search

NetApp / netappdvp

A Docker volume plugin for NetApp storage
96 stars 33 forks source link

permission denied when docker container tries to chown folder backed by ndvp made NFS volume #20

Closed ragesaq closed 8 years ago

ragesaq commented 8 years ago

Running docker 1.10 on Centos7 making the standard ELK docker container, hitting cdot 8.3.2. ndvp creates the volume fine and I can mount it on my Centos7 host. However, I get the following message when the container starts via the compose elasticsearch_1 | chown: cannot read directory ‘/usr/share/elasticsearch/data/test’: Permission denied

I've banged my head on this for a while and I'm starting to think its an ndvp problem?

Here is my relevant docker-compose.yml which I got most of the info from netapps pub post about it

version: '2' services: elasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=0.0.0.0 volumes:

volumes: elasticsearch_ndvp: driver: netapp driver_opts: snapshotDir: "false"

Seems like I've got all the config points hit but I'm not sure if I'm missing anything

ragesaq commented 8 years ago

Found my issue, it was SELINUX on the host. Need to add the :Z to the end just like for regular volume mappings.

ragesaq commented 8 years ago

SELINUX on the docker host caused access denied on the docker container that had the NFS mounted via the ndvp, generating an access denied error message. This issue was present on my host for normal docker volumes, which is resolved by adding a :Z at the end of the volume mapping. This was the only change to my config listed above.

Here is the comparable fixed config from above. version: '2' services: elasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=0.0.0.0 volumes:

volumes: elasticsearch_ndvp: driver: netapp driver_opts: snapshotDir: "false"

bnaylor commented 8 years ago

Interesting, thanks for following up with the fix. I did not know about :Z.

ragesaq commented 8 years ago

Ok, that wasn't all because I forgot I had run 'setenforce 0' which then let it through, problem came back after a reboot. I had to also run this: setsebool -P virt_use_nfs 1 This command is a persistent allow