2

I have a local Openshift instance where I'm trying to install Sentry using helm as:

helm install --name sentry --wait stable/sentry.

All pods are deployed fine other than the PostgreSQL pod also deployed as a dependency for Sentry. This pod's initiliazation fails as a CrashLoopBackOff and the logs show the following:

The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

initdb: could not change permissions of directory "/var/lib/postgresql/data/pgdata": Operation not permitted

Not sure where to start to fix this issue so I can get sentry deployed successfully with all its dependencies

Community
  • 1
  • 1
shanwar
  • 319
  • 1
  • 2
  • 19
  • What file system do you use on the volumes? Look at this reported [issue](https://stackoverflow.com/questions/44878062/initdb-could-not-change-permissions-of-directory-on-postgresql-container), maybe it can be helpful for you. – Nick_Kh Nov 07 '18 at 10:33
  • I have a similar problem https://serverfault.com/questions/941774/run-initdb-with-user-having-write-rights-but-not-owner-of-pgdata-directory , if you use OSE you can use RHEL images https://docs.okd.io/latest/using_images/db_images/postgresql.html , but otherwise we need to replicate the steps that RedHat has made (which I'm trying out to figure). – 9ilsdx 9rvj 0lo Nov 27 '18 at 09:52
  • @9ilsdx 9rvj 0lo Look below and see if that resolves your issue – shanwar Nov 27 '18 at 15:24
  • 1
    @shanwar no, disabling security settings is not a solution, it is a workaround... – 9ilsdx 9rvj 0lo Nov 27 '18 at 16:02

1 Answers1

0

The issue was resolved by adding permissions to the service account that was being used to run commands on the pod. In my case the default service account on OpenShift was being used. I added the appropriate permissions to this service account using the cli:

oc adm policy add-scc-to-user anyuid -z default --as system:admin

Also see: https://blog.openshift.com/understanding-service-accounts-sccs/

shanwar
  • 319
  • 1
  • 2
  • 19