On Thu, Aug 2, 2018 at 3:16 AM Traiano Welcome <[email protected]> wrote:
> Hi > > I was working through the O'Reilly book "OpenShift for developers" but the > example on page 75, where tomcat8 is run fails: > > - The container remains in crashloop backoff > - The logs show the container is having permission issues: > > ---- > Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load > WARNING: Unable to load server configuration from > [/usr/local/tomcat/conf/server.xml] > Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load > WARNING: Permissions incorrect, read permission is not allowed on the file. > Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina start > SEVERE: Cannot start server. Server instance is not configured. > ---- > > - This appears to be due to openshift/minishift not allowing containers to > run as root > - I try installing the anyuid addon and running this command: > - oc adm policy add-scc-to-user anyuid -z default -n tomcat8 > - However it fails with this error despite the anyuid addon being applied: > > ---- > Error from server (Forbidden): securitycontextconstraints "anyuid" is > forbidden: User "admin" cannot get securitycontextconstraints at the > cluster scope: User "admin" cannot get securitycontextconstraints at the > cluster scope > ---- > anyuid scc is to allow the container to run as root inside the container. >From the description you've provided it looks like you're trying to contact OpenShift API to get the list of SCC-s, in which case your container's ServiceAccount must allow doing so. I'd recommend having a look at the docs, which explain in greater details what SA are [1], and what SCC are [2]. [1] https://docs.openshift.org/latest/dev_guide/service_accounts.html [2] https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints Maciej > > > How do I fix this? > > Thanks in advance, > Traiano > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
