Hi Irina,
This does not work.
/usr/bin/id: cannot find name for user ID 1000250000
/usr/bin/id: cannot find name for user ID 1000250000
chmod: changing permissions of '/database': Operation not permitted
(*) Previous setup has not been detected. Creating the users...
(*) Creating users ...
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
(*) Creating instance ...
/var/db2_setup/include/db2_common_functions: line 50: /opt/ibm/db2/V11.5/instance/db2icrt: Permission denied
(!) There was a problem configuring the instance. Copying over logs and traces to /database/config ...
cp: cannot stat '/tmp/*db2*': No such file or directory
db2support: Cannot determine userid
Is there a way to run DB2 in OpenShift?
------------------------------
Vladimir Remenar
------------------------------
Original Message:
Sent: Thu July 25, 2019 09:32 AM
From: IRINA DELIDJAKOVA
Subject: Root Permissions
Hello @Nicholas Courtman The container (ibmcom/db2) installs Db2 binaries as root, that is the reason why it needs to runAsUser: root
A sample custom SCC that can be used on OpenShift is as follows:
kind: SecurityContextConstraints
apiVersion: v1
metadata:
name: db2-scc
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: false
allowHostPID: false
allowHostPorts: true
allowPrivilegedContainer: false
allowedCapabilities:
- "SYS_RESOURCE"
- "IPC_OWNER"
- "SYS_NICE"
runAsUser:
type: RunAsAny
seLinuxContext:
type: MustRunAs
fsGroup:
type: RunAsAny
supplementalGroups:
type: RunAsAny
------------------------------
IRINA DELIDJAKOVA
Original Message:
Sent: Wed July 24, 2019 04:55 AM
From: Nicholas Courtman
Subject: Root Permissions
Good morning,
Running this container seems to require root permissions for (as far as I can tell) exposing port 22 and writing to `/database`. This cannot therefore be run on an OpenShift platform which does not allow this as a policy. Is there any intention to remove this awkward requirement to run as root?
------------------------------
Nicholas Courtman
------------------------------
#Db2