Hi, Have you changed settings for using hostpath? Please reference following doc https://docs.openshift.org/latest/admin_guide/manage_scc.html#use-the-hostpath-volume-plugin ________________________________ From: [email protected] <[email protected]> on behalf of Marc Boorshtein <[email protected]> Sent: Wednesday, April 11, 2018 11:04 AM To: users Subject: CIFS access from pods
OpenShifters, I'm trying to access CIFS mounts from my OpenShift pods using Origin 3.7 on CentOS 7. Here's my setup: 1. FreeIPA deployed with domain trust to AD (ENT2K12.DOMAIN.COM<http://ENT2K12.DOMAIN.COM>) 2. Node is member of FreeIPA domain 3. On Node: a. Keytab generated b. CIFS share mounted as AD user using uid from IPA - mount -t cifs -o [email protected]<mailto:[email protected]>,sec=krb5,version=3.0,uid=160811903,gid=0 //adfs.ent2k12.domain.com/mmosley-share<http://adfs.ent2k12.domain.com/mmosley-share> /mount/local-storage/cifs/mmosley c. marked /mount/local-storage/cifs/mmosley as owned by [email protected]/root<http://[email protected]/root> 4. In OpenShift: a. Enabled hostPath b. Set runAsUser to runAsAny 5. in my pod added: securityContext: runAsUser: 160811903 And volumes: - name: ext hostPath: path: /mnt/local-storage/cifs/mmosley type: Directory Once my pod is running, i double check the id : sh-4.2$ id uid=160811903 gid=0(root) groups=0(root),1000110000 sh-4.2$ but when i try to access the mount I get permission denied: drwxrwxrwx. 2 160811903 root 0 Apr 10 13:58 ext rsh-4.2$ ls /ext/ ls: cannot open directory /ext/: Permission denied Here's something interesting, if I unmount the volume I'm able to read/write files and files have the correct ownership. There's nothing in the selinux audit log. Any help would be greatly appreciated. Thanks Marc
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
