[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

CephFS => ls: cannot open directory /cephfs/: Permission denied



Hi,

I have one CephFS cluster.

This my PV: 

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-ceph-prod-rbx-fs1
  labels:
    storage-type: ceph-fs
    ceph-cluster: ceph-prod-rbx
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 100Mi
  cephfs: 
    monitors: 
      - 137.74.203.82:6789
      - 172.29.20.31:6789
      - 172.29.20.32:6789
    pool: rbd
    user: admin
    path: /data1/
    secretRef:
      name: ceph-secret 
    readOnly: false
  persistentVolumeReclaimPolicy: Retain


After container started, CephFS volume is mounted with success on OpenShift node.

In OpenShift node host:

# mount | grep "ceph"
137.74.203.82:6789,172.29.20.31:6789,172.29.20.32:6789:/data1/ on /var/lib/origin/openshift.local.volumes/pods/0f4bb6ef-568b-11e7-aef3-005056b1755a/volumes/kubernetes.io~cephfs/pv-ceph-prod-rbx-fs1 type ceph (rw,relatime,name=admin,secret=<hidden>,acl)

# ls /var/lib/origin/openshift.local.volumes/pods/0f4bb6ef-568b-11e7-aef3-005056b1755a/volumes/kubernetes.io~cephfs/pv-ceph-prod-rbx-fs1 -lha
total 0
drwxrwxrwx  1 root root  1 Jun 21 09:58 .
drwxr-x---. 3 root root 33 Jun 21 10:08 ..
drwxr-xr-x  1 root root  0 Jun 21 09:58 foo

Here, I can write in CephFS volume.

In container, I have this error:

$ oc rsh test-cephfs-3-v5ggn bash
root test-cephfs-3-v5ggn:/# ls /cephfs/ -lha
ls: cannot open directory /cephfs/: Permission denied

This is docker mount information:

        "Mounts": [
            {
                "Source": "/var/lib/origin/openshift.local.volumes/pods/0f4bb6ef-568b-11e7-aef3-005056b1755a/volumes/kubernetes.io~cephfs/pv-ceph-prod-rbx-fs1",
                "Destination": "/cephfs",
                "Mode": "",
                "RW": true,
                "Propagation": "rprivate"
            }

I have created this SCC:

apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
  kind: SecurityContextConstraints
  metadata:
    name: test-cephfs
  priority: 1
  requiredDropCapabilities: null
  readOnlyRootFilesystem: false
  runAsUser:
    type: RunAsAny
  seLinuxContext:
    type: MustRunAs
  supplementalGroups:
    type: RunAsAny
  fsGroup:
    type: MustRunAs
  users:
  - system:serviceaccount:test-cephfs:default
  volumes:
  - cephFS
  - configMap
  - emptyDir
  - nfs
  - persistentVolumeClaim
  - rbd
  - secret
  allowHostDirVolumePlugin: false
  allowHostIPC: false
  allowHostNetwork: false
  allowHostPID: false
  allowHostPorts: false
  allowPrivilegedContainer: false
  allowedCapabilities: null


I don't see where is my permission error.

Best regards,
Stéphane
--

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]