[bitnami/wordpress] MySQL: access denied for User root

pomland-94 commented 2 years ago

Name and Version

bitnami/wordpress 15.2.5

What steps will reproduce the bug?

When I setup a Wordpress Installation with Helm on an OpenShift Cluster I get the following error inside the Mariadb Pod.

That means that the MariaDB Pod doesn't come up and the whole Wordpress Installation fails. My Values file looks something like this one here:

Are you using any custom parameters or values?

$ helm -n wp-hosting get values blog
USER-SUPPLIED VALUES:
affinity: {}
allowEmptyPassword: true
allowOverrideNone: false
apacheConfiguration: ""
args: []
autoscaling:
  enabled: false
  maxReplicas: 11
  minReplicas: 1
  targetCPU: 50
  targetMemory: 50
clusterDomain: cluster.local
command: []
commonAnnotations: {}
commonLabels: {}
containerPorts:
  http: 8080
  https: 8443
containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  enabled: false
  runAsNonRoot: true
  runAsUser: 1001
customHTAccessCM: ""
customLivenessProbe: {}
customPostInitScripts: {}
customReadinessProbe: {}
customStartupProbe: {}
diagnosticMode:
  args:
  - infinity
  command:
  - sleep
  enabled: false
existingApacheConfigurationConfigMap: ""
existingSecret: ""
existingWordPressConfigurationSecret: ""
externalCache:
  host: localhost
  port: 11211
externalDatabase:
  database: bitnami_wordpress
  existingSecret: ""
  host: localhost
  password: ""
  port: 3306
  user: bn_wordpress
extraContainerPorts: []
extraDeploy: []
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
extraVolumeMounts: []
extraVolumes: []
fullnameOverride: ""
global:
  imagePullSecrets: []
  imageRegistry: ""
  storageClass: ""
hostAliases:
- hostnames:
  - status.localhost
  ip: 127.0.0.1
htaccessPersistenceEnabled: false
image:
  debug: false
  digest: ""
  pullPolicy: IfNotPresent
  pullSecrets: []
  registry: docker.io
  repository: bitnami/wordpress
  tag: 6.0.2-debian-11-r9
ingress:
  annotations:
    acme.cert-manager.io/http01-edit-in-place: "true"
    cert-manager.io/issuer: wp-issuer
  apiVersion: ""
  enabled: true
  extraHosts: []
  extraPaths: []
  extraRules: []
  extraTls: []
  hostname: domain.tld
  ingressClassName: ""
  path: /
  pathType: ImplementationSpecific
  secrets: []
  selfSigned: false
  tls: true
initContainers: []
kubeVersion: ""
lifecycleHooks: {}
livenessProbe:
  enabled: true
  failureThreshold: 6
  httpGet:
    httpHeaders: []
    path: /wp-admin/install.php
    port: '{{ .Values.wordpressScheme }}'
    scheme: '{{ .Values.wordpressScheme | upper }}'
  initialDelaySeconds: 120
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
mariadb:
  architecture: standalone
  auth:
    database: bitnami_wordpress
    password: ""
    rootPassword: ""
    username: bn_wordpress
  enabled: true
  primary:
    containerSecurityContext:
      enabled: false
    persistence:
      accessModes:
      - ReadWriteMany
      enabled: true
      size: 8Gi
      storageClass: ""
    podSecurityContext:
      enabled: false
memcached:
  auth:
    enabled: false
    password: ""
    username: ""
  enabled: false
  service:
    port: 11211
metrics:
  containerPorts:
    metrics: 9117
  customLivenessProbe: {}
  customReadinessProbe: {}
  customStartupProbe: {}
  enabled: false
  image:
    digest: ""
    pullPolicy: IfNotPresent
    pullSecrets: []
    registry: docker.io
    repository: bitnami/apache-exporter
    tag: 0.11.0-debian-11-r42
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 15
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
  resources:
    limits: {}
