search

docker-library / wordpress

Docker Official Image packaging for WordPress
https://wordpress.org/
GNU General Public License v2.0
1.78k stars 1.07k forks source link

wordpress installation on azure aks issue with plugins and themes #859

Closed aditya-enthu closed 10 months ago

aditya-enthu commented 11 months ago

Hello All,

I am new to Azure cloud and trying to install wordpress on sub-directory on azure aks cluster with azure file share for persistent volume. I have try different approach but I am not able to resolve the file/folder permission and ownership.

I believe Azure file share doesn't allow to change dir/file permission after mount thus they need to be mentioned on mountOptions: I also tried the default storage type where the files and folder shows as www-data ownership and write permission but still the site health info shows "plugins not writable". Running the same docker image with latest tag, the plugins and themes directory are fine and I am able to install plugins as well. I am not sure what I am missing and any help or guidance is really appreciated.

  1. Option 1 > azure file share that mount dir/files with root permissions
  2. Option 2 > default azure csi storage, that adds right permission but still plugins and themes are not writable
  3. Option 3 > running docker locally is all good

I am trying my luck on both side, if i can get any answer.

For wordpress doc > https://learn.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-deploy-wordpress-on-aks For azure file share doc > https://learn.microsoft.com/en-us/azure/aks/azure-csi-files-storage-provision#mount-options

Site health info, that shows plugins and themes are not writable.

image

While accessing site, it returns below error, and themes are actually present in the directory, but I am able to access wp-admin/* without any issues.

image

installation dir permissions are good tho plugins and themes are not writable.

image

Manifest file:

apiVersion: v1
kind: PersistentVolume
metadata:
  annotations:
    pv.kubernetes.io/provisioned-by: file.csi.azure.com
  name: wp-blog-azurefile
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: wp-blog-azurefile-csi
  csi:
    driver: file.csi.azure.com
    readOnly: false
    volumeHandle: wpblogstorage  # make sure this volumeid is unique for every identical share in the cluster
    volumeAttributes:
      resourceGroup: k8s-aks-test  # optional, only set this when storage account is not in the same resource group as node
      shareName: wpblogstorageshare
    nodeStageSecretRef:
      name: azure-file-secret
      namespace: stage
  mountOptions:
    - dir_mode=0777    ## changed to other options too
    - file_mode=0777   ## changed to other options too
    - uid=0 #1001 #33
    - gid=0 #1001 #33
    - mfsymlinks
    - cache=strict
    - nosharesock
    - nobrl
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: wp-blog-azurefile
  namespace: stage
  labels:
    app: wp-blog
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: wp-blog-azurefile-csi
  volumeName: wp-blog-azurefile
  resources:
    requests:
      storage: 5Gi
---
apiVersion: v1.  ## option 2 that mounts file with 'www-data' owner
kind: PersistentVolumeClaim
metadata:
  name: wp-blog-pvc
  namespace: stage
  labels:
    app: wp-blog
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wp-blog
  namespace: stage
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wp-blog
  template:
    metadata:
      labels:
        app: wp-blog
    spec:
      # initContainers:
      #   - name: mount-dir-permission
      #     image: busybox
      #     command: ["sh", "-c", "chown -R www-data:www-data /var/www/html/blog; chmod -R 777 /var/www/html/blog"]
      #     volumeMounts:
      #     - name: wp-blog-persistent-storage
      #       mountPath: "/var/www/html/blog"
      containers:
        - name: wp-blog
          image: wordpress:latest
          workingDir: "/var/www/html/blog/"
          ports:
          - containerPort: 80
          env:
          # - name: WORDPRESS_DEBUG
          #   value: "true"
          - name: WORDPRESS_DB_HOST
            value: test.mysql.database.azure.com
          - name: WORDPRESS_DB_USER
            value: wp
          - name: WORDPRESS_DB_NAME
            value: db_wp_new
          - name: WORDPRESS_DB_PASSWORD
            value: abctestme
          - name: WORDPRESS_CONFIG_EXTRA
            value: |
              define('FS_METHOD', 'direct');
              define('FS_CHMOD_DIR', 0777);
              define('FS_CHMOD_FILE', 0777);
              define('WP_CONTENT_DIR', '/var/www/html/blog/');
              define('WP_MEMORY_LIMIT', '256M');
              define('WP_SITEURL', 'http://stage.abc.com/blog');
              define('WP_HOME', 'http://stage.abc.com/blog');
              define('DISALLOW_FILE_EDIT', false);
              if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
              $_SERVER['HTTPS'] = 'on';
              }
          lifecycle:
            postStart:
              exec:
                command: ["/bin/bash", "-c", "chown -R www-data:www-data /var/www/html/blog; chmod -R 777 /var/www/html/blog"]
          volumeMounts:
          - name: wp-blog-persistent-storage
            mountPath: "/var/www/html/blog"
      volumes:
      - name: wp-blog-persistent-storage
        persistentVolumeClaim:   #option 2
        claimName: wp-blog-pvc
        #csi:
         #driver: file.csi.azure.com
          #readOnly: false
          #volumeAttributes:
            #secretName: azure-file-secret    # required
            #shareName: wpblogstorageshare    # required
            #mountOptions: 'dir_mode=0777,file_mode=0777,cache=strict,actimeo=30,nosharesock'  # optional
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100 # prevent the scheduler from locating two pods on the same node
            podAffinityTerm:
              topologyKey: kubernetes.io/hostname
              labelSelector:
                matchExpressions:
                  - key: "app"
                    operator: In
                    values:
                    - wp-blog
---
apiVersion: v1
kind: Service
metadata:
  name: wp-blog-service
  namespace: stage
  labels:
    app: wp-blog
spec:
  type: ClusterIP
  selector:
    app: wp-blog
  ports:
    - name: http
      protocol: TCP
      port: 80
aditya-enthu commented 10 months ago

I think i figure out the casue, I remove the define('WP_CONTENT_DIR', '/var/www/html/blog/'); from config vars and I am able to access wordpress on sub-directory as expected.