Hi all,
I have a gitlab-ce installation on my self-hosted bare metal kubernetes cluster, installed through helm. I’m using gitaly for repository access, and gitaly has access to a PV through NFS. Whenever I try to push to a repository, it gives the following error: remote: fatal: fsync error on '/home/git/repositories/@hashed/d5/9e/d59eced1ded07f84c145592f65bdf854358e009c5cd705f5215bf18697fed103.git/./objects/tmp_objdir-incoming-02FNsD/2d/tmp_obj_0A1M4e': Permission denied
(also through the web IDE interface). Note that it was working before the summer, so it’s possible I botched a helm upgrade.
Gitaly logs show the following:
Gitaly log
root@gondor2013:~/helm_manifests# kubectl logs -n gitlab gitlab-gitaly-0 | grep 01H92XDD1GEPPVYS6XNTRXERNH
Defaulted container "gitaly" out of: gitaly, certificates (init), configure (init)
{"component": "gitaly","subcomponent":"gitaly","level":"info","command.count":1,"command.cpu_time_ms":2,"command.inblock":0,"command.majflt":0,"command.maxrss":346388,"command.minflt":139,"command.oublock":0,"command.real_time_ms":3,"command.spawn_token_fork_ms":0,"command.spawn_token_wait_ms":0,"command.system_time_ms":0,"command.user_time_ms":2,"component":"gitaly.UnaryServerInterceptor","correlation_id":"01H92XDD1GEPPVYS6XNTRXERNH","grpc.code":"OK","grpc.meta.auth_version":"v2","grpc.meta.client_name":"gitlab-web","grpc.meta.deadline_type":"regular","grpc.meta.method_operation":"accessor","grpc.meta.method_scope":"repository","grpc.meta.method_type":"unary","grpc.method":"HasLocalBranches","grpc.request.deadline":"2023-08-30T09:47:03.045","grpc.request.fullMethod":"/gitaly.RepositoryService/HasLocalBranches","grpc.request.glProjectPath":"peterkroon/test","grpc.request.glRepository":"project-41","grpc.request.payload_bytes":124,"grpc.request.repoPath":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","grpc.request.repoStorage":"default","grpc.response.payload_bytes":0,"grpc.service":"gitaly.RepositoryService","grpc.start_time":"2023-08-30T09:46:53.416","grpc.time_ms":4.366,"level":"info","msg":"finished unary call with code OK","peer.address":"10.240.122.223:44370","pid":1,"remote_ip":"10.240.166.146","span.kind":"server","system":"grpc","time":"2023-08-30T09:46:53.420Z","user_id":"2","username":"peterkroon"}
{"component": "gitaly","subcomponent":"gitaly","level":"info","command.count":1,"command.cpu_time_ms":2,"command.inblock":0,"command.majflt":0,"command.maxrss":346388,"command.minflt":140,"command.oublock":0,"command.real_time_ms":3,"command.spawn_token_fork_ms":0,"command.spawn_token_wait_ms":0,"command.system_time_ms":0,"command.user_time_ms":2,"component":"gitaly.StreamServerInterceptor","correlation_id":"01H92XDD1GEPPVYS6XNTRXERNH","grpc.code":"OK","grpc.meta.auth_version":"v2","grpc.meta.client_name":"gitlab-web","grpc.meta.deadline_type":"regular","grpc.meta.method_operation":"accessor","grpc.meta.method_scope":"repository","grpc.meta.method_type":"server_stream","grpc.method":"ListRefs","grpc.request.deadline":"2023-08-30T09:47:03.073","grpc.request.fullMethod":"/gitaly.RefService/ListRefs","grpc.request.glProjectPath":"peterkroon/test","grpc.request.glRepository":"project-41","grpc.request.payload_bytes":137,"grpc.request.repoPath":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","grpc.request.repoStorage":"default","grpc.response.payload_bytes":0,"grpc.service":"gitaly.RefService","grpc.start_time":"2023-08-30T09:46:53.443","grpc.time_ms":3.645,"level":"info","msg":"finished streaming call with code OK","peer.address":"10.240.122.223:44370","pid":1,"remote_ip":"10.240.166.146","span.kind":"server","system":"grpc","time":"2023-08-30T09:46:53.447Z","user_id":"2","username":"peterkroon"}
{"component": "gitaly","subcomponent":"gitaly","level":"error","catfile.duration_ms":0,"catfile.flush_count":1,"catfile.flush_ms":0,"catfile.read_object_count":1,"catfile.read_object_ms":0,"catfile.request_object_count":1,"catfile.request_object_ms":0,"command.count":2,"command.cpu_time_ms":2,"command.inblock":0,"command.majflt":0,"command.maxrss":346388,"command.minflt":167,"command.oublock":0,"command.real_time_ms":3,"command.spawn_token_fork_ms":0,"command.spawn_token_wait_ms":0,"command.system_time_ms":0,"command.user_time_ms":2,"component":"gitaly.StreamServerInterceptor","correlation_id":"01H92XDD1GEPPVYS6XNTRXERNH","error":"tree entry not found","error_metadata":{"path":".gitattributes"},"grpc.code":"NotFound","grpc.meta.auth_version":"v2","grpc.meta.client_name":"gitlab-web","grpc.meta.deadline_type":"regular","grpc.meta.method_operation":"accessor","grpc.meta.method_scope":"repository","grpc.meta.method_type":"server_stream","grpc.method":"TreeEntry","grpc.request.deadline":"2023-08-30T09:47:23.455","grpc.request.fullMethod":"/gitaly.CommitService/TreeEntry","grpc.request.glProjectPath":"peterkroon/test","grpc.request.glRepository":"project-41","grpc.request.payload_bytes":151,"grpc.request.repoPath":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","grpc.request.repoStorage":"default","grpc.response.payload_bytes":0,"grpc.service":"gitaly.CommitService","grpc.start_time":"2023-08-30T09:46:53.455","grpc.time_ms":5.239,"level":"info","msg":"finished streaming call with code NotFound","peer.address":"10.240.122.223:44370","pid":1,"remote_ip":"10.240.166.146","span.kind":"server","system":"grpc","time":"2023-08-30T09:46:53.461Z","user_id":"2","username":"peterkroon"}
