Bug 1298938
Summary: | Can't write to new cinder volumes | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Josep 'Pep' Turro Mauri <pep> |
Component: | Storage | Assignee: | Sami Wagiaalla <swagiaal> |
Status: | CLOSED NOTABUG | QA Contact: | Jianwei Hou <jhou> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.1.0 | CC: | aos-bugs, hklein, jkrieger, mmcgrath, mwysocki, pep, swagiaal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-01-29 15:10:36 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1267746 |
Description
Josep 'Pep' Turro Mauri
2016-01-15 13:07:44 UTC
Hi Josep, I have tracked this down with the help of Paul Weil The way the permissions problem is solved is through the use of fsGroup. However the automatic assignment of fsGroups to pods was turned off in 3.1. to work around the above issue you could try manually adding an fsGroup to your DC oc edit dc docker-registry change the pod level security context from: securityContext: {} to securityContext: fsGroup: 1234 wait for the dc's pods to redeploy and your cinder volume should not be owned by the group 1234 and writable by that group. This has been marked as NEEDINFO for a while. I am going to close it. Josep, if you find that the above is not working for you please open again. I am experiencing the same issue on OSE 3.1.1.6 using the cinder backend Hi Marcel, Does comment #2 help ? It does, but its just a bad user experience :( Marcel, To enable automatic fsGroup assignment: oc get -o json pod | grep scc # get scc name oc edit <scc name> #set fsGroup type to MustRunAs instead of RunAsAny This should be on by default in OSE 3.2 and later *** Bug 1331730 has been marked as a duplicate of this bug. *** |