    requests: {}
  service:
    annotations:
      prometheus.io/port: '{{ .Values.metrics.containerPorts.metrics }}'
      prometheus.io/scrape: "true"
    ports:
      metrics: 9150
  serviceMonitor:
    enabled: false
    honorLabels: false
    interval: ""
    jobLabel: ""
    labels: {}
    metricRelabelings: []
    namespace: ""
    relabelings: []
    scrapeTimeout: ""
    selector: {}
  startupProbe:
    enabled: false
    failureThreshold: 15
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
multisite:
  enable: false
  enableNipIoRedirect: false
  host: ""
  networkType: subdomain
nameOverride: ""
networkPolicy:
  egressRules:
    customRules: {}
    denyConnectionsToExternal: false
  enabled: false
  ingress:
    enabled: false
    namespaceSelector: {}
    podSelector: {}
  ingressRules:
    accessOnlyFrom:
      enabled: false
      namespaceSelector: {}
      podSelector: {}
    backendOnlyAccessibleByFrontend: false
    customBackendSelector: {}
    customRules: {}
  metrics:
    enabled: false
    namespaceSelector: {}
    podSelector: {}
nodeAffinityPreset:
  key: ""
  type: ""
  values: []
nodeSelector: {}
overrideDatabaseSettings: false
pdb:
  create: false
  maxUnavailable: ""
  minAvailable: 1
persistence:
  accessMode: ReadWriteMany
  accessModes:
  - ReadWriteMany
  annotations: {}
  dataSource: {}
  enabled: true
  existingClaim: ""
  selector: {}
  size: 10Gi
  storageClass: ""
podAffinityPreset: ""
podAnnotations: {}
podAntiAffinityPreset: soft
podLabels: {}
podSecurityContext:
  enabled: false
  fsGroup: 1001
  seccompProfile:
    type: RuntimeDefault
priorityClassName: ""
readinessProbe:
  enabled: true
  failureThreshold: 6
  httpGet:
    httpHeaders: []
    path: /wp-login.php
    port: '{{ .Values.wordpressScheme }}'
    scheme: '{{ .Values.wordpressScheme | upper }}'
  initialDelaySeconds: 30
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
replicaCount: 1
resources:
  limits: {}
  requests:
    cpu: 300m
    memory: 512Mi
schedulerName: ""
service:
  annotations: {}
  clusterIP: ""
  externalTrafficPolicy: Cluster
  extraPorts: []
  httpsTargetPort: https
  loadBalancerIP: ""
  loadBalancerSourceRanges: []
  nodePorts:
    http: ""
    https: ""
  ports:
    http: 8080
    https: 8443
  sessionAffinity: None
  sessionAffinityConfig: {}
  type: ClusterIP
serviceAccount:
  annotations: {}
  automountServiceAccountToken: true
  create: false
  name: ""
sidecars: []
smtpExistingSecret: ""
smtpHost: ""
smtpPassword: ""
smtpPort: ""
smtpProtocol: ""
smtpUser: ""
startupProbe:
  enabled: false
  failureThreshold: 6
  httpGet:
    httpHeaders: []
    path: /wp-login.php
    port: '{{ .Values.wordpressScheme }}'
    scheme: '{{ .Values.wordpressScheme | upper }}'
  initialDelaySeconds: 30
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
tolerations: []
topologySpreadConstraints: []
updateStrategy:
  rollingUpdate: {}
  type: RollingUpdate
volumePermissions:
  containerSecurityContext:
    runAsUser: 0
  enabled: false
  image:
    digest: ""
    pullPolicy: IfNotPresent
    pullSecrets: []
    registry: docker.io
    repository: bitnami/bitnami-shell
    tag: 11-debian-11-r37
  resources:
    limits: {}
    requests: {}
wordpressBlogName: Blog
wordpressConfiguration: ""
wordpressConfigureCache: false
wordpressEmail: EMAIL
wordpressExtraConfigContent: ""
wordpressFirstName: FIRSTNAME
wordpressLastName: LASTNAME
wordpressPassword: PASSWORD
wordpressPlugins: none
wordpressScheme: https
wordpressSkipInstall: false
wordpressTablePrefix: wp_
wordpressUsername: USERNAME`

