博客

今天在用docker 部署beanstalkd时遇见一个权限的问题，首先，拉取镜像并实例化容器，并且将/data目录挂载到当前宿主文件的data目录：

docker pull falconchen/beanstalkd:v1

docker run -d -v `pwd`/data:/data falconchen/beanstalkd:v1

执行完成，然后我们发现容器意外退出：

docker ps -l

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

c8660f2853fd falconchen/beanstalkd:v1 “beanstalkd -p 11300…” About a minute ago Exited (10) About a minute ago awesome_swartz

查看日志

docker logs c8660f2853fd

beanstalkd: walg.c:421 in waldirlock: open: Permission denied

查看容器内运行的用户

docker run -ti –rm –entrypoint=”/bin/sh” falconchen/beanstalkd:v1 -c “whoami && id”

root

uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

以root身份运行的.

查看容器 /data 目录权限

docker run -ti –rm –entrypoint=”/bin/sh” falconchen/beanstalkd:v1 -c “ls -la / | grep data”

drwxr-xr-x 2 beanstal beanstal 6 May 20 07:11 data

是以beanstalkd身份运行，

需要查看beanstalkd用户的id，并在宿主机将该目录权限更改

docker run -ti –rm –entrypoint=”/bin/sh” falconchen/beanstalkd:v1 -c “id beanstalkd”

uid=100(beanstalkd) gid=101(beanstalkd) groups=101(beanstalkd),101(beanstalkd)

在宿主机执行：

chown -R 100:101 data

重新挂载

docker run –name beanstalkd -d -v `pwd`/data:/data falconchen/beanstalkd:v1

docker ps -l

成功运行：

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

452e4c8ed973 falconchen/beanstalkd:v1 “beanstalkd -p 11300…” 15 seconds ago Up 14 seconds 11300/tcp beanstalkd

附 Dockerfile:

FROM alpine:3.4

MAINTAINER Tuna Aras

ENV VERSION_BEANSTALKD=”1.10″

RUN addgroup -S beanstalkd && adduser -S -G beanstalkd beanstalkd

RUN apk add –no-cache ‘su-exec>=0.2’

RUN apk –update add –virtual build-dependencies \

gcc \

make \

musl-dev \

curl \

&& curl -sL https://github.com/kr/beanstalkd/archive/v$VERSION_BEANSTALKD.tar.gz | tar xvz -C /tmp \

&& cd /tmp/beanstalkd-$VERSION_BEANSTALKD \

&& sed -i “s|#include |#include |g” sd-daemon.c \

&& make \

&& cp beanstalkd /usr/bin \

&& apk del build-dependencies \

&& rm -rf /tmp/* \

&& rm -rf /var/cache/apk/*

RUN mkdir /data && chown beanstalkd:beanstalkd /data

VOLUME [“/data”]

EXPOSE 11300

ENTRYPOINT [“beanstalkd”, “-p”, “11300”, “-u”, “beanstalkd”]

CMD [“-b”, “/data”]