Bug 1401076

Summary: File permission error on start up in OpenShift
Product: [JBoss] Middleware Manager Reporter: Viet Nguyen <vnguyen>
Component: middleware-manager-dockerAssignee: Nobody <nobody>
Status: VERIFIED --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0.0CC: gblomqui, jhardy, mmahoney
Target Milestone: DR1Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
console error log
none
openshift template file
none
dir permissions
none
verified1
none
verified2 none

Description Viet Nguyen 2016-12-02 17:47:43 UTC 
Description of problem:

- HS startup script fails due to file permission errors in OpenShift. 

- '/opt/hawkular' probably does not allow access to arbitrary user per https://docs.openshift.org/latest/creating_images/guidelines.html

Version-Release number of selected component (if applicable):

- Hawkular-Services ER1
- OpenShift v3.2

How reproducible:
100%

Steps to Reproduce:
1.  Download attached template .yaml
2.  # oc create -f er-hs-template.yaml
3.  # oc new-app -t hawkular-rh

Actual results:
- HS pod fails to start

Expected results:
- HS pod starts normally
Comment 2 Viet Nguyen 2016-12-02 17:48:49 UTC 
Created attachment 1227438 [details]
console error log
Comment 3 Viet Nguyen 2016-12-02 17:52:47 UTC 
Created attachment 1227439 [details]
openshift template file
Comment 4 Dave Johnson 2016-12-06 16:52:03 UTC 
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.
Comment 5 Viet Nguyen 2016-12-07 19:10:22 UTC 
Severity=Medium.  While OpenShift v3 is out of scope for this release I think the OSE support should be the priority in future releases.
Comment 6 Viet Nguyen 2016-12-12 17:54:51 UTC 
Created attachment 1230874 [details]
dir permissions

The pod was run as default/authenticated user SCC.
As you we can see here the directory lacks "w" permission for group root
Comment 8 Paul Gier 2017-01-10 14:14:31 UTC 
Does this issue also occur using the upstream image?
Comment 9 Viet Nguyen 2017-01-10 16:55:13 UTC 
The upstream image built by QE works fine.  

Repo: https://github.com/Hawkular-QE/hawkular-services-docker
Comment 10 Paul Gier 2017-01-11 17:43:27 UTC 
I mean the upstream hawkular services image available here: https://hub.docker.com/r/hawkular/hawkular-services/

For the prod image I'll update the permissions to give write access to the group and make the root group the owner, similar to the QE image and the recommendation in the openshift docs.
Comment 11 Paul Gier 2017-01-25 14:12:51 UTC 
I built a new image which hopefully has the correct permissions.  If you pull the latest middleware-manager image you should be able to test.
Comment 12 Viet Nguyen 2017-02-15 00:59:08 UTC 
I'm able to launch in OSE3.4.
Comment 13 Viet Nguyen 2017-02-15 01:01:17 UTC 
Created attachment 1250421 [details]
verified1
Comment 14 Viet Nguyen 2017-02-15 01:02:22 UTC 
Created attachment 1250422 [details]
verified2