What is the expected behavior?

[38;5;6mmariadb [38;5;5m23:51:57.95 [0m
[38;5;6mmariadb [38;5;5m23:51:57.95 [0m[1mWelcome to the Bitnami mariadb container[0m
[38;5;6mmariadb [38;5;5m23:51:57.96 [0mSubscribe to project updates by watching [1mhttps://github.com/bitnami/containers[0m
[38;5;6mmariadb [38;5;5m23:51:57.96 [0mSubmit issues and feature requests at [1mhttps://github.com/bitnami/containers/issues[0m
[38;5;6mmariadb [38;5;5m23:51:57.96 [0m
[38;5;6mmariadb [38;5;5m23:51:57.96 [0m[38;5;2mINFO [0m ==> ** Starting MariaDB setup **
[38;5;6mmariadb [38;5;5m23:51:57.99 [0m[38;5;2mINFO [0m ==> Validating settings in MYSQL_*/MARIADB_* env vars
[38;5;6mmariadb [38;5;5m23:51:58.01 [0m[38;5;2mINFO [0m ==> Initializing mariadb database
[38;5;6mmariadb [38;5;5m23:51:58.04 [0m[38;5;3mWARN [0m ==> The mariadb configuration file '/opt/bitnami/mariadb/conf/my.cnf' is not writable. Configurations based on environment variables will not be applied for this file.
[38;5;6mmariadb [38;5;5m23:51:58.05 [0m[38;5;2mINFO [0m ==> Using persisted data
[38;5;6mmariadb [38;5;5m23:51:58.10 [0m[38;5;2mINFO [0m ==> Running mysql_upgrade
[38;5;6mmariadb [38;5;5m23:51:58.11 [0m[38;5;2mINFO [0m ==> Starting mariadb in background
2022-09-26 23:51:58 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-09-26 23:51:58 0 [Note] InnoDB: Using transactional memory
2022-09-26 23:51:58 0 [Note] InnoDB: Number of pools: 1
2022-09-26 23:51:58 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2022-09-26 23:51:58 0 [Note] mysqld: O_TMPFILE is not supported on /opt/bitnami/mariadb/tmp (disabling future attempts)
2022-09-26 23:51:58 0 [Note] InnoDB: Using Linux native AIO
2022-09-26 23:51:58 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
2022-09-26 23:51:58 0 [Note] InnoDB: Completed initialization of buffer pool
2022-09-26 23:51:58 0 [Note] InnoDB: 128 rollback segments are active.
2022-09-26 23:51:58 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2022-09-26 23:51:58 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...

What do you see instead?

I could not find a solution.

jotamartos commented 2 years ago

Hi @Contentways,

I suggest you launch the WordPress Chart without modifying any parameter to see if the problem persists

helm install blog -n wp-hosting bitnami/wordpress

I deployed the solution with the default parameters in my local environment and everything worked as expected. Please also ensure there are no old PVs or PVCs in the system that may be introducing errors during the deployment. You can also take a look at the old tickets in this forum regarding database issues when deploying WordPress

https://github.com/bitnami/charts/issues?q=is%3Aissue+mariadb+denied+for+User+root+

If the deployment works with the default values, you can compare the values you provided with the default ones. There is a case that may be useful for you. In this case, the user was running into issues with the values file's encoding.

I hope this helps

pomland-94 commented 2 years ago

So I have tested it, for OpenShift I have to change some values to deploy it. The command what I use to test it was the following one:

helm install blog -n blog bitnami/wordpress \
--set podSecurityContext.enabled=false \
--set containerSecurityContext.enabled=false \
--set mariadb.primary.podSecurityContext.enabled=false \
--set mariadb.primary.containerSecurityContext.enabled=false

But the error still exists.

