You may need to modify the file permissions and/or selinux context for the volume so that the container user can write to it. Under the default SCC the container user/group are randomized. Under the privileged SCC it will probably be whatever user the Dockerfile indicates (and you can choose an selinux context in the pod security context if needed).
On Wed, Jul 6, 2016 at 3:49 AM, Ronan O Keeffe <[email protected]> wrote: > Hi Clayton, > > Much appreciated. I have run the following: > > oadm policy add-scc-to-user privileged -n staging -z default (It's a test > box and we're deploying our own images, I can edit the scc to hostaccess or > hostmount-anyuid later). > > I have then run > oc volume dc/<webapp> --add --name=logging --type=hostPath > --mount-path=/var/log/<webapp> > > The app deploys alright is is up and running sucesfully, but there is > nothing logging to the node. > > In case it matters I created the log storage by adding a 10Gb disk to the > VM the node lives on, created an xfs partition on it and mounted it in the > folder that the webapps should log to. > > Any pointers would be appreciated. > > Regards, > Ronan. > > On 5 Jul 2016, at 01:44, Clayton Coleman <[email protected]> wrote: > > In the future there is an ongoing design to have a specific "log volume" > defined on a per pod basis that will be respected by the system. > > For now, the correct way is to use hostPath, but there's a catch - > security. The reason why it failed to deploy is because users have to be > granted the permission to access the host (for security reasons). You'll > want to grant access to an SCC that allows host volumes to your service > account (do "oc get scc" to see the full list, then "oadm policy > add-scc-to-user NAME -z default" to grant access to that SCC to a named > service account). > > On Mon, Jul 4, 2016 at 5:26 AM, Ronan O Keeffe <[email protected]> > wrote: > >> Hi, >> >> Just wondering is it possible to have an app living in a container log >> back to the box the container lives on. >> >> Our test set up is as follows: >> >> All web apps identical >> webapp1 > node1 >> webapp2 > node2 >> webapp3 > node3 >> webapp4 > node4 >> >> Ideally we'd like logs from the webapp inside a container on node1 to log >> to a dedicated logging partition on the host OS of node1 and so on for the >> other nodes. >> Ultimately we'd like the logs to persist beyond the life of the container >> I suppose. >> >> We've tried oc edit dc/webapp and specifying a volume to log to >> oc volume dc/<webapp> --add --name=v1 --type=hostPath >> --path=/var/log/<webapp> >> >> And then specifying that the webapp log to the above partition. >> >> However the webapp fails to deploy. I'll need to dig in to why that is, >> but in the meantime is this vaguely the correct way to go about logging? >> >> Cheers, >> Ronan. >> >> >> P.S. I went to thank Scott Dodson and for help with a previous matter >> recently but for some reason the mail has not been received on the list. >> >> >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
