Enabling Docker Access to Storage

Changing Context

When SELinux is used, you must perform the following volume provisioning steps on each of the nodes labeled as supporting database storage:

export DIRPATH=/<storage_dir>
sudo mkdir -p $DIRPATH
sudo chcon -t svirt_sandbox_file_t "${DIRPATH}"

Setting Permission for Local Storage

When either using CNS or DAS, it is necessary to set permission for local storage; for example, if the host is running as user centos with a user ID of 1000

centos:x:1000:1000:Cloud User:/home/centos:/bin/bash

Because we are running the container as uid 1000 the UIDs match up.

To permit the container access to the mapped host volume to centos, execute the following command:

chown centos:0 /mnt/local-storage/<path>

Enabling TLS on the NuoDB Admin layer

To enable TLS on the NuoDB Admin layer, do the following:

  1. Create a secret using the nuodb-tls-secret template with the following format:
  2. apiVersion: v1
    kind: Secret
      name: mysecret
      type: Opaque
      nuoadmin-truststore.p12: replace
      nuocmd.pem: replace
      nuoadmin.p12: replace
  3. Inject the key material as follows:
  4. export TRUSTSTORE_BASE64=$(cat truststore.p12 | base64 | tr -d '\n')
    export NUOCMD_PEM_BASE64=$(cat client.pem | base64 | tr -d '\n')
    export NUOADMIN_P12_BASE64=$(cat server.p12 | base64 | tr -d '\n')
    sed -i -e '/nuoadmin-truststore.p12:.*/ s|:.*|: '"${TRUSTSTORE_BASE64}"'|' nuodb-tls-secret.yaml
    sed -i -e '/nuocmd.pem:.*/ s|:.*|: '"${NUOCMD_PEM_BASE64}"'|' nuodb-tls-secret.yaml
    sed -i -e '/nuoadmin.p12:.*/ s|:.*|: '"${NUOADMIN_P12_BASE64}"'|' nuodb-tls-secret.yaml
  5. Install the secret before launching any admin:
  6. kubectl create -f nuodb-tls-secret.yaml