$ oc logs pod/blog-mariadb-0
mariadb 14:06:54.01
mariadb 14:06:54.01 Welcome to the Bitnami mariadb container
mariadb 14:06:54.02 Subscribe to project updates by watching https://github.com/bitnami/containers
mariadb 14:06:54.02 Submit issues and feature requests at https://github.com/bitnami/containers/issues
mariadb 14:06:54.02
mariadb 14:06:54.04 INFO  ==> ** Starting MariaDB setup **
mariadb 14:06:54.07 INFO  ==> Validating settings in MYSQL_*/MARIADB_* env vars
mariadb 14:06:54.08 INFO  ==> Initializing mariadb database
mariadb 14:06:54.11 WARN  ==> The mariadb configuration file '/opt/bitnami/mariadb/conf/my.cnf' is not writable. Configurations based on environment variables will not be applied for this file.
mariadb 14:06:54.12 INFO  ==> Using persisted data
mariadb 14:06:54.18 INFO  ==> Running mysql_upgrade
mariadb 14:06:54.19 INFO  ==> Starting mariadb in background
2022-09-29 14:06:54 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-09-29 14:06:54 0 [Note] InnoDB: Using transactional memory
2022-09-29 14:06:54 0 [Note] InnoDB: Number of pools: 1
2022-09-29 14:06:54 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2022-09-29 14:06:54 0 [Note] mysqld: O_TMPFILE is not supported on /opt/bitnami/mariadb/tmp (disabling future attempts)
2022-09-29 14:06:54 0 [Note] InnoDB: Using Linux native AIO
2022-09-29 14:06:54 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
2022-09-29 14:06:54 0 [Note] InnoDB: Completed initialization of buffer pool
2022-09-29 14:06:54 0 [Note] InnoDB: 128 rollback segments are active.
2022-09-29 14:06:54 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2022-09-29 14:06:54 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2022-09-29 14:07:45 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2022-09-29 14:07:45 0 [Note] InnoDB: 10.6.10 started; log sequence number 42156; transaction id 14
2022-09-29 14:07:45 0 [Note] InnoDB: Loading buffer pool(s) from /bitnami/mariadb/data/ib_buffer_pool
2022-09-29 14:07:45 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-09-29 14:07:45 0 [Note] Server socket created on IP: '127.0.0.1'.
2022-09-29 14:07:45 0 [Note] InnoDB: Buffer pool(s) load completed at 220929 14:07:45
2022-09-29 14:07:45 0 [Warning] 'user' entry 'root@blog-mariadb-0' ignored in --skip-name-resolve mode.
2022-09-29 14:07:45 0 [Warning] 'user' entry '@blog-mariadb-0' ignored in --skip-name-resolve mode.
2022-09-29 14:07:45 0 [Warning] 'proxies_priv' entry '@% root@blog-mariadb-0' ignored in --skip-name-resolve mode.
2022-09-29 14:07:45 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: ready for connections.
Version: '10.6.10-MariaDB'  socket: '/opt/bitnami/mariadb/tmp/mysql.sock'  port: 3306  Source distribution
2022-09-29 14:07:46 3 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
mariadb 14:07:46.36 INFO  ==> Stopping mariadb
2022-09-29 14:07:46 0 [Note] /opt/bitnami/mariadb/sbin/mysqld (initiated by: unknown): Normal shutdown
2022-09-29 14:07:46 0 [Note] InnoDB: FTS optimize thread exiting.
2022-09-29 14:07:46 0 [Note] InnoDB: Starting shutdown...
2022-09-29 14:07:46 0 [Note] InnoDB: Dumping buffer pool(s) to /bitnami/mariadb/data/ib_buffer_pool
2022-09-29 14:07:46 0 [Note] InnoDB: Buffer pool(s) dump completed at 220929 14:07:46
2022-09-29 14:07:46 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
2022-09-29 14:07:46 0 [Note] InnoDB: Shutdown completed; log sequence number 42168; transaction id 15
2022-09-29 14:07:46 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: Shutdown complete

