-
Notifications
You must be signed in to change notification settings - Fork 590
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] add volume attribute for filesystem owner #1165
Comments
I have this issue also when running containers using a non-root limited access user. I have tried setting the Security Context however that did not get me far. The above post is very useful and I will give the workaround a try. However this would be a useful feature as root shouldn't be the default user in a container and I would expect many people to hit this once Longhorn is released and used widely in Enterprise. |
This might be the issue with my Mongodb instances. It's randomly after we take a snapshot or backup where the pod crashes and can not start backup because a file is locked and the user trying to access it can not remove the lock. As soon as I delete the pod, mongo starts up perfectly. Does anyone else have this problem? |
@virus2016 I am not sure you're experiencing the same issue here. Can you file a bug and provide the reproduce steps? If you can send us a support bundle (see the footer of UI) that would be even better. |
I'm definitely experiencing the same issue. For other folks who hit this, the fix for me was just setting |
Yes I will do. After a couple of weeks looking into this, it is definitely an issue with permissions specifically longhorn. I have run 3 deployments of mongodb replica as:
I am using the rancher mongodb replica template in apps. All run perfect apart from longhorn. At a random time, one mongodb pod with longhorn attached storage gets into a crash loop with the following:
Soon after the other pods follow. I have create the issue #1909. Thanks for your help so far - I love Longhorn! |
@dmayle Could you please share your workaround? Longhorn definitely is not respecting |
Is your feature request related to a problem? Please describe.
When provisioning volumes (dynamically or otherwise), they are unusable in non-root containers because the default ownership is root:root 755. This means that volumes used this way require additional configuration steps in order to be usable by non-root containers
Describe the solution you'd like
I'd like to see a CSI volume attribute added that can be used to set the initial ownership and permissions, something like 'initialOwner' and 'initialPermissions'.
Describe alternatives you've considered
I have a workaround where I use an init container to check if the volume is empty, and then set the permissions.
Additional context
The initial format happens in https://github.com/longhorn/longhorn-manager/blob/master/csi/node_server.go#L81 , where k8s.io/util/mount is used to transparently format the volume on first mount. Since this package neither supports this feature, nor reports back on whether or not it had to format the volume, the package would either have to be changed, or an alternative implementation would be required.
The source that matters in k8s.io/util/mount is:
The text was updated successfully, but these errors were encountered: