Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1684433

Summary: failed to write route table: open /var/lib/haproxy/router/routes.json: permission denied
Product: OpenShift Container Platform Reporter: Xavier Morano <xmorano>
Component: RoutingAssignee: Dan Mace <dmace>
Status: NEW --- QA Contact: Hongan Li <hongli>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.10.0CC: aos-bugs, bperkins
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Xavier Morano 2019-03-01 09:21:15 UTC
Description of problem:
There was a router pod that spewed errors like this into its log:
failed to write route table: open /var/lib/haproxy/router/routes.json: permission denied

This caused all the new routes to not work at all returning 503 and a message like:
   The application is currently not serving requests at this endpoint.

Deleting the router pod and waiting until the new one gets deployed resolved the issue.

Version-Release number of selected component (if applicable):
OCP v3.10.89

How reproducible:
Frequently

Steps to Reproduce:
1. Start pod routing
2. Add route
3. Back to 1 until bug appears

Actual results:
failed to write route table: open /var/lib/haproxy/router/routes.json: permission denied

Expected results:
The route must be written 

Additional info:
The file routes.json is owned by root, and as the pod is running with user 'non root'

   for router dev-router-7-z94w9

   * /var/lib/haproxy/router/
   total 12
   drwxrwxr-x.  4 root root   53 Feb 26 08:51 .
   drwxrwxr-x. 11 root root 4096 Dec 19 00:09 ..
   drwxrwxr-x.  2 root root    6 Dec 19 00:09 cacerts
   drwxrwxr-x.  2 root root    6 Dec 19 00:09 certs
   -rw-r--r--.  1 root root 4633 Feb 26 23:32 routes.json


   $ oc get pod dev-router-7-z94w9  -o 'jsonpath="{.spec.containers[0].securityContext.runAsUser}"'
   "1000000000"