Unable to access data store after restart pod

Abirax · November 13, 2024, 12:22am

Hi,

I have a single node AKS implementation , so I am running one pod with image image: ‘dremio/dremio-oss:25.0’. I also have a PVC claim on /opt/dremio/data

volumeMounts:
- name: dremio-storage
mountPath: /opt/dremio/data

Now everything works fine and I can add data sources and query , however if I restart the Pod I am still able to login but cant access the data store and the exception I see the below exception in the pod log
2024-11-13 00:10:28,929 [start-sqlIE_azure] WARN c.d.e.catalog.ManagedStoragePlugin - Error starting new source: sqlIE_azure

java.lang.RuntimeException: com.dremio.services.credentials.SecretCredentialsException: Encounter exception in looking up keystore.

at com.dremio.exec.catalog.conf.SecretRefImpl.get(SecretRefImpl.java:39)

at com.dremio.exec.store.jdbc.conf.BaseMSSQLConf.newDataSource(BaseMSSQLConf.java:123)

at com.dremio.exec.store.jdbc.JdbcSchemaFetcherImpl.start(JdbcSchemaFetcherImpl.java:308)

at com.dremio.exec.store.jdbc.JdbcStoragePlugin.start(JdbcStoragePlugin.java:411)

at com.dremio.exec.catalog.ManagedStoragePlugin.lambda$newStartSupplier$3(ManagedStoragePlugin.java:729)

at com.dremio.exec.catalog.ManagedStoragePlugin.lambda$nameSupplier$5(ManagedStoragePlugin.java:807)

at com.dremio.exec.catalog.ManagedStoragePlugin.lambda$refreshState$9(ManagedStoragePlugin.java:1281)

at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

at java.base/java.lang.Thread.run(Thread.java:829)

Caused by: com.dremio.services.credentials.SecretCredentialsException: Encounter exception in looking up keystore.

at com.dremio.services.credentials.AbstractCipher.lookupKeystore(AbstractCipher.java:273)

at com.dremio.services.credentials.AbstractCipher.decrypt(AbstractCipher.java:174)

at com.dremio.services.credentials.SystemSecretCredentialsProvider.doLookup(SystemSecretCredentialsProvider.java:47)

at com.dremio.services.credentials.AbstractSimpleCredentialsProvider.lookup(AbstractSimpleCredentialsProvider.java:41)

at com.dremio.services.credentials.CredentialsServiceImpl.lookup(CredentialsServiceImpl.java:95)

at com.dremio.exec.catalog.conf.SecretRefImpl.get(SecretRefImpl.java:37)

… 10 common frames omitted

Caused by: java.security.GeneralSecurityException: Directory /opt/dremio/data/security is not accessible to owner only

at com.dremio.security.SecurityFolder.checkSecurity(SecurityFolder.java:207)

at com.dremio.security.SecurityFolder.checkPathPermissions(SecurityFolder.java:195)

at com.dremio.security.SecurityFolder.checkDirectoryPermissions(SecurityFolder.java:184)

at com.dremio.security.SecurityFolder.(SecurityFolder.java:79)

please note I bashed into the pod and I can see the directory /opt/dremio/data/security is accessible by user dremio.

balaji.ramaswamy · November 13, 2024, 6:02am

@Abirax Looking at the error message it seems like folder is accessible by others, can we restrict it to be only readable by Dremio and retry?

Abirax · November 13, 2024, 11:27pm

Thank you that fixed it

Topic		Replies	Views
Dremio-master-coordinator unable to access volume cause CrashLoopBackOff	9	1302	January 15, 2023
Issues with Dremio 24.2.2 on AKS: Configuring ADLS for Dist Storage	4	412	December 13, 2023
Failure while starting services. com.dremio.datastore.DatastoreException: Process user (dremio) doesn't match local catalog db owner (root). Please run process as root Dremio University	20	4512	November 25, 2020
Dremio on kubernate not able to start	4	1684	February 28, 2020
Unable to Connect Dremio with Azure Data Lake Storage Gen1	10	2367	July 22, 2020

Unable to access data store after restart pod

Related topics