Unable to start container process: exec /opt/percona/ps-entry.sh: permission denied

Installing percona mongodb using helm charts as a non root user following instructions with below versions
percona-server-mongodb: 6.0.9-7
percona-server-mongodb-operator: 1.15.0
when i start the mongodb getting Unable to start container process: exec /opt/percona/ps-entry.sh: permission denied
mongo-db-psmdb-db-cfg-0 1/2 CrashLoopBackOff 13 (2m27s ago) 44m
mongo-db-psmdb-db-rs0-0 1/2 CrashLoopBackOff 13 (2m52s ago) 44m
mongo-op-psmdb-operator-7796454575-szg8w 1/1 Running 0 45m

mongo-init container logs

backup-agent user and directory structure with uid as 1001

bash-4.4$ id
uid=1001 gid=2(daemon) groups=2(daemon),2001
bash-4.4$ ls -lrt /opt/percona/
-rwxr-xr-x 1 daemon daemon 16998 Nov 15 15:26 ps-entry.sh
-rwxr-xr-x 1 daemon daemon 198 Nov 15 15:26 physical-restore-ps-entry.sh
-rwxr-xr-x 1 daemon daemon 15220736 Nov 15 15:26 mongodb-healthcheck
-rwxr-xr-x 1 daemon daemon 532 Nov 15 15:26 pbm-entry.sh

mongodb operator user and directory structure

-rwxrwxr-x. 1 root root 16998 Oct 6 07:12 ps-entry.sh
-rwxrwxr-x. 1 root root 198 Oct 6 07:12 physical-restore-ps-entry.sh
-rwxrwxr-x. 1 root root 532 Oct 6 07:12 pbm-entry.sh
-rwxrwxr-x. 1 root root 434 Oct 6 07:12 init-entrypoint.sh
-rwxr-xr-x. 1 root root 15220736 Oct 6 07:14 mongodb-healthcheck

bash-5.1$ id
uid=2(daemon) gid=2(daemon) groups=2(daemon)

using podSecurityContext at replsets, nonvoting,sharding,mongos in psmdb-db and psmdb-operator

runAsNonRoot: true
runAsUser: 2
runAsGroup: 2
fsGroup: 2
fsGroupChangePolicy: “OnRootMismatch”

pvc storageClassName is glusterfs-storage and k8s version is 1.25.6 deployed in OS Red Hat Enterprise Linux 8.8 x86_64.

Anything wrong with the configurations?
Thanks !

@mahesh1 as you can see you get permission denied error. I would assume that the root of it is glusterfs and its configuration.

I see you rightfully started playing with security contexts and diging into file permissions.

Let me check in with our experts here. @Ege_Gunes @Tomislav_Plavcic any thoughts on it?

1 Like