Can we specify the UID of a persistent volume ?

[cmou...@redhat.com]

Hi,

I have mounted a persistent volume ("hostPath") to my mongodb pod. Unfortunately, when mongodb starts it can't access the directory /var/lib/mongodb/data

2016-10-21T06:52:33.904-0400 I CONTROL  [initandlisten] options: { config: "/etc/mongod.conf", net: { http: { enabled: false }, port: 27017 }, replication: { oplogSizeMB: 64 }, storage: { dbPath: "/var/lib/mongodb/data", mmapv1: { preallocDataFiles: false, smallFiles: true } }, systemLog: { quiet: true } }

2016-10-21T06:52:33.907-0400 I STORAGE  [initandlisten] exception in initAndListen: 98 Unable to create/open lock file: /var/lib/mongodb/data/mongod.lock errno:13 Permission denied Is a mongod instance already running?, terminating

The permissions of the volume mounted is defined for root

sh-4.2$ ls -la /var/lib/mongodb

total 16

drwxrwxr-x  3 mongodb root    4096 Oct 21 06:48 .

drwxr-xr-x 20 root    root    4096 Oct 21 06:48 ..

-rw-r--r--  1 mongodb mongodb   12 Oct 21 06:48 .address

drwxr-xr-x  2 root    root    4096 Oct 21 06:21 data

but mongodb starts with uid mongodb

sh-4.2$ ps -ef

UID        PID  PPID  C STIME TTY          TIME CMD

mongodb      1     0  0 06:48 ?        00:00:00 /bin/bash /usr/bin/run-mongod

mongodb    158     0  0 06:48 ?        00:00:00 /bin/sh

mongodb    420     1  0 06:49 ?        00:00:00 /bin/bash /usr/bin/run-mongod

mongodb    421   420  0 06:49 ?        00:00:00 mongo admin --host localhost --port 27017 --eval quit()

FYI, anyuid has been defined to use hostPath

oc get scc

NAME               PRIV      CAPS      SELINUX     RUNASUSER          FSGROUP     SUPGROUP    PRIORITY   READONLYROOTFS   VOLUMES

anyuid             false     []        MustRunAs   RunAsAny           RunAsAny    RunAsAny    10         false            [awsElasticBlockStore azureFile cephFS cinder configMap downwardAPI emptyDir fc flexVolume flocker gcePersistentDisk gitRepo glusterfs hostPath iscsi nfs persistentVolumeClaim rbd secret vsphere]

and pod is started wi the user uid

oc get pod/mongodb-4-hkzmr -o yaml

apiVersion: v1

kind: Pod

metadata:

  annotations:

    kubernetes.io/created-by: |

      {"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"coolstore","name":"mongodb-4","uid":"7089d926-9780-11e6-b0e7-36271dd7e9fe","apiVersion":"v1","resourceVersion":"8412"}}

    openshift.io/deployment-config.latest-version: "4"

    openshift.io/deployment-config.name: mongodb

    openshift.io/deployment.name: mongodb-4

    openshift.io/scc: anyuid

How can I configure Openshift (if this is possible) to use the uid of mongodb to mount the volume & start the pod ?

Charles

[ilter P]

Hi,

I tried the mongodb in Kubernetes and it works like that

1- Create PV or StorageClass

2- Create PVC and associate to your PV

3- Create your ReplicaController and associate to your PVC

I followed this documentation : https://github.com/kubernetes/kubernetes/tree/master/examples/nodesjs-mongodb

I am not sure about OC but it should be similar

Regards

[cmou...@redhat.com]

Security is managed in a different way when we use OpenShift and not Kubernetes