运行容器时权限被拒绝(docker 1.12.5)

时间:2016-12-28 16:35:31

标签: docker

我正在尝试在安装了Docker 1.12.5的新创建的VM上运行ElasticSearch容器,但遇到spark-submit --master yarn-cluster --class com.self.spark.SparkBatch spark-batch.jar 异常。让我感到困惑的是,我的旧VM中的一切运行正常,Docker 1.12.2。我错过了什么?

例外

Permission Denied

系统

  • 安装了VirtualBox的Windows 10
  • 一个XUbuntu 16.04映像,包含一个包含Dockerfile和elasticsearch.yml配置文件的共享主机文件夹。

Docker文件

Exception in thread "main" SettingsException[Failed to open stream for url [/usr/share/elasticsearch/config/elasticsearch.yml]]; nested: AccessDeniedException[/usr/share/elasticsearch/config/elasticsearch.yml];
Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elasticsearch.yml
    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
    at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
    at java.nio.file.Files.newByteChannel(Files.java:361)
    at java.nio.file.Files.newByteChannel(Files.java:407)
    at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
    at java.nio.file.Files.newInputStream(Files.java:152)
    at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1067)
    at org.elasticsearch.node.internal.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:88)
    at org.elasticsearch.common.cli.CliTool.<init>(CliTool.java:107)
    at org.elasticsearch.common.cli.CliTool.<init>(CliTool.java:100)
    at org.elasticsearch.bootstrap.BootstrapCLIParser.<init>(BootstrapCLIParser.java:48)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:242)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

除Dockerfile外,还有以下文件结构

FROM openjdk:8-jre

ENV VERSION 2.4.1

RUN groupadd -r elasticsearch && useradd -r -g elasticsearch elasticsearch
RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 46095ACC8548582C1A2699A9D27D666CD88E42B4
RUN set -x \
    && apt-get update && apt-get install -y --no-install-recommends apt-transport-https && rm -rf /var/lib/apt/lists/* \
    && echo 'deb http://packages.elasticsearch.org/elasticsearch/2.x/debian stable main' > /etc/apt/sources.list.d/elasticsearch.list
RUN set -x \
    && apt-get update \
    && apt-get install -y --no-install-recommends elasticsearch=$VERSION \
    && rm -rf /var/lib/apt/lists/*

ENV PATH /usr/share/elasticsearch/bin:$PATH

WORKDIR /usr/share/elasticsearch
RUN set -ex \
    && for path in \
        ./data \
        ./logs \
        ./config \
        ./config/scripts \
    ; do \
        mkdir -p "$path"; \
        chown -R elasticsearch:elasticsearch "$path"; \
    done

COPY config ./config
VOLUME /usr/share/elasticsearch/data
VOLUME /usr/share/elasticsearch/logs

EXPOSE 9200 9300
USER elasticsearch
CMD elasticsearch

由于图像适用于其他VM,我相信它的配置应该是正确的。我不认为问题来自ElasticSearch,因为我似乎有另一个图像具有相同的问题(H2)。我是Docker和Linux的初学者。

2 个答案:

答案 0 :(得分:1)

在以下位置复制配置后设置文件权限:

COPY config ./config
RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config

您还可以以root身份创建chown /usr/share/elasticsearch目录,然后完成处理/usr/share/elasticsearch内容的其余步骤USER elasticsearch

答案 1 :(得分:0)

将您的音量许可更改为777示例:-chmod 777 / path / to / volume

不提供递归权限