Airflow cannot perform initial repositories clone #24935
Comments
MarijnMB
added
the
tech-issues
|
I've recently (in the past 3 or 4 days?) begun seeing this in the |
|
Rolling back the Nginx chart to 15.12.2 fixes the issue, so it arose sometime in between then and now (16.0.2). |
|
My guess would be this: |
|
Bitnami containers are designed to operate as non-root by default. Consequently, any files or directories used by the application should be owned by the root group, as the random user (1001 by default) is a member of this root group. To ensure proper permissions, you'll need to adjust the ownership of your local directory accordingly. For more comprehensive information about non-root containers and their significance for security, you can explore the following resources:
These references provide valuable insights into the best practices and considerations when working with non-root containers in Bitnami applications. During the past weeks, we have been performing some changes to improve the security of our container and Helm charts, see #24251. For instance, in the case of Airflow it's detailed at the releases notes for the new major: https://github.com/bitnami/charts/tree/main/bitnami/airflow#to-1800 (same for NGINX but with version 16.0.0) |
|
@carrodher I fully understand the benefits of running as non-root, but that doesn't help me here. The issue I think is not the permissions on the local directory (since there is none, this is a clean installation), but the non-existent user in the git containers. |
|
Hi, We reproduced the issue and we are working on a fix. This issue is caused by the latest security updates we introduced in the chart. Sorry for the inconvenience. |
|
PR is created here. You can test the changes if you want to 😄 |
|
we'll need this for every chart that supports a |
|
Correct! If you are running into the same issue with other Charts, you can contribute to apply the fix 😄 |
|
18.0.8 has the fix and works well. |
|
once git tries to clone error : |
Name and Version
bitnami/airflow 18.0.1
What architecture are you using?
amd64
What steps will reproduce the bug?
Same as #17543
Are you using any custom parameters or values?
git repo for dags, same as #17543
What is the expected behavior?
No response
What do you see instead?
Nothing at all: clone-repositories container immediately errors without ever showing an error message in the logs.
Additional information
If I change the git.clone.args to
args: [ "-ec", "sleep 500000" ](to keep it running) and enter a shell in the container, the user as which I'm logged in is "I have no name!" and the./opt/bitnami/scripts/libfs.shcommand (first line of the default entrypoint) gives a permissions error.whoamishows the user has UID 1001, which doesn't exist in the git container.The text was updated successfully, but these errors were encountered: