Closed ragesaq closed 8 years ago
Found my issue, it was SELINUX on the host. Need to add the :Z to the end just like for regular volume mappings.
SELINUX on the docker host caused access denied on the docker container that had the NFS mounted via the ndvp, generating an access denied error message. This issue was present on my host for normal docker volumes, which is resolved by adding a :Z at the end of the volume mapping. This was the only change to my config listed above.
Here is the comparable fixed config from above. version: '2' services: elasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=0.0.0.0 volumes:
volumes: elasticsearch_ndvp: driver: netapp driver_opts: snapshotDir: "false"
Interesting, thanks for following up with the fix. I did not know about :Z.
Ok, that wasn't all because I forgot I had run 'setenforce 0' which then let it through, problem came back after a reboot. I had to also run this: setsebool -P virt_use_nfs 1 This command is a persistent allow
Running docker 1.10 on Centos7 making the standard ELK docker container, hitting cdot 8.3.2. ndvp creates the volume fine and I can mount it on my Centos7 host. However, I get the following message when the container starts via the compose elasticsearch_1 | chown: cannot read directory ‘/usr/share/elasticsearch/data/test’: Permission denied
I've banged my head on this for a while and I'm starting to think its an ndvp problem?
Here is my relevant docker-compose.yml which I got most of the info from netapps pub post about it
version: '2' services: elasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=0.0.0.0 volumes:
volumes: elasticsearch_ndvp: driver: netapp driver_opts: snapshotDir: "false"
Seems like I've got all the config points hit but I'm not sure if I'm missing anything