docker-gitlab-mirrors
docker-gitlab-mirrors copied to clipboard
Klowner
Second `docker run` always results in 'permission denied'
I've got Gitlab up and running ( meaning I was able to add a new Github remote to my Mirrors group using the gitlab-mirrors.sh script below ).
But every time I try to run another command I get:
ϟ ./gitlab-mirrors.sh ls
chown: /data/Mirrors/project-x/objects/pack/pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.idx: Permission denied
chown: /data/Mirrors/project-x/objects/pack/pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.pack: Permission denied
contents of gitlab-mirrors.sh:
docker run --rm -i \
-v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \
-v "${PWD}/config:/config" \
-v "${PWD}/mirrors:/data/Mirrors" \
-e SSH_AUTH_SOCK=$SSH_AUTH_SOCK \
-e GITLAB_MIRROR_GITLAB_UID=1000 \
-e GITLAB_MIRROR_GITLAB_USER=gitmirror \
-e GITLAB_MIRROR_GITLAB_NAMESPACE=Mirrors \
-e GITLAB_MIRROR_GITLAB_URL=http://my-gitlab.com \
quay.io/klowner/gitlab-mirrors:latest ${@:1}
When I remove those files I can run for example update one more time, but the second run I will see the same problem again.
Hmm, what are the ownership/permissions on /data/Mirrors/project-x/objects/pack/pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.idx ?
ϟ ls -al mirrors/project-x/objects/pack/
total 744
drwxr-xr-x@ 4 webdevotion staff 136 Jul 13 17:38 .
drwxr-xr-x@ 4 webdevotion staff 136 Jul 13 17:31 ..
-r--r--r-- 1 webdevotion staff 40412 Jul 13 17:38 pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.idx
-r--r--r-- 1 webdevotion staff 337625 Jul 13 17:38 pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.pack
Very strange that those files are read-only.. Your user (webdevotion) is 1000, yeah?
ϟ whoami
webdevotion
ϟ id -u
501
Changed the script to use $(id -u) and tried with a hardcoded 501 in there. Same result.
Ah, maybe it's not that weird. All of my pack and idx files are also read-only.
Change your GITLAB_MIRROR_GITLAB_UID to 501 and it should work.
I tried your suggestions in a couple of flavours to no avail. Thank you for responding so swiftly.
With my host system's user:
-e GITLAB_MIRROR_GITLAB_UID=501 \
-e GITLAB_MIRROR_GITLAB_USER=webdevotion \
With a git user ( just because I can ):
-e GITLAB_MIRROR_GITLAB_UID=501 \
-e GITLAB_MIRROR_GITLAB_USER=git \
And with the user that I created in gitlab to use gitlab-mirrors:
-e GITLAB_MIRROR_GITLAB_UID=501 \
-e GITLAB_MIRROR_GITLAB_USER=gitmirror \
I'm obviously missing something here.
Just checked the users on the gitlab container:
$ cut -d: -f1 /etc/passwd
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
libuuid
syslog
sshd
git
So, shouldn't I be using git as the value of GITLAB_MIRROR_GITLAB_USER?
Daaah, my apologies, another documentation error.
Firstly, change GITLAB_MIRROR_GITLAB_UID to GITLAB_MIRROR_UID, it should remain 501, however.
As for GITLAB_MIRROR_GITLAB_USER, that is the username for the gitlab account that will be performing mirroring. GITLAB_MIRROR_USER however, defaults to "git" which should be correct for most configurations.
I've put the 'chown' command in the update script in comments now in a personal fork of this repo and am sailing smoothly atm.
What's the purpose of the 'chown'?
Glad to hear you at least found a workaround. Without chown I'm fairly certain I was ending up with root-owned data. Do you mind me asking what distro you're using? I'd like to see if I can reproduce my problem with the crown calls removed.
:+1:
Also thanks for the follow up. :)
On Sat, Jul 16, 2016, 5:40 PM webdevotion [email protected] wrote:
I've put the 'chown' command in the update script in comments now in a personal fork of this repo and am sailing smoothly atm.
What's the purpose of the 'chown'?
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/Klowner/docker-gitlab-mirrors/issues/5#issuecomment-233154740, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAknldTSpP3XSInef7gDomkbqdF5DOeks5qWV3XgaJpZM4JLjXk .