Fail To Deploy WebODM on Rahti (PaaS) Kubernetes and OpenShift OKD

gbagirau · 2 June 2022 17:59

Hello all,

Can someone provide me with a step-step guide on how I can resolve to issue with WebODM?

I am currently trying to deploy WebODM using the Rahti templating services of CSC (Rahti Templates - Docs CSC) but have not been successful.

In brief, Rahti is a container orchestration service (PaaS) that is built on Kubernetes and OpenShift OKD.

The Rahti containers run using a non privileged user as such I have not yet found a way to successfully deploy WebODM.

I even converted the WebODM Docker-compose file to a Kubernetes yaml resources but this approach did not work on the Rahti OpenShift platform.

I have searched and gone through several tutorials and documentations but have not found a solution to my issue. I also read the post by OwKal on mar 2021 but have not figured how to make his approach work in my case.

Feel free to ask me if you need some additional information or clarification on this.

I appreciate all your assistance with this issue.

Thanks.

Saijin_Naib · 2 June 2022 18:44

Is the Rahti baseimage an Ubuntu container like we’re currently using?

Do you have the error messages or any other information?

I’m not familiar with any of these platforms/services, so my help will be of limited value, but perhaps if we get more data out there other more knowledgeable folks can give you the assistance you need.

gbagirau · 3 June 2022 13:48

Thanks Saijin,

Any of the images Ubuntu, Centos, nginx… can be used to build a container image to run applications on Rahti.

Containers are stored within pods as expandable units. These containers cannot be run as root (no privileged mode). This as an extra security measure. Thus, the WebODM image being used should be built to run without privileged root access.

Here is an error I get when I try to deploy the webapp. (Here I am using the converted kubernetes resources from the original Docker-compose yml file).

chmod: changing permissions of ‘/webodm/dev-worker.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/devenv.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/start.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/wait-for-it.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/wait-for-postgres.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/webodm.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/worker.sh’: Operation not permitted

I hope this helps explain better.

Augustine

Saijin_Naib · 3 June 2022 17:52

Running rootless would be a nice upgrade. I tried briefly to work within podman for the same reason, but was not met with success.

Thank you for providing extra information and detail, as well as those messages. These should help for sure.

gbagirau · 3 June 2022 19:10

Thank you for the efforts and comments. Fingers crossed, this issue will be resolved. For the time being, I will keep on exploring and testing different ideas around this.

smathermather · 3 June 2022 23:13

Hi Augustine,

Check out this thread on use in singularity, which may be relevant:
https://community.opendronemap.org/t/hpc-scheduler-e-g-slurm-integration-for-clusterodm

The approach that Chris used was actually to not attempt to run WebODM rootless, but to have a dedicated VM for that, while running the compute resources rootless. As an HPC admin myself, this makes some sense, as a (comparatively) light web application like WebODM can run on lots of things, but we like to keep things rootless in large compute environments themselves.

That said, if WebODM definitely needs to run rootless, take a look at the deployment yaml and find out for pods what the equivalent process (if any) needs to be to set the executability of files on deployment, as those commands that are failing are directly from the yaml.

gbagirau · 5 June 2022 17:22

Hello Stephen,

Thank you the informations and suggestions.The singularity post you referred me to is a good resource and very timely and will help in another aspect of WebODM we are looking at.

Apprecciate your clarification of Chris’s approach of WebODm deployment. As a side note, we have successfully been using ODM and WebODM on Ubuntu VM’s on CSC’s cPouta cloud services.

I will have a look at the deployment yaml files like you suggested and see what I can do.

As we progress, I will be updating on this issue, fingers crossed with a solution that works.