maxsxu commented on PR #266:
URL:
https://github.com/apache/pulsar-helm-chart/pull/266#issuecomment-1133627153
@michaeljmarshall Unfortunately, still not work while setting
`securityContext: {}`.
The Broker and Proxy keep initializing due to below error:
```
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
Node does not exist: /admin/clusters/pulsar
2022-05-21T07:45:10,734+0000 [main] ERROR
org.apache.zookeeper.util.ServiceUtils - Exiting JVM with code 1
pulsar cluster pulsar isn't initialized yet ... check in 3 seconds ...
```
Logs from the ZK Pod:
```
org.apache.zookeeper.server.ServerCnxn$EndOfStreamException: Unable to read
additional data from client, it probably closed the socket: address =
/10.129.5.225:38320, session = 0x2002e4f5ac42ab8
at
org.apache.zookeeper.server.NIOServerCnxn.handleFailedRead(NIOServerCnxn.java:163)
~[org.apache.zookeeper-zookeeper-3.6.3.jar:3.6.3]
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:326)
[org.apache.zookeeper-zookeeper-3.6.3.jar:3.6.3]
at
org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:522)
[org.apache.zookeeper-zookeeper-3.6.3.jar:3.6.3]
at
org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:154)
[org.apache.zookeeper-zookeeper-3.6.3.jar:3.6.3]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
2022-05-21T10:05:52,110+0000 [SessionTracker] INFO
org.apache.zookeeper.server.ZooKeeperServer - Expiring session
0x2002e4f5ac42aa7, timeout of 30000ms exceeded
2022-05-21T10:05:52,110+0000 [SessionTracker] INFO
org.apache.zookeeper.server.ZooKeeperServer - Expiring session
0x3002e4f34832aa7, timeout of 30000ms exceeded
2022-05-21T10:05:52,110+0000 [RequestThrottler] INFO
org.apache.zookeeper.server.ZooKeeperServer - Submitting global closeSession
request for session 0x2002e4f5ac42aa7
2022-05-21T10:05:52,110+0000 [RequestThrottler] INFO
org.apache.zookeeper.server.ZooKeeperServer - Submitting global closeSession
request for session 0x3002e4f34832aa7
2022-05-21T10:05:52,614+0000 [CommitProcessor:2] INFO
org.apache.zookeeper.server.quorum.LeaderSessionTracker - Committing global
session 0x2002e4f5ac42ab9
2022-05-21T10:05:52,956+0000 [NIOWorkerThread-1] WARN
org.apache.zookeeper.server.NIOServerCnxn - Unexpected exception
```
From my observation, OpenShift will generates a random non-zero `fsGroup`
for Pod when unspecified. So the group of PV (`/pulsar/data` directory) will be
that random non-zero `fsGroup`, rather the root group.
We can observe the following inside the ZK Pod:
```
$ id
uid=1001060000(1001060000) gid=0(root) groups=0(root),1001060000
$ ls -al
total 84
drwxrwxr-x. 1 root root 42 May 21 12:10 .
dr-xr-xr-x. 1 root root 53 May 21 12:10 ..
-rw-r--r--. 1 root root 32333 Jan 22 2020 LICENSE
-rw-r--r--. 1 root root 6612 Jan 22 2020 NOTICE
-rw-r--r--. 1 root root 1269 Jan 22 2020 README
drwxr-xr-x. 3 root root 4096 Mar 26 04:02 bin
drwxrwxr-x. 1 root root 28 Jan 22 2020 conf
drwxr-xr-x. 2 root root 4096 Mar 26 04:05 connectors
drwxrwsr-x. 4 root 1001060000 4096 May 21 03:12 data
drwxr-xr-x. 3 root root 132 Mar 26 04:02 examples
drwxr-xr-x. 4 root root 66 Mar 26 04:02 instances
drwxr-xr-x. 3 root root 20480 Mar 26 04:02 lib
drwxr-xr-x. 2 root root 4096 Jan 22 2020 licenses
drwxr-xr-x. 2 1001060000 root 50 May 21 12:10 logs
drwxr-xr-x. 2 root root 91 Mar 26 04:05 offloaders
drwxr-xr-x. 2 root root 66 Mar 26 04:02 pulsar-client
```
So, as for the _"the container user is always a member of the root
group..."_, yes indeed, but not for the PV group.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
