CODEWITHSUNDEEP
sedapache-nifiazure-aks
Hitesh Ghuge
Hitesh Ghuge

Reputation: 823

Not able to start apache-nifi in aks

Hi all I am working on Nifi and I am trying to install it in AKS (Azure kubernetes service). Using nifi 1.9.2 version. While installing it in AKS gives me an error 

replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for ‘/opt/nifi/nifi-current/conf/sedSFiVwC’: Operation not permitted
replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for ‘/opt/nifi/nifi-current/conf/sedK3S1JJ’: Operation not permitted
replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for ‘/opt/nifi/nifi-current/conf/sedbcm91T’: Operation not permitted
replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for ‘/opt/nifi/nifi-current/conf/sedIuYSe1’: Operation not permitted
NiFi running with PID 28.
The specified run.as user nifi
 does not exist. Exiting.
Received trapped signal, beginning shutdown...

Below is my nifi.yml file 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nifi-core
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nifi-core
  template:
    metadata:
      labels:
        app: nifi-core
    spec:
      containers:
        - name: nifi-core
          image: my-azurecr.io/nifi-core-prod:1.9.2
          env:
            - name: NIFI_WEB_HTTP_PORT
              value: "8080"
            - name: NIFI_VARIABLE_REGISTRY_PROPERTIES
              value: "./conf/custom.properties"
          resources:
            requests:
              cpu: "6"
              memory: 12Gi
            limits:
              cpu: "6"
              memory: 12Gi
          ports:
            - containerPort: 8080
          volumeMounts:
            - name: my-nifi-core-conf
              mountPath: /opt/nifi/nifi-current/conf
      volumes:
        - name: my-nifi-core-conf
          azureFile:
            shareName: my-file-nifi-core/nifi/conf
            secretName: my-nifi-secret
            readOnly: false

I have some customization in nifi Dockerfile, which copies some config files related to my configuration. When I ran my-azurecr.io/nifi-core-prod:1.9.2 docker image on my local it works as expected But when I try to run it on AKS its giving above error. since its related to permissions I have tried with both user nifi and root in Dockerfile.

All the required configuration files are provided in volume my-nifi-core-conf running in same resourse group. Since I am starting nifi with docker my exception is, it will behave same regardless of environment. Either on my local or in AKS. But error also say user nifi does not exist. The official nifi-image setup the user requirement.

Can anyone help, I cant event start container in interaction mode as pods in not in running mode. Thanks in advance.

Upvotes: 2

Views: 3811

Answers (4)

Tuan
Tuan

Reputation: 21

For those following this compose configurations, if you define any mounted volumes, they are also owned by the user root and group root. The default user-group of NiFi is nifi:nifi, so the created container cannot access the mounted directories, then shut down with the Received trapped signal, beginning shutdown... message. I don't know much about Linux systems and Docker stuff but after I sudo chmod +777 -R (not recommended) these directories, the NiFi container starts normally. Hope it helps!

Upvotes: 0

Daniel
Daniel

Reputation: 23

update: does not work with nifi 1.14.0 - works with 1.13.2

Upvotes: 0

RonManning
RonManning

Reputation: 137

If you never figured this out, I was able to do this by running an initContainer before the main container, and changing the directory perms there.

initContainers:
      - name: init1
        image: busybox:1.28
        volumeMounts:
        - name: nifi-pvc
          mountPath: "/opt/nifi/nifi-current"
        command: ["sh", "-c", "chown -R 1000:1000 /opt/nifi/nifi-current"] #or whatever you want to do as root

Upvotes: 1

Bicker x 2
Bicker x 2

Reputation: 137

I think your missing the Security Context definition for your Kubernetes Pod. The user that Nifi runs under within a Docker has a specific UID and GID, and with the error message you getting, I would suspect that because that user is not defined in the Pod's security context it's not launching as expected.

Have a look at section on the Kubernetes documentation about security contexts, and that should be enough get you started.

I would also have a look at using something like Minikube when testing Kubernetes deployments as Kubernetes adds a large number of controls around a container engine like Docker.

Security Contexts Docs: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ Minikube: https://kubernetes.io/docs/setup/learning-environment/minikube/

Upvotes: 1

Related Questions