Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1684433 - failed to write route table: open /var/lib/haproxy/router/routes.json: permission denied
Summary: failed to write route table: open /var/lib/haproxy/router/routes.json: permis...
Status: NEW
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.11.z
Assignee: Dan Mace
QA Contact: Hongan Li
Depends On:
TreeView+ depends on / blocked
Reported: 2019-03-01 09:21 UTC by Xavier Morano
Modified: 2019-03-02 08:01 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Description Xavier Morano 2019-03-01 09:21:15 UTC
Description of problem:
There was a router pod that spewed errors like this into its log:
failed to write route table: open /var/lib/haproxy/router/routes.json: permission denied

This caused all the new routes to not work at all returning 503 and a message like:
   The application is currently not serving requests at this endpoint.

Deleting the router pod and waiting until the new one gets deployed resolved the issue.

Version-Release number of selected component (if applicable):
OCP v3.10.89

How reproducible:

Steps to Reproduce:
1. Start pod routing
2. Add route
3. Back to 1 until bug appears

Actual results:
failed to write route table: open /var/lib/haproxy/router/routes.json: permission denied

Expected results:
The route must be written 

Additional info:
The file routes.json is owned by root, and as the pod is running with user 'non root'

   for router dev-router-7-z94w9

   * /var/lib/haproxy/router/
   total 12
   drwxrwxr-x.  4 root root   53 Feb 26 08:51 .
   drwxrwxr-x. 11 root root 4096 Dec 19 00:09 ..
   drwxrwxr-x.  2 root root    6 Dec 19 00:09 cacerts
   drwxrwxr-x.  2 root root    6 Dec 19 00:09 certs
   -rw-r--r--.  1 root root 4633 Feb 26 23:32 routes.json

   $ oc get pod dev-router-7-z94w9  -o 'jsonpath="{.spec.containers[0].securityContext.runAsUser}"'

Note You need to log in before you can comment on or make changes to this bug.