-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCP 4.8 nfs-provisioner permissions applied to wrong name space #247
Comments
I have deployed a cluster using the existing automation that has "openstack_blockstorage_volume_v2" resource and it seems to work well. The nfs-storage-volume is also created. |
@aishwaryabk I'm using a clean install of PvC 2.0.2 without any "add-ons" and using the Cinder v2 interface fails in my environment. Based on documentation I believe the official cinder api version in PvC 2.x is v3? I observed one other issue preventing successful OCP deploy - image registry POD fails - because PV is not created from NFS provisioner. One reason I believe is the above security name space mismatch, but another issue is incorrect permissions on the created "/export" directory which is owned be root after deploy and NOT set to 777. |
I tried to run my deployment on Windows as well. However, I am not facing any such issues. |
Here the var.tf I'm [using |
@dannert our PowerVC 2.0 supports both v2 and v3 cinder endpoints hence we are not facing the error. Going forward we should extend the volume resource to support v3. However I am not sure why in your case it is using default namespace, that is something we need to debug. I doubt it is because of the cinder api version.. Again, we are using helpernode for configuring the nfs-provisioner. |
@yussufsh Re the "name space" that was the first thing I changed based on feedback from a colleague. As it did still not work after that I changed the permissions and then it worked. So, at this time I can not state with confidence if the wrong name space was in place or not after deploy. |
Deployed OCP 4.8 on POWER.
Fixed the incorrect Cinder api version from v2 to v3 before deploy to work with PowerVC 2.0.2 - see other open issue.
After deploy NFS provisioning does not work correctly and PV is not automatically created when creating a PVC -->
POD image-registry-xxx fails as PVC is created, but PV is not.
Issue is that permissions are assigned into "default" name space for nfs-provisioner instead of the nfs-provisioner name space.
To manually fix after deploy I ran:
oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:nfs-provisioner:nfs-client-provisioner
After that change, PVs are correctly created and bound and the POD image-registry-xxx runs correctly and PV shows up in NFS export directory on bastion.
The text was updated successfully, but these errors were encountered: