You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When starting the containerized version of the proxy in a Kubernetes environment, multiple PVs are created and attached to the single proxy pod.
One of the PVs is used by the Squid container, mounted as /var/cache/squid. Per the default configuration, the mounted file system is owned by user root, while the container (or rather the processes started in the container) runs as user "squid". Therefore, during container startup, changing ownership of the cache directory fails.
Steps to reproduce
create Uyuni proxy in Kubernetes cluster i.e. via helm install uyuni-proxy oci://registry.opensuse.org/uyuni/proxy-helm -f uyuni/config.yaml -f uyuni/httpd.yaml -f uyuni/ssh.yaml --set ingress=nginx
2.Check the logs of the Proxy pod's "squid" container
chown: cannot read directory '/var/cache/squid/lost+found': Permission denied
2024-03-30T10:55:23.183795128Z chown: changing ownership of '/var/cache/squid': Operation not permitted
chown: cannot read directory '/var/cache/squid/lost+found': Permission denied
2024-03-30T10:55:23.183795128Z chown: changing ownership of '/var/cache/squid': Operation not permitted
2024-03-30T10:55:23.199521363Z 2024/03/30 10:55:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024-03-30T10:55:23.201225266Z 2024/03/30 10:55:23| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024-03-30T10:55:23.201264278Z 2024/03/30 10:55:23| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024-03-30T10:55:23.201269744Z 2024/03/30 10:55:23| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024-03-30T10:55:23.231226340Z 2024/03/30 10:55:23 kid1| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024-03-30T10:55:23.232607658Z 2024/03/30 10:55:23 kid1| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024/03/30 10:55:23 kid1| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024-03-30T10:55:23.232635814Z 2024/03/30 10:55:23 kid1| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024-03-30T10:55:23.244943844Z 2024/03/30 10:55:23 kid1| Current Directory is /
2024-03-30T10:55:23.244963697Z 2024/03/30 10:55:23 kid1| Creating missing swap directories
2024-03-30T10:55:23.244968762Z 2024/03/30 10:55:23 kid1| /var/cache/squid exists
2024-03-30T10:55:23.245050087Z 2024/03/30 10:55:23 kid1| Not currently OK to rewrite swap log.
2024-03-30T10:55:23.245059258Z 2024/03/30 10:55:23 kid1| storeDirWriteCleanLogs: Operation aborted.
2024-03-30T10:55:23.245063506Z 2024/03/30 10:55:23 kid1| FATAL: Failed to make swap directory /var/cache/squid/00: (13) Permission denied
2024-03-30T10:55:23.245155770Z 2024/03/30 10:55:23 kid1| Squid Cache (Version 5.7): Terminated abnormally.
2024-03-30T10:55:23.255363550Z 2024/03/30 10:55:23 kid1| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024-03-30T10:55:23.256627130Z 2024/03/30 10:55:23 kid1| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024-03-30T10:55:23.256640501Z 2024/03/30 10:55:23 kid1| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024/03/30 10:55:23 kid1| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024-03-30T10:55:23.267743537Z 2024/03/30 10:55:23 kid1| Current Directory is /
2024-03-30T10:55:23.267762758Z 2024/03/30 10:55:23 kid1| Creating missing swap directories
2024-03-30T10:55:23.267767774Z 2024/03/30 10:55:23 kid1| /var/cache/squid exists
2024/03/30 10:55:23 kid1| Not currently OK to rewrite swap log.
2024/03/30 10:55:23 kid1| storeDirWriteCleanLogs: Operation aborted.
2024-03-30T10:55:23.267896544Z 2024/03/30 10:55:23 kid1| FATAL: Failed to make swap directory /var/cache/squid/00: (13) Permission denied
2024-03-30T10:55:23.267915394Z 2024/03/30 10:55:23 kid1| Squid Cache (Version 5.7): Terminated abnormally.
Additional information
Adding a side-car container running as user root and then manually changing ownership of the (root directory of the) mounted FS let's the container start up correctly.
The text was updated successfully, but these errors were encountered:
The actual problem is that the container is running as user "squid", and thus has no permission to access/change the content of the (fresh) PV/file system allocated for the cache, as that is belonging to user root.
Problem description
When starting the containerized version of the proxy in a Kubernetes environment, multiple PVs are created and attached to the single proxy pod.
One of the PVs is used by the Squid container, mounted as /var/cache/squid. Per the default configuration, the mounted file system is owned by user root, while the container (or rather the processes started in the container) runs as user "squid". Therefore, during container startup, changing ownership of the cache directory fails.
Steps to reproduce
helm install uyuni-proxy oci://registry.opensuse.org/uyuni/proxy-helm -f uyuni/config.yaml -f uyuni/httpd.yaml -f uyuni/ssh.yaml --set ingress=nginx
2.Check the logs of the Proxy pod's "squid" container
Uyuni version
Uyuni proxy version (if used)
Useful logs
Additional information
Adding a side-car container running as user root and then manually changing ownership of the (root directory of the) mounted FS let's the container start up correctly.
The text was updated successfully, but these errors were encountered: