search

drakkan / sftpgo

Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob
https://sftpgo.com
GNU Affero General Public License v3.0
9.4k stars 730 forks source link

Failed to start in kubernetes #1173

Closed harryzcy closed 1 year ago

harryzcy commented 1 year ago

I'm trying to run it in my K3s cluster as a statefulset. But somehow it failed to start.

Here is the log:

{"level":"info","time":"2023-02-04T03:04:10.631","sender":"service","message":"starting SFTPGo 2.4.3-7d19d3f1-2023-01-07T09:21:08Z +metrics +azblob +gcs +s3 +bolt +mysql +pgsql +sqlite +portable, config dir: ., config file: , log max size: 10 log max backups: 5 log max age: 28 log level: debug, log compress: false, log utc time: false, load data from: \"\", grace time: 10 secs"}
{"level":"info","time":"2023-02-04T03:04:10.631","sender":"config","message":"unable to read env files from \"env.d\": open env.d: no such file or directory"}
{"level":"debug","time":"2023-02-04T03:04:10.650","sender":"config","message":"config file used: '\"/etc/sftpgo/sftpgo.json\"', config loaded: {Common:{IdleTimeout:15 UploadMode:0 Actions:{ExecuteOn:[] ExecuteSync:[] Hook:} SetstatMode:0 TempPath: ProxyProtocol:0 ProxyAllowed:[] StartupHook: PostConnectHook: PostDisconnectHook: DataRetentionHook: MaxTotalConnections:0 MaxPerHostConnections:20 WhiteListFile: AllowSelfConnections:0 DefenderConfig:{Enabled:false Driver:memory BanTime:30 BanTimeIncrement:50 Threshold:15 ScoreInvalid:2 ScoreValid:1 ScoreLimitExceeded:3 ObservationTime:30 EntriesSoftLimit:100 EntriesHardLimit:150 SafeListFile: BlockListFile: SafeList:[] BlockList:[]} RateLimitersConfig:[{Average:0 Period:1000 Burst:1 Type:2 Protocols:[SSH FTP DAV HTTP] AllowList:[] GenerateDefenderEvents:false EntriesSoftLimit:100 EntriesHardLimit:150}] idleTimeoutAsDuration:0 idleLoginTimeout:0 defender:<nil> whitelist:<nil>} ACME:{Email: KeyType:4096 CertsPath:certs CAEndpoint:https://acme-v02.api.letsencrypt.org/directory Domains:[] RenewDays:30 HTTP01Challenge:{Port:80 WebRoot: ProxyHeader:} TLSALPN01Challenge:{Port:0} accountConfigPath: accountKeyPath: lockPath: tempDir:} SFTPD:{Banner:SFTPGo_2.4.3 Bindings:[{Address: Port:2022 ApplyProxyConfig:true}] MaxAuthTries:0 HostKeys:[] HostCertificates:[] HostKeyAlgorithms:[] Moduli:[] KexAlgorithms:[] Ciphers:[] MACs:[] TrustedUserCAKeys:[] RevokedUserCertsFile: LoginBannerFile: EnabledSSHCommands:[md5sum sha1sum sha256sum cd pwd scp] KeyboardInteractiveAuthentication:false KeyboardInteractiveHook: PasswordAuthentication:true FolderPrefix: certChecker:<nil> parsedUserCAKeys:[]} FTPD:{Bindings:[{Address: Port:0 ApplyProxyConfig:true TLSMode:0 CertificateFile: CertificateKeyFile: MinTLSVersion:12 ForcePassiveIP: PassiveIPOverrides:[] ClientAuthType:0 TLSCipherSuites:[] PassiveConnectionsSecurity:0 ActiveConnectionsSecurity:0 Debug:false ciphers:[]}] Banner:SFTPGo 2.4.3 ready BannerFile: CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] ActiveTransfersPortNon20:true DisableActiveMode:false EnableSite:false HASHSupport:0 CombineSupport:0 PassivePortRange:{Start:50000 End:50100}} WebDAVD:{Bindings:[{Address: Port:10080 EnableHTTPS:false CertificateFile: CertificateKeyFile: MinTLSVersion:12 ClientAuthType:0 TLSCipherSuites:[] Prefix: ProxyAllowed:[] ClientIPProxyHeader: ClientIPHeaderDepth:0 DisableWWWAuthHeader:false allowHeadersFrom:[]}] CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] Cors:{AllowedOrigins:[] AllowedMethods:[] AllowedHeaders:[] ExposedHeaders:[] AllowCredentials:false Enabled:false MaxAge:0 OptionsPassthrough:false OptionsSuccessStatus:0 AllowPrivateNetwork:false} Cache:{Users:{ExpirationTime:0 MaxSize:50} MimeTypes:{Enabled:true MaxSize:1000}}} ProviderConf:{Driver:sqlite Name:sftpgo.db Host: Port:0 Username: Password: SSLMode:0 DisableSNI:false TargetSessionAttrs: RootCert: ClientCert: ClientKey: ConnectionString: SQLTablesPrefix: TrackQuota:2 PoolSize:0 UsersBaseDir:/srv/sftpgo/data Actions:{ExecuteOn:[] ExecuteFor:[] Hook:} ExternalAuthHook: ExternalAuthScope:0 PreLoginHook: PostLoginHook: PostLoginScope:0 CheckPasswordHook: CheckPasswordScope:0 UpdateMode:0 PasswordHashing:{BcryptOptions:{Cost:10} Argon2Options:{Memory:65536 Iterations:1 Parallelism:2} Algo:bcrypt} PasswordValidation:{Admins:{MinEntropy:0} Users:{MinEntropy:0}} PasswordCaching:true DelayedQuotaUpdate:0 CreateDefaultAdmin:false NamingRules:1 IsShared:0 Node:{Host: Port:0 Proto:http} BackupsPath:/srv/sftpgo/backups} HTTPDConfig:{Bindings:[{Address: Port:8080 