$ oc describe pod/blog-mariadb-0
Name:         blog-mariadb-0
Namespace:    blog
Priority:     0
Node:         worker03.ocp.contentways.eu/78.47.126.122
Start Time:   Thu, 29 Sep 2022 16:00:13 +0200
Labels:       app.kubernetes.io/component=primary
              app.kubernetes.io/instance=blog
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=mariadb
              controller-revision-hash=blog-mariadb-844f8fd98f
              helm.sh/chart=mariadb-11.3.1
              statefulset.kubernetes.io/pod-name=blog-mariadb-0
Annotations:  checksum/configuration: 35dece2125f2699e29847501d81ba67e1aca499d3daa2e0c2c1f6c0ad4c1b75d
              k8s.v1.cni.cncf.io/network-status:
                [{
                    "name": "openshift-sdn",
                    "interface": "eth0",
                    "ips": [
                        "10.130.2.236"
                    ],
                    "default": true,
                    "dns": {}
                }]
              k8s.v1.cni.cncf.io/networks-status:
                [{
                    "name": "openshift-sdn",
                    "interface": "eth0",
                    "ips": [
                        "10.130.2.236"
                    ],
                    "default": true,
                    "dns": {}
                }]
              openshift.io/scc: restricted-v2
              seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status:       Running
IP:           10.130.2.236
IPs:
  IP:           10.130.2.236
Controlled By:  StatefulSet/blog-mariadb
Containers:
  mariadb:
    Container ID:   cri-o://65e27c9670b61be46d0b4fe052a60ba836eb87817dd6c42f0d4b1cb253ca1839
    Image:          docker.io/bitnami/mariadb:10.6.10-debian-11-r0
    Image ID:       docker.io/bitnami/mariadb@sha256:f134b4e02b7218a3f401f764be8aee167af1f72832aa5d3408e2116828963ddc
    Port:           3306/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Thu, 29 Sep 2022 16:06:53 +0200
      Finished:     Thu, 29 Sep 2022 16:07:47 +0200
    Ready:          False
    Restart Count:  4
    Liveness:       exec [/bin/bash -ec password_aux="${MARIADB_ROOT_PASSWORD:-}"
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
    password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
] delay=120s timeout=1s period=10s #success=1 #failure=3
    Readiness:  exec [/bin/bash -ec password_aux="${MARIADB_ROOT_PASSWORD:-}"
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
    password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
] delay=30s timeout=1s period=10s #success=1 #failure=3
    Environment:
      BITNAMI_DEBUG:          false
      MARIADB_ROOT_PASSWORD:  <set to the key 'mariadb-root-password' in secret 'blog-mariadb'>  Optional: false
      MARIADB_USER:           bn_wordpress
      MARIADB_PASSWORD:       <set to the key 'mariadb-password' in secret 'blog-mariadb'>  Optional: false
      MARIADB_DATABASE:       bitnami_wordpress
    Mounts:
      /bitnami/mariadb from data (rw)
      /opt/bitnami/mariadb/conf/my.cnf from config (rw,path="my.cnf")
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  data:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  data-blog-mariadb-0
    ReadOnly:   false
  config:
    Type:        ConfigMap (a volume populated by a ConfigMap)
    Name:        blog-mariadb
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason                  Age                    From                     Message
  ----     ------                  ----                   ----                     -------
  Warning  FailedScheduling        7m47s                  default-scheduler        0/9 nodes are available: 9 pod has unbound immediate PersistentVolumeClaims. preemption: 0/9 nodes are available: 9 Preemption is not helpful for scheduling.
  Normal   Scheduled               7m46s                  default-scheduler        Successfully assigned blog/blog-mariadb-0 to worker03.ocp.contentways.eu by master03.ocp.contentways.eu
  Normal   SuccessfulAttachVolume  7m46s                  attachdetach-controller  AttachVolume.Attach succeeded for volume "pvc-0bf13177-3f6c-48d7-8fb9-d0cedec6a15c"
  Normal   AddedInterface          7m40s                  multus                   Add eth0 [10.130.2.236/23] from openshift-sdn
  Normal   Created                 7m40s                  kubelet                  Created container mariadb
  Normal   Started                 7m40s                  kubelet                  Started container mariadb
  Warning  Unhealthy               5m11s (x3 over 5m31s)  kubelet                  Liveness probe failed: mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local server through socket '/opt/bitnami/mariadb/tmp/mysql.sock' (2)'
Check that mariadbd is running and that the socket: '/opt/bitnami/mariadb/tmp/mysql.sock' exists!
  Normal   Killing    5m11s                  kubelet  Container mariadb failed liveness probe, will be restarted
  Warning  Unhealthy  4m41s (x17 over 7m1s)  kubelet  Readiness probe failed: mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local server through socket '/opt/bitnami/mariadb/tmp/mysql.sock' (2)'
Check that mariadbd is running and that the socket: '/opt/bitnami/mariadb/tmp/mysql.sock' exists!
  Normal  Pulled  2m30s (x4 over 7m40s)  kubelet  Container image "docker.io/bitnami/mariadb:10.6.10-debian-11-r0" already present on machine

pomland-94 commented 2 years ago

When I deploy it without any modifications, I get the following error.

Events:
  Type     Reason            Age                   From                    Message
  ----     ------            ----                  ----                    -------
  Normal   SuccessfulCreate  2m26s                 statefulset-controller  create Claim data-wp-mariadb-0 Pod wp-mariadb-0 in StatefulSet wp-mariadb success
  Warning  FailedCreate      63s (x15 over 2m26s)  statefulset-controller  create Pod wp-mariadb-0 in StatefulSet wp-mariadb failed error: pods "wp-mariadb-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "gitlab-nginx-ingress-scc": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, spec.containers[0].securityContext.runAsUser: Invalid value: 1001: must be in the ranges: [1000640000, 1000649999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "rook-ceph": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "rook-ceph-csi": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

jotamartos commented 2 years ago

Hi @Contentways,

Can you try deploying the solution just with this changes?

https://github.com/bitnami/charts/issues/12215#issuecomment-1234088795

pomland-94 commented 2 years ago

Hey @jotamartos, I already made this changes for the Deployment, but this didn't work. So the error is still there.

pomland-94 commented 2 years ago

helm install blog bitnami/wordpress --set podSecurityContext.enabled=false --set containerSecurityContext.enabled=false --set mariadb.primary.podSecurityContext.enabled=false --set mariadb.primary.containerSecurityContext.enabled=false

jotamartos commented 2 years ago

Hi @Contentways,

I just checked that our tests recently succeeded using the following values information

containerSecurityContext:
  enabled: false
mariadb:
  primary:
    containerSecurityContext:
      enabled: false
    podSecurityContext:
      enabled: false
  serviceAccount:
    create: false
memcached:
  containerSecurityContext:
    enabled: false
  podSecurityContext:
    enabled: false
podSecurityContext:
  enabled: false
wordpressPassword: S39BKWjSkh

