Configuring NFS with IBM Cloud File Storage (ibmc-file-gold-gid storage class)
Db2®
Warehouse
requires you to set no_root_squash
when you use NFS with IBM® Cloud File Storage
(ibmc-file-gold-gid storage class) or the restore morph job
fails.
About this task
Configuring no_root_squash
allows root clients to retain root permissions on the
remote NFS share. For more details, see Implementing no_root_squash for NFS in the IBM Cloud
documentation.
Procedure
You can set
no_root_squash
with a daemonset or with commands. For clusters
with 10 or more nodes, use a daemonset.
- To use a daemonset
- Create a service account called
norootsquash
by running the following command:oc create -f - << EOF apiVersion: v1 kind: ServiceAccount metadata: name: norootsquash namespace: kube-system EOF
- Give the service account privileged security context constraints (SCC) by running the following
command:
oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:norootsquash
- Create the daemonset by running the following
command:
oc create -f - << EOF apiVersion: apps/v1 kind: DaemonSet metadata: name: norootsquash namespace: kube-system labels: tier: management app: norootsquash spec: selector: matchLabels: name: norootsquash template: metadata: labels: name: norootsquash spec: serviceAccountName: norootsquash initContainers: - resources: requests: cpu: 0.1 securityContext: privileged: true image: alpine:3.6 name: unrootsquash command: ["chroot", "/host", "sh", "-c"] args: - > grep "^Domain = slnfsv4.com" /etc/idmapd.conf; if [ "\$?" -ne "0" ] ; then sed -i 's/.*Domain =.*/Domain = slnfsv4.com/g' /etc/idmapd.conf; nfsidmap -c; rpc.idmapd fi; volumeMounts: - name: host mountPath: /host containers: - resources: requests: cpu: 0.1 image: alpine:3.6 name: sleep command: ["/bin/sh", "-c"] args: - > while true; do sleep 100000; done volumes: - hostPath: path: / type: Directory name: host EOF
- Create a service account called
- To use commands
Run the following command to perform the same task as the daemonset. The command takes about 30 seconds per node. Note that these settings do not apply to new worker nodes, so you must add them.
oc get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} -- oc debug {} -- chroot /host sh -c 'grep "^Domain = slnfsv4.coms" /etc/idmapd.conf || ( sed -i "s/.*Domain =.*/Domain = slnfsv4.com/g" /etc/idmapd.conf; nfsidmap -c; rpc.idmapd )'