Skip to content

mongodb-agent: can't open new logfile: open /var/log/mongodb-mms-automation/readiness.log: permission denied #1700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
l0ner opened this issue Mar 23, 2025 · 0 comments
Open

mongodb-agent: can't open new logfile: open /var/log/mongodb-mms-automation/readiness.log: permission denied #1700

l0ner opened this issue Mar 23, 2025 · 0 comments

Comments

@l0ner
Copy link

l0ner commented Mar 23, 2025
edited
Loading

What did you do to encounter the bug?
Steps to reproduce the behavior:

  1. Follow the docs in https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/deploy-configure.md
  2. Run kubectl -n mongodb get mongodbcommunity
  3. Run kubectl -n mongodb get pod
  4. Run kubectl -n mongodb describe mongodb-0

The only differences from https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/config/samples/mongodb.com_v1_mongodbcommunity_cr.yaml

  • metadata.name: mongodb
  • spec.version: 7.0.15 (although i've tried version 6.0.5 and had the same behaviour)
  • spec.members: 1 (after testing with 2 - same behaviour independent of amount)
  • statefulSet.spec.volumeClaimTempates: added definitions for data-volume and logs-volume to give them some meaningfull sizes, had the same behaviour without the PVC templates.

What did you expect?

kubectl -n mongodb get mongodbcommunity

NAME      PHASE     VERSION
mongodb   Running   7.0.15

kubectl -n mongodb get pod

NAME                                           READY   STATUS    RESTARTS   AGE
mongodb-0                                      2/2     Running   0          9m44s
mongodb-kubernetes-operator-7c967f54d4-vrhk4   1/1     Running   0          2d19h

What happened instead?

kubectl -n mongodb get mongodbcommunity

NAME      PHASE     VERSION
mongodb   Pending

kubectl -n mongodb get pod

NAME                                           READY   STATUS    RESTARTS   AGE
mongodb-0                                      1/2     Running   0          9m44s
mongodb-kubernetes-operator-7c967f54d4-vrhk4   1/1     Running   0          2d19h

kubectl -n mongodb describe pod mongodb-0

(some output ommited)

Name:             mongodb-0
Namespace:        mongodb
Priority:         0
Service Account:  mongodb-database
Status:           Running
Containers:
  mongod:
    Image:         docker.io/mongodb/mongodb-community-server:7.0.15-ubi8
    Image ID:      docker.io/mongodb/mongodb-community-server@sha256:bd2e8e00a36d89eeb67eb7886630eaeb68c445c8474fc8ed95286ee82456d44f
    State:          Running
    Ready:          True
    Mounts:
      /data from data-volume (rw)
      /healthstatus from healthstatus (rw)
      /hooks from hooks (rw)
      /tmp from tmp (rw)
      /var/lib/mongodb-mms-automation/authentication from mongodb-keyfile (rw)
      /var/log/mongodb-mms-automation from logs-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-p89bx (ro)
  mongodb-agent:
    Image:         quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1
    Image ID:      quay.io/mongodb/mongodb-agent-ubi@sha256:dda6762d4b53da3230c8acc925aeaaa45fc2b3e4c38e180a83053ced1528306d
    State:          Running
    Ready:          False
    Mounts:
      /data from data-volume (rw)
      /opt/scripts from agent-scripts (rw)
      /tmp from tmp (rw)
      /var/lib/automation/config from automation-config (ro)
      /var/lib/mongodb-mms-automation/authentication from mongodb-keyfile (rw)
      /var/log/mongodb-mms-automation from logs-volume (rw)
      /var/log/mongodb-mms-automation/healthstatus from healthstatus (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-p89bx (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True
  Initialized                 True
  Ready                       False
  ContainersReady             False
  PodScheduled                True
Volumes:
  data-volume:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  data-volume-mongodb-0
    ReadOnly:   false
  logs-volume:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  logs-volume-mongodb-0
    ReadOnly:   false
  agent-scripts:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  automation-config:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  mongodb-config
    Optional:    false
  healthstatus:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  hooks:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  mongodb-keyfile:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  kube-api-access-p89bx:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason                  Age    From                     Message
  ----     ------                  ----   ----                     -------
  Normal   Scheduled               10m    default-scheduler        Successfully assigned mongodb/mongodb-0 to k3s-master-1-pi4
  Normal   SuccessfulAttachVolume  10m    attachdetach-controller  AttachVolume.Attach succeeded for volume "pvc-f5a8a0e6-61c7-439d-a6d7-6cfd693e012c"
  Normal   SuccessfulAttachVolume  10m    attachdetach-controller  AttachVolume.Attach succeeded for volume "pvc-73984433-b0c0-4f5b-b2ec-e568e2352e11"
  Normal   Pulling                 10m    kubelet                  Pulling image "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9"
  Normal   Pulled                  10m    kubelet                  Successfully pulled image "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9" in 834ms (834ms including waiting). Image size: 55380047 bytes.
  Normal   Created                 10m    kubelet                  Created container mongod-posthook
  Normal   Started                 10m    kubelet                  Started container mongod-posthook
  Normal   Pulling                 10m    kubelet                  Pulling image "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22"
  Normal   Pulled                  10m    kubelet                  Successfully pulled image "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22" in 613ms (613ms including waiting). Image size: 56850989 bytes.
  Normal   Created                 10m    kubelet                  Created container mongodb-agent-readinessprobe
  Normal   Started                 10m    kubelet                  Started container mongodb-agent-readinessprobe
  Normal   Pulling                 10m    kubelet                  Pulling image "docker.io/mongodb/mongodb-community-server:7.0.15-ubi8"
  Normal   Pulled                  8m2s   kubelet                  Successfully pulled image "docker.io/mongodb/mongodb-community-server:7.0.15-ubi8" in 2m10.069s (2m10.069s including waiting). Image size: 382255288 bytes.
  Normal   Created                 8m2s   kubelet                  Created container mongod
  Normal   Started                 8m2s   kubelet                  Started container mongod
  Normal   Pulling                 8m2s   kubelet                  Pulling image "quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1"
  Normal   Pulled                  8m1s   kubelet                  Successfully pulled image "quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1" in 776ms (776ms including waiting). Image size: 259631097 bytes.
  Normal   Created                 8m1s   kubelet                  Created container mongodb-agent
  Normal   Started                 8m1s   kubelet                  Started container mongodb-agent
  Warning  Unhealthy               7m49s  kubelet                  Readiness probe failed: {"level":"info","ts":"2025-03-23T17:31:17.529Z","msg":"logging configuration: &{Filename:/var/log/mongodb-mms-automation/readiness.log MaxSize:5 MaxAge:0 MaxBackups:5 LocalTime:false Compress:false size:0 file:<nil> mu:{state:0 sema:0} millCh:<nil> startMill:{done:{_:{} v:0} m:{state:0 sema:0}}}"}
{"level":"info","ts":"2025-03-23T17:31:17.632Z","msg":"Mongod is not ready"}
{"level":"info","ts":"2025-03-23T17:31:17.632Z","msg":"Reached the end of the check. Returning not ready."}
2025-03-23 17:31:17.52957058 +0000 UTC m=+0.576564662 write error: can't open new logfile: open /var/log/mongodb-mms-automation/readiness.log: permission denied
2025-03-23 17:31:17.632262316 +0000 UTC m=+0.679256139 write error: can't open new logfile: open /var/log/mongodb-mms-automation/readiness.log: permission denied
2025-03-23 17:31:17.63252335 +0000 UTC m=+0.679517173 write error: can't open new logfile: open /var/log/mongodb-mms-automation/readiness.log: permission denied
  Warning  Unhealthy  7m49s  kubelet  Readiness probe failed: {"level":"info","ts":"2025-03-23T17:31:17.726Z","msg":"logging configuration: &{Filename:/var/log/mongodb-mms-automation/readiness.log MaxSize:5 MaxAge:0 MaxBackups:5 LocalTime:false Compress:false size:0 file:<nil> mu:{state:0 sema:0} millCh:<nil> startMill:{done:{_:{} v:0} m:{state:0 sema:0}}}"}
{"level":"info","ts":"2025-03-23T17:31:17.782Z","msg":"Mongod is not ready"}
{"level":"info","ts":"2025-03-23T17:31:17.783Z","msg":"Reached the end of the check. Returning not ready."}

