如何使用docker在bluemix卷上修复权限？ [英] How can I fix the permissions using docker on a bluemix volume?

问题描述

在容器中，我试图启动mysqld。

我能够创建一个映像并推送到注册表，但是当我想启动它时， / var / lib / mysql 卷无法初始化，因为我尝试执行一个 chown mysql 不允许。

我检查了docker具体的解决方案，但现在我无法做任何工作。

有没有办法在bluemix上绑定安装的文件夹设置正确的权限？或者是支持 - 卷 - 的选项，我似乎无法使其正常工作。

只能解决我现在可以看到的是以root身份运行mysqld，但我宁愿不会。

尝试使用mount-bind

1. 使用创建一个卷，使用 cf ic volume create database



2. try在我的数据库容器上运行 mysql_install_db 来初始化其内容

   
   
   

   docker run --name init_vol -v database：/ var / lib / mysql registry.ng.bluemix.net//：mysql_install_db --user = mysql

mysql_install_db是应该填入/ var / lib / mysql并将权限设置为--user选项中设置的所有者

我得到 chown： / var / lib / mysql的所有权：Permission denied 。

我也以不同的方式尝试了上述方法，使用sudo或脚本。我尝试使用 mysql_install_db --user = root ，它正确设置我的文件夹，除了它是root用户拥有的，我宁愿保持mysql作为mysql用户运行

尝试使用卷 - 从数据容器

1. 我创建一个容量为'/ var / lib / mysql'的数据容器

   
   
   

   docker run --name db_data -v / var / lib / mysql registry.ng.bluemix.net //：mysql_install_db --user = mysql




2. 我运行我的db容器，选项--volumes-从

   
   
   

   docker run --name db_srv --volumes-from = db_data registry.ng.bluemix.net//：sh -c'mysqld_safe& tail -f /var/log/mysql.err'

docker inspect db_srv 显示：

[{BluemixApp：null，Config：{
...，
WorkingDir：，
...} ...}]

cf ic logs db_srv 显示：

150731 15:25:11 mysqld_safe启动mysqld守护进程与数据库从
/ var / lib / mysql 150731 15:25:11 [注意] / usr / sbin / mysqld（mysqld
5.5.44-0ubuntu0.14.04.1-log）以进程377开头/ usr / sbin / mysqld：文件'./mysql-bin.index'未找到（错误代码：13）
150731 15:25:11 [错误]中止

这是由于不支持的卷，以及第一个不在第二个运行中创建的数据。

解决方案

在IBM Containers中，为docker引擎启用了用户命名空间。 Permission denied问题似乎是因为NFS不允许从容器映射的用户执行操作。

在本地设置上，在docker主机上，安装了NFS（使用no_root_squash选项导出）。并使用-v选项将卷附加到容器。当容器是从禁用用户命名空间的docker生成的
时，我可以更改容器内的bind-mount的所有权。但是使用用户命名空间启用docker，我得到
chown：更改'/ mnt / volmnt'的所有权：操作不允许

由cf（ cf ic volume create ... ）创建的卷是NFS，要验证只需尝试 mount - t nfs4 从容器。
当，docker引擎启用了用户命名空间。容器内有效的根是容器进程的一个非根用户端，NFS不允许映射非root用户对容器内的卷执行chown操作。

这是解决方法，你可能想尝试

1. 在Dockerfile中

   
   
   

   1.1创建用户 mysql 与UID 1010或任何免费的ID，在MySql安装之前。
   其他容器或新容器可以使用UID 1010访问卷上的mysql数据文件

   
   
   

   RUN groupadd --gid 1010 mysql

   
   
   

   RUN useradd --uid 1010 --gid 1010 -m --shell / bin / bash mysql

   
   
   

   1.2安装MySqlL但不初始化数据库

   
   
   

   运行apt-get更新&& apt-get install -y mysql-server&& rm -rf / var / lib / mysql&&& rm -rf / var / lib / apt / lists / *




2. 在入门点脚本

   
   
   

   2.1在用户 mysql 下，在bind-mount下创建mysql数据目录，然后将其链接为 / var / lib / mysql

   
   
   

   假设卷已经装载在容器内的 / mnt / db code> ice run -v< volume name>：/ mnt / db --publish 3306 ... 或 cf ic run --volume< volume name> ; / / mnt / db ... ）。
   定义mountpath env var

   
   
   

   MOUNTPATH =/ mnt / db

   
   
   

   将mysql添加到组root

   
   
   

   adduser mysql root

   
   
   

   设置安装卷的权限，以便 root 组成员可以创建目录和文件

   
   
   

   chmod 775 $ MOUNTPATH

   
   
   

   在卷

   
   下创建mysql目录
   

   su -cmkdir -p / mnt / db / mysqlmysql

   
   
   

   
   
   

   ln -sf / mnt / db / mysql / var / lib / mysql

   
   
   

   chown -h mysql：mysql / var / lib / mysql

   
   
   

   从组中删除​​ mysql 根

   
   
   

   deluser mysql root

   
   
   

   chmod 755 $ MOUNTPATH

   
   
   

   2.2首次使用用户初始化数据库 mysql

   
   
   

   su -cmysql_install_db --datadir = / var / lib / mysqlmysql

   
   
   

   2.3以用户 mysql启动mysql服务器

   
   
   

   su -c/ usr / bin / mysqld_safemysql

In a container, I am trying to start mysqld.