{"component": "gitaly","subcomponent":"gitaly","level":"info","branch_name":"bWFpbg==","component":"gitaly.StreamServerInterceptor","correlation_id":"01H92XDD1GEPPVYS6XNTRXERNH","diskcache":"21f198d9-0df6-4ee1-a98c-93aaca81489e","force":false,"grpc.meta.auth_version":"v2","grpc.meta.client_name":"gitlab-web","grpc.meta.deadline_type":"regular","grpc.meta.method_operation":"mutator","grpc.meta.method_scope":"repository","grpc.meta.method_type":"client_stream","grpc.method":"UserCommitFiles","grpc.request.deadline":"2023-08-30T09:47:48.163","grpc.request.fullMethod":"/gitaly.OperationService/UserCommitFiles","grpc.service":"gitaly.OperationService","grpc.start_time":"2023-08-30T09:46:53.463","level":"info","msg":"diskcache state change","peer.address":"10.240.122.223:44370","pid":1,"remote_ip":"10.240.166.146","repository_relative_path":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","repository_storage":"default","span.kind":"server","start_branch_name":"bWFpbg==","start_repository_relative_path":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","start_repository_storage":"default","start_sha":"","system":"grpc","time":"2023-08-30T09:46:53.490Z","user_id":"2","username":"peterkroon"}
{"component": "gitaly","subcomponent":"gitaly","level":"fatal","branch_name":"bWFpbg==","command.count":4,"command.cpu_time_ms":9,"command.inblock":0,"command.majflt":0,"command.maxrss":346388,"command.minflt":580,"command.oublock":8,"command.real_time_ms":16,"command.spawn_token_fork_ms":0,"command.spawn_token_wait_ms":0,"command.system_time_ms":2,"command.user_time_ms":7,"component":"gitaly.StreamServerInterceptor","correlation_id":"01H92XDD1GEPPVYS6XNTRXERNH","error":"write created blob: exit status 128, stderr: \"fatal: fsync error on '/home/git/repositories/+gitaly/tmp/quarantine-f9a22eb2239ac60b-4188035681/3a/tmp_obj_nLkEjO': Permission denied\\n\"","force":false,"grpc.code":"Internal","grpc.meta.auth_version":"v2","grpc.meta.client_name":"gitlab-web","grpc.meta.deadline_type":"regular","grpc.meta.method_operation":"mutator","grpc.meta.method_scope":"repository","grpc.meta.method_type":"client_stream","grpc.method":"UserCommitFiles","grpc.request.deadline":"2023-08-30T09:47:48.163","grpc.request.fullMethod":"/gitaly.OperationService/UserCommitFiles","grpc.request.payload_bytes":418,"grpc.response.payload_bytes":0,"grpc.service":"gitaly.OperationService","grpc.start_time":"2023-08-30T09:46:53.463","grpc.time_ms":27.491,"level":"error","msg":"finished streaming call with code Internal","peer.address":"10.240.122.223:44370","pid":1,"remote_ip":"10.240.166.146","repository_relative_path":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","repository_storage":"default","span.kind":"server","start_branch_name":"bWFpbg==","start_repository_relative_path":"@hashed/3d/91/3d914f9348c9cc0ff8a79716700b9fcd4d2f3e711608004eb8f138bcba7f14d9.git","start_repository_storage":"default","start_sha":"","system":"grpc","time":"2023-08-30T09:46:53.490Z","user_id":"2","username":"peterkroon"}
I’m sure the owner and group of the files on the NFS share are correct. I would appreciate some guidance on where to look next. helm uninstall
and helm install
don’t help unfortunately. A second idea was to use gitlab.gitaly.git.config
to set core.fsync = none
, but that provided a new error (error when closing loose object file: permission denied
)
I’d be happy to provide more details.
Installation details
helm list -n gitlab
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
gitlab gitlab 1 2023-08-30 10:31:02.349725021 +0200 CEST deployed gitlab-7.3.0 v16.3.0
root@gondor2013:~/helm_manifests# kubectl describe -n gitlab pvc repo-data-gitlab-gitaly-0
Name: repo-data-gitlab-gitaly-0
Namespace: gitlab
StorageClass:
Status: Bound
Volume: gitaly-volume
Labels: name=gitaly-claim
Annotations: pv.kubernetes.io/bind-completed: yes
Finalizers: [kubernetes.io/pvc-protection]
Capacity: 250Gi
Access Modes: RWO,ROX,RWX
VolumeMode: Filesystem
Used By: gitlab-gitaly-0
Events: <none>
root@gondor2013:~/helm_manifests# kubectl describe pv gitaly-volume
Name: gitaly-volume
Labels: name=gitaly-volume
Annotations: pv.kubernetes.io/bound-by-controller: yes
Finalizers: [kubernetes.io/pv-protection]
StorageClass:
Status: Bound
Claim: gitlab/repo-data-gitlab-gitaly-0
Reclaim Policy: Retain
Access Modes: RWO,ROX,RWX
VolumeMode: Filesystem
Capacity: 250Gi
Node Affinity: <none>
Message:
Source:
Type: NFS (an NFS mount that lasts the lifetime of a pod)
Server: gondor2021.bin.bioinf.nl
Path: /storage/git-storage
ReadOnly: false
Events: <none>