Operator Information

  • Operator Version 0.12.0
  • MongoDB Image used 7.0.15, 6.0.5 (same behaviour on both)

Kubernetes Cluster Information

  • Distribution: k3s on RPi (arm64, two nodes, RPi4 master and RPi3 worker)
  • Version v1.31.2+k3s1

Additional context

Possibly same problem as: #1384 #1143 #949

The volumes are RWO, correctly provisioned and bound.

kubectl -n mongodb get mdbc -oyaml

apiVersion: v1
items:
- apiVersion: mongodbcommunity.mongodb.com/v1
  kind: MongoDBCommunity
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"mongodbcommunity.mongodb.com/v1","kind":"MongoDBCommunity","metadata":{"annotations":{},"name":"mongodb","namespace":"mongodb"},"spec":{"additionalMongodConfig":{"storage.wiredTiger.engineConfig.journalCompressor":"zlib"},"members":1,"security":{"authentication":{"modes":["SCRAM"]}},"statefulSet":{"spec":{"volumeClaimTemplates":[{"metadata":{"name":"data-volume"},"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"10Gi"}}}},{"metadata":{"name":"logs-volume"},"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}}}}]}},"type":"ReplicaSet","users":[{"db":"admin","name":"admin","passwordSecretRef":{"name":"admin-password"},"roles":[{"db":"admin","name":"clusterAdmin"},{"db":"admin","name":"userAdminAnyDatabase"}],"scramCredentialsSecretName":"my-scram"}],"version":"7.0.15"}}
    creationTimestamp: "2025-03-23T17:28:25Z"
    generation: 1
    name: mongodb
    namespace: mongodb
    resourceVersion: "5233111"
    uid: dfe7acc8-7de8-4cf2-a567-26433c2d5ac8
  spec:
    additionalMongodConfig:
      storage.wiredTiger.engineConfig.journalCompressor: zlib
    members: 1
    security:
      authentication:
        ignoreUnknownUsers: true
        modes:
        - SCRAM
    statefulSet:
      spec:
        volumeClaimTemplates:
        - metadata:
            name: data-volume
          spec:
            accessModes:
            - ReadWriteOnce
            resources:
              requests:
                storage: 10Gi
        - metadata:
            name: logs-volume
          spec:
            accessModes:
            - ReadWriteOnce
            resources:
              requests:
                storage: 1Gi
    type: ReplicaSet
    users:
    - db: admin
      name: admin
      passwordSecretRef:
        name: admin-password
      roles:
      - db: admin
        name: clusterAdmin
      - db: admin
        name: userAdminAnyDatabase
      scramCredentialsSecretName: my-scram
    version: 7.0.15
  status:
    currentMongoDBMembers: 0
    currentStatefulSetReplicas: 0
    message: ReplicaSet is not yet ready, retrying in 10 seconds
    mongoUri: ""
    phase: Pending
kind: List
metadata:
  resourceVersion: ""