Can you try with those ones?

pomland-94 commented 2 years ago

Unfortunately no change. Still get errors in the Deplyoment, my values.yaml has the Values u post above.

containerSecurityContext: enabled: false mariadb: primary: containerSecurityContext: enabled: false podSecurityContext: enabled: false serviceAccount: create: false memcached: containerSecurityContext: enabled: false podSecurityContext: enabled: false podSecurityContext: enabled: false wordpressPassword: S39BKWjSkh

Bildschirmfoto 2022-10-07 um 18 39 50

pomland-94 commented 2 years ago

Bildschirmfoto 2022-10-07 um 18 42 41

jotamartos commented 2 years ago

Sorry but I could not reproduce the issue. I configured an Openshift cluster locally using Minishift and deployed the bitnami/wordpress solution in that cluster and everything worked as expected. I used the values.yaml file I posted above

$ cat /tmp/values.yaml
containerSecurityContext:
  enabled: false
mariadb:
  primary:
    containerSecurityContext:
      enabled: false
    podSecurityContext:
      enabled: false
  serviceAccount:
    create: false
memcached:
  containerSecurityContext:
    enabled: false
  podSecurityContext:
    enabled: false
podSecurityContext:
  enabled: false
wordpressPassword: S39BKWjSkh

$ helm install jota-wordpress-test --values ./values.yaml bitnami/wordpress

$ kubectl get all
NAME                                       READY   STATUS    RESTARTS   AGE
pod/jota-wordpress-test-6d687bf595-jtkv5   1/1     Running   0          3m
pod/jota-wordpress-test-mariadb-0          1/1     Running   0          3m

NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP                   PORT(S)                      AGE
service/jota-wordpress-test           LoadBalancer   172.30.86.27     172.29.235.61,172.29.235.61   80:31539/TCP,443:32674/TCP   3m
service/jota-wordpress-test-mariadb   ClusterIP      172.30.153.223   <none>                        3306/TCP                     3m

NAME                                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/jota-wordpress-test   1         1         1            1           3m

NAME                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/jota-wordpress-test-6d687bf595   1         1         1       3m

NAME                                           DESIRED   CURRENT   AGE
statefulset.apps/jota-wordpress-test-mariadb   1         1         3m

Please ensure your environment is clean and remove any previous volume that may be affecting the deployment of the solution.

pomland-94 commented 2 years ago

This is my result of the exact copy of the Values File on a Clean and fresh OpenShift Cluster.

$ oc get all
NAME                                    READY   STATUS             RESTARTS      AGE
pod/cwblog-mariadb-0                    0/1     CrashLoopBackOff   6 (27s ago)   12m
pod/cwblog-wordpress-5b5f8d59b8-d9tjp   0/1     Running            6 (3m ago)    12m

NAME                       TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/cwblog-mariadb     ClusterIP      172.30.158.34    <none>        3306/TCP                     12m
service/cwblog-wordpress   LoadBalancer   172.30.207.238   <pending>     80:30835/TCP,443:32392/TCP   12m

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cwblog-wordpress   0/1     1            0           12m

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/cwblog-wordpress-5b5f8d59b8   1         1         0       12m

NAME                              READY   AGE
statefulset.apps/cwblog-mariadb   0/1     12m

I don't know, why this is not working for me!

pomland-94 commented 2 years ago

This is the MySQL Pod log.

Bildschirmfoto 2022-10-11 um 18 58 45

pomland-94 commented 2 years ago

Soo i fix the Problem! The Problem was that I use a Storage Backend with Rook, so far so good. But the MySQL Deployment has any errors with the CephFS Filesystem, when I use a BlockDevice (rook-block-device) it work's smoothly.

jotamartos commented 2 years ago

Glad to know the problem is now solved!

Enjoy! :)

infinityonlinesolutions commented 5 months ago

Hello, I was able to solve this based on - https://stackoverflow.com/questions/72427833/mysql-created-with-helm-cant-connect-with-non-root-user

In my case it was because the old pvc existed and hence it was failing to connect, deleting the old pvc, then the pv too gets deleted, there after if you install the app with the same details, it works fine.

bitnami / charts