Nomad and podman mount always as root

[edouardkleinhans]

Hello,

I'm trying to use the csi driver with nomad.

It seems that my mount are always mounted as root so I can't write any data inside

My deployment :

job "monitoring" {
  datacenters = ["dc1"]
  group "telemetry" {
    count = 1

    network {
      port "prometheus_ui" {
        to = 9090
        host_network = "private"
      }
    }
     service {
        name     = "prometheus"
        provider = "nomad"
        port     = "prometheus_ui"
        check {
          type     = "http"
          path     = "/-/healthy"
          interval = "10s"
          timeout  = "2s"
        }
     }        

    volume "csi-volume-prometheus" {
      type      = "csi"
      read_only = false
      source    = "swfs-prometheus"
      access_mode = "single-node-writer"
      attachment_mode = "file-system"
    }    

    task "prometheus" {
      driver = "podman"

      resources {
        cpu    = 100
        memory = 128
        memory_max = 256
      }   

      volume_mount {
        volume      = "csi-volume-prometheus"
        destination = "/csi-volume-prometheus"
        read_only   = false
      }

      template {
        change_mode   = "signal"
        change_signal = "SIGHUP"
        destination = "local/prometheus.yml"
        data = <<EOH
---
global:
  scrape_interval:     15s
  evaluation_interval: 5s

scrape_configs:
  - job_name: "prometheus"
    static_configs:
      - targets: ["localhost:9090"]
  EOH
      }

      config {
            image = "prom/prometheus:v2.37.5"
        volumes = [
          "local/prometheus.yml:/etc/prometheus/prometheus.yml"
        ]
        args = [
          "--config.file=/etc/prometheus/prometheus.yml",
        ]        
        ports = ["prometheus_ui"]
      }
    }
  }
}

My storage claim:

id        = "swfs-prometheus"
name      = "csi-volume-prometheus"
type      = "csi"
plugin_id = "seaweedfs"

# dont try to set this to less than 1GiB
capacity_min = "1GiB"
capacity_max = "10GiB"

capability {
  access_mode     = "single-node-reader-only"
  attachment_mode = "file-system"
}

capability {
  access_mode     = "single-node-writer"
  attachment_mode = "file-system"
}

mount_options {
  fs_type     = "ext4"
  mount_flags = ["rw"]
}

Result :

/ $ ls -la
total 200
dr-xr-xr-x    1 root     root          4096 Dec 13 07:16 .
dr-xr-xr-x    1 root     root          4096 Dec 13 07:16 ..
-rw-r--r--    1 root     root         11357 Dec  9 13:06 LICENSE
-rw-r--r--    1 root     root          3773 Dec  9 13:06 NOTICE
drwxrwxrwx    5 nobody   nobody        4096 Dec 13 07:16 alloc
drwxr-xr-x    1 root     root          4096 Dec  9 13:17 bin
drwxr-x---    2 root     root          4096 Dec 13 07:16 csi-volume-prometheus
drwxr-xr-x   10 root     root          2700 Dec 13 07:16 dev
drwxr-xr-x    1 root     root          4096 Dec 13 07:16 etc
drwxr-xr-x    1 nobody   nobody        4096 Dec 13 07:18 home
drwxr-xr-x    2 root     root          4096 Nov 15 10:54 lib
drwxrwxrwx    2 nobody   nobody        4096 Dec 13 07:16 local
-rw-r--r--    1 root     root        124789 Dec  9 13:17 npm_licenses.tar.bz2
dr-xr-xr-x  164 root     root             0 Dec 13 07:16 proc
drwxr-xr-x    3 nobody   nobody        4096 Dec 13 07:16 prometheus
drwx------    2 root     root          4096 Oct 25 00:08 root
drwxr-xr-x    2 root     root          4096 Dec 13 07:16 run
drwxrwxrwx    2 nobody   nobody          60 Dec 13 07:16 secrets
dr-xr-xr-x   13 root     root             0 Dec 13 07:16 sys
drwxrwxrwt    2 root     root          4096 Oct 25 00:08 tmp
drwxr-xr-x    1 root     root          4096 Nov 15 10:54 usr
drwxr-xr-x    4 root     root          4096 Oct 25 00:08 var

Do you have any idea ?

[chrislusf]

I do not know this. Can you chmod?

[edouardkleinhans]

not possible. I revert back to docker and it work as expected. So it's a podman things