kubectl -n mongodb get sts -oyaml

apiVersion: v1
items:
- apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    creationTimestamp: "2025-03-23T17:28:25Z"
    generation: 1
    name: mongodb
    namespace: mongodb
    ownerReferences:
    - apiVersion: mongodbcommunity.mongodb.com/v1
      blockOwnerDeletion: true
      controller: true
      kind: MongoDBCommunity
      name: mongodb
      uid: dfe7acc8-7de8-4cf2-a567-26433c2d5ac8
    resourceVersion: "5233118"
    uid: b8243dc6-fd22-4a65-8c0f-ea658425980f
  spec:
    persistentVolumeClaimRetentionPolicy:
      whenDeleted: Retain
      whenScaled: Retain
    podManagementPolicy: OrderedReady
    replicas: 1
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app: mongodb-svc
    serviceName: mongodb-svc
    template:
      metadata:
        creationTimestamp: null
        labels:
          app: mongodb-svc
      spec:
        containers:
        - args:
          - ""
          command:
          - /bin/sh
          - -c
          - "\nif [ -e "/hooks/version-upgrade" ]; then\n\t#run post-start hook
            to handle version changes (if exists)\n    /hooks/version-upgrade\nfi\n\n#
            wait for config and keyfile to be created by the agent\nwhile ! [ -f /data/automation-mongod.conf
            -a -f /var/lib/mongodb-mms-automation/authentication/keyfile ]; do sleep
            3 ; done ; sleep 2 ;\n\n# start mongod with this configuration\nexec mongod
            -f /data/automation-mongod.conf;\n\n"
          env:
          - name: AGENT_STATUS_FILEPATH
            value: /healthstatus/agent-health-status.json
          image: docker.io/mongodb/mongodb-community-server:7.0.15-ubi8
          imagePullPolicy: IfNotPresent
          name: mongod
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /data
            name: data-volume
          - mountPath: /healthstatus
            name: healthstatus
          - mountPath: /hooks
            name: hooks
          - mountPath: /var/log/mongodb-mms-automation
            name: logs-volume
          - mountPath: /var/lib/mongodb-mms-automation/authentication
            name: mongodb-keyfile
          - mountPath: /tmp
            name: tmp
        - command:
          - /bin/bash
          - -c
          - |-
            current_uid=$(id -u)
            declare -r current_uid
            if ! grep -q "${current_uid}" /etc/passwd ; then
            sed -e "s/^mongodb:/builder:/" /etc/passwd > /tmp/passwd
            echo "mongodb:x:$(id -u):$(id -g):,,,:/:/bin/bash" >> /tmp/passwd
            export NSS_WRAPPER_PASSWD=/tmp/passwd
            export LD_PRELOAD=libnss_wrapper.so
            export NSS_WRAPPER_GROUP=/etc/group
            fi
            agent/mongodb-agent -healthCheckFilePath=/var/log/mongodb-mms-automation/healthstatus/agent-health-status.json -serveStatusPort=5000 -cluster=/var/lib/automation/config/cluster-config.json -skipMongoStart -noDaemonize -useLocalMongoDbTools -logFile /var/log/mongodb-mms-automation/automation-agent.log -logLevel INFO -maxLogFileDurationHrs 24
          env:
          - name: AGENT_STATUS_FILEPATH
            value: /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
          - name: AUTOMATION_CONFIG_MAP
            value: mongodb-config
          - name: HEADLESS_AGENT
            value: "true"
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1
          imagePullPolicy: Always
          name: mongodb-agent
          readinessProbe:
            exec:
              command:
              - /opt/scripts/readinessprobe
            failureThreshold: 40
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /opt/scripts
            name: agent-scripts
          - mountPath: /var/lib/automation/config
            name: automation-config
            readOnly: true
          - mountPath: /data
            name: data-volume
          - mountPath: /var/log/mongodb-mms-automation/healthstatus
            name: healthstatus
          - mountPath: /var/log/mongodb-mms-automation
            name: logs-volume
          - mountPath: /var/lib/mongodb-mms-automation/authentication
            name: mongodb-keyfile
          - mountPath: /tmp
            name: tmp
        dnsPolicy: ClusterFirst
        initContainers:
        - command:
          - cp
          - version-upgrade-hook
          - /hooks/version-upgrade
          image: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9
          imagePullPolicy: Always
          name: mongod-posthook
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /hooks
            name: hooks
        - command:
          - cp
          - /probes/readinessprobe
          - /opt/scripts/readinessprobe
          image: quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22
          imagePullPolicy: Always
          name: mongodb-agent-readinessprobe
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /opt/scripts
            name: agent-scripts
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext:
          fsGroup: 2000
          runAsNonRoot: true
          runAsUser: 2000
        serviceAccount: mongodb-database
        serviceAccountName: mongodb-database
        terminationGracePeriodSeconds: 30
        volumes:
        - emptyDir: {}
          name: agent-scripts
        - name: automation-config
          secret:
            defaultMode: 416
            secretName: mongodb-config
        - emptyDir: {}
          name: healthstatus
        - emptyDir: {}
          name: hooks
        - emptyDir: {}
          name: mongodb-keyfile
        - emptyDir: {}
          name: tmp
    updateStrategy:
      type: RollingUpdate
    volumeClaimTemplates:
    - apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        creationTimestamp: null
        name: data-volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        volumeMode: Filesystem
      status:
        phase: Pending
    - apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        creationTimestamp: null
        name: logs-volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
        volumeMode: Filesystem
      status:
        phase: Pending
  status:
    availableReplicas: 0
    collisionCount: 0
    currentReplicas: 1
    currentRevision: mongodb-d79cb44df
    observedGeneration: 1
    replicas: 1
    updateRevision: mongodb-d79cb44df
    updatedReplicas: 1
- apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    creationTimestamp: "2025-03-23T17:28:25Z"