EnableWebAdmin:true EnableWebClient:true EnableRESTAPI:true EnabledLoginMethods:0 EnableHTTPS:false CertificateFile: CertificateKeyFile: MinTLSVersion:12 ClientAuthType:0 TLSCipherSuites:[] ProxyAllowed:[] ClientIPProxyHeader: ClientIPHeaderDepth:0 HideLoginURL:0 RenderOpenAPI:true WebClientIntegrations:[] OIDC:{ClientID: ClientSecret: ConfigURL: RedirectBaseURL: UsernameField: RoleField: ImplicitRoles:false Scopes:[openid profile email] CustomFields:[] InsecureSkipSignatureCheck:false Debug:false provider:<nil> verifier:<nil> providerLogoutURL: oauth2Config:<nil>} Security:{Enabled:false AllowedHosts:[] AllowedHostsAreRegex:false HostsProxyHeaders:[] HTTPSRedirect:false HTTPSHost: HTTPSProxyHeaders:[] STSSeconds:0 STSIncludeSubdomains:false STSPreload:false ContentTypeNosniff:false ContentSecurityPolicy: PermissionsPolicy: CrossOriginOpenerPolicy: ExpectCTHeader: proxyHeaders:[]} Branding:{WebAdmin:{Name: ShortName: LogoPath: LoginImagePath: FaviconPath: DisclaimerName: DisclaimerPath: DefaultCSS: ExtraCSS:[]} WebClient:{Name: ShortName: LogoPath: LoginImagePath: FaviconPath: DisclaimerName: DisclaimerPath: DefaultCSS: ExtraCSS:[]}} allowHeadersFrom:[]}] TemplatesPath:templates StaticFilesPath:static OpenAPIPath:openapi WebRoot: CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] SigningPassphrase: TokenValidation:0 MaxUploadFileSize:1048576000 Cors:{AllowedOrigins:[] AllowedMethods:[] AllowedHeaders:[] ExposedHeaders:[] AllowCredentials:false Enabled:false MaxAge:0 OptionsPassthrough:false OptionsSuccessStatus:0 AllowPrivateNetwork:false} Setup:{InstallationCode: InstallationCodeHint:Installation code} HideSupportLink:false} HTTPConfig:{Timeout:20 RetryWaitMin:2 RetryWaitMax:30 RetryMax:3 CACertificates:[] Certificates:[] SkipTLSVerify:false Headers:[] customTransport:<nil>} CommandConfig:{Timeout:30 Env:[] Commands:[]} KMSConfig:{Secrets:{URL: MasterKeyPath: MasterKeyString: masterKey:}} MFAConfig:{TOTP:[{Name:Default Issuer:SFTPGo Algo:sha1 algo:0}]} TelemetryConfig:{BindPort:0 BindAddress:127.0.0.1 EnableProfiler:false AuthUserFile: CertificateFile: CertificateKeyFile: TLSCipherSuites:[] MinTLSVersion:12} PluginsConfig:[] SMTPConfig:{Host: Port:25 From: User: Password: AuthType:0 Encryption:0 Domain: TemplatesPath:templates}}"}
{"level":"info","time":"2023-02-04T03:04:10.651","sender":"common","message":"scheduled overquota transfers check, schedule \"@every 1m0s\""}
{"level":"info","time":"2023-02-04T03:04:10.651","sender":"common","message":"scheduled idle connections check, schedule \"@every 3m0s\""}
{"level":"info","time":"2023-02-04T03:04:10.651","sender":"common","message":"using memory transfer checker"}
{"level":"info","time":"2023-02-04T03:04:10.651","sender":"kms","message":"secret provider registered for scheme: \"builtin\", encrypted status: \"AES-256-GCM\""}
{"level":"info","time":"2023-02-04T03:04:10.651","sender":"kms","message":"secret provider registered for scheme: \"local\", encrypted status: \"Secretbox\""}
{"level":"debug","time":"2023-02-04T03:04:10.651","sender":"plugins","message":"initialize"}
{"level":"debug","time":"2023-02-04T03:04:10.651","sender":"smtp","message":"configuration disabled, email capabilities will not be available"}
{"level":"debug","time":"2023-02-04T03:04:10.651","sender":"dataprovider","message":"absolute backup path \"/srv/sftpgo/backups\""}
{"level":"debug","time":"2023-02-04T03:04:10.651","sender":"dataprovider_sqlite","message":"sqlite database handle created, connection string: \"file:sftpgo.db?cache=shared&_foreign_keys=1\""}
{"level":"error","time":"2023-02-04T03:04:10.652","sender":"dataprovider_sqlite","message":"error preparing database query \"SELECT version from schema_version LIMIT 1\": unable to open database file: no such file or directory"}
{"level":"info","time":"2023-02-04T03:04:10.652","sender":"dataprovider_sqlite","message":"creating initial database schema, version 19"}
{"level":"error","time":"2023-02-04T03:04:10.653","sender":"dataprovider_sqlite","message":"error preparing database query \"SELECT version from schema_version LIMIT 1\": unable to open database file: no such file or directory"}
{"level":"error","time":"2023-02-04T03:04:10.653","sender":"dataprovider_sqlite","message":"Unable to initialize data provider: unable to open database file: no such file or directory"}
{"level":"error","time":"2023-02-04T03:04:10.653","sender":"service","message":"error initializing data provider: unable to open database file: no such file or directory"}

