Bug 2315733 - No permissions on the csi logs in csi-cephfsplugin-provisioner csi logs folder
Summary: No permissions on the csi logs in csi-cephfsplugin-provisioner csi logs folder
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: rook
Version: 4.17
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ODF 4.17.0
Assignee: Parth Arora
QA Contact: Yuli Persky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-30 18:30 UTC by Yuli Persky
Modified: 2024-10-30 14:36 UTC (History)
5 users (show)

Fixed In Version: 4.17.0-117
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-10-30 14:36:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github red-hat-storage rook pull 737 0 None open Bug 2315733: Csi fix logrotate downstream1 2024-10-01 10:14:22 UTC
Red Hat Issue Tracker OCSBZM-9340 0 None None None 2024-10-08 10:41:28 UTC
Red Hat Product Errata RHSA-2024:8676 0 None None None 2024-10-30 14:36:20 UTC

Description Yuli Persky 2024-09-30 18:30:10 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

When logging to the csi logs folder for the csi-cephfsplugin-provisioner pods - there are no permissions to view files permissions and also no permissions to write to files as following: 

(39venv) ypersky@ibm-p8-kvm-03-guest-02:~/ocs-ci$ oc exec -it csi-cephfsplugin-provisioner-6754488b5d-fj49f -c log-collector sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
sh-5.1# cd /var/lib/rook/openshift-storage.cephfs.csi.ceph.com/log/controller-plugin/
sh-5.1# ls
csi-addons.log	csi-cephfsplugin.log
sh-5.1# ls -lart
ls: cannot access 'csi-cephfsplugin.log': Permission denied
ls: cannot access 'csi-addons.log': Permission denied
total 0
-?????????? ? ?    ?     ?            ? csi-cephfsplugin.log
-?????????? ? ?    ?     ?            ? csi-addons.log
drwxr-xr-x. 2 root root 56 Sep 29 17:10 .
drwxr-xr-x. 3 root root 31 Sep 29 17:10 ..
sh-5.1# exit
exit
command terminated with exit code 1

However, it does not happen in csi-cephfsplugin pods. 


Version of all relevant components (if applicable):

OCP versions
        ==============

                clientVersion:
                  buildDate: "2023-11-28T03:55:31Z"
                  compiler: gc
                  gitCommit: 3b3f931a46f44b4e6fdf8630cb45dbbfc108239e
                  gitTreeState: clean
                  gitVersion: 4.15.0-202311280332.p0.g3b3f931.assembly.stream-3b3f931
                  goVersion: go1.20.10 X:strictfipsruntime
                  major: ""
                  minor: ""
                  platform: linux/amd64
                kustomizeVersion: v5.0.4-0.20230601165947-6ce0bf390ce3
                openshiftVersion: 4.17.0-0.nightly-2024-09-27-213503
                releaseClientVersion: 4.15.0-ec.3
                serverVersion:
                  buildDate: "2024-09-24T14:58:41Z"
                  compiler: gc
                  gitCommit: df13a304aedc78650570fc11b83b81fb865c1938
                  gitTreeState: clean
                  gitVersion: v1.30.4
                  goVersion: go1.22.5 (Red Hat 1.22.5-1.el9) X:strictfipsruntime
                  major: "1"
                  minor: "30"
                  platform: linux/amd64
                
                
                Cluster version:

                NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
                version   4.17.0-0.nightly-2024-09-27-213503   True        False         25h     Cluster version is 4.17.0-0.nightly-2024-09-27-213503
                


OCS versions
        ==============

                NAME                                         DISPLAY                            VERSION             REPLACES   PHASE
                cephcsi-operator.v4.17.0-111.stable          CephCSI operator                   4.17.0-111.stable              Succeeded
                mcg-operator.v4.17.0-111.stable              NooBaa Operator                    4.17.0-111.stable              Succeeded
                ocs-client-operator.v4.17.0-111.stable       OpenShift Data Foundation Client   4.17.0-111.stable              Succeeded
                ocs-operator.v4.17.0-111.stable              OpenShift Container Storage        4.17.0-111.stable              Succeeded
                odf-csi-addons-operator.v4.17.0-111.stable   CSI Addons                         4.17.0-111.stable              Succeeded
                odf-operator.v4.17.0-111.stable              OpenShift Data Foundation          4.17.0-111.stable              Succeeded
                odf-prometheus-operator.v4.17.0-111.stable   Prometheus Operator                4.17.0-111.stable              Succeeded
                recipe.v4.17.0-111.stable                    Recipe                             4.17.0-111.stable              Succeeded
                rook-ceph-operator.v4.17.0-111.stable        Rook-Ceph                          4.17.0-111.stable              Succeeded
                