    generation: 1
    name: mongodb-arb
    namespace: mongodb
    ownerReferences:
    - apiVersion: mongodbcommunity.mongodb.com/v1
      blockOwnerDeletion: true
      controller: true
      kind: MongoDBCommunity
      name: mongodb
      uid: dfe7acc8-7de8-4cf2-a567-26433c2d5ac8
    resourceVersion: "5233113"
    uid: 15468191-c29a-45f9-864d-0e34bc565081
  spec:
    persistentVolumeClaimRetentionPolicy:
      whenDeleted: Retain
      whenScaled: Retain
    podManagementPolicy: OrderedReady
    replicas: 0
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app: mongodb-svc
    serviceName: mongodb-svc
    template:
      metadata:
        creationTimestamp: null
        labels:
          app: mongodb-svc
      spec:
        containers:
        - args:
          - ""
          command:
          - /bin/sh
          - -c
          - "\nif [ -e "/hooks/version-upgrade" ]; then\n\t#run post-start hook
            to handle version changes (if exists)\n    /hooks/version-upgrade\nfi\n\n#
            wait for config and keyfile to be created by the agent\nwhile ! [ -f /data/automation-mongod.conf
            -a -f /var/lib/mongodb-mms-automation/authentication/keyfile ]; do sleep
            3 ; done ; sleep 2 ;\n\n# start mongod with this configuration\nexec mongod
            -f /data/automation-mongod.conf;\n\n"
          env:
          - name: AGENT_STATUS_FILEPATH
            value: /healthstatus/agent-health-status.json
          image: docker.io/mongodb/mongodb-community-server:7.0.15-ubi8
          imagePullPolicy: IfNotPresent
          name: mongod
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /data
            name: data-volume
          - mountPath: /healthstatus
            name: healthstatus
          - mountPath: /hooks
            name: hooks
          - mountPath: /var/log/mongodb-mms-automation
            name: logs-volume
          - mountPath: /var/lib/mongodb-mms-automation/authentication
            name: mongodb-keyfile
          - mountPath: /tmp
            name: tmp
        - command:
          - /bin/bash
          - -c
          - |-
            current_uid=$(id -u)
            declare -r current_uid
            if ! grep -q "${current_uid}" /etc/passwd ; then
            sed -e "s/^mongodb:/builder:/" /etc/passwd > /tmp/passwd
            echo "mongodb:x:$(id -u):$(id -g):,,,:/:/bin/bash" >> /tmp/passwd
            export NSS_WRAPPER_PASSWD=/tmp/passwd
            export LD_PRELOAD=libnss_wrapper.so
            export NSS_WRAPPER_GROUP=/etc/group
            fi
            agent/mongodb-agent -healthCheckFilePath=/var/log/mongodb-mms-automation/healthstatus/agent-health-status.json -serveStatusPort=5000 -cluster=/var/lib/automation/config/cluster-config.json -skipMongoStart -noDaemonize -useLocalMongoDbTools -logFile /var/log/mongodb-mms-automation/automation-agent.log -logLevel INFO -maxLogFileDurationHrs 24
          env:
          - name: AGENT_STATUS_FILEPATH
            value: /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
          - name: AUTOMATION_CONFIG_MAP
            value: mongodb-config
          - name: HEADLESS_AGENT
            value: "true"
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1
          imagePullPolicy: Always
          name: mongodb-agent
          readinessProbe:
            exec:
              command:
              - /opt/scripts/readinessprobe
            failureThreshold: 40
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /opt/scripts
            name: agent-scripts
          - mountPath: /var/lib/automation/config
            name: automation-config
            readOnly: true
          - mountPath: /data
            name: data-volume
          - mountPath: /var/log/mongodb-mms-automation/healthstatus
            name: healthstatus
          - mountPath: /var/log/mongodb-mms-automation
            name: logs-volume
          - mountPath: /var/lib/mongodb-mms-automation/authentication
            name: mongodb-keyfile
          - mountPath: /tmp
            name: tmp
        dnsPolicy: ClusterFirst
        initContainers:
        - command:
          - cp
          - version-upgrade-hook
          - /hooks/version-upgrade
          image: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9
          imagePullPolicy: Always
          name: mongod-posthook
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /hooks
            name: hooks
        - command:
          - cp
          - /probes/readinessprobe
          - /opt/scripts/readinessprobe
          image: quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22
          imagePullPolicy: Always
          name: mongodb-agent-readinessprobe
          resources:
            limits:
              cpu: "1"
              memory: 500M
            requests:
              cpu: 500m
              memory: 400M
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /opt/scripts
            name: agent-scripts
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext:
          fsGroup: 2000
          runAsNonRoot: true
          runAsUser: 2000
        serviceAccount: mongodb-database
        serviceAccountName: mongodb-database
        terminationGracePeriodSeconds: 30
        volumes:
        - emptyDir: {}
          name: agent-scripts
        - name: automation-config
          secret:
            defaultMode: 416
            secretName: mongodb-config
        - emptyDir: {}
          name: healthstatus
        - emptyDir: {}
          name: hooks
        - emptyDir: {}
          name: mongodb-keyfile
        - emptyDir: {}
          name: tmp
    updateStrategy:
      type: RollingUpdate
    volumeClaimTemplates:
    - apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        creationTimestamp: null
        name: data-volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        volumeMode: Filesystem
      status:
        phase: Pending
    - apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        creationTimestamp: null
        name: logs-volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
        volumeMode: Filesystem
      status:
        phase: Pending
  status:
    availableReplicas: 0
    collisionCount: 0
    currentRevision: mongodb-arb-d79cb44df
    observedGeneration: 1
    replicas: 0
    updateRevision: mongodb-arb-d79cb44df
kind: List
metadata:
  resourceVersion: ""

