Update readme for apparmor
Change-Id: I4afe123e8543441a9fee805dea1426ddd19a9416
This commit is contained in:
parent
6ad15f94ed
commit
2036e2ea39
15
README.md
15
README.md
|
@ -64,6 +64,21 @@ Please refer to the [Ceph Network Reference](http://docs.ceph.com/docs/master/ra
|
|||
|
||||
**NOTE**: Existing deployments using ceph-*-network configuration options will continue to function; these options are preferred over any network space binding provided if set.
|
||||
|
||||
AppArmor Profiles
|
||||
=================
|
||||
|
||||
AppArmor is not enforced for Ceph by default. An AppArmor profile can be generated by the charm. However, great care must be taken.
|
||||
|
||||
Changing the value of the ```aa-profile-mode``` option is disruptive to a running Ceph cluster as all ceph-osd processes must be restarted as part of changing the AppArmor profile enforcement mode.
|
||||
|
||||
The generated AppArmor profile currently has a narrow supported use case, and it should always be verified in pre-production against the specific configurations and topologies intended for production.
|
||||
|
||||
The AppArmor profile(s) which are generated by the charm should NOT yet be used in the following scenarios:
|
||||
- When there are separate journal devices.
|
||||
- On any version of Ceph prior to Luminous.
|
||||
- On any version of Ubuntu other than 16.04.
|
||||
- With Bluestore enabled.
|
||||
|
||||
|
||||
Contact Information
|
||||
===================
|
||||
|
|
|
@ -299,4 +299,5 @@ options:
|
|||
.
|
||||
NOTE: changing the value of this option is disruptive to a running Ceph
|
||||
cluster as all ceph-osd processes must be restarted as part of changing
|
||||
the apparmor profile enforcement mode.
|
||||
the apparmor profile enforcement mode. Always test in pre-production
|
||||
before enabling AppArmor on a live cluster.
|
||||
|
|
Loading…
Reference in New Issue