Skip to content
This repository has been archived by the owner on Jun 10, 2020. It is now read-only.

Openshift deployment problem: entry point script error #23

Open
david-banko opened this issue Mar 7, 2019 · 1 comment
Open

Openshift deployment problem: entry point script error #23

david-banko opened this issue Mar 7, 2019 · 1 comment

Comments

@david-banko
Copy link

Hi everybody,

I was looking into deploying a mariadb galera cluster into our openshift. Starting from an older article from here, I found this repository.

Looking around and using the galera_k8s_v1.6.yml template, I made my own to test it (attached).
After container creation, I have the following output in the log:

+ CONTAINER_SCRIPTS_DIR=/usr/share/container-scripts/mysql
+ EXTRA_DEFAULTS_FILE=/etc/my.cnf.d/galera.cnf
+ '[' -z cat-risk-amp ']'
+ echo 'Galera: Finding peers'
Galera: Finding peers
++ hostname -f
++ cut -d. -f2
+ K8S_SVC_NAME=mariadb-galera
+ echo 'Using service name: mariadb-galera'
Using service name: mariadb-galera
+ cp /usr/share/container-scripts/mysql/galera.cnf /etc/my.cnf.d/galera.cnf
cp: cannot create regular file '/etc/my.cnf.d/galera.cnf': Permission denied

As I went through the script files, that are used for image creation, the permissions should be set correctly. Could you provide support? Did I overlooked something in the template, that need to be configured? Is this a bug?

The customized template 
kind: Template
apiVersion: v1
metadata:
  name: mariadb-stateful-set
  annotations:
    iconClass: "icon-mariadb"
    tags: "database,mariadb,replication"
parameters:
  - name: MYSQL_USER
    value: user
    required: true

  - name: MYSQL_PASSWORD
    value: user1234
    required: true

  - name: MYSQL_DATABASE
    value: userdb
    required: true

  - name: MYSQL_ROOT_PASSWORD
    value: root1234
    required: true

objects:
  - kind: Service
    apiVersion: v1
    metadata:
      annotations:
        service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
      name: mariadb-galera
      labels:
        app: mariadb
    spec:
      ports:
      - port: 3306
        name: mariadb
      clusterIP: None
      selector:
        app: mariadb
  - kind: StatefulSet
    apiVersion: apps/v1beta1
    metadata:
      name: mariadb
    spec:
      serviceName: "mariadb-galera"
      replicas: 2
      template:
        metadata:
          labels:
            app: mariadb
          annotations:
            pod.alpha.kubernetes.io/initialized: "true"
            # found this addition in one of the branches here
            pod.beta.kubernetes.io/init-containers: '[
                { 
                    "name": "mariadb-galera-prepare",
                    "image": "busybox",
                    "command": ["sh", "-c", "chown -R 27:27 /var/lib/mysql"],
                    "volumeMounts": [
                        {
                            "name": "datadir",
                            "mountPath": "/var/lib/mysql"
                        }
                    ]
                }
            ]'
        spec:
          containers:
          - name: mariadb
            image: adfinissygroup/k8s-mariadb-galera-centos:v004
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 3306
              name: mariadb
            - containerPort: 4444
              name: sst
            - containerPort: 4567
              name: replication
            - containerPort: 4568
              name: ist
            readinessProbe:
              exec:
                command:
                - /usr/share/container-scripts/mysql/readiness-probe.sh
              initialDelaySeconds: 15
              timeoutSeconds: 5
            volumeMounts:
            - name: datadir
              mountPath: /var/lib/mysql
              subPath: data
            env:
              - name: MYSQL_USER
                value: "${MYSQL_USER}"
              - name: MYSQL_PASSWORD
                value: "${MYSQL_PASSWORD}"
              - name: MYSQL_DATABASE
                value: "${MYSQL_DATABASE}"
              - name: MYSQL_ROOT_PASSWORD
                value: "${MYSQL_ROOT_PASSWORD}"
              - name: POD_NAMESPACE
                valueFrom:
                  fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
      volumeClaimTemplates:
      - metadata:
          name: datadir
        spec:
          accessModes: [ "ReadWriteOnce" ]
          resources:
            requests:
              storage: 1Gi
@david-banko
Copy link
Author

When trying to import the stateful set unmodified, I ran into a different error:

create Pod mysql-0 in StatefulSet mysql failed error: pods "mysql-0" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{27}: 27 is not an allowed group spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 27: must be in the ranges: [1003180000, 1003189999]]

It is still interesting, that with a customized template, the error came at a different step. I will try to work around the issue by using a different user than 27 for testing in our environment. some helpful comments or suggestions would still be appreciated.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@david-banko