kubectl -n mongodb get pods -oyaml

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    annotations:
      agent.mongodb.com/version: "-1"
    creationTimestamp: "2025-03-23T17:28:25Z"
    generateName: mongodb-
    labels:
      app: mongodb-svc
      apps.kubernetes.io/pod-index: "0"
      controller-revision-hash: mongodb-d79cb44df
      statefulset.kubernetes.io/pod-name: mongodb-0
    name: mongodb-0
    namespace: mongodb
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: StatefulSet
      name: mongodb
      uid: b8243dc6-fd22-4a65-8c0f-ea658425980f
    resourceVersion: "5233280"
    uid: 1c9884b4-8548-424b-9696-6efc8df4b6af
  spec:
    containers:
    - args:
      - ""
      command:
      - /bin/sh
      - -c
      - "\nif [ -e "/hooks/version-upgrade" ]; then\n\t#run post-start hook to handle
        version changes (if exists)\n    /hooks/version-upgrade\nfi\n\n# wait for
        config and keyfile to be created by the agent\nwhile ! [ -f /data/automation-mongod.conf
        -a -f /var/lib/mongodb-mms-automation/authentication/keyfile ]; do sleep 3
        ; done ; sleep 2 ;\n\n# start mongod with this configuration\nexec mongod
        -f /data/automation-mongod.conf;\n\n"
      env:
      - name: AGENT_STATUS_FILEPATH
        value: /healthstatus/agent-health-status.json
      image: docker.io/mongodb/mongodb-community-server:7.0.15-ubi8
      imagePullPolicy: IfNotPresent
      name: mongod
      resources:
        limits:
          cpu: "1"
          memory: 500M
        requests:
          cpu: 500m
          memory: 400M
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /data
        name: data-volume
      - mountPath: /healthstatus
        name: healthstatus
      - mountPath: /hooks
        name: hooks
      - mountPath: /var/log/mongodb-mms-automation
        name: logs-volume
      - mountPath: /var/lib/mongodb-mms-automation/authentication
        name: mongodb-keyfile
      - mountPath: /tmp
        name: tmp
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
    - command:
      - /bin/bash
      - -c
      - |-
        current_uid=$(id -u)
        declare -r current_uid
        if ! grep -q "${current_uid}" /etc/passwd ; then
        sed -e "s/^mongodb:/builder:/" /etc/passwd > /tmp/passwd
        echo "mongodb:x:$(id -u):$(id -g):,,,:/:/bin/bash" >> /tmp/passwd
        export NSS_WRAPPER_PASSWD=/tmp/passwd
        export LD_PRELOAD=libnss_wrapper.so
        export NSS_WRAPPER_GROUP=/etc/group
        fi
        agent/mongodb-agent -healthCheckFilePath=/var/log/mongodb-mms-automation/healthstatus/agent-health-status.json -serveStatusPort=5000 -cluster=/var/lib/automation/config/cluster-config.json -skipMongoStart -noDaemonize -useLocalMongoDbTools -logFile /var/log/mongodb-mms-automation/automation-agent.log -logLevel INFO -maxLogFileDurationHrs 24
      env:
      - name: AGENT_STATUS_FILEPATH
        value: /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
      - name: AUTOMATION_CONFIG_MAP
        value: mongodb-config
      - name: HEADLESS_AGENT
        value: "true"
      - name: POD_NAMESPACE
        valueFrom:
          fieldRef:
            apiVersion: v1
            fieldPath: metadata.namespace
      image: quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1
      imagePullPolicy: Always
      name: mongodb-agent
      readinessProbe:
        exec:
          command:
          - /opt/scripts/readinessprobe
        failureThreshold: 40
        initialDelaySeconds: 5
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      resources:
        limits:
          cpu: "1"
          memory: 500M
        requests:
          cpu: 500m
          memory: 400M
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /opt/scripts
        name: agent-scripts
      - mountPath: /var/lib/automation/config
        name: automation-config
        readOnly: true
      - mountPath: /data
        name: data-volume
      - mountPath: /var/log/mongodb-mms-automation/healthstatus
        name: healthstatus
      - mountPath: /var/log/mongodb-mms-automation
        name: logs-volume
      - mountPath: /var/lib/mongodb-mms-automation/authentication
        name: mongodb-keyfile
      - mountPath: /tmp
        name: tmp
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    hostname: mongodb-0
    initContainers:
    - command:
      - cp
      - version-upgrade-hook
      - /hooks/version-upgrade
      image: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9
      imagePullPolicy: Always
      name: mongod-posthook
      resources:
        limits:
          cpu: "1"
          memory: 500M
        requests:
          cpu: 500m
          memory: 400M
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /hooks
        name: hooks
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
    - command:
      - cp
      - /probes/readinessprobe
      - /opt/scripts/readinessprobe
      image: quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22
      imagePullPolicy: Always
      name: mongodb-agent-readinessprobe
      resources:
        limits:
          cpu: "1"
          memory: 500M
        requests:
          cpu: 500m
          memory: 400M
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /opt/scripts
        name: agent-scripts
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
    nodeName: k3s-master-1-pi4
    preemptionPolicy: PreemptLowerPriority
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext:
      fsGroup: 2000
      runAsNonRoot: true
      runAsUser: 2000
    serviceAccount: mongodb-database
    serviceAccountName: mongodb-database
    subdomain: mongodb-svc
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - name: data-volume
      persistentVolumeClaim:
        claimName: data-volume-mongodb-0
    - name: logs-volume
      persistentVolumeClaim:
        claimName: logs-volume-mongodb-0
    - emptyDir: {}
      name: agent-scripts
    - name: automation-config
      secret:
        defaultMode: 416
        secretName: mongodb-config
    - emptyDir: {}
      name: healthstatus
    - emptyDir: {}
      name: hooks
    - emptyDir: {}
      name: mongodb-keyfile
    - emptyDir: {}
      name: tmp
    - name: kube-api-access-p89bx
      projected:
        defaultMode: 420
        sources:
        - serviceAccountToken:
            expirationSeconds: 3607
            path: token
        - configMap:
            items:
            - key: ca.crt
              path: ca.crt
            name: kube-root-ca.crt
        - downwardAPI:
            items:
            - fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
              path: namespace
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2025-03-23T17:28:48Z"
      status: "True"
      type: PodReadyToStartContainers
    - lastProbeTime: null
      lastTransitionTime: "2025-03-23T17:28:54Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2025-03-23T17:28:25Z"
      message: 'containers with unready status: [mongodb-agent]'
      reason: ContainersNotReady
      status: "False"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2025-03-23T17:28:25Z"
      message: 'containers with unready status: [mongodb-agent]'
      reason: ContainersNotReady
      status: "False"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2025-03-23T17:28:25Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: containerd://3722ad0bcb691b4c467bd94ca4f876f773c88fd48307d8cdbb4755e841a7b4c6
      image: docker.io/mongodb/mongodb-community-server:7.0.15-ubi8
      imageID: docker.io/mongodb/mongodb-community-server@sha256:bd2e8e00a36d89eeb67eb7886630eaeb68c445c8474fc8ed95286ee82456d44f
      lastState: {}
      name: mongod
      ready: true
      restartCount: 0
      started: true
      state:
        running:
          startedAt: "2025-03-23T17:31:04Z"
