尝试在ECS中运行docker镜像(openproject)时,收到错误消息“详细信息:/ var / openproject / pgdata文件夹的权限应为u = rwx(0700)”
#ls -l /var/openporject
drwxr-xr-x 2 root root 4096 Jan 8 15:56 assets
drwxr-xr-x 2 postgres postgres 4096 Dec 19 08:40 pgdata
所以我们尝试通过dockerfile更新权限
FROM openproject/community:latest
#USER postgres
USER root
RUN chmod 700 /var/openproject/pgdata
RUN chmod 700 /var/openproject/assets
即使生成镜像后,文件夹上的权限也不会更新。
构建方法docker-compose:
version: '3'
services:
openproject:
container_name: openproj_server
build:
context: .
ports:
- 80:80
environment:
- DATABASE_URL=postgres://aws@postgresurl:5432/openproject
- SECRET_KEY_BASE=junksecret
建议会有所帮助
更新1:
试用1:
通过entrypoint.sh方法设置权限失败,出现错误:详细信息:缺少文件“/ var / openproject / pgdata / PG_VERSION”。
FROM openproject/community:latest
COPY ./entrypoint.sh /app/docker/
RUN chmod +x /app/docker/entrypoint.sh
**entrypoint.sh**
chmod 700 /var/openproject/pgdata
echo "Giving 700(rwx) Permission to pgdata folder"
chown postgres:postgres /var/openproject/pgdata
echo "Setting up ownership to postgres user / group(*just to double ensure)"
Cloudwatch日志:
2020-01-08 20:34:59.734 UTC [54] FATAL: "/var/openproject/pgdata" is not a valid data directory
2020-01-08 20:34:59.734 UTC [54] DETAIL: File "/var/openproject/pgdata/PG_VERSION" is missing.
2020-01-08 20:34:59,735 INFO exited: postgres (exit status 1; not expected)
试用2:
在Fargate任务中使用最新的openproject为容器绑定(bind)非持久空存储
**Fargate Task Def snip**
"mountPoints": [
{
"readOnly": null,
"containerPath": "/var/openproject",
"sourceVolume": "openproject"
}
Cloudwatch日志:
2020-01-08 21:50:51.686 UTC [226] FATAL: data directory "/var/openproject/pgdata" has group or world access
2020-01-08 21:50:51.686 UTC [226] DETAIL: Permissions should be u=rwx (0700).
2020-01-08 21:50:51,776 INFO exited: postgres (exit status 1; not expected)
试用3:
通过入口点具有pgdata权限的更新图像,并再次引发致命错误:文件“/ var / openproject / pgdata / PG_VERSION”丢失。
Cloudwatch日志:
LOG: skipping missing configuration file "/var/openproject/pgdata/postgresql.auto.conf"
2020-01-08 22:12:52.404 UTC [228] FATAL: "/var/openproject/pgdata" is not a valid data directory
2020-01-08 22:12:52.404 UTC [228] DETAIL: File "/var/openproject/pgdata/PG_VERSION" is missing.
2020-01-08 22:12:52,494 INFO exited: postgres (exit status 1; not expected)
无法识别问题。
最佳答案
在openproject Dockerfile中,/var/openproject/pgdata和/var/openproject/assets都标记为VOLUMES。 -https://github.com/opf/openproject-ce/blob/stable/8/Dockerfile
Dockerfile的相关代码段
<snip>
ENV APP_DATA_PATH /var/openproject/assets
ENV APP_DATA_PATH_LEGACY /var/db/openproject
<snip>
VOLUME ["$PGDATA", "$APP_DATA_PATH"]
因此,正在更改权限的RUN指令在构建后将不会保留。
您可以采用以下任何一种方法来解决此问题:
entrypoint.sh的openproject脚本以在启动过程中修复权限。 openproject容器。 请参阅以下答案以进行类似的讨论:
https://stackoverflow.com/a/59639759/5459201