Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can Gitea support Azure file storage? #28810

Closed
YanFenGuo opened this issue Jan 16, 2024 · 3 comments
Closed

Can Gitea support Azure file storage? #28810

YanFenGuo opened this issue Jan 16, 2024 · 3 comments
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@YanFenGuo
Copy link

YanFenGuo commented Jan 16, 2024
edited
Loading

Feature Description

I see #22527 about Azure Blob Storage and this is about Azure File Storage support. I'm trying to deploy Gitea on ARO with Azure file storage, according to https://help.thorntech.com/docs/next/sftp-gateway-azure/azure-file-storage-mount/#caveats-and-limitations , with Azure file storage, it is impossible to do chmod.

This is my app.ini and I have PVC mount to /data:

APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
RUN_USER = git

[repository]
ROOT = /data/git/repositories
ENABLE_PUSH_CREATE_USER = true
ENABLE_PUSH_CREATE_ORG  = true
DEFAULT_PRIVATE         = public
FORCE_PRIVATE           = false

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH    = /data/gitea
DOMAIN           = {{DOMAIN_NAME}}
SSH_DOMAIN       = localhost
HTTP_PORT        = 3000
ROOT_URL         = %(PROTOCOL)s://%(DOMAIN)s
DISABLE_SSH      = false
SSH_PORT         = 22
SSH_LISTEN_PORT  = 22
LFS_START_SERVER = false
PROTOCOL         = https
CERT_FILE        = /data/gitea/conf/tls.crt
KEY_FILE         = /data/gitea/conf/tls.key

[lfs]
PATH = /data/git/lfs

[database]
PATH    = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST    = localhost:3306
NAME    = gitea
USER    = root
PASSWD  =

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER        = file

[picture]
AVATAR_UPLOAD_PATH            = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR              = false
ENABLE_FEDERATED_AVATAR       = true

[attachment]
PATH = /data/gitea/attachments

[log]
ROOT_PATH = /data/gitea/log
MODE      = file, console

[security]
INSTALL_LOCK   = true
SECRET_KEY     =

[service]
DISABLE_REGISTRATION              = false
REQUIRE_SIGNIN_VIEW               = false
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[mailer]
ENABLED = false

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

The first issue I met is Gitea pod can't be started with error:

Server listening on :: port 22.
Server listening on 0.0.0.0 port 22.
2024/01/16 02:42:26 cmd/web.go:105:runWeb() [I] Starting Gitea on PID: 15
2024/01/16 02:42:26 cmd/web.go:159:runWeb() [I] Global init
2024/01/16 02:42:27 routers/init.go:70:mustInitCtx() [F] code.gitea.io/gitea/modules/git.InitFull(ctx) failed: failed to set git global config user.email, err: exit status 4 - error: chmod on /data/gitea/home/.gitconfig.lock failed: Operation not permitted
	 - error: chmod on /data/gitea/home/.gitconfig.lock failed: Operation not permitted
	
Received signal 15; terminating.

After some investigate I'm able to fix it by adding below to app.ini because I mount /data/git as emptyDir so change permission is fine in this folder:

[git]
HOME_PATH=/data/git

But then I meet another permission issue when trying to login Gitea from UI:

2024/01/16 03:45:18 ...ers/web/auth/auth.go:312:handleSignInFull() [E] [65a5fbce] RegenerateSession: regenerate session: chtimes /data/gitea/sessions/7/8/78238946019cfcae: operation not permitted
2024/01/16 03:45:18 [65a5fbce] router: completed POST /user/login for 10.129.2.4:55512, 500 Internal Server Error in 260.8ms @ auth/auth.go:170(auth.SignInPost)

And error when trying to create an organization:

2024/01/16 03:48:03 ...rs/api/v1/org/org.go:272:Create() [E] [65a5fc73] CreateOrganization: generate random avatar: Failed to create dir 43aa32a241c84f3e6df8e5651ed81e76: chmod /data/gitea/avatars/43aa32a241c84f3e6df8e5651ed81e76: operation not permitted
2024/01/16 03:48:03 [65a5fc73] router: completed POST /api/v1/orgs?token=b45f8e88e9e77742a7ce89523fe094cabf274290 for 10.128.5.146:47868, 500 Internal Server Error in 245.4ms @ org/org.go:223(org.Create)

So unless we remove the PVC mount, it is impossible to use Azure file storage? Does Gitea support Azure file storage?

Screenshots

No response
@YanFenGuo YanFenGuo added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Jan 16, 2024
@lunny
Copy link
Member

lunny commented Jan 16, 2024

Looks like your file system is readonly.

@YanFenGuo
Copy link
Author

@lunny Yes it is readonly file system according to our security requirement, below is the deployment yaml file:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: icp4adeploy-gitea-deploy
  labels:
    app: icp4adeploy-gitea-deploy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: icp4adeploy-gitea-deploy
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: icp4adeploy-gitea-deploy
    spec:
      restartPolicy: Always
      initContainers:
        - resources: {}
          terminationMessagePath: /dev/termination-log
          name: icp4adeploy-gitea-prereqs
          command:
            - sh
            - '-cx'
            - |
              set -o errexit
              set -o pipefail

              mkdir -p /data/gitea/conf
              mkdir -p /data/gitea/log
              rm -rf /data/git/.gitconfig.lock

