BZ#1601757 - added considerations for using MySQL and PostgreSQL with azure file #10930
Conversation
openshift-ci-robot
added
the
size/S
|
@tanaka-takayoshi PTAL |
|
@gaurav-nelson It looks good for me. However, I'd like some MySQL/PostgreSQL expert to review it. If you know suitable persons, please let them know.
|
|
@hhorak |
openshift-bot
added
the
needs-rebase
|
The preview will be availble shortly at:
|
|
@tanaka-takayoshi The data of the database shouldn't be readable by others, and also the executable flag is not necessary for files. The group read-write is used for cases when user specifies a random UID, docker sets GUID to 0. So, if this trick with GUID 0 is not necessary, I'd say what should be enough is directory permission 0700 and file permission 0600 -- at least that should be enough if the container runs with the same UID as the volume directory. I'm not able to verify though, whether this is working for the NFS/Azure use case, that's something way beyond my ability to check. |
|
@hhorak Thaks for that. |
gaurav-nelson
force-pushed
the
bug1601757-fixes
branch
from
96c3b9d
to
f193629
Compare
openshift-bot
removed
the
needs-rebase
openshift-ci-robot
added
size/M
|
Thanks @tanaka-takayoshi @hhorak |
gaurav-nelson
added
the
peer-review-needed
| .Considerations when using MySQL and PostgresSQL with Azure file | ||
| * The owner UID of the Azure File mounted directory is different from the UID of a container. | ||
| * Both MySQL and PostgreSQL containers change the file owner permission in the mounted directory. Because of the mismatch between the owner UID and container process UID, this operation fails. Therefore to run MySQL with Azure File: | ||
| ** Specify the UID in `runAsUser` variable in the pod specification file. |
There was a problem hiding this comment.
s/in runAsUser variable/in the runAsUser variable
| securityContext: | ||
| runAsUser: 1000125000 | ||
| ---- | ||
| ** Specify the `uid` in mount options: |
There was a problem hiding this comment.
Is this also in the pod spec? And because consistency, maybe:
Specify the UID in the mountOptions stanza [in the pod specification file?]:
| - gid=0 | ||
| ---- | ||
|
|
||
| * Azure File does not support link:https://docs.microsoft.com/en-us/rest/api/storageservices/features-not-supported-by-the-azure-file-service[symbolic link]. Therefore when PostgreSQL creates a symbolic link in the Azure File directory, the pod fails to start. |
There was a problem hiding this comment.
This makes it sound like it will happen and there's nothing you can do about it. Should it be "If PostgreSQL creates a symbolic link, the pod will fail"? Is there a way around this?
|
@gaurav-nelson I made some comments and asked some tough questions... |
kalexand-rh
added
peer-review-done
gaurav-nelson
force-pushed
the
bug1601757-fixes
branch
from
f193629
to
90669ca
Compare
|
@gaurav-nelson - added enterprise-3.11 as a reminder. |
gaurav-nelson
force-pushed
the
bug1601757-fixes
branch
from
90669ca
to
a7c0fe3
Compare
|
Updated for PostgreSql based on sclorg/postgresql-container#286 (comment) |
|
/cherrypick enterprise-3.9 |
|
/cherrypick enterprise-3.10 |
|
/cherrypick enterprise-3.11 |
|
@gaurav-nelson: new pull request created: #11375 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@gaurav-nelson: new pull request created: #11376 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@gaurav-nelson: new pull request created: #11377 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
For https://bugzilla.redhat.com/show_bug.cgi?id=1601757