无法打开RDB文件authorized_keys(在服务器根目录/运行中)以进行保存:权限被拒绝

时间:2018-03-06 08:17:07

标签: docker redis

我有一个带有redis容器的码头工具

配置

搬运工-compose.yml 

# Redis
redis:
  image: redis:4.0.6
  build:
    context: .
    dockerfile: dockerfile_redis
  volumes:
    - "./redis.conf:/usr/local/etc/redis/redis.conf"
  ports:
    - "6379:6379"

dockerfile_redis 

CMD ["chown", "redis:redis", "-R", "/etc"]
CMD ["chown", "redis:redis", "-R", "/var/lib"]
CMD ["chown", "redis:redis", "-R", "/run"]

CMD ["sudo", "chmod", "644", "/data/dump.rdb" ]
CMD ["sudo", "chmod", "755", "/etc" ]
CMD ["sudo", "chmod", "770", "/var/lib" ]
CMD ["sudo", "chmod", "777", "/run" ]

CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

我也使用django和芹菜,当芹菜工作4-6小时,芹菜容器停止,错误:

[2018-03-05 17:18:24,516: CRITICAL/MainProcess] Unrecoverable error: ResponseError('MISCONF Redis is configured to save RDB snapshots, but it is currently not able to persist on disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.',)
Traceback (most recent call last):
  File "/usr/local/lib/python3.4/site-packages/celery/worker/worker.py", line 203, in start
    self.blueprint.start(self)
  File "/usr/local/lib/python3.4/site-packages/celery/bootsteps.py", line 119, in start
    step.start(parent)
  File "/usr/local/lib/python3.4/site-packages/celery/bootsteps.py", line 370, in start
    return self.obj.start()
  File "/usr/local/lib/python3.4/site-packages/celery/worker/consumer/consumer.py", line 320, in start
    blueprint.start(self)
  File "/usr/local/lib/python3.4/site-packages/celery/bootsteps.py", line 119, in start
    step.start(parent)
  File "/usr/local/lib/python3.4/site-packages/celery/worker/consumer/consumer.py", line 596, in start
    c.loop(*c.loop_args())
  File "/usr/local/lib/python3.4/site-packages/celery/worker/loops.py", line 88, in asynloop
    next(loop)
  File "/usr/local/lib/python3.4/site-packages/kombu/async/hub.py", line 354, in create_loop
    cb(*cbargs)
  File "/usr/local/lib/python3.4/site-packages/kombu/transport/redis.py", line 1040, in on_readable
    self.cycle.on_readable(fileno)
  File "/usr/local/lib/python3.4/site-packages/kombu/transport/redis.py", line 337, in on_readable
    chan.handlers[type]()
  File "/usr/local/lib/python3.4/site-packages/kombu/transport/redis.py", line 714, in _brpop_read
    **options)
  File "/usr/local/lib/python3.4/site-packages/redis/client.py", line 680, in parse_response
    response = connection.read_response()
  File "/usr/local/lib/python3.4/site-packages/redis/connection.py", line 629, in read_response
    raise response
redis.exceptions.ResponseError: MISCONF Redis is configured to save RDB snapshots, but it is currently not able to persist on disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.
Import Error

 -------------- celery@b17b82a69031 v4.1.0 (latentcall)
---- **** -----
--- * ***  * -- Linux-4.4.0-34-generic-x86_64-with-debian-8.9 2018-03-05 07:24:00
-- * - **** ---
- ** ---------- [config]
- ** ---------- .> app:         backend:0x7f19e5745208
- ** ---------- .> transport:   redis://redis:6379/0
- ** ---------- .> results:     disabled://
- *** --- * --- .> concurrency: 20 (prefork)
-- ******* ---- .> task events: OFF (enable -E to monitor tasks in this worker)
--- ***** -----
 -------------- [queues]
                .> celery           exchange=celery(direct) key=celery


[tasks]
  . CallbackNotifier
  . FB posting
  . FB token status
  . MD posting
  . MD token status
  . OK posting
  . OK token status
  . TW posting
  . TW token status
  . VK posting
  . VK token status
  . api.controllers.message.scheduled_message
  . backend.celery.debug_task
  . stats.views.collect_stats

在我的redis.conf文件中,我禁用了快照

stop-writes-on-bgsave-error no

在redis日志中:

 1:M 06 Mar 07:40:04.037 * Background saving started by pid 8228
 8228:C 06 Mar 07:40:04.038 # Failed opening the RDB file backupall.db (in server root dir /run) for saving: Permission denied

但是,当我重新启动redis容器时,我会收到一些警告:

1:C 06 Mar 08:12:48.982 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
 1:C 06 Mar 08:12:48.982 # Redis version=4.0.6, bits=64, commit=00000000, modified=0, pid=1, just started
 1:C 06 Mar 08:12:48.982 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
 1:M 06 Mar 08:12:48.986 * Running mode=standalone, port=6379.
 1:M 06 Mar 08:12:48.986 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
 1:M 06 Mar 08:12:48.986 # Server initialized
 1:M 06 Mar 08:12:48.987 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
 1:M 06 Mar 08:12:48.988 * DB loaded from disk: 0.001 seconds
 1:M 06 Mar 08:12:48.988 * Ready to accept connections
  1. dockerfile_redis中的权限是否正确?
  2. 如何使用我的conf文件配置redis?
  3. 我还需要什么才能使redis正常工作?

2 个答案:

答案 0 :(得分:0)

如果您真的不需要公开端口,只需删除下一行:

ports:
  - "6379:6379"

答案 1 :(得分:0)

请查看此博客文章:

https://blog.huntingmalware.com/notes/LLMalware

很有可能是一种恶意软件,导致您的Redis的工作目录发生更改,并且Redis会按照恶意脚本的命令尝试将RDB文件写入root拥有的目录。由于它不是从root运行的,并且未授予用户'redis'对/ run目录的写访问权限,因此写入失败。

因此,请勿将您的Redis服务器端口暴露给Internet,它应该解决恶意软件能够访问它的问题。

相关问题
最新问题