              cp /opt/ansible/share/gitea_* /data/gitea/conf/
              cp /rootca/tls.crt /data/gitea/conf/root_ca_crt.crt
              cp /tlssecret/* /data/gitea/conf/
              chown -R git:git /data/gitea 
              mv /data/gitea/conf/gitea_app.ini /data/gitea/conf/app.ini
          env:
            - name: USER_UID
              value: '1000'
            - name: USER_GID
              value: '1000'
          securityContext:
            readOnlyRootFilesystem: true
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: gitea-data
              mountPath: /data
            - name: operator-shared-folder
              mountPath: /opt/ansible/share
            - name: tlssecret
              mountPath: /tlssecret
            - name: rootcasecret
              mountPath: /rootca
          terminationMessagePolicy: File
          image: >-
            cp.icr.io/cp/cp4a/demo/gitea@sha256:30540b7b97dd483f69a1a51d0bf0d5b8c0262a0d976658fe21469563aa2c007b
        - resources: {}
          terminationMessagePath: /dev/termination-log
          name: folder-prepare-container
          command:
            - /bin/bash
            - '-ecx'
            - >
              rm -rf /s6-folder/* && cp -rp /etc/s6/* /s6-folder && rm -rf
              /etc-ssh-folder/* && cp -rp /etc/ssh/* /etc-ssh-folder && rm -rf
              /app-gitea-folder/* && cp -rp /app/gitea/* /app-gitea-folder && rm
              -rf /run-folder/* && cp -rp /run/* /run-folder
          securityContext:
            readOnlyRootFilesystem: true
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: s6-folder-pvc
              mountPath: /s6-folder
            - name: etc-ssh-folder-pvc
              mountPath: /etc-ssh-folder
            - name: app-gitea-folder-pvc
              mountPath: /app-gitea-folder
            - name: run-folder-pvc
              mountPath: /run-folder
          terminationMessagePolicy: File
          image: >-
            cp.icr.io/cp/cp4a/demo/gitea@sha256:30540b7b97dd483f69a1a51d0bf0d5b8c0262a0d976658fe21469563aa2c007b
      serviceAccountName: ibm-cp4ba-anyuid
      schedulerName: default-scheduler
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - amd64
                      - s390x
                      - ppc64le
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 3
              preference:
                matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - amd64
                      - s390x
                      - ppc64le
      terminationGracePeriodSeconds: 30
      securityContext: {}
      containers:
        - resources:
            limits:
              cpu: 500m
              memory: 512Mi
            requests:
              cpu: 100m
              memory: 256Mi
          readinessProbe:
            httpGet:
              path: /
              port: 3000
              scheme: HTTPS
            initialDelaySeconds: 30
            timeoutSeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 3
          terminationMessagePath: /dev/termination-log
          name: icp4adeploy-gitea-deploy
          livenessProbe:
            httpGet:
              path: /
              port: 3000
              scheme: HTTPS
            initialDelaySeconds: 30
            timeoutSeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 3
          env:
            - name: USER_UID
              value: '1000'
            - name: USER_GID
              value: '1000'
            - name: DOMAIN
              value: gitea-demo.apps.kragon.eastus.aroapp.io
            - name: INSTALL_LOCK
              value: 'true'
          securityContext:
            readOnlyRootFilesystem: true
          ports:
            - name: https
              containerPort: 3000
              protocol: TCP
            - name: ssh
              containerPort: 22
              protocol: TCP
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: gitea-data
              mountPath: /data
            - name: root-folder-pvc
              mountPath: /root
            - name: gitea-folder-pvc
              mountPath: /gitea
            - name: git-folder-pvc
              mountPath: /data/git
            - name: ssh-folder-pvc
              mountPath: /data/ssh
            - name: s6-folder-pvc
              mountPath: /etc/s6
            - name: etc-ssh-folder-pvc
              mountPath: /etc/ssh
            - name: app-gitea-folder-pvc
              mountPath: /app/gitea
            - name: run-folder-pvc
              mountPath: /run
          terminationMessagePolicy: File
          image: >-
            cp.icr.io/cp/cp4a/demo/gitea@sha256:30540b7b97dd483f69a1a51d0bf0d5b8c0262a0d976658fe21469563aa2c007b
      serviceAccount: ibm-cp4ba-anyuid
      volumes:
        - name: operator-shared-folder
          persistentVolumeClaim:
            claimName: operator-shared-pvc
        - name: gitea-data
          persistentVolumeClaim:
            claimName: gitea-filestore-pvc
        - name: rootcasecret
          secret:
            secretName: icp4adeploy-root-ca
            defaultMode: 420
        - name: tlssecret
          secret:
            secretName: icp4adeploy-prereq-ext-tls-secret
            defaultMode: 420
        - name: root-folder-pvc
          emptyDir: {}
        - name: gitea-folder-pvc
          emptyDir: {}
        - name: git-folder-pvc
          emptyDir: {}
        - name: ssh-folder-pvc
          emptyDir: {}
        - name: s6-folder-pvc
          emptyDir: {}
        - name: etc-ssh-folder-pvc
          emptyDir: {}
        - name: app-gitea-folder-pvc
          emptyDir: {}
        - name: run-folder-pvc
          emptyDir: {}

Could you pls let me is this a configuration issue or Gitea has limitation on supporting Azure file storage? I feel unless I remove the PVC, I can't make it work....

@kachick kachick mentioned this issue Jun 4, 2024
Closed
@lunny
Copy link
Member

lunny commented Aug 24, 2024

Gitea will not know the real file system after you mount. So I don't think this is a problem can be resolved from Gitea side. It should be a configuration problem.

@lunny lunny closed this as not planned Won't fix, can't repro, duplicate, stale Aug 24, 2024
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Nov 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lunny @YanFenGuo