Skip to content

No cleanup on authorized_keys file backups #17117

Closed
@ghost

Description

Gitea Version

1.12.0

Git Version

2.24.1

Operating System

Debian (Docker)

How are you running Gitea?

We are using the official Docker image.

Database

PostgreSQL

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Description

Hello,

When an user adds their SSH key to their profile, Gitea regenerates the authorized_keys file and renames the previous one as authorized_keys_TIMESTAMP.gitea_bak.
In Docker, this folder is located by default in /data/git/.ssh.

According to Gitea's dashboard, we currently have 17 500 users, with 26 400 public keys and 616 800 repositories.

Here's how it started:

bash-5.0# pwd
/data/git/.ssh
bash-5.0# ls -alh | head
total 1003G  
drwx------    2 git      git        11.6M Sep 22 09:16 .
drwxr-xr-x    4 git      git         4.0K Jun 28 07:06 ..
-rw-------    1 git      git        14.2M Sep 22 09:16 authorized_keys
-rw-------    1 git      git         3.2K Jan 23  2020 authorized_keys_1579798826.gitea_bak
-rw-------    1 git      git         3.2K Jan 23  2020 authorized_keys_1579798873.gitea_bak
-rw-------    1 git      git         3.2K Jan 23  2020 authorized_keys_1579798917.gitea_bak
-rw-------    1 git      git        33.7K Jan 23  2020 authorized_keys_1579799227.gitea_bak
-rw-------    1 git      git        33.7K Jan 23  2020 authorized_keys_1579799244.gitea_bak
-rw-------    1 git      git        34.7K Jan 23  2020 authorized_keys_1579799314.gitea_bak

Here's how it's going:

bash-5.0# ls -alh | tail
-rw-------    1 git      git        14.2M Sep 22 08:47 authorized_keys_1632300479.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:48 authorized_keys_1632300618.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:55 authorized_keys_1632300964.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:56 authorized_keys_1632301093.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:58 authorized_keys_1632301095.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:09 authorized_keys_1632301830.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:12 authorized_keys_1632301972.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:12 authorized_keys_1632301976.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:16 authorized_keys_1632302204.gitea_bak
-rw-------    1 git      git           25 Jan 22  2020 environment

The size of the authorized_keys backups has reached 1 To:

bash-5.0# du -h -d 1 .
1002.7G	.

Can Gitea somehow cleanup its backups on a regular basis, while keeping the last X backups (e.g.: 50) ?

We have the opportunity to test Gitea in a large-scale organization, and up until now we're satisfied with it, it's very performant even though we have a lot of users:

NAME              CPU %        MEM USAGE / LIMIT     MEM %        NET I/O                  BLOCK I/O           PIDS
gitea_server_1    29.85%       775.7MiB / 7.791GiB   9.72%          639GB / 75GB        104TB / 549GB       51

I believe it only needs some minor adjustments to be scalable without issues, and this authorized_keys backup issue is one of those.

Do you think this issue can be fixed in Gitea ?

Thanks!

Screenshots

No response

Activity

lunny

lunny commented on Sep 22, 2021

@lunny
Member

Maybe we should only keep last x backups.

mattrpav

mattrpav commented on Jan 25, 2023

@mattrpav

Suggest having config option similar to CI jobs that provides good flexibility for small installations and large:

  • Max n number of backups
  • Max n number of days
mattrpav

mattrpav commented on Feb 19, 2023

@mattrpav

Note to users: if you experience slow startup times in Kubernetes, this could be the cause. Add a task to delete the '/data/git/.ssh/authorized_keys_*.gitea_bak' files periodically.

mattrpav

mattrpav commented on May 11, 2023

@mattrpav

@lunny any update on a fix approach for this one?

lunny

lunny commented on May 12, 2023

@lunny
Member

Maybe we should have a cron job to do that. A PR is needed and it should not be very difficult.

mattrpav

mattrpav commented on May 12, 2023

@mattrpav

Curiously, why are the backups made? We have a custom task that cleans out 30-50 around every 5 minutes or so.

lonix1

lonix1 commented on Jun 21, 2023

@lonix1
Contributor

workaround for now:

[server]
SSH_AUTHORIZED_KEYS_BACKUP = false
added a commit that references this issue on Jul 1, 2023
469d89b
locked as resolved and limited conversation to collaborators on Aug 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/enhancementAn improvement of existing functionality

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @lunny@mattrpav@lonix1

      Issue actions

        No cleanup on authorized_keys file backups · Issue #17117 · go-gitea/gitea