can't use git (probably an issue renaming a file)

[scottporter]

Which version of blobfuse was used?

blobfuse 2.2.2

Which OS distribution and version are you using?

Ubuntu 20.4

If relevant, please share your mount command.

blobfuse2 mountv1 /mnt/user-files --tmp-path=/local_disk0/blobfusecache3 -o allow_other -o attr_timeout=240 -o entry_timeout=240 -o negative_timeout=120 --config-file=/tmp/connection-homedir-config.cfg --log-level=LOG_DEBUG --file-cache-timeout-in-seconds=120 --use-adls=true

What was the issue encountered?

many git commands throw errors. For example git init or git clone.

The error is something like:

error: chmod on {filepath}/.git/config.lock failed: Permission denied fatal: could not set 'core.filemode' to 'false'

I think git actually renames that config.lock, so underlying problem might be an inability to rename the file?

Have you found a mitigation/solution?

We wanted to upgrade from blobfuse 1 to blobfuse 2 and were doing some testing. In the meantime we have to stick with v1.

Please share logs if available.

[vibhansa-msft]

Are you using a HNS enable account here?

[scottporter]

Yes we are. We are using a premium blob storage account with hierarchical namespace enabled.

[vibhansa-msft]

What kind of authentication are you using? As per the logs you have shared, you do not have authentication to change the permissions on a given file/folder/path. If you are using SPN or MSI (Identity) for authentication, kindly ensure you have "Storage Blob Data Contributor" role assigned to your identity/spn for the storage account.

[scottporter]

We are using a service principal, and that service principal generates a SAS token that gets used. During testing our configs aren't in a very secure place... we're just saving out config files to /tmp something like this:

echo "accountName ${ACCOUNT_NAME}
sasToken ${HOMEDIR_SAS}
containerName user-files" > /tmp/connection-homedir-config.cfg

I'll double check with my tech contact that the service principal has that role assigned.

[scottporter]

And yes, we confirmed that the service principal has that role assigned.

[vibhansa-msft]

If you have a spn and you generated SAS from it then most likely you are using a user-delegation SAS model. In that case you will need to configure blobfuse to use the SAS auth mode and provide the SAS key (config file or env variables). If you are concerned about security of the key/sas getting exposed then either you can use env variables (instead of a config file) or there is another feature where you can encrypt your config file using blobfuse2, delete the plain text file and then supply the encrypted file and passphrase to blobfuse which will decrypt the file in memory and extract the keys out of it.

[scottporter]

Isn't that what we're already doing here? The SAS key is in an environment variable and I write it to the config file for blobfuse.

echo "accountName ${ACCOUNT_NAME}
sasToken ${HOMEDIR_SAS}
containerName user-files" > /tmp/connection-homedir-config.cfg

After we have it working, we can lock it down like you suggest. But for now, I'm just trying to get it working.

[scottporter]

I haven't heard back from you. By the following comment:

• In that case you will need to configure blobfuse to use the SAS auth mode and provide the SAS key (config file or env variables).

Did you mean something different than what we're doing? If so, can you explain?

[vibhansa-msft]

Blobfuse2 takes a yaml config file as input and not a regular key-value pair file (which blobfuse-v1 used to take). You can view some sample config files provided at our workspace root and then create one based on your config. If you do not wish to create a yaml config file then other way is to create some env variables. In our readme search for 'AZURE_STORAGE_AUTH_TYPE'. You will need to set this to 'sas' and then use other env variables defined in that file to point to your sas key and account name.

[ashruti-msft]

I can see you are using blobfuse2 2.2.2 version so try using this mount command instead: blobfuse2 mount /mnt/user-files --tmp-path=/local_disk0/blobfusecache3 -o allow_other -o attr_timeout=240 -o entry_timeout=240 -o negative_timeout=120 --config-file=/tmp/connection-homedir-config.yaml --log-level=LOG_DEBUG --file-cache-timeout-in-seconds=120 --use-adls=true change mountv1to mountand use a yaml file as your config, for example --config-file=/tmp/connection-homedir-config.yaml (refer the sample configs given by us : file_cache.yaml, block_cache.yaml, baseconfig.yaml) Also please share your config file so we can see where can investigate further if required.

[vibhansa-msft]

Closing this as there is no update on this. Feel free to reopen once required information is available.

[scottporter]

Sorry, I haven’t had a chance to figure out the yaml file approach yet. As soon as I do I will post.

On Wed, Mar 6, 2024 at 8:36 AM Vikas Bhansali @.***> wrote:

Closing this as there is no update on this. Feel free to reopen once required information is available.

— Reply to this email directly, view it on GitHub https://github.com/Azure/azure-storage-fuse/issues/1337#issuecomment-1981291351, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFZCXRKELQLGIUHDS7BXJLYW5AZZAVCNFSM6AAAAABC4JKZAWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBRGI4TCMZVGE . You are receiving this because you authored the thread.Message ID: @.***>