I was able to create an image and push to the registry but when I want to start it, the /var/lib/mysql volume can't be initialized as I try to do a chown mysql on it and it is not allowed.

I checked docker specific solutions but for now I couldn't make any work.

Is there a way to set the right permissions on a bind-mounted folder from bluemix ? Or is the option --volumes-from supported, I can't seem to make it work.

The only solution I can see right now is running mysqld as root, but I would rather not.

Try with mount-bind

1. created a volume on bluemix using cf ic volume create database

2. try to run mysql_install_db on my db container to initialize it's content

   docker run --name init_vol -v database:/var/lib/mysql registry.ng.bluemix.net//: mysql_install_db --user=mysql

mysql_install_db is supposed to populate the /var/lib/mysql and set the rights to the owner set in the --user option

I get chown: changing ownership of '/var/lib/mysql': Permission denied.

I also tried the above in different ways, using sudo or a script. I tried with mysql_install_db --user=root, which does setup my folder correctly, except it is owned by the root user, and I would rather keep mysql running as the mysql user.

Try with volumes-from data container

1. I create a data container with a volume '/var/lib/mysql'

   docker run --name db_data -v /var/lib/mysql registry.ng.bluemix.net//: mysql_install_db --user=mysql

2. I run my db container with the option --volumes-from

   docker run --name db_srv --volumes-from=db_data registry.ng.bluemix.net//: sh -c 'mysqld_safe & tail -f /var/log/mysql.err'

docker inspect db_srv shows:

[{ "BluemixApp": null, "Config": { ..., "WorkingDir": "", ... } ... }]

cf ic logs db_srv shows:

150731 15:25:11 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 150731 15:25:11 [Note] /usr/sbin/mysqld (mysqld 5.5.44-0ubuntu0.14.04.1-log) starting as process 377 .. /usr/sbin/mysqld: File './mysql-bin.index' not found (Errcode: 13) 150731 15:25:11 [ERROR] Aborting

which is due to volumes-from not beeing supported, and to data created in the first not staying in the second run.

解决方案

In IBM Containers, the user namespace is enabled for docker engine. The "Permission denied " issue appears to be because the NFS is not allowing mapped user, from container, to perform the operation.

On my local setup, on the docker host, mounted a NFS (exported with no_root_squash option). and attached the volume to container using -v option. When the container is spawned from docker with disabled user namespace, I am able to change the ownership for bind-mount inside the container. But With user namespace enabled docker, I am getting chown: changing ownership of ‘/mnt/volmnt’: Operation not permitted

The volume created by cf (cf ic volume create ...) is a NFS, to verify just try mount -t nfs4 from container. When, the user namespace is enabled for docker engine. The effective root inside the container is a non-root user out side the container process and NFS is not allowing the mapped non-root user to perform the chown operation on the volume inside the container.

Here is the work-around, you may want to try

1. In the Dockerfile

   1.1 Create user mysql with UID 1010, or any free ID, before MySql installation. Other Container or new Container can access mysql data files on Volume with UID 1010

   RUN groupadd --gid 1010 mysql

   RUN useradd --uid 1010 --gid 1010 -m --shell /bin/bash mysql

   1.2 Install MySqlL but do not initialize database

   RUN apt-get update && apt-get install -y mysql-server && rm -rf /var/lib/mysql && rm -rf /var/lib/apt/lists/*

2. In the entry point script

   2.1 Create mysql Data directory under bind-mount as user mysql and then link it as /var/lib/mysql

   Suppose the volume is mounted at /mnt/db inside the container (ice run -v <volume name>:/mnt/db --publish 3306... or cf ic run --volume <volume name>:/mnt/db ...). Define mountpath env var

   MOUNTPATH="/mnt/db"

   Add mysql to group "root"

   adduser mysql root

   Set permission for mounted volume so that root group members can create directory and files

   chmod 775 $MOUNTPATH

   Create mysql directory under Volume

   su -c "mkdir -p /mnt/db/mysql" mysql

   su -c "chmod 700 /mnt/db/mysql" mysql

   Link the directory to /var/lib/mysql

   ln -sf /mnt/db/mysql /var/lib/mysql

   chown -h mysql:mysql /var/lib/mysql

   Remove mysql from group root

   deluser mysql root

   chmod 755 $MOUNTPATH

   2.2 For first time, initialize database as user mysql

   su -c "mysql_install_db --datadir=/var/lib/mysql" mysql

   2.3 Start the mysql server as user mysql

   su -c "/usr/bin/mysqld_safe" mysql

这篇关于如何使用docker在bluemix卷上修复权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！