically configured to be used by Samba. The GPFS VFS module dynamically loads libgpfs.so library, which requires access to some resources that are not granted by default by SElinux. The Storage Scale product solves this by running smbd process unconfined, so the same solution has been applied here. Signed-off-by: Xavi Hernandez --- .../ansible/roles/samba.setup/tasks/gpfs/main.yml | 11 +++++++++++ .../roles/sit.gpfs/templates/smb_share.conf.j2 | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/playbooks/ansible/roles/samba.setup/tasks/gpfs/main.yml b/playbooks/ansible/roles/samba.setup/tasks/gpfs/main.yml index ed97d539..13790017 100644 --- a/playbooks/ansible/roles/samba.setup/tasks/gpfs/main.yml +++ b/playbooks/ansible/roles/samba.setup/tasks/gpfs/main.yml @@ -1 +1,12 @@ --- +- name: Run smbd unconfined + when: config.be.variant == 'vfs' + block: + - name: Configure SElinux context for smbd + sefcontext: + target: /usr/sbin/smbd + setype: bin_t + state: present + + - name: Restore SElinux context + command: restorecon /usr/sbin/smbd diff --git a/playbooks/ansible/roles/sit.gpfs/templates/smb_share.conf.j2 b/playbooks/ansible/roles/sit.gpfs/templates/smb_share.conf.j2 index 2e38cdc9..830ed8fa 100644 --- a/playbooks/ansible/roles/sit.gpfs/templates/smb_share.conf.j2 +++ b/playbooks/ansible/roles/sit.gpfs/templates/smb_share.conf.j2 @@ -1,6 +1,6 @@ [{{ name }}-{{ config.be.name }}-{{ config.be.variant }}] comment = Volume '{{ name }}' from {{ config.be.name }}({{ config.be.variant }}) -vfs objects = acl_xattr +vfs objects = acl_xattr {%- if config.be.variant == 'vfs' %} gpfs{% endif +%} path = {{ path }} read only = no {%- for option, value in volume.samba.options.items() | default([]) +%}