权限被拒绝,OpenShift上的容器中的mkdir [英] permission denied, mkdir in container on openshift
问题描述
我有一个带有nodejs和pm2作为启动命令的容器,在OpenShift上,我在启动时收到此错误:
I have a container with nodejs and pm2 as start command and on OpenShift i get this error on startup:
错误:EACCES:权限被拒绝,mkdir'/.pm2'
Error: EACCES: permission denied, mkdir '/.pm2'
我在Marathon主机上尝试了同一张图片,效果很好.
I tried same image on a Marathon hoster and it worked fine.
我需要使用UserId进行更改吗?
Do i need to change something with UserIds?
Dockerfile:
The Dockerfile:
FROM node:7.4-alpine
RUN npm install --global yarn pm2
RUN mkdir /src
COPY . /src
WORKDIR /src
RUN yarn install --production
EXPOSE 8100
CMD ["pm2-docker", "start", "--auto-exit", "--env", "production", "process.yml"]
更新
节点映像已经创建了一个具有UID 1000的新用户节点",以不以root用户身份运行该映像.
我还尝试修复权限并将用户节点"添加到根组.
进一步我告诉pm2应该与ENV var一起使用哪个目录:
Update
the node image already creates a new user "node" with UID 1000 to not run the image as root.
I also tried to fix permissions and adding user "node" to root group.
Further i told pm2 to which dir it should use with ENV var:
PM2_HOME =/home/node/app/.pm2
PM2_HOME=/home/node/app/.pm2
但我仍然收到错误消息:
But i still get error:
Error: EACCES: permission denied, mkdir '/home/node/app/.pm2'
更新的Dockerfile:
Updated Dockerfile:
FROM node:7.4-alpine
RUN npm install --global yarn pm2
RUN adduser node root
COPY . /home/node/app
WORKDIR /home/node/app
RUN chmod -R 755 /home/node/app
RUN chown -R node:node /home/node/app
RUN yarn install --production
EXPOSE 8100
USER 1000
CMD ["pm2-docker", "start", "--auto-exit", "--env", "production", "process.yml"]
更新2 多亏了格雷厄姆·邓普尔顿(Graham Dumpleton),我才开始工作
Update2 thanks to Graham Dumpleton i got it working
FROM node:7.4-alpine
RUN npm install --global yarn pm2
RUN adduser node root
COPY . /home/node/app
WORKDIR /home/node/app
RUN yarn install --production
RUN chmod -R 775 /home/node/app
RUN chown -R node:root /home/node/app
EXPOSE 8100
USER 1000
CMD ["pm2-docker", "start", "--auto-exit", "--env", "production", "process.yml"]
推荐答案
默认情况下,OpenShift将以非root用户身份运行容器.结果,如果您的应用程序需要以root用户身份运行,则该应用程序可能会失败.是否可以将容器配置为以root用户身份运行取决于群集中的权限.
OpenShift will by default run containers as a non root user. As a result, your application can fail if it requires it runs as root. Whether you can configure your container to run as root will depend on permissions you have in the cluster.
最好设计您的容器和应用程序,以使其不必以root用户身份运行.
It is better to design your container and application so that it doesn't have to run as root.
一些建议.
-
在
Dockerfile的USER语句中创建一个特殊的UNIX用户以运行该应用程序,并使用该用户的uid设置该用户(使用其uid).将用户的组设为根组.
Create a special UNIX user to run the application as and set that user (using its uid), in the USER statement of the
Dockerfile. Make the group for the user be the root group.
修复权限.确保所有内容都是组根.确保所有需要写的东西都可以写到root用户组.
Fixup permissions on the /src directory and everything under it so owned by the special user. Ensure that everything is group root. Ensure that anything that needs to be writable is writable to group root.
确保在Dockerfile中将HOME设置为/src.
完成此操作后,当OpenShift将您的容器作为已分配的uid(组为root)运行容器时,由于所有内容均可通过组写入,因此应用程序仍可以更新/src下的文件.设置HOME变量可确保将任何通过代码写入主目录的内容都写入可写的/src区域.
With that done, when OpenShift runs your container as an assigned uid, where group is root, then by virtue of everything being group writable, application can still update files under /src. The HOME variable being set ensures that anything written to home directory by code goes into writable /src area.
这篇关于权限被拒绝,OpenShift上的容器中的mkdir的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
