运行GitLab时出现Redis db权限问题

时间:2017-09-07 15:14:46

标签: redis kubernetes gitlab glusterfs

我正在尝试使用Gluster在Kubernetes中设置GitLab,Redis和PostgreSQL容器以实现持久性。 GlusterFS节点在Kubernetes集群外部的机器(CentOS)上设置(在RancherOS主机上运行)。问题是当GitLab尝试启动时,登录页面无法加载。这是一个全新的设置,而不是现在停止工作的东西。

root@gitlab-2797053212-ph4j8:/var/log/gitlab/gitlab# tail -50 sidekiq.log
...
...
   2017-09-07T11:53:03.098Z 547 TID-1fdjck ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/sidekiq-5.0.0/lib/sidekiq/processor.rb:84:in `process_one'
2017-09-07T11:53:03.098Z 547 TID-1fdjck ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/sidekiq-5.0.0/lib/sidekiq/processor.rb:73:in `run'
2017-09-07T11:53:03.098Z 547 TID-1fdjck ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/sidekiq-5.0.0/lib/sidekiq/util.rb:17:in `watchdog'
2017-09-07T11:53:03.098Z 547 TID-1fdjck ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/sidekiq-5.0.0/lib/sidekiq/util.rb:26:in `block in safe_thread'
2017-09-07T11:53:03.099Z 547 TID-1fdf1k ERROR: Error fetching job: ERR Error running script (call to f_7b91ed9f4cba40689cea7172d1fd3e08b2efd8c9): @user_script:7: @user_script: 7: -MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled. Please check Redis logs for details about the error.
2017-09-07T11:53:03.100Z 547 TID-1fdf1k ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/redis-3.3.3/lib/redis/client.rb:121:in `call'
2017-09-07T11:53:03.100Z 547 TID-1fdf1k ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/peek-redis-1.2.0/lib/peek/views/redis.rb:9:in `call'
2017-09-07T11:53:03.100Z 547 TID-1fdf1k ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/redis-3.3.3/lib/redis.rb:2399:in `block in _eval'
2017-09-07T11:53:03.100Z 547 TID-1fdf1k ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/redis-3.3.3/lib/redis.rb:58:in `block in synchronize'
2017-09-07T11:53:03.100Z 547 TID-1fdf1k ERROR: /usr/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
2017-09-07T11:53:03.100Z 547 TID-1fdf1k ERROR: /home/git/gitlab/vendor/bundle/ruby/2.3.0/gems/redis-3.3.3/lib/redis.rb:58:in `synchronize'
...

所以我检查了Redis容器日志。

[root@node-a ~]# docker logs -f 67d44f585705
...
...
[1] 07 Sep 14:43:48.140 # Background saving error
[1] 07 Sep 14:43:54.048 * 1 changes in 900 seconds. Saving...
[1] 07 Sep 14:43:54.048 * Background saving started by pid 2437
[2437] 07 Sep 14:43:54.053 # Failed opening .rdb for saving: Permission denied
...

在线检查此问题,然后注意到Redis pod中的以下权限和所有者详细信息

[root@node-a ~]# docker exec -it 67d44f585705 bash
groups: cannot find name for group ID 2000
root@redis-2138096053-0mlx4:/# ls -ld /var/lib/redis/
drwxr-sr-x 12 1000 1000 8192 Sep  7 11:51 /var/lib/redis/
root@redis-2138096053-0mlx4:/#
root@redis-2138096053-0mlx4:/# ls -l /var/lib/redis/
total 22
drwxr-sr-x 2  1000  1000     6 Sep  6 10:37 backups
drwxr-sr-x 2  1000  1000     6 Sep  6 10:37 builds
drwxr-sr-x 2 redis redis     6 Sep  6 10:14 data
-rw-r--r-- 1 redis redis 13050 Sep  7 11:51 dump.rdb
-rwxr-xr-x 1 redis redis    21 Sep  5 11:00 index.html
drwxrws--- 2  1000  1000     6 Sep  6 10:37 repositories
drwxr-sr-x 5  1000  1000    55 Sep  6 10:37 shared
drwxr-sr-x 2 root  root   8192 Sep  6 10:37 ssh
drwxr-sr-x 3 redis redis    70 Sep  7 10:20 tmp
drwx--S--- 2  1000  1000     6 Sep  6 10:37 uploads
root@redis-2138096053-0mlx4:/#
root@redis-2138096053-0mlx4:/# grep 1000 /etc/passwd
root@redis-2138096053-0mlx4:/#

追随并且一切都很好。

root@redis-2138096053-0mlx4:/# chown redis:redis -R /var/lib/redis/

但是,当我删除并再次运行GitLab部署YAML时,Redis容器中的权限再次得到了偏差。我不确定Gluster是否搞乱了Redis文件/文件夹权限。现在不能想到任何其他原因。

我想强调的一点是,所有三个容器都使用相同的 PVC

- name: gluster-vol1
  persistentVolumeClaim:
    claimName: gluster-dyn-pvc

以上三种情况都很常见。不同之处如下所示:

a) postgresql-deployment.yaml

volumeMounts:
- name: gluster-vol1
  mountPath: /var/lib/postgresql

b) redisio-deployment.yaml

volumeMounts:
- name: gluster-vol1
  mountPath: /var/lib/redis

c) gitlab-deployment.yaml

volumeMounts:
- name: gluster-vol1
  mountPath: /home/git/data

有什么建议吗?

1 个答案:

答案 0 :(得分:0)

通过以下步骤,我能够解决Redis的“Permission denied”问题:

  1. 在GlusterFS中为PostegreSQL,Redis和GitLab创建了单独的卷。
  2. 为所有三个创建单独的存储类。
  3. 为他们创建了PersistentVolumeClaim(PVC),并将/var/lib/postgresql/var/lib/redis/home/git/data映射到各自的PVC。
  4. 之前,上面提到的所有三个路径都指向GlusterFS中的相同卷。不知何故,它们似乎导致了Redis的问题。