Hipchat Data Center configuration fails with "Operation not Permitted" when trying to write to the NFS file store.
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When trying to configure a Hipchat Data Center node, the Chef run fails trying to perform actions on the NFSv4 share.
The following error(s) will appear in the /var/log/chef.log on the server:
---- Begin output of mount -t nfs4 -o rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 nfsserver.example.com:/hi
pchat /file_store/shared ----
STDOUT:
STDERR: mount.nfs4: Operation not permitted
---- End output of mount -t nfs4 -o rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 nfsserver.example.com:/hipc
hat /file_store/shared ----
[2017-08-09T19:06:57+00:00] ERROR: directory[/file_store/shared] (nfs::default line 9) had an error: Errno::EPERM: Operation not permitted - /file_store/shared
[0m
================================================================================[0m
[31mError executing action `create` on resource 'directory[/file_store/shared]'[0m
================================================================================[0m
[0m
Errno::EPERM[0m
------------[0m
Operation not permitted - /file_store/shared[0m
[0m
Resource Declaration:[0m
---------------------[0m
# In /hipchat-scm/chef-repo/cookbooks/nfs/recipes/default.rb
9: directory "#{node[:nfs][:mount][:path]}" do
10: owner 'hipchat'
11: group 'www-data'
12: mode '2750' # setgid, so that www-data can read. Setgid bit is inherited by any sub-directories by default.
13: # any files/dirs created will have group set to www-data
14: action :create
15: recursive true
16: end
17:
[0m
[0m
Compiled Resource:[0m
------------------[0m
# Declared in /hipchat-scm/chef-repo/cookbooks/nfs/recipes/default.rb:9:in `from_file'
directory("/file_store/shared") do
provider Chef::Provider::Directory
action [:create]
retries 0
retry_delay 2
path "/file_store/shared"
recursive true
cookbook_name :nfs
recipe_name "default"
owner "hipchat"
group "www-data"
mode "2750"
end
[0m
Diagnosis
Environment
- Hipchat Data Center.
- External NFSv4 server.
Steps to Reproduce
- Configure an NFSv4 Share on an external server for use with Hipchat Data Center.
- Configure the Hipchat Data Center node using the instructions in the Manual Deployment Guide.
Run the data center restart command:
hipchat datacenter restart
- The data center restart operation fails with the error listed earlier from the chef.log.
Cause
During the Data Center restart, the Data Center node will mount the NFSv4 and attempt to create directories on it.
The NFS server share is being exported with root squashing enabled, which prevents the root user on the Hipchat Data Center node from being able to write to the mounted NFS share.
Workaround
server#vi /etc/exports
/export/test 192.168.1.0/255.255.255.0(no_root_squash,insecure,rw)