Hello— I am running into an issue launching NGINX Ingress on OpenShift Origin 3.7. Wondering if others have seen the same problem.
The pod is running in the default project and is launching using an OS service account that has scc/privileged and cluster-admin access (system:serviceaccount:default:nginx-ingress). The NGINX container (docker.io/nginxdemos/nginx-ingress:1.1.1) is configured to pipe the access and error logs to stdout and stderr, respectively. However, when the pod launches, it goes into CrashLoopBackOff because NGINX can’t access the configured stdout/stderr locations: I0309 18:43:15.111265 645 main.go:65] Starting NGINX Ingress controller Version=1.1.1 GitCommit=8fc772d nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied) 2018/03/09 18:43:15 [emerg] 657#657: open() "/var/log/nginx/error.log" failed (13: Permission denied) E0309 18:43:15.134386 645 main.go:158] nginx command exited with an error: exit status 1 When I run the pod in debug mode, I can see that the reason for the error is that a non-root user (1001) owns the /proc directory that access.log and error.log are symlinked to: rwxrwxrwx. 1 root root 12 Jan 12 18:43 access.log -> /proc/1/fd/1 lrwxrwxrwx. 1 root root 12 Jan 12 18:43 error.log -> /proc/1/fd/2 root@nginx-ingress-rc-rr2xz-debug:/var/log/nginx# ls -l /proc/1/fd ls: cannot read symbolic link '/proc/1/fd/0': Permission denied ls: cannot read symbolic link '/proc/1/fd/1': Permission denied ls: cannot read symbolic link '/proc/1/fd/2': Permission denied total 0 lr-x------. 1 1001 root 64 Mar 9 18:32 0 l-wx------. 1 1001 root 64 Mar 9 18:32 1 l-wx------. 1 1001 root 64 Mar 9 18:32 2 Where does the 1001 user come from? Thanks for any help, Andrew
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
