Resolving Linux permission issues within OpenShift persistent volumes
Issue
After running a Pod with the anyuid
SCC, there are Linux (Discressionary Access Control) permission issues stopping Pods from starting correctly with the error message Access denied
, Permission denied
or Operation not supported
when accessing persistent storage.
The logs below are an example of a PostgreSQL instance but can be relevant for applications that are having their SCC restricted to no longer allow UID changes.
This results with the owner of files within the attached volume differing from the provided UID from OpenShift and applications cannot access these files.
2020-07-14 04:21:39,637 ERROR: Exception during execution of long running task restarting after failure
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/patroni/async_executor.py", line 97, in run
wakeup = func(*args) if args else func()
File "/usr/local/lib/python3.6/site-packages/patroni/postgresql/__init__.py", line 720, in follow
self.config.write_recovery_conf(recovery_params)
File "/usr/local/lib/python3.6/site-packages/patroni/postgresql/config.py", line 752, in write_recovery_conf
os.chmod(self._recovery_conf, stat.S_IWRITE | stat.S_IREAD)
PermissionError: [Errno 1] Operation not permitted: '/pgdata/wbh-cluster-qa/recovery.conf'
Environment
OpenShift 4.x with Persistent Volumes
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.