Resolving Linux permission issues within OpenShift persistent volumes

Solution Verified - Updated -

Issue

After running a Pod with the anyuid SCC, there are Linux (Discressionary Access Control) permission issues stopping Pods from starting correctly with the error message Access denied, Permission denied or Operation not supported when accessing persistent storage.

The logs below are an example of a PostgreSQL instance but can be relevant for applications that are having their SCC restricted to no longer allow UID changes.

This results with the owner of files within the attached volume differing from the provided UID from OpenShift and applications cannot access these files.

2020-07-14 04:21:39,637 ERROR: Exception during execution of long running task restarting after failure
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/patroni/async_executor.py", line 97, in run
    wakeup = func(*args) if args else func()
  File "/usr/local/lib/python3.6/site-packages/patroni/postgresql/__init__.py", line 720, in follow
    self.config.write_recovery_conf(recovery_params)
  File "/usr/local/lib/python3.6/site-packages/patroni/postgresql/config.py", line 752, in write_recovery_conf
    os.chmod(self._recovery_conf, stat.S_IWRITE | stat.S_IREAD)
PermissionError: [Errno 1] Operation not permitted: '/pgdata/wbh-cluster-qa/recovery.conf'

Environment

OpenShift 4.x with Persistent Volumes

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In