Troubleshooting Db2 filesystem pods
When deploying Guardium® Insights on IBM Cloud, you may notice issues with the Db2 pods on the filesystem.
Symptoms
The uid
and gid
are randomly assigned a value of
99
:
Causes
Theuid
and gid
are not properly mapped.Resolving the problem
To resolve this, a norootsquash daemonset
must be
created on the kube-system
namespace beforeGuardium Insights deployment. This daemonset
is
used for ID mapping on IBM Cloud storage. For more
information, see https://cloud.ibm.com/docs/FileStorage?topic=FileStorage-mountingLinux&interface=ui#norootsquash.
- Set up your environment for the
daemonset
by issuing these commands:export CP_REPO_USER=<Your Username to cp.icr.io> export CP_REPO_PASS=<Your Password / Entitlement Key to cp.icr.io>
where
<Your Username to cp.icr.io>
iscp
<Your Password / Entitlement Key to cp.icr.io>
is available at https://myibm.ibm.com/products-services/containerlibrary.
- Create the secret for pulling the
norootsquash daemonset
image fromcp.icr.io
registry:oc create secret docker-registry cpregistrysecret --docker-server=cp.icr.io/cp/cpd --docker-username=${CP_REPO_USER} --docker-password=${CP_REPO_PASS} -n kube-system
- Create the
daemonset
on thekube-system
namespace:oc create -f - << EOF apiVersion: apps/v1 kind: DaemonSet metadata: name: norootsquash namespace: kube-system labels: tier: management app: norootsquash spec: selector: matchLabels: name: norootsquash template: metadata: labels: name: norootsquash spec: hostNetwork: true hostPID: true hostIPC: true containers: - resources: requests: cpu: 0.01 name: systemdutil01 image: cp.icr.io/cp/cpd/norootsquash:3.0-amd64 imagePullPolicy: Always args: ["-option", "restart", "-service", "nfs-idmapd.service"] volumeMounts: - mountPath: /host/etc name: host-etc - mountPath: /host/var/log name: host-log readOnly: true - mountPath: /run/systemd name: host-systemd - mountPath: /host/sys name: host-sys imagePullSecrets: - name: cpregistrysecret tolerations: - operator: Exists volumes: - name: host-etc hostPath: path: /etc - name: host-log hostPath: path: /var/log - name: host-systemd hostPath: path: /run/systemd - name: host-sys hostPath: path: /sys EOF
If you now deploy Guardium Insights in a cluster
with the norootsquash daemonset
, it will have a proper uid
and
gid
, similar to this: