5

With the second generation runtime of Google Cloud Run, it's now possible to mount Google Storage Buckets using gcsfuse.

https://cloud.google.com/run/docs/tutorials/network-filesystems-fuse

The python3 example is working fine. Unfortunately, I keep getting this error with my Dockerfile:

bin/fusermount: failed to open /dev/fuse: Permission denied
mountWithArgs: mountWithConn: Mount: mount: running /bin/fusermount: exit status 1

screenshot

Dockerfile

# https://github.com/chiaen/docker-gcsfuse
FROM golang:1.17.5-alpine as gcsfuse
RUN apk add --no-cache git
ENV GOPATH /go
RUN go get -u github.com/googlecloudplatform/gcsfuse

FROM composer:2 as vendor
COPY composer.json composer.json
COPY composer.lock composer.lock
RUN composer install --ignore-platform-reqs --no-interaction --prefer-dist

FROM craftcms/nginx:7.4

ENV MNT_DIR /mnt/gcs

USER root
RUN apk add --no-cache mysql-client postgresql-client ca-certificates fuse nano sudo tini bash

RUN mkdir -p $MNT_DIR
RUN chown www-data:www-data $MNT_DIR
USER www-data

COPY --chown=www-data:www-data --from=vendor /app/vendor/ /app/vendor/
COPY --chown=www-data:www-data . .
COPY --from=gcsfuse /go/bin/gcsfuse /usr/local/bin
COPY supervisor.conf /etc/supervisor/conf.d/supervisor.conf

Since there are a few files, I put all the files into a github repo. https://github.com/internetztube/cloud-run-persistent-storage-issue

miken32
  • 42,008
  • 16
  • 111
  • 154
Fred
  • 868
  • 10
  • 22
  • I followed the tutorial in the doc, and it works for me: https://cloud.google.com/run/docs/tutorials/network-filesystems-fuse#defining_your_environment_configuration_with_the_dockerfile – guillaume blaquiere Dec 18 '21 at 21:39
  • The example in the documentation is working for me as well. Problem is that I need PHP and NGINX in the container. I strongly orientated myself on the example and therefore it should work the same way, but it doesn't. @guillaumeblaquiere – Fred Dec 18 '21 at 23:00
  • 1) Note this line **COPY --chown=www-data:www-data . .** You have not specified **WORKDIR** in your container. You might be changing file permissions in the container depending on what files are located in the source directory. That might not fix your issue, but should be corrected. – John Hanley Dec 18 '21 at 23:44
  • 2) You are running the **gcsfuse.sh** script from supervisor. However, you have changed the USER to **www-data**. You are getting a permission error on **/dev/fuse**. As a test, change the USER from **www-data** to **root** temporarily to see if that is the actual issue. – John Hanley Dec 18 '21 at 23:46
  • @JohnHanley I removed the `USER www-data` from Dockerfile. Plus also printed `whoami` in gcsfuse.sh. User is `root`. Still does not work. I don't think it's a permissions issue, but that something is wrong with the underlying mounting command. – Fred Dec 19 '21 at 15:55
  • What does `ls -l /dev/fuse` show? – user3840170 Dec 21 '21 at 00:10
  • Does help? – user3840170 Dec 21 '21 at 00:14
  • @user3840170 `/app $ ls -l /dev/fuse ls: /dev/fuse: No such file or directory` – Fred Dec 21 '21 at 10:44

1 Answers1

5

Update:

I solved it mounting GCS bucket in Cloud Run and read/write of object with the following changes:

  • Dockerfile:
# https://github.com/chiaen/docker-gcsfuse
FROM golang:1.17.5-alpine as gcsfuse
RUN apk add --no-cache git
ENV GOPATH /go
RUN go get -u github.com/googlecloudplatform/gcsfuse

FROM composer:2 as vendor
COPY composer.json composer.json
COPY composer.lock composer.lock
RUN composer install --ignore-platform-reqs --no-interaction --prefer-dist

FROM craftcms/nginx:7.4

ENV MNT_DIR /mnt/gcs

USER root
RUN apk add --no-cache mysql-client postgresql-client ca-certificates fuse nano sudo tini bash
RUN mkdir -p $MNT_DIR
RUN chown www-data:www-data $MNT_DIR

COPY --chown=www-data:www-data --from=vendor /app/vendor/ /app/vendor/
COPY --chown=www-data:www-data . .
COPY --from=gcsfuse /go/bin/gcsfuse /usr/local/bin
COPY supervisor.conf /etc/supervisor/conf.d/supervisor.conf
  • Added -file-mode=777 -dir-mode=777 together with gcsfuse command in gcsfuse.sh to enable read/write inside the mounted directory of GCS bucket:
gcsfuse -o rw,allow_other -file-mode=777 -dir-mode=777 --foreground --debug_http --debug_gcs --debug_fuse --implicit-dirs $DISK_BUCKET $MNT_DIR
  • Hardcoding the path (/mnt/gcs/demo.txt instead of ../storage/demo.txt) for testing in the file web/index.php.

Screenshot output:

enter image description here

JM Gelilio
  • 3,482
  • 1
  • 11
  • 23
  • 1
    I think it is not a permissions error because `/dev/fuse` does not exist. Get this error here: `sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper` `sudo: a password is required` - `2021-12-21 10:44:23,121 INFO gave up: gcsfuse entered FATAL state, too many start retries too quickly` - `2021-12-21 10:44:23,122 INFO reaped unknown pid 19 (exit status 0)` – Fred Dec 21 '21 at 11:47
  • 1
    Plus also the file changes do not appear in the storage bucket admin interface. – Fred Dec 21 '21 at 12:02
  • 2
    @Fred I fixed it, please see the updated answer – JM Gelilio Dec 23 '21 at 10:27
  • 1
    I have also updated the Github repo! Thanks for your efforts! – Fred Dec 23 '21 at 10:34