当我尝试在docker容器上安装davfs2卷时遇到以下错误:
geoserver@8e8091d97157:~$ mount owncloud/
/sbin/mount.davfs: loading kernel module fuse
/sbin/mount.davfs: loading kernel module fuse failed
/sbin/mount.davfs: waiting for /dev/fuse to be created
/sbin/mount.davfs: can't open fuse device
/sbin/mount.davfs: trying coda kernel file system
/sbin/mount.davfs: no free coda device to mount
Dockerfile具有以下内容:
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
ENV TERM linux
# environment variables
ENV GEOSERVER_PASS geoserver
RUN apt-get update
RUN apt-get install -y davfs2 fuse
RUN groupadd --gid 999 geoserver
RUN useradd -ms /bin/bash --home /home/geoserver \
-p $(echo "print crypt("${GEOSERVER_PASS:-geoserver}", "salt")" | perl) \
--uid 999 --gid 999 geoserver
USER geoserver
RUN mkdir /home/geoserver/owncloud
RUN mkdir /home/geoserver/.davfs2
USER root
ADD secrets /home/geoserver/.davfs2/secrets
RUN chown geoserver:geoserver /home/geoserver/.davfs2/secrets
RUN chmod 0600 /home/geoserver/.davfs2/secrets
RUN chmod u+s /sbin/mount.davfs
RUN perl -p -i -e "s/#\s*use_locks\s*1/use_locks 0/" /etc/davfs2/davfs2.conf
RUN adduser geoserver davfs2
RUN echo "https://my-owncloud-server.org/owncloud/remote.php/webdav /home/geoserver/owncloud davfs rw,user,noauto 0 0" >> /etc/fstab
设备/ dev / fuse存在
root@8e8091d97157:/# ls -l /dev/fuse
crw-rw-rw- 1 root root 10, 229 Oct 18 12:06 /dev/fuse
但是坐骑失败了...... 我在日志中看不到有趣的东西:
/var/log/daemon.log
root@8e8091d97157:/# tail /var/log/daemon.log
Oct 18 12:36:03 8e8091d97157 mount.davfs: davfs2 1.5.2
Oct 18 12:36:04 8e8091d97157 mount.davfs: the server certificate is not trusted
Oct 18 12:36:04 8e8091d97157 mount.davfs: issuer: TERENA, Amsterdam, Noord-Holland, NL
Oct 18 12:36:04 8e8091d97157 mount.davfs: subject: Domain Control Validated
Oct 18 12:36:04 8e8091d97157 mount.davfs: identity: owncloud-mshe.univ-fcomte.fr
Oct 18 12:36:04 8e8091d97157 mount.davfs: accepted by user
/ var / log / debug
root@8e8091d97157:/# tail /var/log/debug
Oct 18 12:36:03 8e8091d97157 mount.davfs: davfs2 1.5.2
/var/log/auth.log
root@8e8091d97157:/# tail /var/log/auth.log
Oct 18 12:35:59 8e8091d97157 su[890]: Successful su for geoserver by root
Oct 18 12:35:59 8e8091d97157 su[890]: + ??? root:geoserver
Oct 18 12:35:59 8e8091d97157 su[890]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
Oct 18 12:35:59 8e8091d97157 su[890]: pam_unix(su:session): session opened for user geoserver by (uid=0)
Oct 18 12:36:09 8e8091d97157 su[890]: pam_unix(su:session): session closed for user geoserver
所以一切似乎都很正常。 我很乐意得到一些帮助。 感谢。
欧内斯特。
答案 0 :(得分:1)
感谢' s,通过添加
成功安装--privileged --cap-add=SYS_ADMIN --device /dev/fuse
in to docker run command。
答案 1 :(得分:0)
我找到了解决方案。实际上,正如解释in the DockerCVMFS documentation,“可以在容器内运行FUSE文件系统,但必须在主机系统上启用FUSE。Docker不会使您加载无法加载的内核模块在主持人“。
因此,我试图在主机中加载模块保险丝,如modprobe in a docker container
中所述我使用以下命令启动容器,现在安装正常:
docker run --name geosync_ssh_data_1 --privileged --cap-add=ALL -v /dev:/dev -v /lib/modules:/lib/modules geosync_ssh_data
解决方案包括树步骤:
Run the container in privileged mode (--privileged)
Add all capabilities (--cap-add=ALL)
Passthrough /lib/modules into the container (-v /lib/modules:/lib/modules)
仍然存在一个问题:这是唯一的方法吗?
欧内斯特。
答案 2 :(得分:0)
这些安全选项太开放了。现在记录了FUSE支持 Docker runtime privileges。您只需要-cap-add SYS_ADMIN --device / dev / fuse
答案 3 :(得分:0)
我无法使用带有这些附加设置的 docker-compose 使其工作。有人可以建议吗?一旦修复,我将更改此答案以反映使用 docker-compose 的正确方法。
在容器加载后运行时,它在没有 cap_add、/dev/fuse 设备或 /lib/modules 卷的情况下完美运行 - 从 dockerfile 运行时它只是无法挂载(与完全相同的错误OP发布)。想知道 docker-compose.yml 文件中是否存在语法问题,这里是:
version: '3'
services:
web:
container_name: mycontainer
privileged: true
cap_add:
- SYS_ADMIN
devices:
- /dev/fuse
build:
context: ./
dockerfile: docker/app/Dockerfile
ports:
- 8080:80
volumes:
- /var/log
- ./:/var/www/html/public
- /lib/modules:/lib/modules
env_file:
- .env