1. 首页
  2. 问答
  3. 运行容器时的权限被拒绝(docker 1.12.5)

运行容器时的权限被拒绝(docker 1.12.5)

2016-12-28 74 views
1

我试图在安装了Docker 1.12.5的新创建的虚拟机上运行ElasticSearch容器,但遇到Permission Denied异常。令我感到困惑的是,在我的老VM中,Docker 1.12.2的一切运行良好。我错过了什么?运行容器时的权限被拒绝(docker 1.12.5)

异常

Exception in thread "main" SettingsException[Failed to open stream for url [/usr/share/elasticsearch/config/elasticsearch.yml]]; nested: AccessDeniedException[/usr/share/elasticsearch/config/elasticsearch.yml]; 
Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elasticsearch.yml 
    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) 
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) 
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) 
    at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214) 
    at java.nio.file.Files.newByteChannel(Files.java:361) 
    at java.nio.file.Files.newByteChannel(Files.java:407) 
    at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384) 
    at java.nio.file.Files.newInputStream(Files.java:152) 
    at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1067) 
    at org.elasticsearch.node.internal.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:88) 
    at org.elasticsearch.common.cli.CliTool.<init>(CliTool.java:107) 
    at org.elasticsearch.common.cli.CliTool.<init>(CliTool.java:100) 
    at org.elasticsearch.bootstrap.BootstrapCLIParser.<init>(BootstrapCLIParser.java:48) 
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:242) 
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

系统

  • 视窗10,具有VirtualBox的安装,
  • 一个的Xubuntu 16.04图像,用含有Dockerfile一个共享主机的文件夹和elasticsearch.yml配置文件。

泊坞窗文件

FROM openjdk:8-jre 

ENV VERSION 2.4.1 

RUN groupadd -r elasticsearch && useradd -r -g elasticsearch elasticsearch 
RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 46095ACC8548582C1A2699A9D27D666CD88E42B4 
RUN set -x \ 
    && apt-get update && apt-get install -y --no-install-recommends apt-transport-https && rm -rf /var/lib/apt/lists/* \ 
    && echo 'deb http://packages.elasticsearch.org/elasticsearch/2.x/debian stable main' > /etc/apt/sources.list.d/elasticsearch.list 
RUN set -x \ 
    && apt-get update \ 
    && apt-get install -y --no-install-recommends elasticsearch=$VERSION \ 
    && rm -rf /var/lib/apt/lists/* 

ENV PATH /usr/share/elasticsearch/bin:$PATH 

WORKDIR /usr/share/elasticsearch 
RUN set -ex \ 
    && for path in \ 
     ./data \ 
     ./logs \ 
     ./config \ 
     ./config/scripts \ 
    ; do \ 
     mkdir -p "$path"; \ 
     chown -R elasticsearch:elasticsearch "$path"; \ 
    done 

COPY config ./config 
VOLUME /usr/share/elasticsearch/data 
VOLUME /usr/share/elasticsearch/logs 

EXPOSE 9200 9300 
USER elasticsearch 
CMD elasticsearch

抛开Dockerfile,生活在以下文件结构

- config 
    - elasticsearch.yml

作为形象工程上的其他虚拟机,我相信它的配置应该是对的。我不认为问题来自ElasticSearch,因为我似乎有另一个图像具有相同的问题(H2)。我是Docker和Linux的初学者级别。

来源

2016-12-28 Elegie

回答

1

设置文件权限复制的配置后:

COPY config ./config 
RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config

您还可以创建和chown/usr/share/elasticsearch目录根目录,然后完成处理的/usr/share/elasticsearch内容的其余步骤为USER elasticsearch

来源

2016-12-28 20:43:06 Matt

+0

谢谢。在复制工作后设置权限。不知道为什么它在我以前的虚拟机上工作,但现在很高兴。干杯。 – Elegie

+0

从windows进入unix的权限映射总是有点搞砸。唯一可以信赖的地方在于它是一个linux文件系统,因此最好只在docker文件中设置所需的内容,这样它就不会出错。 – Matt

相关问题

 相关问题