Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Database does not start due to Permission denied #47

Open
grzesuav opened this issue Sep 3, 2024 · 2 comments
Open

[Bug] Database does not start due to Permission denied #47

grzesuav opened this issue Sep 3, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@grzesuav
Copy link

grzesuav commented Sep 3, 2024

Current Behavior

I added pvc with following settings

pvc:
  ## @param pvc.enabled Specify whether to use persistentVolumeClaim or EmptyDir storage
  enabled: true
  ## @param pvc.annotations [object] Annotations to add to the persistentVolumeClaim
  annotations: {}
  ## @param pvc.storage Storage size to request for the persistentVolumeClaim
  storage: 5Gi
  ## @param pvc.accessModes Access mode for the persistentVolumeClaim. See: [Access Modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)
  accessModes:
    - ReadWriteOnce
  ## @param pvc.selector [object] Selector for the persistentVolumeClaim. See: [Selector](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)
  selector: {}
  ## @param pvc.storageClassName [string, nullable] The name of the StorageClass for the persistentVolumeClaim. See: [Class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)
  # storageClassName:
  storageClassName: "managed-csi"

and cryostat does not start, issue is with cryostat-db container -

❯ k logs cryostat-dbb678dd9-g7lzd -c cryostat-db
mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied

in the deployment

      volumes:
      - name: cryostat
        persistentVolumeClaim:
          claimName: cryostat

and in cryostat-db container

        volumeMounts:
        - mountPath: /var/lib/pgsql/data
          name: cryostat
          subPath: postgres

I believe some file ownership should be changed ?

Expected Behavior

Cryostat start succesfully

Steps To Reproduce

No response

Environment

- OS: 
- Environment: 
- Version:

Anything else?

No response
@grzesuav grzesuav added the bug Something isn't working label Sep 3, 2024
@andrewazores
Copy link
Member

Thanks @grzesuav , we just noticed this internally at the end of last week as well. It looks like a package change on the container base image side.

In the meantime, you can try rolling back to an earlier database container version:

https://quay.io/repository/cryostat/cryostat-db?tab=tags

ex.

$ helm install cryostat --set pvc.enabled=true --set db.image.tag=2024-08-19 ./charts/cryostat/

@andrewazores andrewazores changed the title [Bug] Cryostat does not start when PV is configured [Bug] Database does not start due to Permission denied Sep 3, 2024
@andrewazores andrewazores transferred this issue from cryostatio/cryostat-helm Sep 3, 2024
@andrewazores
Copy link
Member

Sorry, actually the bug that my colleague spotted last week was in the downstream equivalent container build, which works a bit differently from the upstream one. The root cause is therefore different and isn't actually the same bug, it's just that both manifest as '/var/lib/pgsql/data/userdata': Permission denied.

For this case, maybe it has to do with the security context and fsGroup of the container?

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

https://github.com/cryostatio/cryostat-helm/blob/61cf6a015f182c333b87a2ed385fc787746aee10/charts/cryostat/values.yaml#L93

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewazores @grzesuav