我正在尝试使用Redmine官方Docker在Bluemix容器中设置Redmine实例;
我可以构建图像并运行容器而没有任何问题。
如果我向容器添加一个卷,那么构建将在此日志附近失败:
chown:无法读取目录'files / files':权限被拒绝
8chown:更改'文件'的所有权:权限被拒绝
我理解这种情况正在发生,因为容器中的用户没有读/写权限。
我尝试了一些解决方案,例如使用
USER root
在chown之前。 甚至只在chown之后声明音量(如Docker页面中所示)
或者,我遇到的所有其他解决方案都涉及到容器的ssh;我不能做的事情,因为容器永远不会在音量的第一位运行。
这是我的Dockerfile和entrypoint.sh
的副本FROM ruby:2.2-slim
# add the volumeeditor to grant permissions in bluemix
RUN groupadd --gid 1010 redmine
RUN useradd --uid 1010 --gid 1010 -m --shell /bin/bash redmine
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
wget \
&& rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true
# grab tini for signal processing and zombie killing
ENV TINI_VERSION v0.9.0
RUN set -x \
&& wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \
&& wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \
&& gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
&& rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \
&& chmod +x /usr/local/bin/tini \
&& tini -h
RUN apt-get update && apt-get install -y --no-install-recommends \
imagemagick \
libmysqlclient18 \
libpq5 \
libsqlite3-0 \
\
bzr \
git \
mercurial \
openssh-client \
subversion \
&& rm -rf /var/lib/apt/lists/*
ENV RAILS_ENV production
WORKDIR /usr/src/redmine
ENV REDMINE_VERSION 3.3.3
ENV REDMINE_DOWNLOAD_MD5 c946839c9a51dba48ae7c34c5351f677
RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_VERSION}.tar.gz" \
&& echo "$REDMINE_DOWNLOAD_MD5 redmine.tar.gz" | md5sum -c - \
&& tar -xvf redmine.tar.gz --strip-components=1 \
&& rm redmine.tar.gz files/delete.me log/delete.me \
&& mkdir -p tmp/pdf public/plugin_assets \
&& chown -R redmine:redmine ./
RUN buildDeps=' \
gcc \
libmagickcore-dev \
libmagickwand-dev \
libmysqlclient-dev \
libpq-dev \
libsqlite3-dev \
make \
patch \
' \
&& set -ex \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
&& bundle install --without development test \
&& for adapter in mysql2 postgresql sqlite3; do \
echo "$RAILS_ENV:" > ./config/database.yml; \
echo " adapter: $adapter" >> ./config/database.yml; \
bundle install --without development test; \
done \
&& rm ./config/database.yml \
&& apt-get purge -y --auto-remove $buildDeps
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
VOLUME /usr/src/redmine/files
EXPOSE 3000
CMD ["rails", "server", "-b", "0.0.0.0"]
docker-entrypoint.sh
#!/bin/bash
set -e
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
case "$1" in
rails|rake|passenger)
if [ ! -f './config/database.yml' ]; then
file_env 'REDMINE_DB_MYSQL'
file_env 'REDMINE_DB_POSTGRES'
if [ "$MYSQL_PORT_3306_TCP" ] && [ -z "$REDMINE_DB_MYSQL" ]; then
export REDMINE_DB_MYSQL='mysql'
elif [ "$POSTGRES_PORT_5432_TCP" ] && [ -z "$REDMINE_DB_POSTGRES" ]; then
export REDMINE_DB_POSTGRES='postgres'
fi
if [ "$REDMINE_DB_MYSQL" ]; then
adapter='mysql2'
host="$REDMINE_DB_MYSQL"
file_env 'REDMINE_DB_PORT' '3306'
file_env 'REDMINE_DB_USERNAME' "${MYSQL_ENV_MYSQL_USER:-root}"
file_env 'REDMINE_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}"
file_env 'REDMINE_DB_DATABASE' "${MYSQL_ENV_MYSQL_DATABASE:-${MYSQL_ENV_MYSQL_USER:-redmine}}"
file_env 'REDMINE_DB_ENCODING' ''
elif [ "$REDMINE_DB_POSTGRES" ]; then
adapter='postgresql'
host="$REDMINE_DB_POSTGRES"
file_env 'REDMINE_DB_PORT' '5432'
file_env 'REDMINE_DB_USERNAME' "${POSTGRES_ENV_POSTGRES_USER:-postgres}"
file_env 'REDMINE_DB_PASSWORD' "${POSTGRES_ENV_POSTGRES_PASSWORD}"
file_env 'REDMINE_DB_DATABASE' "${POSTGRES_ENV_POSTGRES_DB:-${REDMINE_DB_USERNAME:-}}"
file_env 'REDMINE_DB_ENCODING' 'utf8'
else
echo >&2
echo >&2 'warning: missing REDMINE_DB_MYSQL or REDMINE_DB_POSTGRES environment variables'
echo >&2
echo >&2 '*** Using sqlite3 as fallback. ***'
echo >&2
adapter='sqlite3'
host='localhost'
file_env 'REDMINE_DB_PORT' ''
file_env 'REDMINE_DB_USERNAME' 'redmine'
file_env 'REDMINE_DB_PASSWORD' ''
file_env 'REDMINE_DB_DATABASE' 'sqlite/redmine.db'
file_env 'REDMINE_DB_ENCODING' 'utf8'
mkdir -p "$(dirname "$REDMINE_DB_DATABASE")"
chown -R redmine:redmine "$(dirname "$REDMINE_DB_DATABASE")"
fi
REDMINE_DB_ADAPTER="$adapter"
REDMINE_DB_HOST="$host"
echo "$RAILS_ENV:" > config/database.yml
for var in \
adapter \
host \
port \
username \
password \
database \
encoding \
; do
env="REDMINE_DB_${var^^}"
val="${!env}"
[ -n "$val" ] || continue
echo " $var: \"$val\"" >> config/database.yml
done
fi
# ensure the right database adapter is active in the Gemfile.lock
bundle install --without development test
if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
if [ "$REDMINE_SECRET_KEY_BASE" ]; then
cat > 'config/secrets.yml' <<-YML
$RAILS_ENV:
secret_key_base: "$REDMINE_SECRET_KEY_BASE"
YML
elif [ ! -f /usr/src/redmine/config/initializers/secret_token.rb ]; then
rake generate_secret_token
fi
fi
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
gosu redmine rake db:migrate
fi
# https://www.redmine.org/projects/redmine/wiki/RedmineInstall#Step-8-File-system-permissions
mkdir -p tmp tmp/pdf public/plugin_assets
chown -R redmine:redmine files log public/plugin_assets
chmod -R 755 files log tmp public/plugin_assets
# remove PID file to enable restarting the container
rm -f /usr/src/redmine/tmp/pids/server.pid
if [ "$1" = 'passenger' ]; then
# Don't fear the reaper.
set -- tini -- "$@"
fi
set -- gosu redmine "$@"
;;
esac
exec "$@"
任何帮助将不胜感激。
答案 0 :(得分:0)
要解决此问题,您必须暂时将非root用户添加到根组,以授予其对卷装入的写入权限。以下是文档中的示例:https://console.ng.bluemix.net/docs/containers/container_volumes_ov.html#container_volumes_write