NFS permissions for neo4j container in kubernetes

Integrations Orchestration & Kubernetes
,
1

Hi,

I'm trying to run a neo4j database in a kubernetes cluster which I set up from a few old machines and a couple of raspberry pis. The machine I'm using as the master node is also running an NFS server and exporting conf, logs and data directories.
I used the following config file to set up the persistent volumes, persistent volume claims and neo4j deployment:

#Persistent Volume
apiVersion: v1
kind: PersistentVolume
metadata:
  name: neo4jpv
  labels:
   deployment: neo4j
spec:
  capacity:
    storage: 30Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: slow
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /mnt/appdata/Neo4j
    server: serverip
---
#Persistent Volume Claim 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: neo4jpvc
spec:
  accessModes:
    - ReadWriteMany
  volumeMode: Filesystem
  resources:
    requests:
      storage: 30Gi
  storageClassName: slow
  selector:
    matchLabels:
      deployment: neo4j
---
#Neo4j Database
apiVersion: apps/v1
kind: Deployment
metadata:
  name: neo4jdatabase
spec:
  replicas: 1
  selector:
    matchLabels:
      app: neo4jdatabase
  template:
    metadata:
      labels:
        app: neo4jdatabase
        tier: database
    spec:
      volumes:
        - name: databasevolume
          persistentVolumeClaim:
              claimName: neo4jpvc
      containers:
        - name: neo4jdatabase
          image: neo4j:4.0.3
          env:
            - name: NEO4J_AUTH
              value: neo4j/neo4j
          ports:
            - containerPort: 7687
              name: bolt
            - containerPort: 7473
              name: https
          volumeMounts:
            - name: databasevolume
              subPath: data
              mountPath: "/data"
            - name: databasevolume
              subPath: logs
              mountPath: "/logs"
            - name: databasevolume
              subPath: conf
              mountPath: "/conf"

Unfortunately the pod goes into a CrashLoopBackOff and the logs say:

Warning: Folder mounted to "/logs" is not writable from inside container. Changing folder owner to neo4j
Permision to change ownership using "chown" is then denied.

I've tried exporting the directories with all_squash, anonuid and anongid with the ids giving users full control of the directories and still got the same error in the logs.

I've also tried setting the value of NEO4J_AUTH to None and passing an argument of "--user=id:group" which have full permissions over the exported directory. This still didn't work.

Any advice on how to give neo4j permissions to being able to write to the exported directory would be greatly appreciated.

Thanks
Callum

2

It's absolutely not recommended to run Neo4j on a NFS volume. Use a proper local filesystem instead. Also Neo4j takes exclusive locks, so you cannot run multiple Neo4j databases on the very same filesystem at the same time.

2 Likes
3

Ahh ok, thanks, what's the reason for not using NFS volumes?
That's also handy to know about the exclusive locks, thank you.

4

Most NFS implementations are not posix compliant. Neo4j (and other DBs as well) do require a posix compliant filesystem. In general you want to have local discs for performance and ensure you're the only one touching them.

1 Like
5

That's brilliant, thank you very much for that explanation