我需要运行一个couchbase docker容器。社区版完全足够,我可以使用commanding this image

问题描述 投票:0回答:1
docker run --user nobody:0 -d --name db -p 8091-8097:8091-8097 -p 9123:9123 -p 11207:11207 -p 11210:11210 -p 11280:11280 -p 18091-18097:18091-18097 couchbase

这可以可靠地引导这些日志消息在容器的Stdout上:

Starting Couchbase Server -- Web UI available at http://<ip>:8091 and logs available in /opt/couchbase/var/lib/couchbase/logs runsv couchbase-server: fatal: unable to open supervise/lock: access denied runsv couchbase-server: fatal: unable to open supervise/lock: access denied runsv couchbase-server: fatal: unable to open supervise/lock: access denied 
i我已经尝试了 /opt /couchbase中的所有文件,以使组0可以访问 - 但是错误消息保持不变。同时,我认为它不是couchbase本身,而是无法访问文件的
runsv
命令。不幸的是,我不知道它要访问哪种绝对路径或需要哪种特权。

如何使Couchbase Docker容器与此
--user nobody:0
命令行兼容?
    

	
我所处的情况有些异国情调,但是一遍又一遍地阅读我自己的问题,我终于找到了一个解决方案。是的,由于文件权限错误,该错误消息来自RunSV,并且需要修复它们。因此,我需要使用此Dockerfile创建自己的容器:


FROM couchbase

USER 0
ADD run /etc/service/couchbase-server/run

RUN chmod -vR g=u /opt/couchbase && chgrp -vR 0 /opt/couchbase
RUN chmod -vR g=u /etc/service && chgrp -vR 0 /etc/service

USER 1000



运行脚本需要由root或用户scouchbase执行(在我的设置中不是这种情况),我必须添加一个看起来像这样的替代版本:


#!/bin/sh

# If HOME is set, Erlang requires that it be a writable directory.
# We can't guarantee that as it depends on which UID the container
# is started as. The couchbase-server script will handle it being
# unset, though, so do that for safety.
unset HOME

exec 2>&1

echo "I am $0 running as user $(id)"

# Create directories where couchbase stores its data
cd /opt/couchbase
mkdir -p var/lib/couchbase \
         var/lib/couchbase/config \
         var/lib/couchbase/data \
         var/lib/couchbase/stats \
         var/lib/couchbase/logs \
         var/lib/moxi

# If container is running as root, ensure contents of /opt/couchbase/var are
# owned by the 'couchbase' user. If running as 'couchbase', don't attempt to
# claim ownership, but instead warn when encountering unwritable paths.
# Skip "inbox" as it may contain readonly-mounted things like k8s certs.
container_user=$(id -u)
if [ "${container_user}" = "0" ]; then
    find var -path var/lib/couchbase/inbox -prune -o -print0 | \
      xargs -0 chown --no-dereference couchbase:couchbase
else
    find var -path var/lib/couchbase/inbox -prune -o \! -writable -print0 | \
      xargs -0 -I {} echo "Warning: '/opt/couchbase/{}' is not writable by userid '${container_user}'"
fi
unset container_user

if [ "$(id -u)" != "0" ]; then
  exec /opt/couchbase/bin/couchbase-server -- -kernel global_enable_tracing false -noinput
else
  exec chpst -ucouchbase  /opt/couchbase/bin/couchbase-server -- -kernel global_enable_tracing false -noinput
fi



使用


docker

couchbase


1个回答




    
    
    

        

            

                

                    
0
投票

                    
                

            

        

        
,然后您可以按照任何沙发库来运行图像。但是此图像也可以承受使用
docker run -u nobody:0 ...
执行
    

	



    

    


  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2025. All rights reserved.