Yes, if it weren't changed the pod wouldn't be accepted and run the pod. On Tue, Apr 10, 2018, 11:22 PM Yu Wei <[email protected]> wrote:
> Hi, > Have you changed settings for using hostpath? > Please reference following doc > > https://docs.openshift.org/latest/admin_guide/manage_scc.html#use-the-hostpath-volume-plugin > ------------------------------ > *From:* [email protected] < > [email protected]> on behalf of Marc Boorshtein < > [email protected]> > *Sent:* Wednesday, April 11, 2018 11:04 AM > *To:* users > *Subject:* CIFS access from pods > > OpenShifters, > > I'm trying to access CIFS mounts from my OpenShift pods using Origin 3.7 > on CentOS 7. Here's my setup: > > 1. FreeIPA deployed with domain trust to AD (ENT2K12.DOMAIN.COM) > 2. Node is member of FreeIPA domain > 3. On Node: > a. Keytab generated > b. CIFS share mounted as AD user using uid from IPA - mount -t cifs -o > [email protected],sec=krb5,version=3.0,uid=160811903,gid=0 > //adfs.ent2k12.domain.com/mmosley-share /mount/local-storage/cifs/mmosley > c. marked /mount/local-storage/cifs/mmosley as owned by > [email protected]/root > > 4. In OpenShift: > a. Enabled hostPath > b. Set runAsUser to runAsAny > > 5. in my pod added: > > securityContext: > runAsUser: 160811903 > > And > volumes: > - name: ext > hostPath: > path: /mnt/local-storage/cifs/mmosley > type: Directory > > Once my pod is running, i double check the id : > > sh-4.2$ id > uid=160811903 gid=0(root) groups=0(root),1000110000 > sh-4.2$ > > but when i try to access the mount I get permission denied: > drwxrwxrwx. 2 160811903 root 0 Apr 10 13:58 ext > > rsh-4.2$ ls /ext/ > ls: cannot open directory /ext/: Permission denied > > Here's something interesting, if I unmount the volume I'm able to > read/write files and files have the correct ownership. > > There's nothing in the selinux audit log. > > Any help would be greatly appreciated. > > Thanks > Marc > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
