Cheers Luke, chcon -Rt svirt_sandbox_file_t /<logdir> did the trick.
Appreciate your's and Clayton's replies. Ronan. > On 6 Jul 2016, at 18:39, Luke Meyer <[email protected]> wrote: > > You may need to modify the file permissions and/or selinux context for the > volume so that the container user can write to it. Under the default SCC the > container user/group are randomized. Under the privileged SCC it will > probably be whatever user the Dockerfile indicates (and you can choose an > selinux context in the pod security context if needed). > > On Wed, Jul 6, 2016 at 3:49 AM, Ronan O Keeffe <[email protected] > <mailto:[email protected]>> wrote: > Hi Clayton, > > Much appreciated. I have run the following: > > oadm policy add-scc-to-user privileged -n staging -z default (It's a test box > and we're deploying our own images, I can edit the scc to hostaccess or > hostmount-anyuid later). > > I have then run > oc volume dc/<webapp> --add --name=logging --type=hostPath > --mount-path=/var/log/<webapp> > > The app deploys alright is is up and running sucesfully, but there is nothing > logging to the node. > > In case it matters I created the log storage by adding a 10Gb disk to the VM > the node lives on, created an xfs partition on it and mounted it in the > folder that the webapps should log to. > > Any pointers would be appreciated. > > Regards, > Ronan. > >> On 5 Jul 2016, at 01:44, Clayton Coleman <[email protected] >> <mailto:[email protected]>> wrote: >> >> In the future there is an ongoing design to have a specific "log volume" >> defined on a per pod basis that will be respected by the system. >> >> For now, the correct way is to use hostPath, but there's a catch - security. >> The reason why it failed to deploy is because users have to be granted the >> permission to access the host (for security reasons). You'll want to grant >> access to an SCC that allows host volumes to your service account (do "oc >> get scc" to see the full list, then "oadm policy add-scc-to-user NAME -z >> default" to grant access to that SCC to a named service account). >> >> On Mon, Jul 4, 2016 at 5:26 AM, Ronan O Keeffe <[email protected] >> <mailto:[email protected]>> wrote: >> Hi, >> >> Just wondering is it possible to have an app living in a container log back >> to the box the container lives on. >> >> Our test set up is as follows: >> >> All web apps identical >> webapp1 > node1 >> webapp2 > node2 >> webapp3 > node3 >> webapp4 > node4 >> >> Ideally we'd like logs from the webapp inside a container on node1 to log to >> a dedicated logging partition on the host OS of node1 and so on for the >> other nodes. >> Ultimately we'd like the logs to persist beyond the life of the container I >> suppose. >> >> We've tried oc edit dc/webapp and specifying a volume to log to >> oc volume dc/<webapp> --add --name=v1 --type=hostPath >> --path=/var/log/<webapp> >> >> And then specifying that the webapp log to the above partition. >> >> However the webapp fails to deploy. I'll need to dig in to why that is, but >> in the meantime is this vaguely the correct way to go about logging? >> >> Cheers, >> Ronan. >> >> >> P.S. I went to thank Scott Dodson and for help with a previous matter >> recently but for some reason the mail has not been received on the list. >> >> >> >> _______________________________________________ >> users mailing list >> [email protected] <mailto:[email protected]> >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> <http://lists.openshift.redhat.com/openshiftmm/listinfo/users> >> >> > > > _______________________________________________ > users mailing list > [email protected] <mailto:[email protected]> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > <http://lists.openshift.redhat.com/openshiftmm/listinfo/users> > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
