1. 首页
  2. 笔记

Docker 挂载卷权限问题

发布于: 2019年5月20日
标签:,

今天在用docker 部署beanstalkd时遇见一个权限的问题,首先,拉取镜像并实例化容器,并且将/data目录挂载到当前宿主文件的data目录:

docker pull falconchen/beanstalkd:v1
docker run -d -v `pwd`/data:/data falconchen/beanstalkd:v1

执行完成,然后我们发现容器意外退出:

docker ps -l

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8660f2853fd falconchen/beanstalkd:v1 “beanstalkd -p 11300…” About a minute ago Exited (10) About a minute ago awesome_swartz

查看日志

docker logs c8660f2853fd

beanstalkd: walg.c:421 in waldirlock: open: Permission denied

查看容器内运行的用户

docker run -ti --rm --entrypoint="/bin/sh" falconchen/beanstalkd:v1 -c "whoami && id"

root
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

以root身份运行的.

查看容器 /data 目录权限

docker run -ti --rm --entrypoint="/bin/sh" falconchen/beanstalkd:v1 -c "ls -la / | grep data"

drwxr-xr-x 2 beanstal beanstal 6 May 20 07:11 data

是以beanstalkd身份运行,

需要查看beanstalkd用户的id,并在宿主机将该目录权限更改

docker run -ti --rm --entrypoint="/bin/sh" falconchen/beanstalkd:v1 -c "id beanstalkd"

uid=100(beanstalkd) gid=101(beanstalkd) groups=101(beanstalkd),101(beanstalkd)

 

在宿主机执行:

chown -R 100:101 data

重新挂载

docker run --name beanstalkd -d -v `pwd`/data:/data falconchen/beanstalkd:v1

docker ps -l

成功运行:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
452e4c8ed973 falconchen/beanstalkd:v1 “beanstalkd -p 11300…” 15 seconds ago Up 14 seconds 11300/tcp beanstalkd

 

附 Dockerfile:

FROM alpine:3.4
MAINTAINER Tuna Aras <iletisim@uretgec.com>

ENV VERSION_BEANSTALKD="1.10"

RUN addgroup -S beanstalkd && adduser -S -G beanstalkd beanstalkd
RUN apk add --no-cache 'su-exec>=0.2'

RUN apk --update add --virtual build-dependencies \
gcc \
make \
musl-dev \
curl \
&& curl -sL https://github.com/kr/beanstalkd/archive/v$VERSION_BEANSTALKD.tar.gz | tar xvz -C /tmp \
&& cd /tmp/beanstalkd-$VERSION_BEANSTALKD \
&& sed -i "s|#include <sys/fcntl.h>|#include <fcntl.h>|g" sd-daemon.c \
&& make \
&& cp beanstalkd /usr/bin \
&& apk del build-dependencies \
&& rm -rf /tmp/* \
&& rm -rf /var/cache/apk/*

RUN mkdir /data && chown beanstalkd:beanstalkd /data
VOLUME ["/data"]
EXPOSE 11300

ENTRYPOINT ["beanstalkd", "-p", "11300", "-u", "beanstalkd"]
CMD ["-b", "/data"]

 

- EOF -