      volumeMounts:
      - mountPath: /data
        name: data-volume
      - mountPath: /healthstatus
        name: healthstatus
      - mountPath: /hooks
        name: hooks
      - mountPath: /var/log/mongodb-mms-automation
        name: logs-volume
      - mountPath: /var/lib/mongodb-mms-automation/authentication
        name: mongodb-keyfile
      - mountPath: /tmp
        name: tmp
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
        recursiveReadOnly: Disabled
    - containerID: containerd://495a47b2ad004a3ccd33921fd04239d1936ae39409eefbf4456879d3f33cf9b9
      image: quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1
      imageID: quay.io/mongodb/mongodb-agent-ubi@sha256:dda6762d4b53da3230c8acc925aeaaa45fc2b3e4c38e180a83053ced1528306d
      lastState: {}
      name: mongodb-agent
      ready: false
      restartCount: 0
      started: true
      state:
        running:
          startedAt: "2025-03-23T17:31:05Z"
      volumeMounts:
      - mountPath: /opt/scripts
        name: agent-scripts
      - mountPath: /var/lib/automation/config
        name: automation-config
        readOnly: true
        recursiveReadOnly: Disabled
      - mountPath: /data
        name: data-volume
      - mountPath: /var/log/mongodb-mms-automation/healthstatus
        name: healthstatus
      - mountPath: /var/log/mongodb-mms-automation
        name: logs-volume
      - mountPath: /var/lib/mongodb-mms-automation/authentication
        name: mongodb-keyfile
      - mountPath: /tmp
        name: tmp
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
        recursiveReadOnly: Disabled
    hostIP: 192.168.1.241
    hostIPs:
    - ip: 192.168.1.241
    initContainerStatuses:
    - containerID: containerd://cfd9da564e938a4e07736d6580d6be86f526ed059b7c55b2f128687f7ecd5858
      image: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9
      imageID: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook@sha256:a72e929e623ed8450991f444e21d50db1f791c28452c193a3a33b7d3c159928e
      lastState: {}
      name: mongod-posthook
      ready: true
      restartCount: 0
      started: false
      state:
        terminated:
          containerID: containerd://cfd9da564e938a4e07736d6580d6be86f526ed059b7c55b2f128687f7ecd5858
          exitCode: 0
          finishedAt: "2025-03-23T17:28:48Z"
          reason: Completed
          startedAt: "2025-03-23T17:28:48Z"
      volumeMounts:
      - mountPath: /hooks
        name: hooks
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
        recursiveReadOnly: Disabled
    - containerID: containerd://8acb60714fe19f1b1d4d8dddefae3df0873849fadb58448ee5041d6fd2ac4dbb
      image: quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22
      imageID: quay.io/mongodb/mongodb-kubernetes-readinessprobe@sha256:a6701b892f7989b46bddfae1d9e3ba8d279e15d3f035dc27dae52fd8838b981d
      lastState: {}
      name: mongodb-agent-readinessprobe
      ready: true
      restartCount: 0
      started: false
      state:
        terminated:
          containerID: containerd://8acb60714fe19f1b1d4d8dddefae3df0873849fadb58448ee5041d6fd2ac4dbb
          exitCode: 0
          finishedAt: "2025-03-23T17:28:51Z"
          reason: Completed
          startedAt: "2025-03-23T17:28:51Z"
      volumeMounts:
      - mountPath: /opt/scripts
        name: agent-scripts
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-p89bx
        readOnly: true
        recursiveReadOnly: Disabled
    phase: Running
    podIP: 10.42.0.218
    podIPs:
    - ip: 10.42.0.218
    qosClass: Burstable
    startTime: "2025-03-23T17:28:25Z"
- apiVersion: v1
  kind: Pod
  metadata:
    creationTimestamp: "2025-03-20T22:20:44Z"
    generateName: mongodb-kubernetes-operator-7c967f54d4-
    labels:
      name: mongodb-kubernetes-operator
      pod-template-hash: 7c967f54d4
    name: mongodb-kubernetes-operator-7c967f54d4-vrhk4
    namespace: mongodb
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: mongodb-kubernetes-operator-7c967f54d4
      uid: 3e7cc32d-e63b-4442-977e-646df7dd2d46
    resourceVersion: "5053687"
    uid: 6d4d49f5-a3a6-4589-a1a9-5386ec215169
  spec:
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
            - key: name
              operator: In
              values:
              - mongodb-kubernetes-operator
          topologyKey: kubernetes.io/hostname
    containers:
    - command:
      - /usr/local/bin/entrypoint
      env:
      - name: WATCH_NAMESPACE
        valueFrom:
          fieldRef:
            apiVersion: v1
            fieldPath: metadata.namespace
      - name: POD_NAME
        valueFrom:
          fieldRef:
            apiVersion: v1
            fieldPath: metadata.name
      - name: OPERATOR_NAME
        value: mongodb-kubernetes-operator
      - name: AGENT_IMAGE
        value: quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1
      - name: VERSION_UPGRADE_HOOK_IMAGE
        value: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9
      - name: READINESS_PROBE_IMAGE
        value: quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22
      - name: MONGODB_IMAGE
        value: mongodb-community-server
      - name: MONGODB_REPO_URL
        value: docker.io/mongodb
      - name: MDB_IMAGE_TYPE
        value: ubi8
      image: quay.io/mongodb/mongodb-kubernetes-operator:0.12.0
      imagePullPolicy: Always
      name: mongodb-kubernetes-operator
      resources:
        limits:
          cpu: 1100m
          memory: 1Gi
        requests:
          cpu: 500m
          memory: 200Mi
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-v7bxb
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    nodeName: k3s-worker-1-pi3
    preemptionPolicy: PreemptLowerPriority
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext:
      runAsNonRoot: true
      runAsUser: 2000
    serviceAccount: mongodb-kubernetes-operator
    serviceAccountName: mongodb-kubernetes-operator
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - name: kube-api-access-v7bxb
      projected:
        defaultMode: 420
        sources:
        - serviceAccountToken:
            expirationSeconds: 3607
            path: token
        - configMap:
            items:
            - key: ca.crt
              path: ca.crt
            name: kube-root-ca.crt
        - downwardAPI:
            items:
            - fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
              path: namespace
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2025-03-20T22:21:49Z"
      status: "True"
      type: PodReadyToStartContainers
    - lastProbeTime: null
      lastTransitionTime: "2025-03-20T22:20:45Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2025-03-20T22:21:49Z"
      status: "True"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2025-03-20T22:21:49Z"
      status: "True"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2025-03-20T22:20:45Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: containerd://1afaf481f5cec5be83c1387961b6997a058ee0244b8261173a4898af678a49ec
      image: quay.io/mongodb/mongodb-kubernetes-operator:0.12.0
      imageID: quay.io/mongodb/mongodb-kubernetes-operator@sha256:d0bdb84582ce3645aa57aac28fe007848ebb88722e863ea6c9eb57f124451a7f
      lastState: {}
      name: mongodb-kubernetes-operator
      ready: true
      restartCount: 0
      started: true
      state:
        running:
          startedAt: "2025-03-20T22:21:49Z"
      volumeMounts:
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-v7bxb
        readOnly: true
        recursiveReadOnly: Disabled
    hostIP: 192.168.1.102
    hostIPs:
    - ip: 192.168.1.102
    phase: Running
    podIP: 10.42.1.49
    podIPs:
    - ip: 10.42.1.49
    qosClass: Burstable
    startTime: "2025-03-20T22:20:45Z"
kind: List
metadata:
  resourceVersion: ""

