search

helm / chartmuseum

helm chart repository server
https://chartmuseum.com
Apache License 2.0
3.61k stars 402 forks source link

upload of helmchart fails : permission denied #241

Open pjain17 opened 5 years ago

pjain17 commented 5 years ago

Hello, I am trying to add private helm charts to chartmuseum repo. The chartmuseum pod is up and running but the upload of a chart to this repo fails with the Permission denied error.

$curl -L --data-binary "@frame-face-redis-docker-compose-0.0.1.tgz" http://localhost:8081/api/charts
{"error":"open /storage/frame-face-redis-docker-compose-0.0.1.tgz: permission denied"}
$kubectl logs harmonious-stocking-chartmuseum-d87b65cf9-kmlp6
{"L":"ERROR","T":"2019-06-03T23:30:46.954Z","M":"[655] Request served","path":"/api/charts","comment":"","latency":"26.862544ms","clientIP":"127.0.0.1","method":"POST","statusCode":500,"reqID":"280c7c6b-3594-4c70-97be-2e5b92c790bd"}
{"L":"ERROR","T":"2019-06-03T23:36:28.967Z","M":"[724] Request served","path":"/api/charts","comment":"","latency":"25.214338ms","clientIP":"127.0.0.1","method":"POST","statusCode":500,"reqID":"1abed5fc-9eba-43e1-8aa1-c4b51a6cbf99"}
{"L":"ERROR","T":"2019-06-03T23:38:10.733Z","M":"[746] Request served","path":"/api/charts","comment":"","latency":"25.407897ms","clientIP":"127.0.0.1","method":"POST","statusCode":500,"reqID":"4993fe66-6b2d-4e3c-a3e9-d63b1ef2df14"}
pjain17 commented 5 years ago

It is linked to : Chart package can not be uploaded to the chartmuseum #195

pjain17 commented 5 years ago

chart-version : 2.3.1, app-version : 0.8.2

curl http://localhost:8081/health
{"healthy":true}

curl -L --data-binary "@frame-face-redis-docker-compose-0.0.1.tgz" http://localhost:8081/api/charts
{"error":"open /storage/frame-face-redis-docker-compose-0.0.1.tgz: permission denied"}
$kubectl exec -it harmonious-stocking-chartmuseum-d87b65cf9-kmlp6 -- /bin/sh
/ $ ls -l
drwxr-xr-x    2 root     root          4096 Jun  3 22:39 storage
/ $ id
uid=1000(chartmuseum) gid=1000(chartmuseum) groups=1000(chartmuseum)
jdolitsky commented 5 years ago

@pjain17 So i think this has to do with the way the /storage is mounted i the container. Can you try with chart version 1.8.2+ ?

pjain17 commented 5 years ago

@jdolitsky this was tried with chart version Chart Version: 2.3.1

winromulus commented 5 years ago

I have the same issue. Local storage is broken somewhere, maybe a permissions issue?

wangrong2012 commented 5 years ago

docker run --rm -u 0 -it -d -p 8080:8080 -e DEBUG=1 -e STORAGE=local -e STORAGE_LOCAL_ROOTDIR=/charts -v $(pwd)/charts:/charts chartmuseum/chartmuseum:latest

Use the root to exec the cmd may resolve the problem.

modassarrana commented 5 years ago

I am not using docker command to install chartmuseum. Chartmuseum is installed using helm & pods are in running state. I am trying to push istio charm to my newly created charm repository & gettin permission denied.

helm repo list | grep cm cm http://10.0.41.120:8090

[root@sv centos]# kubectl exec -it  test-chartmuseum-5c68c4ccf5-22t2x -- /bin/sh
/ $ ls -lrt
total 30284
drwxr-xr-x   11 root     root          4096 Jan 30  2019 var
drwxr-xr-x    7 root     root          4096 Jan 30  2019 usr
drwxrwxrwt    2 root     root          4096 Jan 30  2019 tmp
drwxr-xr-x    2 root     root          4096 Jan 30  2019 srv
drwx------    2 root     root          4096 Jan 30  2019 root
drwxr-xr-x    2 root     root          4096 Jan 30  2019 mnt
drwxr-xr-x    5 root     root          4096 Jan 30  2019 media
drwxr-xr-x    2 root     root          4096 Jan 30  2019 bin
-rwxr-xr-x    1 root     root      30943800 Feb  6  2019 chartmuseum
drwxr-xr-x    2 root     root          4096 Feb  6  2019 sbin
drwxr-xr-x    5 root     root          4096 Feb  6  2019 lib
drwxr-xr-x    1 root     root          4096 Feb  6  2019 home
dr-xr-xr-x   13 root     root             0 Aug 27 19:41 sys
drwxr-xr-x    2 root     root          4096 Oct 18 04:51 storage
drwxr-xr-x    1 root     root          4096 Nov  4 03:58 run
dr-xr-xr-x  650 root     root             0 Nov  4 03:58 proc
drwxr-xr-x    1 root     root          4096 Nov  4 03:58 etc
drwxr-xr-x    5 root     root           360 Nov  4 03:58 dev
/ $ id
uid=1000(chartmuseum) gid=1000(chartmuseum) groups=1000(chartmuseum)

My storage class is not ceph , its a simple storage. Please find storage class & pv details below created manually before installing chartmuseum

StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: local
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

kind: PersistentVolume
apiVersion: v1
metadata:
  name: pv-volume
  labels:
    type: local
spec:
  storageClassName: local
  capacity:
    storage: 8Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/home/tb"
maciejfranek commented 4 years ago

Hi, had similar issue (in my case local storage was used). I've managed to solve it by changing permissions on the container:

docker exec -it -u 0 helm-repository /bin/sh
chown -R chartmuseum:chartmuseum /charts
balraj111 commented 4 years ago

I change my helm-repository/charts permisson cd helm-repository chmod 777 charts now it is working for me

Jianxuan-Li commented 3 years ago

Thank you @maciejfranek , I realize the problem is due to the permission of charts storage from your information.

I running the chartmuseum on kubernetes, here is what I did:

$: kubectl exec -it chartmuseum-7668bfcf68-hnfrc -- id
uid=1000 gid=0(root)

Then change the owner of chartmuseum data dir on my host(I'm using hostPath as volume) like this:

sudo chown -R 1000:0 /data/chartmuseum

This is worked for me.