mssql crash on startup - Permission Denied

cfis commented 9 months ago

Steps To Reproduce

This is likely a mssql bug, but will start here.

Try to install bitwarden - the mssql pod crashes and thus fails to start. See the attached error log. A SIGABRT happens with the first few lines of the log:

Ubuntu 22.04.3 LTS
Capturing core dump and information to /var/opt/mssql/log...
/bin/cat: /proc/10/maps: Permission denied
cat: /proc/10/environ: Permission denied
find: '/proc/10/task/10/fdinfo': Permission denied
find: '/proc/10/task/12/fdinfo': Permission denied

I am running Kubernetes 1.29.2 via k0s on Fedora 39. I have been successfully running the 2023.12 release over the last month. Today I upgraded to 2024.2.2 and ran into this error. However, when rolling back to 2023.12 I still get the same error.

Wondering if this was caused by SE linux, I disabled it. That made no difference.

Today I also ran dnf update and noticed I got a new kernel plus other updates. I know wonder if one of those updates is causing this issue.

A few people have reported this issue over the years, usually around mounting volumes into a mssql docker image. For example:

https://github.com/microsoft/mssql-docker/issues/538

bitwarden-self-host-mssql.log

Expected Result

For bitwarden to install correctly

Actual Result

Bitwarden doesn't install

Screenshots or Videos

No response

Additional Context

My values.yaml overrides:

general:
  domain: xx.xx.xx
  ingress:
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/rewrite-target: /$1

  # Comma-separated list of email addresses for Admin users
  admins: xx@xxx.xx
  email:
    # Email address used for invitations, typically no-reply@smtp-host
    replyToEmail: xx@xx.xx
    # Your SMTP server hostname (recommended) or IP address
    smtpHost: xx.xx.xx
    # The SMTP port used by the SMTP server
    smtpPort: "465"
    # Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS
    smtpSsl: "false"

  volumeAccessMode: ReadWriteOnce

sharedStorageClassName: openebs-hostpath

# Secrets are required.  Review the chart README on GitHub for details on creating these secrets
secrets:
  secretName: bitwarden-credentials

# Data volume sizes for shared PVCs
volume:
  dataprotection:
    size: "1Gi"
  attachments:
    size: 1Gi
  licenses:
    size: 1Gi
  logs:
    enabled: true
    size: 1Gi

serviceAccount:
  name: bitwarden
  deployRolesOnly: false

database:
  enabled: true
  resources:
    requests:
      memory: "2G"
      cpu: "500m"
    limits:
      memory: "4G"
      cpu:

Chart Version

2024.2.2

Environment Details

k0s Kubernetes 1.29.2 Fedora 39

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

cfis commented 9 months ago

Forgot to update this ticket, reverting the kernel fixed this issue. So it looks like mssql is not compatible with the latest Linux kernels. The last version that works for me is 6.6.12-200.fc39

cfis commented 7 months ago

See https://github.com/bitwarden/server/issues/3689.

Can the helm chart tag be updated to:

tag: 2022-CU12-ubuntu-22.04

hkiang01 commented 2 months ago

I found using these values in values.yaml to work:

database:
  image:
    name: bitwarden/mssql
    tag: 2024.9.1

bitwarden / helm-charts