kubectl -n mongodb logs mongodb-0

Defaulted container "mongod" out of: mongod, mongodb-agent, mongod-posthook (init), mongodb-agent-readinessprobe (init)
2025-03-23T17:31:05.666Z        INFO    versionhook/main.go:33  Running version change post-start hook
2025-03-23T17:31:05.670Z        INFO    versionhook/main.go:40  Waiting for agent health status...
2025-03-23T17:31:06.671Z        INFO    versionhook/main.go:46  Agent health status file not found, mongod will start

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- cat /var/lib/automation/config/cluster-config.json

{
	"version":1,
	"processes":[
		{
			"name":"mongodb-0",
			"disabled":false,
			"hostname":"mongodb-0.mongodb-svc.mongodb.svc.cluster.local",
			"args2_6":{
				"net":{
					"port":27017
				},
				"replication":{
					"replSetName":"mongodb"
				},
				"storage":{
					"dbPath":"/data",
					"wiredTiger":{
						"engineConfig":{
							"journalCompressor":"zlib"
						}
					}
				}
			},
			"featureCompatibilityVersion":"7.0",
			"processType":"mongod",
			"version":"7.0.15",
			"authSchemaVersion":5
		}
	],
	"replicaSets":[
		{
			"_id":"mongodb",
			"members":[
				{
					"_id":0,
					"host":"mongodb-0",
					"arbiterOnly":false,
					"votes":1,
					"priority":1
				}
			],
			"protocolVersion":"1",
			"numberArbiters":0
		}
	],
	"auth":{
		"usersWanted":[
			{
				"mechanisms":[],
				"roles":[
					{
						"role":"clusterAdmin",
						"db":"admin"
					},
					{
						"role":"userAdminAnyDatabase",
						"db":"admin"
					}
				],
				"user":"admin",
				"db":"admin",
				"authenticationRestrictions":[],
				"scramSha256Creds":{
					"iterationCount":15000,
					"salt":".......",
					"serverKey":".....",
					"storedKey":"....."
				},
				"scramSha1Creds":{
					"iterationCount":10000,
					"salt":"......",
					"serverKey":".....",
					"storedKey":"....."
				}
			}
		],
		"disabled":false,
		"authoritativeSet":false,
		"autoAuthMechanisms":["SCRAM-SHA-256"],
		"autoAuthMechanism":"SCRAM-SHA-256",
		"deploymentAuthMechanisms":["SCRAM-SHA-256"],
		"autoUser":"mms-automation",
		"key":".......",
		"keyfile":"/var/lib/mongodb-mms-automation/authentication/keyfile",
		"keyfileWindows":"%SystemDrive%\\MMSAutomation\\versions\\keyfile",
		"autoPwd":"....."
	},
	"tls":{
		"CAFilePath":"",
		"clientCertificateMode":"OPTIONAL"
	},
	"mongoDbVersions":[
		{
			"name":"7.0.15",
			"builds":[
				{
					"platform":"linux",
					"url":"",
					"gitVersion":"",
					"architecture":"amd64",
					"flavor":"rhel",
					"minOsVersion":"",
					"maxOsVersion":"",
					"modules":[]
				},{
					"platform":"linux",
					"url":"",
					"gitVersion":"",
					"architecture":"amd64",
					"flavor":"ubuntu",
					"minOsVersion":"",
					"maxOsVersion":"",
					"modules":[]
				},{
					"platform":"linux",
					"url":"",
					"gitVersion":"",
					"architecture":"aarch64",
					"flavor":"ubuntu",
					"minOsVersion":"",
					"maxOsVersion":"",
					"modules":[]
				},{
					"platform":"linux",
					"url":"",
					"gitVersion":"",
					"architecture":"aarch64",
					"flavor":"rhel",
					"minOsVersion":"",
					"maxOsVersion":"",
					"modules":[]
				}
			]
		}
	],
	"backupVersions":[],
	"monitoringVersions":[],
	"options":{
		"downloadBase":"/var/lib/mongodb-mms-automation"
	}
}

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- cat /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json

