Description of problem: Unable to run mysql image on STG, logs show 'permission denied' when creating a docker volume Version-Release number of selected component (if applicable): Online STG 3.4.1.2 How reproducible: Steps to Reproduce: 1. Create a project 2. Perform 'oc run' on the mysql-55-centos7 image: oc run mytest --image=openshift/mysql-55-centos7:latest --env=MYSQL_USER=test,MYSQL_PASSWORD=redhat,MYSQL_DATABASE=testdb Actual results: Failed to create docker container "mytest" of pod "mytest-1-ykjek_8hne0(72217d99-ea69-11e6-9571-0eaa067b1713)" with error: Error response from daemon: {"message":"create db4cc4e6e130663a9407bf23cab3c84eb404ac6adfb65659f60519881a5c1b3c: mkdir /var/lib/docker/volumes/db4cc4e6e130663a9407bf23cab3c84eb404ac6adfb65659f60519881a5c1b3c: permission denied"} Expected results: Pod runs successfully Additional info:
working as designed as far as i know... the image defines a VOLUME and since you didn't map the volume to a real openshift volume, docker tried to create a local host volume which is forbidden in online. now i did think we were going to have a "better" solution in online so that such images would not just fail when used like this, but abhishek would have to speak to that if it ever happened.
As Ben mentioned in the first part of his Comment 1, this is working as designed. With regards to the better solution, that is currently awaiting some fixes to the docker package that we ship. Once those changes go in, we should be able to allow such containers to be created and simply ignore the volumes. In such cases, the data being written to those directories (VOLUME paths) will be written to the container's top r/w layer (CoW).
Thanks, I've updated our test case to reflect this, and uses 'oc new-app' instead of 'oc run' to use in the online environment.