這兩天在玩jenkins,但是在挂在資料卷的時候遇到了權限問題,如下,
docker啟動指令
docker run -d -v /root/jenkins:/var/jenkins_home -P --name jenkins-server jenkins
這個指令看似沒有什麼問題,但容器就是啟動不起來,執行docker ps -a,檢視container,如下,
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
274d92964edb jenkins "/bin/tini -- /usr/lo" 2 minutes ago Exited (1) 2 minutes ago jenkins-server
接着執行docker logs jenkins-server檢視container日志,如下
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied
日志中出現了一個Permission denied錯誤,,以我目前的功力還不清楚是什麼問題造成的,但是在談談Docker Volume 之權限管理和持續內建(Continuous integration)兩篇部落格中找到了答案,在執行docker run指令的時候增加一個-u參數,如下改進後的指令,
docker run -d -v /root/jenkins:/var/jenkins_home -u 0 -P --name jenkins-server jenkins
這指令的意思是覆寫容器中内置的帳号,該用外部傳入,這裡傳入0代表的是root帳号Id。這樣再啟動的時候就應該沒問題了。
如果按照上面做還是出現Permission denied錯誤,那麼可以檢查一下selinux狀态,開啟的情況下會導緻一些服務安裝、使用不成功。
檢視selinux狀态,
[[email protected] ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
臨時關閉,
[[email protected] ~]# setenforce 0
永久關閉,可以修改配置檔案/etc/selinux/config,将其中SELINUX設定為disabled,如下,
[[email protected] ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] ~]# sestatus
SELinux status: disabled
![Kubernetes和OpenStack到底是什麼關系[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)