Test network fix for Linux hosts with SELinux enabled, e.g. Fedora, RHEL or others. #5045
Conversation
twoGiants
force-pushed
the
selinux-test-network-fix
branch
from
3024db1
to
6e988af
Compare
docs/source/prereqs.md
Outdated
| @@ -115,6 +115,57 @@ Optional: Install the latest version of [Go](https://golang.org/doc/install) (on | |||
|
|
|||
| Optional: Install the latest version of [jq](https://stedolan.github.io/jq/download/) (only required for the tutorials related to channel configuration transactions). | |||
|
|
|||
| ### Distros with SELinux enabled | |||
There was a problem hiding this comment.
Thank you for this enhancement. I'd like to have this content in a test-network specific doc topic, or in fabric-samples repository itself. But I'd rather not clutter the main project prereq topic with information for a specific sample. Perhaps the prereq topic could link to the ultimate destination so at least people know about the potential issue at install time, while not being a distraction to users not on SELinux.
There was a problem hiding this comment.
Happy to help!
You're right. I have two proposals then:
- How about here right above Troubleshooting in the main documentation about the test network? With a mention of this case in Before you begin up top here.
- Or here in the fabric-samples repo test network
README.mdbelow Podman. And then a reference to this entry in Before you begin here as in proposal 1.
There was a problem hiding this comment.
I like your proposal 1. Add the content to the test network troubleshooting section and mention/link to it closer to the top. Thanks!
There was a problem hiding this comment.
Added changes as discussed.
|
To answer the questions in the Description:
|
Not to complex but not worth the effort at this point. No issues open and no complains so far. The documentation will tell how to resolve it. I think that should suffice for now. |
|
Note - you also need to add your email signoff at the bottom of the commit message to pass the DCO check. More details at https://github.com/hyperledger/fabric/pull/5045/checks?check_run_id=32014394611. |
twoGiants
force-pushed
the
selinux-test-network-fix
branch
from
6e988af
to
81c2da2
Compare
The documentation update adds a description on how to resolve two issues when running the test-network on a host with SELinux enabled: 1. Peer and orderer crashing after start using Docker or Podman. 2. Chaincode container can not be build when using Docker. The reason for the first issue are permission errors. This can be seen in the container logs. To resolve the errors the volume sections of the compose files needs to be modified. The reason for the second issue is that the peer container can not access the Docker socket. To resolve it only the Docker compose file needs to be modified. The errors in the container logs and during chaincode deployment were added to the test_network.md 'Troubleshooting' section as an aid if someone searches the documentation for those errors. The necessary changes are documented in a new section called 'SELinux' under the 'Tutorials/Using the Fabric test network' docs. Signed-off-by: Stanislav Jakuschevskij <stas@two-giants.com>
twoGiants
force-pushed
the
selinux-test-network-fix
branch
from
81c2da2
to
b0611e3
Compare
Type of change
Description
Currently the test network can only be used on Linux machines with SElinux disabled. When SELinux is enabled on the host two issues appear:
The reason for the first issue are permission errors with Docker/Podman volumes. This can be seen in the container logs:
To resolve the errors the volume sections of the compose files needs to be modified.
The reason for the second issue is that the peer container can not access the Docker socket. When deploying a new chaincode in a test network running on Docker the following error happens:
To resolve this error the Docker compose file needs to be modified. The volume section needs to be updated and the security option disabled for this container.
The errors in the container logs and during chaincode deployment were added to the test_network.md 'Troubleshooting' section as an aid if someone searches the documentation for those errors.
The necessary changes are documented in a new section called 'SELinux' under the 'Tutorials/Using the Fabric test network' docs.
Additional details
The documented changes were discovered and fixed in a test network running on a Fedora 40 machine.
I deployed a version of the documentation with my changes for the reviewer here. Scroll down for the entry in the test network troubleshooting section, its the last two entries.
Two questions to the reviewer (Update 24.10):