{
	"statuses":{
		"mongodb-0":{
			"IsInGoalState":false,
			"LastMongoUpTime":0,
			"ExpectedToBeUp":true,
			"ReplicationStatus":-1
		}
	},
	"mmsStatus":{
		"mongodb-0":{
			"name":"mongodb-0",
			"lastGoalVersionAchieved":-1,
			"plans":[
				{
					"automationConfigVersion":1,
					"started":"2025-03-23T17:31:06.349704425Z",
					"completed":null,
					"moves":[
						{
							"move":"Start",
							"moveDoc":"Start the process",
							"steps":[
								{
									"step":"StartFresh",
									"stepDoc":"Start a mongo instance  (start fresh)",
									"isWaitStep":false,
									"started":"2025-03-23T17:31:06.349778998Z",
									"completed":null,
									"result":"error"
								}
							]
						},{
							"move":"WaitAllRsMembersUp",
							"moveDoc":"Wait until all members of this process' repl set are up",
							"steps":[
								{
									"step":"WaitAllRsMembersUp",
									"stepDoc":"Wait until all members of this process' repl set are up",
									"isWaitStep":true,
									"started":null,
									"completed":null,
									"result":""
								}
							]
						},{
							"move":"RsInit",
							"moveDoc":"Initialize a replica set including the current MongoDB process",
							"steps":[
								{
									"step":"RsInit",
									"stepDoc":"Initialize a replica set",
									"isWaitStep":false,
									"started":null,
									"completed":null,
									"result":""
								}
							]
						},{
							"move":"WaitFeatureCompatibilityVersionCorrect",
							"moveDoc":"Wait for featureCompatibilityVersion to be right",
							"steps":[
								{
									"step":"WaitFeatureCompatibilityVersionCorrect",
									"stepDoc":"Wait for featureCompatibilityVersion to be right",
									"isWaitStep":true,
									"started":null,
									"completed":null,
									"result":""
								}
							]
						}
					]
				}
			],
			"errorCode":0,
			"errorString":"
				\u003cmongodb-0\u003e [18:04:55.151] Plan execution failed on step StartFresh as part of move Start : 
				\u003cmongodb-0\u003e [18:04:55.151] Failed to apply action. Result = \u003cnil\u003e : 
				\u003cmongodb-0\u003e [18:04:55.151] Error starting mongod : 
				\u003cmongodb-0\u003e [18:04:55.151] Error getting start process cmd for executable=mongod, stip=[args=
					{
						"net":{
							"bindIp":"0.0.0.0",
							"port":27017
						},
						"replication":{
							"replSetName":"mongodb"
						},
						"security":{
							"authorization":"enabled",
							"keyFile":"/var/lib/mongodb-mms-automation/authentication/keyfile"
						},
						"setParameter":{
							"authenticationMechanisms":"SCRAM-SHA-256"
						},
						"storage":{
							"dbPath":"/data",
							"wiredTiger":{
								"engineConfig":{
									"journalCompressor":"zlib"
								}
							}
						}
					}[],
					confPath=/data/automation-mongod.conf,version=7.0.15-(),
					isKmipRotateMasterKey=false,useOldConfFile=false] : 
				\u003cmongodb-0\u003e [18:04:55.150] Failed to create conf file : 
				\u003cmongodb-0\u003e [18:04:55.150] Failed to create file /data/automation-mongod.conf : 
				\u003cmongodb-0\u003e [18:04:55.150] Error creating /data/automation-mongod.conf : open /data/automation-mongod.conf: permission denied",
			"waitDetails":{
				"RunSetParameter":"process not up",
				"UpdateFeatureCompatibilityVersion":"process isn't up",
				"WaitAllRsMembersUp":"[]",
				"WaitCannotBecomePrimary":"Wait until the process is reconfigured with priority=0 by a different process",
				"WaitClusterReadyForFCVUpdate":"process isn't up",
				"WaitDefaultRWConcernCorrect":"waiting for the primary to update defaultRWConcern",
				"WaitForResyncPrimaryManualInterventionStep":"A resync was requested on a primary. This requires manual intervention",
				"WaitHealthyMajority":"[]",
				"WaitMultipleHealthyNonArbiters":"[]",
				"WaitNecessaryRsMembersUpForReconfig":"[]",
				"WaitPrimary":"This process is expected to be the primary member. Check that the replica set state allows a primary to be elected",
				"WaitProcessUp":"The process is running, but not yet responding to agent calls",
				"WaitResetPlacementHistory":"config servers  haven't seen the marker"
			}
		}
	}
}

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- cat /var/log/mongodb-mms-automation/automation-agent-verbose.log

cat: /var/log/mongodb-mms-automation/automation-agent-verbose.log: No such file or directory
command terminated with exit code 1

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- cat /var/log/mongodb-mms-automation/automation-agent.log

cat: /var/log/mongodb-mms-automation/automation-agent.log: No such file or directory
command terminated with exit code 1

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- ls -al /var/log/mongodb-mms-automation/

total 28
drwxr-xr-x 4 root root  4096 Mar 23 16:59 .
drwxr-xr-x 1 root root  4096 Mar 23 04:26 ..
drwxrwsrwx 2 root 2000  4096 Mar 23 18:15 healthstatus
drwx------ 2 root root 16384 Mar 23 16:59 lost+found

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- ls -al /var/log/

total 312
drwxr-xr-x 1 root root   4096 Mar 23 04:26 .
drwxr-xr-x 1 root root   4096 Mar 13 07:22 ..
lrwxrwxrwx 1 root root     39 Mar 23 04:25 README -> ../../usr/share/doc/systemd/README.logs
-rw-rw---- 1 root utmp      0 Mar 23 04:25 btmp
-rw-rw-r-- 1 root utmp 295704 Mar 23 04:25 lastlog
drwxr-xr-x 4 root root   4096 Mar 23 16:59 mongodb-mms-automation
drwx------ 2 root root   4096 Mar 23 04:25 private
-rw------- 1 root root      0 Mar 23 04:25 tallylog
-rw-rw-r-- 1 root utmp      0 Mar 23 04:25 wtmp

kubectl -n mongodb exec -it mongodb-0 -c mongodb-agent -- ls -al /var/log/mongodb-mms-automation/healthstatus

total 12
drwxrwsrwx 2 root 2000 4096 Mar 23 18:16 .
drwxr-xr-x 4 root root 4096 Mar 23 16:59 ..
-rw------- 1 2000 2000 3353 Mar 23 18:16 agent-health-status.json

kubectl -n mongodb exec -it mongodb-0 -c mongod -- ls -al /data

total 32
drwxr-xr-x 5 root   root    4096 Mar 23 16:59 .
drwxr-xr-x 1 root   root    4096 Mar 23 17:31 ..
drwxr-xr-x 2 mongod mongod  4096 Mar 23 06:20 configdb
drwxr-xr-x 2 mongod mongod  4096 Mar 23 06:20 db
drwx------ 2 root   root   16384 Mar 23 16:59 lost+found

I'd expect the /data and /var/log/mongodb-mms-automation to be owneb by uid=2000,gid=2000 or at least writiable by the group in both containers.

Right now i see permission denied errors both from the mongod and mongodb-agent containers

  • mongod: Failed to create file /data/automation-mongod.conf
  • mongodb-agent: open /var/log/mongodb-mms-automation/readiness.log: permission denied
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@l0ner