Fix owner of public/uploads directory in UBI-8 Sidekiq image
What does this MR do?
The owner of the public/uploads directory on the gitlab-sidekiq-ee
UBI-8 image was owned by root instead of git. The directory was
being created via mkdir -p public/uploads, but the owner was never
set properly in the gitlab-rails Dockerfile. It was set properly on
gitlab-webservice-ee, however.
This problem manifested itself when exporting a vulnerability report:
2022-06-25T06:24:04.181Z pid=21 tid=6yd5 WARN: Errno::EACCES: Permission denied @ dir_s_mkdir - /srv/gitlab/public/uploads/-
2022-06-25T06:24:04.181Z pid=21 tid=6yd5 WARN: /usr/lib64/ruby/2.7.0/fileutils.rb:247:in `mkdir'
/usr/lib64/ruby/2.7.0/fileutils.rb:247:in `fu_mkdir'
/usr/lib64/ruby/2.7.0/fileutils.rb:228:in `block (2 levels) in mkdir_p'
/usr/lib64/ruby/2.7.0/fileutils.rb:226:in `reverse_each'
/usr/lib64/ruby/2.7.0/fileutils.rb:226:in `block in mkdir_p'
/usr/lib64/ruby/2.7.0/fileutils.rb:211:in `each'
/usr/lib64/ruby/2.7.0/fileutils.rb:211:in `mkdir_p'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/sanitized_file.rb:315:in `mkdir!'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/sanitized_file.rb:185:in `move_to'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/uploader/cache.rb:132:in `cache!'
/srv/gitlab/app/uploaders/object_storage.rb:370:in `cache!'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/mounter.rb:44:in `block in cache'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/mounter.rb:42:in `map'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/mounter.rb:42:in `cache'
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/mount.rb:146:in `file='
/srv/gitlab/vendor/bundle/ruby/2.7.0/gems/carrierwave-1.3.2/lib/carrierwave/orm/activerecord.rb:70:in `file='
/srv/gitlab/ee/app/services/vulnerability_exports/export_service.rb:49:in `block in generate_export_file'
/srv/gitlab/lib/csv_builder.rb:47:in `block in render'
/usr/lib64/ruby/2.7.0/tempfile.rb:291:in `open'
/srv/gitlab/lib/csv_builder.rb:39:in `render'Related issues
Relates to gitlab-org/charts/gitlab#3370 (closed)
Testing
docker run -it registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:sh-fix-public-uploads-permission-ubi8-ubi8 bash[git@95dfdce21b5e /]$ ls -al /srv/gitlab/public/
total 76
drwxrwxr-x 1 git root 4096 Jun 24 13:44 -
drwxrwxr-x 1 git root 4096 Jun 24 13:53 .
drwxrwxr-x 1 git root 4096 Jun 24 13:54 ..
-rw-rw-r-- 1 git root 3207 Jun 24 13:44 404.html
-rw-rw-r-- 1 git root 3035 Jun 24 13:44 422.html
-rw-rw-r-- 1 git root 3049 Jun 24 13:44 500.html
-rw-rw-r-- 1 git root 3039 Jun 24 13:44 502.html
-rw-rw-r-- 1 git root 3029 Jun 24 13:44 503.html
-rw-rw-r-- 1 git root 7455 Jun 24 13:44 apple-touch-icon.png
drwxrwxr-x 1 git root 20480 Jun 24 13:44 assets
-rw-rw-r-- 1 git root 2571 Jun 24 13:44 deploy.html
-rw-rw-r-- 1 git root 2339 Jun 24 13:44 robots.txt
-rw-rw-r-- 1 git root 1528 Jun 24 13:44 slash-command-logo.png
drwx------ 2 git root 4096 Jun 24 13:53 uploadsChecklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated
Edited by Stan Hu