You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "necipakca (via GitHub)" <gi...@apache.org> on 2023/02/11 21:13:20 UTC
[GitHub] [solr-operator] necipakca opened a new issue, #523: Permissions problem with pvc block device
necipakca opened a new issue, #523:
URL: https://github.com/apache/solr-operator/issues/523
When I tried to start solrcloud on our k8s system with Huawei CSI pvc. Pod can not start due to file system permissions problem. It can not write files to the data volume.
I can solve the issue with initContainer ;
initContainers:
- name: busybox
image: busybox:1.28.0-glibc
command:
- "/bin/sh"
- "-c"
- "mkdir -p /var/solr/data && chown -R 8983:8983 /var/solr/data && chmod -R 770 /var/solr/"
volumeMounts:
- mountPath: /var/solr/data
name: data
securityContext:
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] necipakca commented on issue #523: Permissions problem with pvc block device
Posted by "necipakca (via GitHub)" <gi...@apache.org>.
necipakca commented on issue #523:
URL: https://github.com/apache/solr-operator/issues/523#issuecomment-1428435356
Current Images :
apache/solr-operator:v0.6.0
solr:8.11.2
Permissions are without the initContainer like ;
ls -lah /var/solr/
drwxr-xr-x 3 root root 4.0K Feb 13 18:08 .
drwxr-xr-x 1 root root 4.0K Feb 13 18:08 ..
drwxr-xr-x 3 root root 4.0K Feb 13 18:08 data
ls -lah /var/solr/data
drwxr-xr-x 3 root root 4.0K Feb 13 18:08 .
drwxr-xr-x 3 root root 4.0K Feb 13 18:08 ..
drwx------ 2 root root 16.0K Feb 13 18:08 lost+found
-rw-r-xr-- 1 root root 979 Feb 13 18:08 solr.xml
May be it can be related with our block storage CSI plugin, it comes always with root:root at default when it mounted.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] necipakca commented on issue #523: Permissions problem with pvc block device
Posted by "necipakca (via GitHub)" <gi...@apache.org>.
necipakca commented on issue #523:
URL: https://github.com/apache/solr-operator/issues/523#issuecomment-1459589749
> Have you tried this? [Huawei/eSDK_K8S_Plugin#68 (comment)](https://github.com/Huawei/eSDK_K8S_Plugin/issues/68#issuecomment-1164104357)
Yes this solved the problem 👍
After created the csidriver resource current permissions like ;
solr@solr-solrcloud-0:/var/solr$ ls -lah
total 36K
drwxrwx---. 4 solr root 4.0K Mar 8 05:51 .
drwxr-xr-x. 1 root root 4.0K Feb 1 22:21 ..
drwxrwsr-x. 5 root solr 4.0K Mar 8 05:52 data
-rw-rw----. 1 solr root 3.5K Feb 1 22:21 log4j2.xml
drwxrwx---. 2 solr root 4.0K Mar 8 05:51 logs
I am kindly closing the issue. Thanks a lot 👍
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] HoustonPutman commented on issue #523: Permissions problem with pvc block device
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman commented on issue #523:
URL: https://github.com/apache/solr-operator/issues/523#issuecomment-1428316633
Are you using the default Solr image? because /var/solr should hopefully already come with those permissions...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] necipakca closed issue #523: Permissions problem with pvc block device
Posted by "necipakca (via GitHub)" <gi...@apache.org>.
necipakca closed issue #523: Permissions problem with pvc block device
URL: https://github.com/apache/solr-operator/issues/523
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] HoustonPutman commented on issue #523: Permissions problem with pvc block device
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman commented on issue #523:
URL: https://github.com/apache/solr-operator/issues/523#issuecomment-1458512616
Actually I was misremembering and we already use `securityContext.fsGroup`, so this should be behaving correctly...
Have you tried this? https://github.com/Huawei/eSDK_K8S_Plugin/issues/68#issuecomment-1164104357
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] HoustonPutman commented on issue #523: Permissions problem with pvc block device
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman commented on issue #523:
URL: https://github.com/apache/solr-operator/issues/523#issuecomment-1458501425
> May be it can be related with our block storage CSI plugin, it comes always with root:root at default when it mounted.
Yeah that seems like an issue for sure.
It looks like the new SecurityContext feature will allow for better changing of permissions for volumes: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
And the [Huawei CSI Driver](https://github.com/Huawei/eSDK_K8S_Plugin/blob/2fd90dfe15656974f8f479ee6efa58082be0d5a6/csi/driver/node.go#L250) does not implement the [VOLUME_MOUNT_GROUP](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#delegating-volume-permission-and-ownership-change-to-csi-driver) NodeServiceCapability which seems to be a good thing.
So maybe we just need to use the new SecurityContext feature, though it will be hard for me to test this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org