No cleanup on authorized_keys file backups

[ghost]

Gitea Version

1.12.0

Git Version

2.24.1

Operating System

Debian (Docker)

How are you running Gitea?

We are using the official Docker image.

Database

PostgreSQL

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Description

Hello,

When an user adds their SSH key to their profile, Gitea regenerates the authorized_keys file and renames the previous one as authorized_keys_TIMESTAMP.gitea_bak.
In Docker, this folder is located by default in /data/git/.ssh.

According to Gitea's dashboard, we currently have 17 500 users, with 26 400 public keys and 616 800 repositories.

Here's how it started:

bash-5.0# pwd
/data/git/.ssh
bash-5.0# ls -alh | head
total 1003G  
drwx------    2 git      git        11.6M Sep 22 09:16 .
drwxr-xr-x    4 git      git         4.0K Jun 28 07:06 ..
-rw-------    1 git      git        14.2M Sep 22 09:16 authorized_keys
-rw-------    1 git      git         3.2K Jan 23  2020 authorized_keys_1579798826.gitea_bak
-rw-------    1 git      git         3.2K Jan 23  2020 authorized_keys_1579798873.gitea_bak
-rw-------    1 git      git         3.2K Jan 23  2020 authorized_keys_1579798917.gitea_bak
-rw-------    1 git      git        33.7K Jan 23  2020 authorized_keys_1579799227.gitea_bak
-rw-------    1 git      git        33.7K Jan 23  2020 authorized_keys_1579799244.gitea_bak
-rw-------    1 git      git        34.7K Jan 23  2020 authorized_keys_1579799314.gitea_bak

Here's how it's going:

bash-5.0# ls -alh | tail
-rw-------    1 git      git        14.2M Sep 22 08:47 authorized_keys_1632300479.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:48 authorized_keys_1632300618.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:55 authorized_keys_1632300964.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:56 authorized_keys_1632301093.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 08:58 authorized_keys_1632301095.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:09 authorized_keys_1632301830.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:12 authorized_keys_1632301972.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:12 authorized_keys_1632301976.gitea_bak
-rw-------    1 git      git        14.2M Sep 22 09:16 authorized_keys_1632302204.gitea_bak
-rw-------    1 git      git           25 Jan 22  2020 environment

The size of the authorized_keys backups has reached 1 To:

bash-5.0# du -h -d 1 .
1002.7G	.

Can Gitea somehow cleanup its backups on a regular basis, while keeping the last X backups (e.g.: 50) ?

We have the opportunity to test Gitea in a large-scale organization, and up until now we're satisfied with it, it's very performant even though we have a lot of users:

NAME              CPU %        MEM USAGE / LIMIT     MEM %        NET I/O                  BLOCK I/O           PIDS
gitea_server_1    29.85%       775.7MiB / 7.791GiB   9.72%          639GB / 75GB        104TB / 549GB       51

I believe it only needs some minor adjustments to be scalable without issues, and this authorized_keys backup issue is one of those.

Do you think this issue can be fixed in Gitea ?

Thanks!

Screenshots

No response

[lunny]

Maybe we should only keep last x backups.

[mattrpav]

Suggest having config option similar to CI jobs that provides good flexibility for small installations and large:

• Max n number of backups
• Max n number of days

[mattrpav]

Note to users: if you experience slow startup times in Kubernetes, this could be the cause. Add a task to delete the '/data/git/.ssh/authorized_keys_*.gitea_bak' files periodically.

[mattrpav]

@lunny any update on a fix approach for this one?

[lunny]

Maybe we should have a cron job to do that. A PR is needed and it should not be very difficult.

[mattrpav]

Curiously, why are the backups made? We have a custom task that cleans out 30-50 around every 5 minutes or so.

[lonix1]

workaround for now:

[server]
SSH_AUTHORIZED_KEYS_BACKUP = false