Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1567182 - Curator image "logging-curator:v3.7" created as user nobody
Summary: Curator image "logging-curator:v3.7" created as user nobody
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.7.z
Assignee: Josef Karasek
QA Contact: Anping Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-13 14:09 UTC by Alejandro Coma
Modified: 2021-06-10 15:49 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-18 15:02:08 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Alejandro Coma 2018-04-13 14:09:15 UTC
Description of problem:
When we try to deploy logging on Openshift 3.7 using image registry.access.redhat.com/openshift3/logging-curator:v3.7 it finished on CreateContainerConfigError and showning an error identifying user to start container:

  3m		1m		10	kubelet, servername.serverdomain	spec.containers{curator}	Warning		Failed			Error: container has runAsNonRoot and image has non-numeric user (nobody), cannot verify user is non-root

Version-Release number of selected component (if applicable):
3.7.23

How reproducible:
Always, when "runAsNonRoot"

Steps to Reproduce:
1. Try to deploy logging in an OCP 3.7 cluster.

Actual results:
Curator container does not start due to: "Error: container has runAsNonRoot and image has non-numeric user (nobody), cannot verify user is non-root"

Expected results:
Curator container started normally. Image should be generated using a numeric user as stated in https://docs.openshift.com/container-platform/3.9/creating_images/guidelines.html#openshift-specific-guidelines

Additional info:

Variables passed to the playbook:
openshift_logging_install_logging=true
openshift_logging_storage_kind=nfs
openshift_logging_storage_access_modes=['ReadWriteOnce']
openshift_logging_storage_nfs_directory=/exports
openshift_logging_storage_nfs_options='*(rw,root_squash)'
openshift_logging_storage_volume_name=logging
openshift_logging_storage_volume_size=10Gi
openshift_logging_storage_labels={'storage': 'logging'}
openshift_logging_kibana_hostname=hostname.domain
openshift_logging_es_cluster_size=1
openshift_logging_image_prefix=registry.access.redhat.com/openshift3/

Comment 2 Josef Karasek 2018-04-18 15:02:08 UTC
This was fixed in a consequent curator release.
The latest v3.7.z curator tag as of now is v3.7.42-2[1].
Please advice the customer to upgrade.

[1]https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/logging-curator/images/v3.7.42-2


Note You need to log in before you can comment on or make changes to this bug.