Bug 1420539 - Unable to set Supplemental Groups or fsGroup for Elasticsearch via logging deployer.
Summary: Unable to set Supplemental Groups or fsGroup for Elasticsearch via logging de...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Jeff Cantrill
QA Contact: Xia Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-08 22:28 UTC by Ryan Howe
Modified: 2020-03-11 15:46 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-09 14:46:32 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Ryan Howe 2017-02-08 22:28:47 UTC
Description of problem:

There is not easy way with via the deployer to set Supplemental Groups or fsGroup. These would need to be manually added after a deploy. In which case the deploy would fail because it does not have permissions to write to the PV that is attached. 

https://docs.openshift.com/container-platform/3.4/install_config/persistent_storage/pod_security_context.html#install-config-persistent-storage-pod-security-context

Comment 1 Ryan Howe 2017-02-09 14:46:32 UTC
Closing as not a bug, the following can be set in ansible: 

openshift_logging_es_storage_group


Which set this value in es templates

https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_logging/templates/es.j2#L31-L32

Comment 2 Jeff Cantrill 2017-02-09 15:02:39 UTC
Note this variable officially applies to using ansible with 3.5 deployments only.  You can try to use the same role with 3.4, but the official supported option is through the deployer or the associated 3.4 openshift_hosted_logging role.  In 3.4, you can set the STORAGE_GROUPS env var and it will be substituted in the template for ElasticSearch

Comment 3 Jeff Cantrill 2017-02-09 15:12:37 UTC
The deployer var for reference: https://github.com/openshift/origin-aggregated-logging/blob/v1.4.1/deployer/templates/es.yaml#L48


Note You need to log in before you can comment on or make changes to this bug.