1

I'm developing a Docker infrastructure with Ansible and Docker Compose and I have a problem with my custom image of Gitea. I want to use a custom image because I need to implement authentication via LDAP. The error that i get inside the container log is:

sudo: unknown user: gitea
sudo: error initializing audit plugin sudoers_audit

This is my configuration:

app.ini (of Gitea)

[DEFAULT]
RUN_USER = git
RUN_MODE = prod

...

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = db:5432
NAME = gitea
USER = gitea
PASSWD = gitea
LOG_SQL = false

...

Dockerfile

FROM gitea/gitea:1.16.8
RUN apk add sudo
RUN chmod 777 /home
COPY entrypoint /usr/bin/custom_entrypoint
COPY gitea-cli.sh /usr/bin/gitea-cli.sh
ENTRYPOINT /usr/bin/custom_entrypoint

entrypoint

#!/bin/sh
set -e
echo 'Started entrypoint'
while ! nc -z $GITEA__database__HOST; do sleep 1; done;
echo 'Starting operations'
gitea-cli.sh migrate
>- gitea-cli.sh admin auth add-ldap --name ansible-ldap --host 127.0.0.1 --port 1389 --security-protocol unencrypted --user-search-base dc=ldap,dc=vcc,dc=unige,dc=it --admin-filter "(objectClass=giteaAdmin)" --user-filter "(&(objectClass=inetOrgPerson)(uid=%s))" --username-attribute uid --firstname-attribute givenName --surname-attribute surname --email-attribute mail --bind-dn cn=admin,dc=ldap,dc=vcc,dc=unige,dc=it --bind-password admin --allow-deactivate-all
echo 'Ending entrypoint'

gitea-cli.sh

#!/bin/sh
echo 'Started gitea-cli'
USER=git HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea sudo -E -u git gitea --config /data/gitea/conf/app.ini "$@"

docker-compose.yaml

db:
    image: postgres:14.3
    restart: always
    hostname: db
    environment:
      POSTGRES_DB: gitea
      POSTGRES_USER: gitea
      POSTGRES_PASSWORD: gitea
    ports:
      - 5432:5432
    volumes:
      - /data/postgres:/var/lib/postgresql/data
    networks:
      - vcc

  openldap:
    image: bitnami/openldap:2.5
    ports:
      - 1389:1389
      - 1636:1636
    environment:
      BITNAMI_DEBUG: "true"
      LDAP_LOGLEVEL: 4
      LDAP_ADMIN_USERNAME: admin
      LDAP_ADMIN_PASSWORD: admin
      LDAP_ROOT: dc=ldap,dc=vcc,dc=unige,dc=it
      LDAP_CUSTOM_LDIF_DIR: /bitnami/openldap/backup
      LDAP_CUSTOM_SCHEMA_FILE: /bitnami/openldap/schema/schema.ldif
    volumes:
      - /data/openldap/:/bitnami/openldap
    networks:
      - vcc

