Hi. Am 09.03.2018 um 19:53 schrieb Gebauer, Andrew: > > Hello— > > > > I am running into an issue launching NGINX Ingress on OpenShift Origin > 3.7. Wondering if others have seen the same problem. > > > > The pod is running in the default project and is launching using an OS > service account that has scc/privileged and cluster-admin access > (system:serviceaccount:default:nginx-ingress). > > > > The NGINX container (docker.io/nginxdemos/nginx-ingress:1.1.1) is > configured to pipe the access and error logs to stdout and stderr, > respectively. > > > > However, when the pod launches, it goes into CrashLoopBackOff because > NGINX can’t access the configured stdout/stderr locations: > > > > I0309 18:43:15.111265 645 main.go:65] Starting NGINX Ingress > controller Version=1.1.1 GitCommit=8fc772d > > nginx: [alert] could not open error log file: open() > "/var/log/nginx/error.log" failed (13: Permission denied) > > 2018/03/09 18:43:15 [emerg] 657#657: open() "/var/log/nginx/error.log" > failed (13: Permission denied) > > E0309 18:43:15.134386 645 main.go:158] nginx command exited with > an error: exit status 1 > > > > When I run the pod in debug mode, I can see that the reason for the > error is that a non-root user (1001) owns the /proc directory that > access.log and error.log are symlinked to: > > > > rwxrwxrwx. 1 root root 12 Jan 12 18:43 access.log -> /proc/1/fd/1 > > lrwxrwxrwx. 1 root root 12 Jan 12 18:43 error.log -> /proc/1/fd/2 > > > > root@nginx-ingress-rc-rr2xz-debug:/var/log/nginx# ls -l /proc/1/fd > > ls: cannot read symbolic link '/proc/1/fd/0': Permission denied > > ls: cannot read symbolic link '/proc/1/fd/1': Permission denied > > ls: cannot read symbolic link '/proc/1/fd/2': Permission denied > > total 0 > > lr-x------. 1 1001 root 64 Mar 9 18:32 0 > > l-wx------. 1 1001 root 64 Mar 9 18:32 1 > > l-wx------. 1 1001 root 64 Mar 9 18:32 2 > > > > Where does the 1001 user come from? >
Well it could be this line. https://github.com/openshift/origin/blob/master/images/router/nginx/Dockerfile#L26 But this does not fit to that image docker.io/nginxdemos/nginx-ingress:1.1.1 which is based on https://github.com/nginxinc/kubernetes-ingress/blob/v1.1.1/nginx-controller/Dockerfile How do you have setup ed the ingress controller? What the output of oc rsh <POD> cat /var/lib/nginx/conf/nginx.config > > > Thanks for any help, > > Andrew > Best regards Aleks _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
