kube-arangodb icon indicating copy to clipboard operation
kube-arangodb copied to clipboard
verified publisher icon arangodb

OpenShift: Persmission denied on /var/lib/arrangodb3*

Open vpavlin opened this issue 7 years ago • 1 comments

Hi,

I am working on deploying ArangoDB on our OpenShift cluster and everything looks great up to the point where I try to create a database at which point I get:

2018-11-21T09:38:54Z [1] ERROR unable to create application directory '/var/lib/arangodb3-apps/_db/test' for database 'test': failed to create directory '/var/lib/arangodb3-apps/_db/test': Permission denied

I tracked the issue down to missing -R in https://github.com/vpavlin/arangodb-docker/blob/official/Dockerfile34.templ#L46-L47

I am just creating this issue as a tracker (as the missing argument causes issue with the operator), I've filed issue (and will probably provide a PR)

I have filed issue on arangodb-docker: https://github.com/arangodb/arangodb-docker/issues/57 And provided a PR: https://github.com/arangodb/arangodb-docker/pull/58

vpavlin avatar Nov 21 '18 12:11 vpavlin

I can still reproduce the same issue using Kubernetes, the single nodes drop all Linux capabilities, the main reason because the capability DAC_OVERRIDE is dropped as well:

securityContext:
      capabilities:
        drop:
        - all


root@test-76c67d987c-pncbc:/# touch  /var/lib/arangodb3-apps/_db/s
touch: cannot touch '/var/lib/arangodb3-apps/_db/s': Permission denied

The issue is still reproduced even if I am not using the Arango Deployment operator, as long as all capabilities are dropped, if I drop all capabilities in the YAML and add DAC_OVERRIDE, the issue does not occur.

omarmohsen avatar Dec 18 '19 14:12 omarmohsen