search

jfrog / artifactory-docker-examples

Examples for using Artifactory Docker distribution in various environments
https://www.jfrog.com/artifactory/
Apache License 2.0
330 stars 299 forks source link

Permission issue in deploying artifactory/nginx with the current tempalte. seccurityContext is missing. #125

Closed ypan887 closed 4 years ago

ypan887 commented 6 years ago

While deploying with the template on kubernetes with the mounted pvc, you will hit permission issue. 

2018-10-18 20:22:12   [73 entrypoint-artifactory.sh] Current max open processes is unlimited
2018-10-18 20:22:12   [83 entrypoint-artifactory.sh] Checking if /var/opt/jfrog/artifactory is mounted
2018-10-18 20:22:12   [88 entrypoint-artifactory.sh] /var/opt/jfrog/artifactory is mounted
2018-10-18 20:22:12  [133 entrypoint-artifactory.sh] Testing directory (/opt/jfrog/artifactory) has read/write permissions
2018-10-18 20:22:12  [141 entrypoint-artifactory.sh] /opt/jfrog/artifactory has read/write permissions for artifactory
2018-10-18 20:22:12  [133 entrypoint-artifactory.sh] Testing directory (/var/opt/jfrog/artifactory) has read/write permissions
/entrypoint-artifactory.sh: line 138: /var/opt/jfrog/artifactory/test-permissions: Permission denied
2018-10-18 20:22:12  [154 entrypoint-artifactory.sh] ###########################################################
2018-10-18 20:22:12  [155 entrypoint-artifactory.sh] /var/opt/jfrog/artifactory is NOT writable!
2018-10-18 20:22:12  [156 entrypoint-artifactory.sh] Directory: /var/opt/jfrog/artifactory, permissions: 755, owner: root, group: root
2018-10-18 20:22:12  [157 entrypoint-artifactory.sh] Mounted directory must be writable by user 'artifactory' (id 1030)
2018-10-18 20:22:12  [158 entrypoint-artifactory.sh] ###########################################################
2018-10-18 20:22:12   [42 entrypoint-artifactory.sh] ERROR: Directory /var/opt/jfrog/artifactory has bad permissions for user 'artifactory'

It helped to add the following spec to the deployment template:

  spec:
      securityContext:
        runAsUser: {{ .Values.artifactory.uid }}
        fsGroup: {{ .Values.artifactory.uid }}

From the chart value, the uid for artifactory is 1030 and for nginx is 104 https://github.com/jfrog/charts/blob/master/stable/artifactory/values.yaml

eldada commented 6 years ago

@ypan887 - the mounted volumes must have permissions to allow Artifactory user to read/write to them. Can you add more details on your deployment process? Tools, scripts etc.

JfrogPrasanna commented 4 years ago

Closing this as there is no response for a long time and this repo is under deprecation.