Bug 1964305

Summary: [Doc] Workaround for Restic namespace supplemental groups bug
Product: Migration Toolkit for Containers Reporter: Avital Pinnick <apinnick>
Component: DocumentationAssignee: Avital Pinnick <apinnick>
Status: CLOSED NEXTRELEASE QA Contact: Xin jiang <xjiang>
Severity: unspecified Docs Contact: Avital Pinnick <apinnick>
Priority: unspecified    
Version: 1.4.0CC: bashirayesha24, ernelson, mnjg25, narendrawaits, xjiang, zohaanrizwan143
Target Milestone: ---   
Target Release: 1.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-25 15:00:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Avital Pinnick 2021-05-25 07:25:52 UTC 
Document the workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1873641:

Restic does not appear to respect the supplementalgroups of a namespace (https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/pod_security_context.html#supplemental-groups)

After changing permissions on NFS side, can run stage with copy successfully, but should not be required as supplementalgroup is set on the nfs and the stage pod is respecting it.

Fails with the following error:
backup=openshift-migration/<backup_id> controller=pod-volume-backup error="fork/exec /usr/bin/restic: permission denied" error.file="/go/src/github.com/vmware-tanzu/velero/pkg/controller/pod_volume_backup_controller.go:280" error.function="github.com/vmware-tanzu/velero/pkg/controller.(*podVolumeBackupController).processBackup" logSource="pkg/controller/pod_volume_backup_controller.go:280" name=<backup_id> namespace=openshift-migration

Solution

https://bugzilla.redhat.com/show_bug.cgi?id=1873641#c13

Dylan's PR: https://github.com/konveyor/mig-operator/pull/442
Comment 2 Xin jiang 2021-05-25 08:42:02 UTC 
LGTM
Comment 3 Avital Pinnick 2021-05-25 15:00:01 UTC 
Changes merged.
Comment 4 mark jhon 2022-01-15 11:57:14 UTC Comment hidden (spam)
Comment 5 mark jhon 2022-02-06 18:11:25 UTC Comment hidden (spam)
Comment 6 mjhytre 2022-06-28 07:03:25 UTC Comment hidden (spam)
Comment 7 mjhytre 2023-06-12 09:41:42 UTC Comment hidden (spam)
Comment 8 mjhytre 2023-06-12 11:35:11 UTC Comment hidden (spam)
Comment 9 mjhytre 2023-07-16 15:13:50 UTC Comment hidden (spam)