                ODF (OCS) build :                     full_version: 4.17.0-111
                
        Rook versions
        ===============

                2024/09/30 18:21:14 maxprocs: Leaving GOMAXPROCS=16: CPU quota undefined
                rook: v4.17.0-0.d49443ce57418ba095406a5695355901aab01fba
                go: go1.22.5 (Red Hat 1.22.5-1.el9)
                
        Ceph versions
        ===============

                ceph version 18.2.1-229.el9cp (ef652b206f2487adfc86613646a4cac946f6b4e0) reef (stable)


 Ceph-CSI versions
        ===================

                csi-cephfsplugin-jvcth:
                        driver-registrar:
                           Version: v4.17.0-202409182235.p0.g436a1f3.assembly.stream.el9-0-g290ed92-dirty
                        csi-cephfsplugin:
                           Driver version: release-4.17 and Git version: 79eb51d2769382456461f720ade767cf54dc66a9
                        log-collector:
                csi-cephfsplugin-provisioner-75d98dc76-2dm9b:
                        csi-attacher:
                        csi-snapshotter:
                           Version: v4.17.0-202409182235.p0.gaa558ca.assembly.stream.el9-0-gbc9fc6b-dirty
                        csi-resizer:
                        csi-provisioner:
                           Version: v4.17.0-202409182235.p0.gfe460e5.assembly.stream.el9-0-gc82e2a1-dirty
                        csi-cephfsplugin:
                           Driver version: release-4.17 and Git version: 79eb51d2769382456461f720ade767cf54dc66a9
                        csi-addons:
                        log-collector:
                csi-cephfsplugin-provisioner-75d98dc76-bpcjb:
                        csi-attacher:
                        csi-snapshotter:
                           Version: v4.17.0-202409182235.p0.gaa558ca.assembly.stream.el9-0-gbc9fc6b-dirty
                        csi-resizer:
                        csi-provisioner:
                           Version: v4.17.0-202409182235.p0.gfe460e5.assembly.stream.el9-0-gc82e2a1-dirty
                        csi-cephfsplugin:
                           Driver version: release-4.17 and Git version: 79eb51d2769382456461f720ade767cf54dc66a9
                        csi-addons:
                        log-collector:
                csi-cephfsplugin-ss27h:
                        driver-registrar:
                           Version: v4.17.0-202409182235.p0.g436a1f3.assembly.stream.el9-0-g290ed92-dirty
                        csi-cephfsplugin:
                           Driver version: release-4.17 and Git version: 79eb51d2769382456461f720ade767cf54dc66a9
                        log-collector:
                csi-cephfsplugin-wtmdj:
                        driver-registrar:
                           Version: v4.17.0-202409182235.p0.g436a1f3.assembly.stream.el9-0-g290ed92-dirty
                        csi-cephfsplugin:
                           Driver version: release-4.17 and Git version: 79eb51d2769382456461f720ade767cf54dc66a9
                        log-collector:




Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Yes, I cannot view log files. 

Is there any workaround available to the best of your knowledge?
No 


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?

2

Can this issue reproducible?
Yes 


Can this issue reproduce from the UI?
No

If this is a regression, please provide more details to justify this:
N/A 

Steps to Reproduce:

step #1 :run oc exec -it csi-cephfsplugin-<pod index>-c log-collector sh     
step #2 cd /var/lib/rook/openshift-storage.cephfs.csi.ceph.com/log/node-plugin   ( location of all the csi log files per pod) 
step#3 run ls -lart

Actual results:

sh-5.1# ls -lart
ls: cannot access 'csi-cephfsplugin.log': Permission denied
ls: cannot access 'csi-addons.log': Permission denied
total 0
-?????????? ? ?    ?     ?            ? csi-cephfsplugin.log
-?????????? ? ?    ?     ?            ? csi-addons.log
drwxr-xr-x. 2 root root 56 Sep 29 17:10 .
drwxr-xr-x. 3 root root 31 Sep 29 17:10 ..
sh-5.1# 

Expected results:

User root should have permissions in the logs directory. 

Additional info:
Link to must gather logs will be posted in the next comment.
Comment 6 Sunil Kumar Acharya 2024-10-08 13:17:11 UTC 
Please update the RDT flag/text appropriately.
Comment 8 errata-xmlrpc 2024-10-30 14:36:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:8676
Note You need to log in before you can comment on or make changes to this bug.