1401076 – File permission error on start up in OpenShift

Bug 1401076 - File permission error on start up in OpenShift

Summary: File permission error on start up in OpenShift

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Middleware Manager
Classification:	JBoss
Component:	middleware-manager-docker
Sub Component:
Version:	7.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	DR1
Target Release:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-02 17:47 UTC by Viet Nguyen
Modified:	2022-06-30 23:03 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments	(Terms of Use)
console error log (5.52 KB, text/plain) 2016-12-02 17:48 UTC, Viet Nguyen	no flags	Details
openshift template file (4.35 KB, text/plain) 2016-12-02 17:52 UTC, Viet Nguyen	no flags	Details
dir permissions (55.57 KB, image/png) 2016-12-12 17:54 UTC, Viet Nguyen	no flags	Details
verified1 (47.95 KB, image/png) 2017-02-15 01:01 UTC, Viet Nguyen	no flags	Details
verified2 (155.96 KB, image/png) 2017-02-15 01:02 UTC, Viet Nguyen	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Viet Nguyen 2016-12-02 17:47:43 UTC

Description of problem:

- HS startup script fails due to file permission errors in OpenShift. 

- '/opt/hawkular' probably does not allow access to arbitrary user per https://docs.openshift.org/latest/creating_images/guidelines.html

Version-Release number of selected component (if applicable):

- Hawkular-Services ER1
- OpenShift v3.2

How reproducible:
100%

Steps to Reproduce:
1.  Download attached template .yaml
2.  # oc create -f er-hs-template.yaml
3.  # oc new-app -t hawkular-rh

Actual results:
- HS pod fails to start

Expected results:
- HS pod starts normally

Comment 2 Viet Nguyen 2016-12-02 17:48:49 UTC

Created attachment 1227438 [details]
console error log

Comment 3 Viet Nguyen 2016-12-02 17:52:47 UTC

Created attachment 1227439 [details]
openshift template file

Comment 4 Dave Johnson 2016-12-06 16:52:03 UTC

Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

Comment 5 Viet Nguyen 2016-12-07 19:10:22 UTC

Severity=Medium.  While OpenShift v3 is out of scope for this release I think the OSE support should be the priority in future releases.

Comment 6 Viet Nguyen 2016-12-12 17:54:51 UTC

Created attachment 1230874 [details]
dir permissions

The pod was run as default/authenticated user SCC.
As you we can see here the directory lacks "w" permission for group root

Comment 8 Paul Gier 2017-01-10 14:14:31 UTC

Does this issue also occur using the upstream image?

Comment 9 Viet Nguyen 2017-01-10 16:55:13 UTC

The upstream image built by QE works fine.  

Repo: https://github.com/Hawkular-QE/hawkular-services-docker

Comment 10 Paul Gier 2017-01-11 17:43:27 UTC

I mean the upstream hawkular services image available here: https://hub.docker.com/r/hawkular/hawkular-services/

For the prod image I'll update the permissions to give write access to the group and make the root group the owner, similar to the QE image and the recommendation in the openshift docs.

Comment 11 Paul Gier 2017-01-25 14:12:51 UTC

I built a new image which hopefully has the correct permissions.  If you pull the latest middleware-manager image you should be able to test.

Comment 12 Viet Nguyen 2017-02-15 00:59:08 UTC

I'm able to launch in OSE3.4.

Comment 13 Viet Nguyen 2017-02-15 01:01:17 UTC

Created attachment 1250421 [details]
verified1

Comment 14 Viet Nguyen 2017-02-15 01:02:22 UTC

Created attachment 1250422 [details]
verified2

Note You need to log in before you can comment on or make changes to this bug.