Hi.

Am 09.03.2018 um 19:53 schrieb Gebauer, Andrew:
>
> Hello—
>
>  
>
> I am running into an issue launching NGINX Ingress on OpenShift Origin
> 3.7. Wondering if others have seen the same problem.
>
>  
>
> The pod is running in the default project and is launching using an OS
> service account that has scc/privileged and cluster-admin access
> (system:serviceaccount:default:nginx-ingress).
>
>  
>
> The NGINX container (docker.io/nginxdemos/nginx-ingress:1.1.1) is
> configured to pipe the access and error logs to stdout and stderr,
> respectively.
>
>  
>
> However, when the pod launches, it goes into CrashLoopBackOff because
> NGINX can’t access the configured stdout/stderr locations:
>
>  
>
> I0309 18:43:15.111265     645 main.go:65] Starting NGINX Ingress
> controller Version=1.1.1 GitCommit=8fc772d
>
> nginx: [alert] could not open error log file: open()
> "/var/log/nginx/error.log" failed (13: Permission denied)
>
> 2018/03/09 18:43:15 [emerg] 657#657: open() "/var/log/nginx/error.log"
> failed (13: Permission denied)
>
> E0309 18:43:15.134386     645 main.go:158] nginx command exited with
> an error: exit status 1
>
>  
>
> When I run the pod in debug mode, I can see that the reason for the
> error is that a non-root user (1001) owns the /proc directory that
> access.log and error.log are symlinked to:
>
>  
>
> rwxrwxrwx. 1 root root 12 Jan 12 18:43 access.log -> /proc/1/fd/1
>
> lrwxrwxrwx. 1 root root 12 Jan 12 18:43 error.log -> /proc/1/fd/2
>
>  
>
> root@nginx-ingress-rc-rr2xz-debug:/var/log/nginx# ls -l /proc/1/fd
>
> ls: cannot read symbolic link '/proc/1/fd/0': Permission denied
>
> ls: cannot read symbolic link '/proc/1/fd/1': Permission denied
>
> ls: cannot read symbolic link '/proc/1/fd/2': Permission denied
>
> total 0
>
> lr-x------. 1 1001 root 64 Mar  9 18:32 0
>
> l-wx------. 1 1001 root 64 Mar  9 18:32 1
>
> l-wx------. 1 1001 root 64 Mar  9 18:32 2
>
>  
>
> Where does the 1001 user come from?
>

Well it could be this line.
https://github.com/openshift/origin/blob/master/images/router/nginx/Dockerfile#L26

But this does not fit to that image
docker.io/nginxdemos/nginx-ingress:1.1.1

which is based on
https://github.com/nginxinc/kubernetes-ingress/blob/v1.1.1/nginx-controller/Dockerfile

How do you have setup ed the ingress controller?
What the output of

oc rsh <POD> cat /var/lib/nginx/conf/nginx.config

>  
>
> Thanks for any help,
>
> Andrew
>
Best regards
Aleks


_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to