Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unable to create dir "/atlantis-data/bin": mkdir /atlantis-data/bin: permission denied #149

Open
nokernel opened this issue Jun 3, 2022 · 5 comments
Open

unable to create dir "/atlantis-data/bin": mkdir /atlantis-data/bin: permission denied #149

nokernel opened this issue Jun 3, 2022 · 5 comments
Labels
Stale waiting-on-response Waiting for a response from the user

Comments

@nokernel
Copy link

nokernel commented Jun 3, 2022

Using atlantis helm chart version 4.0.1.

Getting this when scaling up the statefulset replicas from 1 to 2, and also when doing a fresh install on a new namespace.
@akhan23wgu
Copy link

akhan23wgu commented Oct 10, 2022
edited

Not sure what's changed in the new helm chart exactly, but if you have a PVC configured for your namespace then it will use that by default. There's no way to configure the path, so it'll use the root path (and I don't see a way to change this, which would be nice).

From there, you'll need to set the proper security context (example below). I was able to get past the error, but now I am getting Error: initializing server: initializing terraform: writing generated .terraformrc file with TFE token to /.terraformrc: open /.terraformrc: permission denied, even though folders were created on pod creation and my user (99) has full permissions to write to the designated directory.

securityContext:
  fsGroup: 100
  runAsUser: 99
  fsGroupChangePolicy: "OnRootMismatch"
  priorityClassName: ""

Update:

Just upgrade to chart version v0.20.1. I was able to get rid of that error by using the deprecated option dataStorage: 5Gi.

@nitrocode
Copy link
Member

That's bizarre. The volume claim template looks exactly the same.

helm-charts/charts/atlantis/templates/statefulset.yaml

Lines 520 to 548 in bc9db32

{{- if .Values.dataStorage }}
volumeClaimTemplates:
- metadata:
name: atlantis-data
spec:
accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
{{- if .Values.storageClassName }}
storageClassName: {{ .Values.storageClassName }} # Storage class of the volume
{{- end }}
resources:
requests:
# The biggest thing Atlantis stores is the Git repo when it checks it out.
# It deletes the repo after the pull request is merged.
storage: {{ .Values.dataStorage }}
{{- else if .Values.volumeClaim.enabled }}
volumeClaimTemplates:
- metadata:
name: atlantis-data
spec:
accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
{{- if .Values.volumeClaim.storageClassName }}
storageClassName: {{ .Values.volumeClaim.storageClassName }} # Storage class of the volume
{{- end }}
resources:
requests:
# The biggest thing Atlantis stores is the Git repo when it checks it out.
# It deletes the repo after the pull request is merged.
storage: {{ .Values.volumeClaim.dataStorage }}
{{- end }}

Values

helm-charts/charts/atlantis/values.yaml

Lines 271 to 283 in bc9db32

## Embedded data volume & volumeMount (default working)
volumeClaim:
enabled: true
## Disk space for to check out repositories
dataStorage: 5Gi
## Storage class name (if possible, use a resizable one)
# storageClassName: value
## To keep backwards compatibility
## DEPRECATED - Disk space for Atlantis to check out repositories
# dataStorage: 5Gi
## DEPRECATED - Storage class name for Atlantis disk
# storageClassName: value

Is this still an issue with the latest helm chart?

Could you show the helm template command diff between supplying the deprecated input and omitting it? Perhaps that will bubble up the issue here.

@particledecay
Copy link

I'm experiencing this same error. I'm installing into minikube. I tried chart version 4.0.0 and 4.12.2. Same error both times.

The only overrides I have are as follows:

orgAllowlist: github.com/particledecay/*
logLevel: debug
github:
  user: particledecay
vcsSecretName: github
awsSecretName: aws-credentials
repoConfig: |
  ---
  repos:
  - id: /.*/
    workflow: terragrunt
  workflows:
    terragrunt:
      plan:
        steps:
          - env:
              name: TERRAGRUNT_TFPATH
              command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
          - run: terragrunt run-all init -reconfigure
          - run: terragrunt plan -input=false -out=$PLANFILE
          - run: terragrunt show -json $PLANFILE > $SHOWFILE
      apply:
        steps:
          - env:
              name: TERRAGRUNT_TFPATH
              command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
          - run: terragrunt run-all init -reconfigure
          - run: terragrunt apply -input=false $PLANFILE

@GMartinez-Sisti
Copy link
Member

Is this still happening?

@GMartinez-Sisti GMartinez-Sisti added the waiting-on-response Waiting for a response from the user label May 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 5, 2024

This issue is stale because it has been open for 1 month with no activity. Remove stale label or comment or this will be closed in 1 month.'

@github-actions github-actions bot added the Stale label Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale waiting-on-response Waiting for a response from the user
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@particledecay @nokernel @nitrocode @akhan23wgu @GMartinez-Sisti