From 1f7536ffab61308f45c7e50fbdc35a332135717e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Han?= Date: Fri, 10 Dec 2021 10:11:00 +0100 Subject: [PATCH] osd: cleanup cluster using the root UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need to use the root UID to run the cleanup job since ceph-volume does not support running as non-root in all the versions. We have this ceph tracker to allow this https://tracker.ceph.com/issues/53511 but it's not in all ceph's versions. Implementing a version check is tricky since at this stage the cluster is being deleted and it's hard to catch it. Closes: https://github.com/rook/rook/issues/9375 Signed-off-by: Sébastien Han --- pkg/operator/ceph/cluster/cleanup.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkg/operator/ceph/cluster/cleanup.go b/pkg/operator/ceph/cluster/cleanup.go index a1bc76254aae..bcf48adbf70f 100644 --- a/pkg/operator/ceph/cluster/cleanup.go +++ b/pkg/operator/ceph/cluster/cleanup.go @@ -123,10 +123,18 @@ func (c *ClusterController) cleanUpJobContainer(cluster *cephv1.CephCluster, mon }...) } + // Run a UID 0 since ceph-volume does not support running non-root + // See https://tracker.ceph.com/issues/53511 + // Also, it's hard to catch the ceph version since the cluster is being deleted so not + // implementing a version check and simply always run this as root + rootUserID := int64(0) + securityContext := osd.PrivilegedContext() + securityContext.RunAsUser = &rootUserID + return v1.Container{ Name: "host-cleanup", Image: c.rookImage, - SecurityContext: osd.PrivilegedContext(), + SecurityContext: securityContext, VolumeMounts: volumeMounts, Env: envVars, Args: []string{"ceph", "clean"},