Ansible AWX 安装:无法创建目录“/var/lib/pgsql/data/userdata”:权限被拒绝

问题描述 投票:0回答:1

尽管我检查过并且该目录归 root 所有,但我收到一条权限被拒绝的消息。

我已经安装了 Ansible AWX,如下所示:

helm install my-awx-operator awx-operator/awx-operator -n awx --create-namespace

输出:

:~/dev/awx # helm list -n awx
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
my-awx-operator awx             1               2024-10-25 16:06:52.124682142 +0000 UTC deployed        awx-operator-2.19.1     2.19.1
:~/dev/awx #

:~/dev/awx # kubectl get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                                       STORAGECLASS             REASON   AGE
ansible1-awx-pv                            12Gi       RWO            Retain           Bound       awx/postgres-15-ansible-awx-postgres-15-0   global-data-sc                13m

:~/dev/awx # kubectl get pvc -n awx
NAME                                    STATUS   VOLUME            CAPACITY   ACCESS MODES   STORAGECLASS         AGE
postgres-15-ansible-awx-postgres-15-0   Bound    ansible1-awx-pv   12Gi       RWO            global-data-sc   12m
:~/dev/awx #

---
# Redis DB persistence/dump data
apiVersion: v1
kind: PersistentVolume
metadata:
  name: ansible1-awx-pv
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 12Gi
  hostPath:
    path: /root/awx
    type: DirectoryOrCreate
  persistentVolumeReclaimPolicy: Retain
  storageClassName: global-data-sc
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-15-ansible-awx-postgres-15-0
  namespace: awx
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: global-data-sc
  volumeMode: Filesystem
  volumeName: ansible1-awx-pv
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: ansible-awx
  namespace: awx
spec:
  service_type: nodeport
  postgres_storage_class: global-data-sc

我收到以下错误:

:~/dev/awx # kubectl get pods -n awx
NAME                                               READY   STATUS             RESTARTS        AGE
ansible-awx-postgres-15-0                          0/1     CrashLoopBackOff   7 (3m14s ago)   14m
awx-operator-controller-manager-5ccb88d675-wxx89   2/2     Running            0               3d
:~/dev/awx #

:~/dev/awx # kubectl logs -n awx ansible-awx-postgres-15-0
mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied
:~/dev/awx #

:~/dev/awx # ls -ltr /root/
total 148820
drwxr-xr-x  3 root root      4096 Oct 28 14:59 awx
:~/dev/awx #


:~/dev/awx # ls -ltr /root/awx/
total 4
drwxr-xr-x 2 root root 4096 Oct 28 14:59 data
:~/dev/awx #

我错过了什么?

ansible ansible-awx
1个回答
0
投票

出现

permission denied
错误的主要原因是,kubernetes pods: postgres pod以非root用户身份运行。这就是为什么它不能写入 root 拥有的目录(postgres 作为非 root 用户不能有写访问权限)

您需要在主机路径目录上设置适当的权限。

更新所有权如下:

sudo chown -R 26:26 /root/awx   # postgres in k8s uses uid: 26 and gid: 26

您还可以仔细检查

PersistentVolume
,如下所示:

spec:
 hostPath:
  path: /root/awx
  type: DirectoryOrCreate  # => creates dir if not exist

更改后,删除postgres pod并重新创建

kubectl delete pod -n awx ansible-awx-postgres-15-0
kubectl get pods -n awx    # check status

在这里您还可以阅读有关 hostPath 卷的 Kubernetes 文档

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.