Can someone provide me with a step-step guide on how I can resolve to issue with WebODM?
I am currently trying to deploy WebODM using the Rahti templating services of CSC (Rahti Templates - Docs CSC) but have not been successful.
In brief, Rahti is a container orchestration service (PaaS) that is built on Kubernetes and OpenShift OKD.
The Rahti containers run using a non privileged user as such I have not yet found a way to successfully deploy WebODM.
I even converted the WebODM Docker-compose file to a Kubernetes yaml resources but this approach did not work on the Rahti OpenShift platform.
I have searched and gone through several tutorials and documentations but have not found a solution to my issue. I also read the post by OwKal on mar 2021 but have not figured how to make his approach work in my case.
Feel free to ask me if you need some additional information or clarification on this.
Is the Rahti baseimage an Ubuntu container like we’re currently using?
Do you have the error messages or any other information?
I’m not familiar with any of these platforms/services, so my help will be of limited value, but perhaps if we get more data out there other more knowledgeable folks can give you the assistance you need.
Any of the images Ubuntu, Centos, nginx… can be used to build a container image to run applications on Rahti.
Containers are stored within pods as expandable units. These containers cannot be run as root (no privileged mode). This as an extra security measure. Thus, the WebODM image being used should be built to run without privileged root access.
Here is an error I get when I try to deploy the webapp. (Here I am using the converted kubernetes resources from the original Docker-compose yml file).
chmod: changing permissions of ‘/webodm/dev-worker.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/devenv.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/start.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/wait-for-it.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/wait-for-postgres.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/webodm.sh’: Operation not permitted
chmod: changing permissions of ‘/webodm/worker.sh’: Operation not permitted
The approach that Chris used was actually to not attempt to run WebODM rootless, but to have a dedicated VM for that, while running the compute resources rootless. As an HPC admin myself, this makes some sense, as a (comparatively) light web application like WebODM can run on lots of things, but we like to keep things rootless in large compute environments themselves.
That said, if WebODM definitely needs to run rootless, take a look at the deployment yaml and find out for pods what the equivalent process (if any) needs to be to set the executability of files on deployment, as those commands that are failing are directly from the yaml.