Here's the K8s statefulset configuration I'm using:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: sftpgo
spec:
  replicas: 1
  serviceName: sftpgo
  selector:
    matchLabels:
      app: sftpgo
  template:
    metadata:
      labels:
        app: sftpgo
    spec:
      containers:
        - name: sftpgo
          image: drakkan/sftpgo:v2.4.3-alpine
          env:
            - name: SFTPGO_WEBDAVD__BINDINGS__0__PORT
              value: '10080'
            - name: SFTPGO_GRACE_TIME
              value: '10'
          ports:
            - name: webadmin
              containerPort: 8080
              protocol: TCP
            - name: sftp
              containerPort: 2022
              protocol: TCP
            - name: webdav
              containerPort: 10080
              protocol: TCP
          volumeMounts:
            - name: sftpgo-data
              mountPath: /srv/sftpgo
            - name: sftpgo-home
              mountPath: /var/lib/sftpgo

  volumeClaimTemplates:
    - metadata:
        name: sftpgo-data
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: longhorn
        resources:
          requests:
            storage: 1Gi
    - metadata:
        name: sftpgo-home
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: longhorn
        resources:
          requests:
            storage: 512Mi

I tested using another alpine based image like nginx, and the volumes seem to be mounted correctly.

harryzcy commented 1 year ago

I get it working now. It's the permission issue on the directories.

Skyhikeeper commented 1 year ago

harry how did you solve the permissions ?

harryzcy commented 1 year ago

@Skyhikeeper I used an init container

initContainers:
  - name: volume-mount-user
    image: busybox
    command: ["/bin/sh"]
    args:
      - -c
      - >-
          chown -R 1000:1000 /srv/sftpgo &&
          chown -R 1000:1000 /var/lib/sftpgo
    volumeMounts:
      - name: sftpgo-data
        mountPath: /srv/sftpgo
      - name: sftpgo-home
        mountPath: /var/lib/sftpgo