-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission denied - /usr/share/opensearch/ #97
Comments
@lindeberg25 Can you please pull in updated Docker image and let us know if you are still facing this issue? You can find more info tracked in the below issues |
@lindeberg25 Closing this issue as we couldn't replicate it on the latest Docker image. Please feel free to re-open in if you are still facing this issue. |
Hi
|
+1 error persists on :latest |
I'll reopen and move this to opensearch-devops. |
Had the same issue. Fix: at the container level, define the securityContext of runAsUser and runAsGroup to: |
Echo @Ismo900123213, In our docker the user we user to run is having 1000 id. If you are having another user trying to access the folder then it will error out. Thanks. |
as reported by another user in opensearch-project/docker-images#35:
I have user namespace remapping enabled, and when starting the container the
the parent folder (
So I end up with Is the |
This reverts commit e4dcd09. It appears OpenSearch needs to run with UID 1000 because the entrypoint script is only accessible with that user: opensearch-project/opensearch-devops#97 But our OpenShift cluster only allows containers to run with wildly high UIDs, like 100000000. The security context constraints do not allow anything else. The entrypoint script is not accessible to groups, either, so OpenShift's fsGroup config (https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/pod_security_context.html#fsgroup) is no use. And finally, user namespace mapping is not supported in OpenShift yet: https://access.redhat.com/solutions/6977863
Is there any plan to fix the issue. Error happens in openshift only. |
Hello...
I'm deploying an opensearch cluster on Openshift and I'm getting the permission denied error: ./opensearch-docker-entrypoint.sh: permission denied"
I've created an opensearch-sa service account and added it to master.yaml:
I've set opensearch-sa to privileged.
I believe the user created in the opensearch image doesn't have permission on /usr/share/opensearch/opensearch-docker-entrypoint.sh, which is a little weird. (I think the image user should already have permission to access that folder)
Could someone tell me what I'm missing?
Thanks in advance
The text was updated successfully, but these errors were encountered: