Re: GlusterFS Autoprovisioning with Heketi - Permission Problem/Question

[Andreas Germeroth]

Hi,

I found a possible solution/workaround for the problem:
one can use init containers to perform operations before the "real" 
container is started...
https://docs.openshift.org/latest/architecture/core_concepts/pods_and_services.html#pods-services-init-containers
...
        initContainers:
                  command: ['sh', '-c', 'chmod 0777 /var/lib/mysql/data']
                  image: busybox
                  imagePullPolicy: IfNotPresent
                  name: init
                  resources: {}
                  terminationMessagePath: /dev/termination-log
                  terminationMessagePolicy: File
                  volumeMounts:
                    - mountPath: /var/lib/mysql/data
...


On 21.11.2017 11:44, Andreas Germeroth wrote:
Hello,

we are new to OpenShift and are "playing" with it in our lab.
We have setup Openshift Origin 3.6 with a dedicated 3 node Glusterfs 
storage (CentOS based) with distributed/replicated.

Due to the excellent documentation we have achieved to setup 
autoprovisioning according to this guide here:
https://docs.openshift.org/latest/install_config/storage_examples/dedicated_gluster_dynamic_example.html 


It works and the storage is automatically provisioned and can be used 
in our pods!

But for instance if we use the MariaDB (Persistent) Template we run 
into permission issues on the mounted glusterfs volume.
Even a privileged pod does not help.
The pod log:
mkdir: cannot create directory '/var/lib/mysql/data/mysql': Permission 
denied
Fatal error Can't create database directory '/var/lib/mysql/data/mysql'

When I debug it in a terminal the permission problems occur as well:
sh-4.2$ ps waux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
mysql        1  0.0  0.0   4316   352 ?        Ss   09:47   0:00 sleep 
3600

sh-4.2$ ls -la /var/lib/mysql/data/
total 8
drwxr-xr-x. 4 root  root 4096 Nov 17 16:23 .
drwxrwxr-x. 3 mysql root   18 Oct 31 13:14 ..
drwxr-xr-x. 3 root  root 4096 Nov 17 16:23 .trashcan

sh-4.2$ touch test
touch: cannot touch 'test': Permission denied

The Pod runs as mysql user and has no access rights to write here.
When I set the permissions manually outside the pod on the mount it 
works, but that is not a good solution for autoprovisioning
... or run mariadb as root... not so good as well.

We have not found any possibility to set the permissions with heketi 
or somewhere in the yaml.
So what is would be the correct solution here?

Thanks for your help!



_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users