如何使用docker在bluemix卷上修复权限? [英] How can I fix the permissions using docker on a bluemix volume?
问题描述
在容器中,我试图启动mysqld。
我能够创建一个映像并推送到注册表,但是当我想启动它时, / var / lib / mysql
卷无法初始化,因为我尝试执行一个 chown mysql
不允许。
我检查了docker具体的解决方案,但现在我无法做任何工作。
有没有办法在bluemix上绑定安装的文件夹设置正确的权限?或者是支持 - 卷 -
的选项,我似乎无法使其正常工作。
只能解决我现在可以看到的是以root身份运行mysqld,但我宁愿不会。
尝试使用mount-bind
- 使用
创建一个卷,使用
cf ic volume create database
-
try在我的数据库容器上运行
mysql_install_db
来初始化其内容
docker run --name init_vol -v database:/ var / lib / mysql registry.ng.bluemix.net//:mysql_install_db --user = mysql
mysql_install_db是应该填入/ var / lib / mysql并将权限设置为--user选项中设置的所有者
我得到 chown: / var / lib / mysql的所有权:Permission denied
。
我也以不同的方式尝试了上述方法,使用sudo或脚本。我尝试使用 mysql_install_db --user = root
,它正确设置我的文件夹,除了它是root用户拥有的,我宁愿保持mysql作为mysql用户运行
尝试使用卷 - 从数据容器
-
我创建一个容量为'/ var / lib / mysql'的数据容器
docker run --name db_data -v / var / lib / mysql registry.ng.bluemix.net //:mysql_install_db --user = mysql
-
我运行我的db容器,选项--volumes-从
docker run --name db_srv --volumes-from = db_data registry.ng.bluemix.net//:sh -c'mysqld_safe& tail -f /var/log/mysql.err'
docker inspect db_srv
显示:
[{BluemixApp:null,Config:{
...,
WorkingDir:,
...} ...}]
cf ic logs db_srv
显示:
150731 15:25:11 mysqld_safe启动mysqld守护进程与数据库从
/ var / lib / mysql 150731 15:25:11 [注意] / usr / sbin / mysqld(mysqld
5.5.44-0ubuntu0.14.04.1-log)以进程377开头/ usr / sbin / mysqld:文件'./mysql-bin.index'未找到(错误代码:13)
150731 15:25:11 [错误]中止
这是由于不支持的卷,以及第一个不在第二个运行中创建的数据。
在IBM Containers中,为docker引擎启用了用户命名空间。 Permission denied问题似乎是因为NFS不允许从容器映射的用户执行操作。
在本地设置上,在docker主机上,安装了NFS(使用no_root_squash选项导出)。并使用-v选项将卷附加到容器。当容器是从禁用用户命名空间的docker生成的
时,我可以更改容器内的bind-mount的所有权。但是使用用户命名空间启用docker,我得到
chown:更改'/ mnt / volmnt'的所有权:操作不允许
由cf( cf ic volume create ...
)创建的卷是NFS,要验证只需尝试 mount - t nfs4
从容器。
当,docker引擎启用了用户命名空间。容器内有效的根
是容器进程的一个非根
用户端,NFS不允许映射非root用户对容器内的卷执行chown操作。
这是解决方法,你可能想尝试
-
在Dockerfile中
1.1创建用户
mysql
与UID 1010或任何免费的ID,在MySql安装之前。
其他容器或新容器可以使用UID 1010访问卷上的mysql数据文件
RUN groupadd --gid 1010 mysql
RUN useradd --uid 1010 --gid 1010 -m --shell / bin / bash mysql
1.2安装MySqlL但不初始化数据库
运行apt-get更新&& apt-get install -y mysql-server&& rm -rf / var / lib / mysql&&& rm -rf / var / lib / apt / lists / *
-
在入门点脚本
2.1在用户
mysql
下,在bind-mount下创建mysql数据目录,然后将其链接为/ var / lib / mysql
假设卷已经装载在容器内的
/ mnt / db
code> ice run -v< volume name>:/ mnt / db --publish 3306 ... 或cf ic run --volume< volume name> ; / / mnt / db ...
)。
定义mountpath env var
MOUNTPATH =/ mnt / db
将mysql添加到组root
adduser mysql root
设置安装卷的权限,以便
root
组成员可以创建目录和文件
chmod 775 $ MOUNTPATH
在卷
下创建mysql目录
su -cmkdir -p / mnt / db / mysqlmysql
ln -sf / mnt / db / mysql / var / lib / mysql
chown -h mysql:mysql / var / lib / mysql
从组
中删除
mysql
根
deluser mysql root
chmod 755 $ MOUNTPATH
2.2首次使用用户初始化数据库
mysql
su -cmysql_install_db --datadir = / var / lib / mysqlmysql
2.3以用户
mysql启动mysql服务器
su -c/ usr / bin / mysqld_safemysql
In a container, I am trying to start mysqld.
