search

opf / helm-charts

OPF helm chart repository
https://charts.openproject.org
GNU General Public License v3.0
11 stars 23 forks source link

Cannot upload logos on bare metal kubernetes #91

Open davidleechen opened 9 months ago

davidleechen commented 9 months ago

OpenProject 13.3.0 running helm chart 4.5.0, upgrading from 13.0.7 and unknown helm chart version prior.

We have a bare metal kubernetes cluster and it seems https://github.com/opf/helm-charts/pull/38 changed the way tmp and its new volumes are mounted. It looks like there is a "sort of" workaround where develop: true changes the way those volumes are mounted, and it does seem to work, albeit we have errors about HTTPS since that also is bundled together.

The logging error is below, while attempting to upload a logo in the admin/design page.

# /usr/local/lib/ruby/3.2.0/tmpdir.rb:34:in `block in tmpdir': system temporary path is world-writable: /tmp (StructuredWarnings::StandardWarning)
# /usr/local/lib/ruby/3.2.0/tmpdir.rb:34:in `block in tmpdir': /tmp is world-writable: /tmp (StructuredWarnings::StandardWarning)
# 2024-02-16 18:18:26 +0000 Rack app ("POST /admin/design" - (ipaddress)): #<Errno::EROFS: Read-only file system @ rb_sysopen - /app/RackMultipart20240216-12-lup1dp.svg>

A further note, it's misleading to have tmp volumes while persistence.enabled: false. I went back to read the values comments and it does say "data directory" but I did not immediately make any connections here.

A secondary note, we have s3 turned on with direct upload, why does this even need to go to a tmp dir? Maybe the real fix here is to convert the rest of the custom design stuff to also use direct upload.

Thanks!

mies-itq commented 5 months ago

Same issue over here! With uploading files and addding and editing Wiki pages.

maximemoreillon commented 5 months ago

Same problem here with version 5.2.0 of the Helm chart, i.e. OpenProject v14. This applies to any file upload.

@davidleechen thanks a lot for pointing out that develop: true provides a workaround the issue! I am looking forward to a proper solution being found

rmoreas commented 1 month ago

Another workaround is setting useTmpVolumes and containerSecurityContext.readOnlyRootFilesystem to false, what is also not optimal, but this will leave the use of https enabled.

Another workaround is given at https://community.openproject.org/topics/18660?r=18660, but this would require patching of the deployment since the helm chart doesn't provide values to add init containers.