distribution icon indicating copy to clipboard operation
distribution copied to clipboard
verified publisher icon distribution

Azure Blob storage not working if hierarchical namespaces

Open CisorKnight opened this issue 2 years ago • 8 comments

Hi, I recently installed the project through gitlab helm chart and I had an issue while pushing an image. The layers upload keep retrying and it ends up returning a 500 error.

I had the following error log message:

unable to delete layer upload resources "/docker/registry/v2/repositories/.../.../_uploads/fa93f285-8bec-4ce4-9f23-1fd3e26c8c3b": azure: storage: service returned error: StatusCode=409, ErrorCode=DirectoryIsNotEmpty, ErrorMessage=This operation is not permitted on a non-empty directory.

I found this issue from pgbackrest project that helps me figure out the problem. I created a storage account with the hierarchical namespaces option activated. I tried to create another storage account without hierarchical namespaces and i was able to push an image without errors.

I think it would be great to specify in the documentation that the azure storage account should not use hierarchical namespaces

CisorKnight avatar Nov 09 '23 15:11 CisorKnight

I recently installed the project through gitlab helm chart and I had an issue while pushing an image.

I've never used this helm chart so I dont know what release it uses

I think it would be great to specify in the documentation that the azure storage account should not use hierarchical namespaces

Feel free to open a PR

milosgajdos avatar Nov 13 '23 20:11 milosgajdos

I would be happy to provide a PR for this issue @milosgajdos Can you please point me to the module that is responsible for interacting with CSP storage APIs ?

anwarchk avatar Apr 30 '24 16:04 anwarchk

module that is responsible for interacting with CSP storage APIs ?

What is a CSP?

milosgajdos avatar Apr 30 '24 16:04 milosgajdos

module that is responsible for interacting with CSP storage APIs ?

What is a CSP?

Cloud Service Provider

anwarchk avatar Apr 30 '24 17:04 anwarchk

I assume you might be using an SDK or something similar to interact with storage APIs from Azure, AWS etc. I am facing this similar issue in https://github.com/goharbor/harbor and found that they are using distribution lib underneath to interact with Azure blob store.

anwarchk avatar Apr 30 '24 17:04 anwarchk

@CisorKnight Were you able to find a work around for this ? What we are doing right now is to not enable HNS on the storage account, but then we use the ACL to manage fine grained permissions.

anwarchk avatar Apr 30 '24 17:04 anwarchk

yeah, I mean this extremely outdated -- in fact we no longer update 2.x releases/branches

https://github.com/goharbor/harbor/blob/d01dfd450abbb25cea82bb1c3d546c8dce2fe0eb/src/go.mod#L19

But to answer your question, you can find all support storage drivers in: https://github.com/distribution/distribution/tree/main/registry/storage/driver

milosgajdos avatar Apr 30 '24 17:04 milosgajdos