SELinux Support
HPE Ezmeral Data Fabric supports SELinux for cluster administrators who observe specific installation and administrative procedures.
Before using the HPE Ezmeral Data Fabric with SELinux, note the
following considerations and best practices:
- Installation: Hewlett Packard Enterprise recommends disabling SELinux before installing Data Fabric software. If you install the cluster by using the Installer, the Installer disables SELinux automatically. If you require the extra security provided by SELinux, you can enable SELinux and place it in enforcing mode after installation. Also, rules can be defined by observing regular operations while the cluster is running.
- Known Issues: For a list of known issues that you should be aware of when using SELinux with the HPE Ezmeral Data Fabric, see Known issues: Running HPE Ezmeral Data Fabric on nodes with SELinux in enforcing mode.
- Warnings in the Audit Log: While using the HPE Ezmeral Data Fabric, if you see
warnings in the SELinux audit log (
/var/log/audit/
) related to Data Fabric services, the cluster admin can fix them by usingchcon
or similar tools. - Cluster-Admin Use of systemctl: The Data Fabric
cluster admin (typically the
mapr
user) must be allowed to usesystemctl
. Without access tosystemctl
, Warden can fail to start cluster services. - System Administration: SELinux introduces significant complexity and should be managed by an experienced system administrator. Managing SELinux is outside the scope of Data Fabric cluster-administration activities.
- Utilities and Services That Must Not Be Blocked The following inexhaustive list
of utilities and services must remain unblocked at all times for the HPE Ezmeral Data Fabric to run successfully in an SELinux environment:
bash
dmidecode
glibc
hdparm
initscripts
iputils
irqbalance
libgcc
libstdc++
lsof
net-tools
nfs-utils
nss
perl
python
redhat-lsb-core
rpcbind
shadow-utils
syslinux
userspace-rcu