[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GlusterFS Autoprovisioning with Heketi - Permission Problem/Question



Hi,

I found a possible solution/workaround for the problem:
one can use init containers to perform operations before the "real" container is started...
https://docs.openshift.org/latest/architecture/core_concepts/pods_and_services.html#pods-services-init-containers

...
        initContainers:
                  command: ['sh', '-c', 'chmod 0777 /var/lib/mysql/data']
                  image: busybox
                  imagePullPolicy: IfNotPresent
                  name: init
                  resources: {}
                  terminationMessagePath: /dev/termination-log
                  terminationMessagePolicy: File
                  volumeMounts:
                    - mountPath: /var/lib/mysql/data
...


On 21.11.2017 11:44, Andreas Germeroth wrote:
Hello,

we are new to OpenShift and are "playing" with it in our lab.
We have setup Openshift Origin 3.6 with a dedicated 3 node Glusterfs storage (CentOS based) with distributed/replicated.

Due to the excellent documentation we have achieved to setup autoprovisioning according to this guide here: https://docs.openshift.org/latest/install_config/storage_examples/dedicated_gluster_dynamic_example.html

It works and the storage is automatically provisioned and can be used in our pods!

But for instance if we use the MariaDB (Persistent) Template we run into permission issues on the mounted glusterfs volume.
Even a privileged pod does not help.
The pod log:
mkdir: cannot create directory '/var/lib/mysql/data/mysql': Permission denied
Fatal error Can't create database directory '/var/lib/mysql/data/mysql'

When I debug it in a terminal the permission problems occur as well:
sh-4.2$ ps waux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
mysql        1  0.0  0.0   4316   352 ?        Ss   09:47   0:00 sleep 3600

sh-4.2$ ls -la /var/lib/mysql/data/
total 8
drwxr-xr-x. 4 root  root 4096 Nov 17 16:23 .
drwxrwxr-x. 3 mysql root   18 Oct 31 13:14 ..
drwxr-xr-x. 3 root  root 4096 Nov 17 16:23 .trashcan

sh-4.2$ touch test
touch: cannot touch 'test': Permission denied

The Pod runs as mysql user and has no access rights to write here.
When I set the permissions manually outside the pod on the mount it works, but that is not a good solution for autoprovisioning
... or run mariadb as root... not so good as well.

We have not found any possibility to set the permissions with heketi or somewhere in the yaml.
So what is would be the correct solution here?

Thanks for your help!




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]