  gitea:
    image: 127.0.0.1:5000/custom_gitea:51
    restart: always
    hostname: git.localdomain
    build: /data/gitea/custom
    ports:
      - 4000:4000
      - 222:22
    environment:
      USER: git
      USER_UID: 1000
      USER_GID: 1000
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: db:5432
      GITEA__database__NAME: gitea
      GITEA__database__USER: gitea
      GITEA__database__PASSWD: gitea
      GITEA__security__INSTALL_LOCK: "true"
      GITEA__security__SECRET_KEY: XQolFkmSxJWhxkZrkrGbPDbVrEwiZshnzPOY
    volumes:
      - /data/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /data/gitea/app.ini:/data/gitea/conf/app.ini
    # deploy:
    #   mode: global
    depends_on:
      - db
      - openldap
      - openldap_admin
    networks:
      - vcc
Luca
  • 95
  • 1
  • 2
  • 11
  • 1
    **gitea** user don't exist in the image. Replace gitea by git in the gitea service of the dockerfile and the app.ini **OR** add `RUN adduser -h /data/gitea -D -s /bin/bash gitea` in the docker and change it's **USER_UID** and **USER_GUI** env with 1001 (1000 is git) – Dr Claw Jul 04 '22 at 13:31
  • @DrClaw thank you, that solved the error, but now gitea is in a loop and continue to restart itself, do you know why? I have updated the question with the changes that you have suggested. – Luca Jul 04 '22 at 13:59
  • 1
    Can you send in a gist the output of `docker compose logs gitea`. Without i can't know. – Dr Claw Jul 04 '22 at 14:26
  • 1
    maybe replace **/home/gitea** by **/data/git** in gitea-cli.sh (its home folder) "git:x:1000:1000:Linux User,,,:/data/git:/bin/bash" – Dr Claw Jul 04 '22 at 14:30
  • @DrClaw the logs say: "settings saved to /data/gitea/conf/app.ini" and right after that "error saving to custom config: open /data/gitea/conf/app.ini permission denied" – Luca Jul 04 '22 at 14:46
  • @DrClaw and this makes the service into a bootloop, do you know why? Thank you – Luca Jul 04 '22 at 14:49
  • 1
    Remplace every "/data/gitea" by "/data/git" – Dr Claw Jul 04 '22 at 15:04
  • @DrClaw I have replaced them but now it says "Unable to find configuration file /data/git/conf/app.ini" – Luca Jul 04 '22 at 15:13
  • 1
    Previous comment is bad. Before `gitea-cli.sh migrate` in entrypoint trye `chown -R 1000:1000 /data/gitea/conf` – Dr Claw Jul 04 '22 at 15:25
  • @DrClaw that finally worked, unfortunately I got another error: "failed to run app with [ usr/bin/local/ gitea --config /data/gitea/conf/app.ini admin auth add-ldap etc...]: login source already exists [name: ansible-ldap]". I think that I need to remove the previous ansible-ldap before installing the new one, right? – Luca Jul 04 '22 at 15:45
  • 1
    I think yes and delete also the database. – Dr Claw Jul 04 '22 at 15:51

1 Answers1

2

User gitea simply don't exist in the image.

docker run -it --rm --entrypoint /bin/sh gitea/gitea:1.16.8
/ # grep gitea /etc/shadow
/ # grep gitea /etc/passwd
/ #

The default user is git:

docker run -it --rm --entrypoint /bin/sh gitea/gitea:1.16.8
/ # tail -1 /etc/passwd
git:x:1000:1000:Linux User,,,:/data/git:/bin/bash
/ #

There is two solutions:

  • add gitea user (not recommended)
  • use the default user provide by the image (git).

Adding gitea user

Just add adduser in your Dockerfile and it should work:

FROM gitea/gitea:1.16.8
RUN adduser -D -s /bin/bash gitea   # <---- HERE
RUN apk add sudo
COPY entrypoint /usr/bin/custom_entrypoint
COPY gitea-cli.sh /usr/bin/gitea-cli.sh
ENTRYPOINT /usr/bin/custom_entrypoint

You'll also have to change the USER_UID and USER_GID with 1001 (user 1000 is git)

Using default user

Just replace user gitea with git in the gitea service of the dockerfile and in the app.ini .

After that, if you have error like:

error saving to custom config: open /data/gitea/conf/app.ini permission denied

You have to add chown -R 1000:1000 /data/gitea/conf before gitea-cli.sh migrate in entrypoint.

Because you share volume between the host and the container, this will work only if you host user have UID 1000. If not you will have to modify the gitea service in the docker-compose.yml.

Example with an user id of 1002:

docker-compose.yml:

  gitea:
    image: 127.0.0.1:5000/custom_gitea:51
    restart: always
    [...]
    environment:
      USER: git
      USER_UID: 1002
      USER_GID: 1002
    [...]
    user: 1002:1002 # <----- HERE

and before the ENTRYPOINT in the dockerfile:

USER git
ENTRYPOINT ....
Dr Claw
  • 636
  • 4
  • 15