InfluxDB2 fails to start on Openshift using the restricted-v2 Security Context Constraint
strigie opened this issue · 0 comments
Cloning the this github repo, packaging the influxdb2 chart and trying to deploy it onto Openshift 4.12 using a regular user will result in the Pod running with the restricted-v2 SCC which will fail due to permission errors:
chmod: changing permissions of '/var/lib/influxdb2': Operation not permitted
chmod: changing permissions of '/var/lib/influxdb2': Operation not permitted
chmod: changing permissions of '/etc/influxdb2': Operation not permitted
bolt-path: /var/lib/influxdb2/influxd.bolt
engine-path: /var/lib/influxdb2/engine
nats-port: 4222
http-bind-address: :9999
2023-04-14T14:48:33.162501493Z info booting influxd server in the background {"system": "docker"}
ts=2023-04-14T14:48:33.247377Z lvl=info msg="Welcome to InfluxDB" log_id=0hC3fjsl000 version=v2.6.1 commit=9dcf880fe0 build_date=2022-12-29T15:53:07Z log_level=info
ts=2023-04-14T14:48:33.247405Z lvl=warn msg="nats-port argument is deprecated and unused" log_id=0hC3fjsl000
ts=2023-04-14T14:48:33.257411Z lvl=info msg="Resources opened" log_id=0hC3fjsl000 service=bolt path=/var/lib/influxdb2/influxd.bolt
ts=2023-04-14T14:48:33.257482Z lvl=info msg="Resources opened" log_id=0hC3fjsl000 service=sqlite path=/var/lib/influxdb2/influxd.sqlite
ts=2023-04-14T14:48:33.259495Z lvl=info msg="Bringing up metadata migrations" log_id=0hC3fjsl000 service="KV migrations" migration_count=20
ts=2023-04-14T14:48:33.455976Z lvl=info msg="Bringing up metadata migrations" log_id=0hC3fjsl000 service="SQL migrations" migration_count=8
ts=2023-04-14T14:48:33.547961Z lvl=info msg="Using data dir" log_id=0hC3fjsl000 service=storage-engine service=store path=/var/lib/influxdb2/data
ts=2023-04-14T14:48:33.550539Z lvl=info msg="Compaction settings" log_id=0hC3fjsl000 service=storage-engine service=store max_concurrent_compactions=8 throughput_bytes_per_second=50331648 throughput_bytes_per_second_burst=50331648
ts=2023-04-14T14:48:33.550556Z lvl=info msg="Open store (start)" log_id=0hC3fjsl000 service=storage-engine service=store op_name=tsdb_open op_event=start
ts=2023-04-14T14:48:33.550611Z lvl=info msg="Open store (end)" log_id=0hC3fjsl000 service=storage-engine service=store op_name=tsdb_open op_event=end op_elapsed=0.056ms
ts=2023-04-14T14:48:33.550636Z lvl=info msg="Starting retention policy enforcement service" log_id=0hC3fjsl000 service=retention check_interval=30m
ts=2023-04-14T14:48:33.550645Z lvl=info msg="Starting precreation service" log_id=0hC3fjsl000 service=shard-precreation check_interval=10m advance_period=30m
ts=2023-04-14T14:48:33.554861Z lvl=info msg="Starting query controller" log_id=0hC3fjsl000 service=storage-reads concurrency_quota=1024 initial_memory_bytes_quota_per_query=9223372036854775807 memory_bytes_quota_per_query=9223372036854775807 max_memory_bytes=0 queue_size=1024
ts=2023-04-14T14:48:33.557587Z lvl=info msg="Configuring InfluxQL statement executor (zeros indicate unlimited)." log_id=0hC3fjsl000 max_select_point=0 max_select_series=0 max_select_buckets=0
ts=2023-04-14T14:48:33.567245Z lvl=info msg=Starting log_id=0hC3fjsl000 service=telemetry interval=8h
ts=2023-04-14T14:48:33.567575Z lvl=info msg=Listening log_id=0hC3fjsl000 service=tcp-listener transport=http addr=:9999 port=9999
2023-04-14T14:48:34.165155403Z info pinging influxd... {"system": "docker", "ping_attempt": "0"}
2023-04-14T14:48:34.172429814Z info got response from influxd, proceeding {"system": "docker", "total_pings": "1"}
Error: setup succeeded, but failed to write new config to local path: open /etc/influxdb2/influx-configs: permission denied
2023-04-14T14:48:34.285615129Z warn cleaning bolt and engine files to prevent conflicts on retry {"system": "docker", "bolt_path": "/var/lib/influxdb2/influxd.bolt", "engine_path": "/var/lib/influxdb2"}
$ oc get pod test-influxdb2-0 -o yaml | grep scc
openshift.io/scc: restricted-v2
It would be great if the helm chart could work with an ordinary user on Openshift 4