Epic Goal

• From the docs: "Shared Memory Communications (SMC) enables two SMC capable peers to communicate by using memory buffers that each peer allocates for the partner's use."
• With this effort, we want to enable transparent SMC for users of RHOCP on IBM Z.
• This is a feature that is implemented in the Linux kernel without problems. Transparent means that SMC can be used without changing pods.
  • Current solution is for the customer to use MachineConfig to change SELinux rules on the system and then to rebuild containers to use SMC.
  • Proposed solution would require these steps.
• Review if any SELinux policy changes should be included by default in the main SELinux policy.
• Kernel fixes for transparent usage of SMC are expected to land in time to be available in 4.22. We need to ensure that they are correctly usable inside OCP, potentially work on additional simplification for the usage of SMC (i.e., attach devices, manage security/connections, etc.) and work on docs.

Why is this important?

• Customer demands for SMC, ensure secure and straightforward way to set up SMC connections; remove demand for workarounds, priviledged pods, SELinux rule adjustments.
• Specific customer demands to go forward with using RHOCP on Z.

Scenarios
1. Customer wants to set up a direct connection from pods to a database using SMC, improving the performance of the communication.

Acceptance Criteria

• Customer can follow procedure in the docs to set up pods that use SMC.
• Security of the new enablement has been reviewed.

Dependencies (internal and external)
1. Depends on OCP 4.22 picking up the Kernel changes landing in RHEL 9.7
2. Docs need to describe procedure to set up transparent SMC
3. Potential SELinux main policy impact.

Previous Work (Optional):
1. …

Open questions::
1. …

Done Checklist

• CI - For new features (non-enablement), existing Multi-Arch CI jobs are not broken by the Epic
• Release Enablement: <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR orf GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - If the Epic is adding a new stream, downstream build attached to advisory: <link to errata>
• QE - Test plans in Test Plan tracking software (e.g. Polarion, RQM, etc.): <link or reference to the Test Plan>
• QE - Automated tests merged: <link or reference to automated tests>
• QE - QE to verify documentation when testing
• DOC - Downstream documentation merged: <link to meaningful PR>
• All the stories, tasks, sub-tasks and bugs that belong to this epic need to have been completed and indicated by a status of 'Done'.