I was able to create an image and push to the registry but when I want to start it, the /var/lib/mysql
volume can't be initialized as I try to do a chown mysql
on it and it is not allowed.
I checked docker specific solutions but for now I couldn't make any work.
Is there a way to set the right permissions on a bind-mounted folder from bluemix ? Or is the option --volumes-from
supported, I can't seem to make it work.
The only solution I can see right now is running mysqld as root, but I would rather not.
Try with mount-bind
- created a volume on bluemix using
cf ic volume create database
try to run
mysql_install_db
on my db container to initialize it's contentdocker run --name init_vol -v database:/var/lib/mysql registry.ng.bluemix.net//: mysql_install_db --user=mysql
mysql_install_db is supposed to populate the /var/lib/mysql and set the rights to the owner set in the --user option
I get chown: changing ownership of '/var/lib/mysql': Permission denied
.
I also tried the above in different ways, using sudo or a script. I tried with mysql_install_db --user=root
, which does setup my folder correctly, except it is owned by the root user, and I would rather keep mysql running as the mysql user.
Try with volumes-from data container
I create a data container with a volume '/var/lib/mysql'
docker run --name db_data -v /var/lib/mysql registry.ng.bluemix.net//: mysql_install_db --user=mysql
I run my db container with the option --volumes-from
docker run --name db_srv --volumes-from=db_data registry.ng.bluemix.net//: sh -c 'mysqld_safe & tail -f /var/log/mysql.err'
docker inspect db_srv
shows:
[{ "BluemixApp": null, "Config": { ..., "WorkingDir": "", ... } ... }]
cf ic logs db_srv
shows:
150731 15:25:11 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 150731 15:25:11 [Note] /usr/sbin/mysqld (mysqld 5.5.44-0ubuntu0.14.04.1-log) starting as process 377 .. /usr/sbin/mysqld: File './mysql-bin.index' not found (Errcode: 13) 150731 15:25:11 [ERROR] Aborting
which is due to volumes-from not beeing supported, and to data created in the first not staying in the second run.
In IBM Containers, the user namespace is enabled for docker engine. The "Permission denied " issue appears to be because the NFS is not allowing mapped user, from container, to perform the operation.
On my local setup, on the docker host, mounted a NFS (exported with no_root_squash option). and attached the volume to container using -v option. When the container is
spawned from docker with disabled user namespace, I am able to change the ownership for bind-mount inside the container. But With user namespace enabled docker, I am getting
chown: changing ownership of ‘/mnt/volmnt’: Operation not permitted
The volume created by cf (cf ic volume create ...
) is a NFS, to verify just try mount -t nfs4
from container.
When, the user namespace is enabled for docker engine. The effective root
inside the container is a non-root
user out side the container process and NFS is not allowing the mapped non-root user to perform the chown operation on the volume inside the container.
Here is the work-around, you may want to try
In the Dockerfile
1.1 Create user
mysql
with UID 1010, or any free ID, before MySql installation. Other Container or new Container can access mysql data files on Volume with UID 1010RUN groupadd --gid 1010 mysql
RUN useradd --uid 1010 --gid 1010 -m --shell /bin/bash mysql
1.2 Install MySqlL but do not initialize database
RUN apt-get update && apt-get install -y mysql-server && rm -rf /var/lib/mysql && rm -rf /var/lib/apt/lists/*
In the entry point script
2.1 Create mysql Data directory under bind-mount as user
mysql
and then link it as/var/lib/mysql
Suppose the volume is mounted at
/mnt/db
inside the container (ice run -v <volume name>:/mnt/db --publish 3306...
orcf ic run --volume <volume name>:/mnt/db ...
). Define mountpath env varMOUNTPATH="/mnt/db"
Add mysql to group "root"
adduser mysql root
Set permission for mounted volume so that
root
group members can create directory and fileschmod 775 $MOUNTPATH
Create mysql directory under Volume
su -c "mkdir -p /mnt/db/mysql" mysql
su -c "chmod 700 /mnt/db/mysql" mysql
Link the directory to /var/lib/mysql
ln -sf /mnt/db/mysql /var/lib/mysql
chown -h mysql:mysql /var/lib/mysql
Remove
mysql
from grouproot
deluser mysql root
chmod 755 $MOUNTPATH
2.2 For first time, initialize database as user
mysql
su -c "mysql_install_db --datadir=/var/lib/mysql" mysql
2.3 Start the mysql server as user
mysql
su -c "/usr/bin/mysqld_safe" mysql
这篇关于如何使用docker在bluemix卷上修复权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!