Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1419213 - [dev-preview-stg] Unable to perform 'oc run' on mysql-55-centos7 image in Online environment
Summary: [dev-preview-stg] Unable to perform 'oc run' on mysql-55-centos7 image in On...
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Image
Version: 3.x
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Abhishek Gupta
QA Contact: Wang Haoran
Depends On:
TreeView+ depends on / blocked
Reported: 2017-02-03 23:43 UTC by Chris Ryan
Modified: 2017-04-05 20:53 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-04-05 20:53:04 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Chris Ryan 2017-02-03 23:43:16 UTC
Description of problem:
Unable to run mysql image on STG, logs show 'permission denied' when creating a docker volume

Version-Release number of selected component (if applicable):
Online STG

How reproducible:

Steps to Reproduce:
1. Create a project
2. Perform 'oc run' on the mysql-55-centos7 image:
oc run mytest --image=openshift/mysql-55-centos7:latest --env=MYSQL_USER=test,MYSQL_PASSWORD=redhat,MYSQL_DATABASE=testdb

Actual results:

 Failed to create docker container "mytest" of pod "mytest-1-ykjek_8hne0(72217d99-ea69-11e6-9571-0eaa067b1713)" with error: Error response from daemon: {"message":"create db4cc4e6e130663a9407bf23cab3c84eb404ac6adfb65659f60519881a5c1b3c: mkdir /var/lib/docker/volumes/db4cc4e6e130663a9407bf23cab3c84eb404ac6adfb65659f60519881a5c1b3c: permission denied"} 

Expected results:
Pod runs successfully 

Additional info:

Comment 1 Ben Parees 2017-02-04 00:36:13 UTC
working as designed as far as i know... the image defines a VOLUME and since you didn't map the volume to a real openshift volume, docker tried to create a local host volume which is forbidden in online.

now i did think we were going to have a "better" solution in online so that such images would not just fail when used like this, but abhishek would have to speak to that if it ever happened.

Comment 2 Abhishek Gupta 2017-02-06 15:48:14 UTC
As Ben mentioned in the first part of his Comment 1, this is working as designed. 

With regards to the better solution, that is currently awaiting some fixes to the docker package that we ship. Once those changes go in, we should be able to allow such containers to be created and simply ignore the volumes. In such cases, the data being written to those directories (VOLUME paths) will be written to the container's top r/w layer (CoW).

Comment 3 Chris Ryan 2017-02-07 00:41:00 UTC
Thanks, I've updated our test case to reflect this, and uses 'oc new-app' instead of 'oc run' to use in the online environment.

Note You need to log in before you can comment on or make changes to this bug.