Configuring NFS with IBM Cloud File Storage (ibmc-file-gold-gid storage class)

Db2® Warehouse requires you to set no_root_squash when you use NFS with IBM® Cloud File Storage (ibmc-file-gold-gid storage class) or the restore morph job fails.

About this task

Configuring no_root_squash allows root clients to retain root permissions on the remote NFS share. For more details, see Implementing no_root_squash for NFS in the IBM Cloud documentation.

Procedure

You can set no_root_squash with a daemonset or with commands. For clusters with 10 or more nodes, use a daemonset.
  • To use a daemonset
    1. Create a service account called norootsquash by running the following command:
      oc create -f - << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: norootsquash
  namespace: kube-system
EOF
    2. Give the service account privileged security context constraints (SCC) by running the following command:
      oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:norootsquash
    3. Create the daemonset by running the following command:
      oc create -f - << EOF
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: norootsquash
  namespace: kube-system
  labels:
    tier: management
    app: norootsquash
spec:
  selector:
    matchLabels:
      name: norootsquash
  template:
    metadata:
      labels:
        name: norootsquash
    spec:
      serviceAccountName: norootsquash
      initContainers:
        - resources:
            requests:
              cpu: 0.1
          securityContext:
            privileged: true
          image: alpine:3.6
          name: unrootsquash
          command: ["chroot", "/host", "sh", "-c"]
          args:
            - >
              grep "^Domain = slnfsv4.com" /etc/idmapd.conf;
              if [ "\$?" -ne "0" ] ; then
                sed -i 's/.*Domain =.*/Domain = slnfsv4.com/g' /etc/idmapd.conf;
                nfsidmap -c;
                rpc.idmapd
              fi;
          volumeMounts:
            - name: host
              mountPath: /host
      containers:
        - resources:
            requests:
              cpu: 0.1
          image: alpine:3.6
          name: sleep
          command: ["/bin/sh", "-c"]
          args:
            - >
              while true; do
                sleep 100000;
              done
      volumes:
        - hostPath:
            path: /
            type: Directory
          name: host
EOF
  • To use commands

    Run the following command to perform the same task as the daemonset. The command takes about 30 seconds per node. Note that these settings do not apply to new worker nodes, so you must add them.

    oc get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} --  oc debug {} -- chroot /host sh -c 'grep "^Domain = slnfsv4.coms" /etc/idmapd.conf || ( sed -i "s/.*Domain =.*/Domain = slnfsv4.com/g" /etc/idmapd.conf; nfsidmap -c; rpc.idmapd )'