Project

Profile

Help

Issue #508

closed

Pulp selinux unecessarily specifies semanage port statements

Added by bmbouter about 9 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Master
Platform Release:
2.6.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

The largest part of a pulp installation time is the installation of the pulp-selinux package. Of that package, each call to semanage adds significant time. These can be batched into one transaction which should allow all the calls to occur in constant time. Not all calls can be part of the same transaction, but these [0] area a good candidate for consolidation.

[0]: https://github.com/pulp/pulp/blob/228acff740c32acc6f9b0d9bfb722e162bd638aa/server/selinux/server/enable.sh#L30

+ This bug was cloned from Bugzilla Bug #1136919 +

Actions #1

Updated by bmbouter about 9 years ago

There are three areas where SELinux install/uninstall takes a long time. This BZ only tracks one of those defects.

- The amqp_port_t port checking and asserting [0]. This bug resolves this one.
- The installation of two SELinux modules instead of one takes twice as long [1]. This should be resolved by [2] BZ 1148998.
- The constant re-running of file system labeling with each pulp release. This will be resolved with [3].

[0]: https://github.com/pulp/pulp/blob/553edf38c1e1cd5a3e99bfdcae810c3e9ef39137/server/selinux/server/enable.sh#L37
[1]: https://github.com/pulp/pulp/blob/553edf38c1e1cd5a3e99bfdcae810c3e9ef39137/server/selinux/server/enable.sh#L18
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1148998
[3]: https://bugzilla.redhat.com/show_bug.cgi?id=1145720

+ This comment was cloned from Bugzilla #1136919 comment 1 +

Actions #2

Updated by bmbouter about 9 years ago

PR available here: https://github.com/pulp/pulp/pull/1247

Lots of details about why the statements being removed are safe in the PR.

+ This comment was cloned from Bugzilla #1136919 comment 2 +

Actions #3

Updated by bmbouter about 9 years ago

Merged to 2.5-dev -> master

+ This comment was cloned from Bugzilla #1136919 comment 3 +

Actions #4

Updated by cduryee about 9 years ago

fixed in pulp 2.6.0-0.2.beta

+ This comment was cloned from Bugzilla #1136919 comment 4 +

Actions #5

Updated by pthomas@redhat.com about 9 years ago

verified
pulp-selinux installs does not take too long anymore. Tested the install on el6 & el7

+ This comment was cloned from Bugzilla #1136919 comment 5 +

Actions #6

Updated by bmbouter about 9 years ago

  • Severity changed from Low to 1. Low
Actions #7

Updated by bmbouter almost 9 years ago

  • Subject changed from Pulp selinux installation takes too long unecessarily to Pulp selinux unecessarily specifies semanage port statements
Actions #8

Updated by rbarlow almost 9 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE
Actions #10

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF