我有一个 Django 应用程序,我想使用 Supervisor 在 Docker 容器中使用 UWSGI 运行它。
我正在使用 OSX,因此为了在我的boot2docker
VM 中成功挂载我的 OSX 文件系统(这样我就可以使用 docker 挂载卷run -v /source/:/destination
),我不得不使用sshfs
它,我认为这会导致我挂载的文件系统出现一些奇怪的权限。
我的boot2docker
虚拟机上有两个挂载点;一个指向我的应用程序代码库,另一个指向主机上的任意位置以将持久日志写入
Host: /Users/username/workspace/project --- > boot2docker: /home/docker/osx
Host: /containers/project --- > boot2docker: /containers/project
我使用以下命令启动 Docker 容器:
docker run -t -i -p 80 -v /home/docker/osx/project/www:/var/www -v /containers/project:/host image-name /bin/bash
我的应用程序的主管配置如下:
[program:app_name]
command=uwsgi --ini /var/www/wsgi/uwsgi.ini
directory=/var/www
autostart=true
autorestart=true
stdout_logfile=/host/logs/app-name.log
redirect_stderr=True
我的usgi.ini
样子是这样的:
[uwsgi]
http = :3041
chdir = /var/www
module = run.wsgi
uid = www-data
gid = 33
master = True
processes = 4
threads = 1
pidfile = /var/run/uwsgi.pid
touch-reload = /var/run/uwsgi.pid
logto = /host/logs/uwsgi.log
当我使用 Supervisorctl 运行我的应用程序时,出现以下错误:
root@4237fd060a40:/var/www# supervisorctl
app_name FATAL Exited too quickly (process log may have details)
supervisor> start app_name
2014-06-15 10:22:16,559 INFO spawned: 'app_name' with pid 105
2014-06-15 10:22:16,633 INFO exited: app_name (exit status 1; not expected)
2014-06-15 10:22:17,658 INFO spawned: 'app_name' with pid 106
app_name: ERROR (abnormal termination)
在 uWSGI 日志中我看到:
[uWSGI] getting INI configuration from /var/www/run/uwsgi.ini
*** Starting uWSGI 1.9.10 (64bit) on [Sun Jun 15 10:22:22 2014] ***
compiled with version: 4.6.3 on 13 June 2014 15:25:05
os: Linux-3.14.1-tinycore64 #1 SMP Mon Jun 9 16:21:23 UTC 2014
nodename: 4237fd060a40
machine: x86_64
clock source: unix
detected number of CPU cores: 4
current working directory: /var/www
writing pidfile to /var/run/uwsgi.pid
detected binary path: /usr/local/bin/uwsgi
setgid() to 33
setuid() to 33
chdir(): Permission denied [core/uwsgi.c line 2121]
运行id -g www-data
表明我的 gid 是正确的并且www-data
存在:
root@4237fd060a40:/var/www# id -g www-data
33
在我的docker容器中我看到的文件权限如下所示:
root@4237fd060a40:/var/www# ll
total 76
drwxr-xr-x 1 10133 10000 578 Jun 15 09:55 ./
drwxr-xr-x 30 root root 4096 Jun 15 09:52 ../
drwxr-xr-x 1 10133 10000 714 Jun 13 10:55 some_folder/
drwxr-xr-x 1 10133 10000 1292 Jun 9 11:29 some_file.py
因此,因为我在这里看到uid
s 和gid
s,所以这些文件/文件夹的所有者是一个不存在的用户(它们与我的主机 OSX 用户名uid
和匹配gid
),并且我收到上述权限错误,因为该www-data
用户无权写入已挂载的文件系统,我可以使用 来证明这一点su
:
root@4237fd060a40:/var/www# su www-data
$ pwd
/var/www
$ touch test2
touch: cannot touch `test2': Permission denied
到目前为止是有道理的,但是当我尝试以 root 身份写入文件时:
root@4237fd060a40:/var/www# touch test
root@4237fd060a40:/var/www# ll
total 76
...
-rw-r--r-- 1 10133 10000 0 Jun 15 10:20 test
写入文件工作正常,甚至具有权利uid
和gid
。
因此,我期望使用这个uwsgi.ini
文件以 root 身份运行 uWSGI:
[uwsgi]
http = :3041
chdir = /var/www
module = run.wsgi
uid = root
gid = 10000
master = True
processes = 4
threads = 1
pidfile = /var/run/uwsgi.pid
touch-reload = /var/run/uwsgi.pid
logto = /host/logs/uwsgi.log
或者使用这个uwsgi.ini
文件作为 10133:
[uwsgi]
http = :3041
chdir = /var/www
module = run.wsgi
uid = 10133
gid = 10000
master = True
processes = 4
threads = 1
pidfile = /var/run/uwsgi.pid
touch-reload = /var/run/uwsgi.pid
logto = /host/logs/uwsgi.log
可以工作,但我没有得到任何支持:
[uWSGI] getting INI configuration from /var/www/run/uwsgi.ini
*** Starting uWSGI 1.9.10 (64bit) on [Sun Jun 15 10:30:05 2014] ***
compiled with version: 4.6.3 on 13 June 2014 15:25:05
os: Linux-3.14.1-tinycore64 #1 SMP Mon Jun 9 16:21:23 UTC 2014
nodename: 4237fd060a40
machine: x86_64
clock source: unix
detected number of CPU cores: 4
current working directory: /var/www
writing pidfile to /var/run/uwsgi.pid
detected binary path: /usr/local/bin/uwsgi
setgid() to 10000
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
chdir(): Permission denied [core/uwsgi.c line 2121]
和
[uWSGI] getting INI configuration from /var/www/run/uwsgi.ini
*** Starting uWSGI 1.9.10 (64bit) on [Sun Jun 15 10:30:36 2014] ***
compiled with version: 4.6.3 on 13 June 2014 15:25:05
os: Linux-3.14.1-tinycore64 #1 SMP Mon Jun 9 16:21:23 UTC 2014
nodename: 4237fd060a40
machine: x86_64
clock source: unix
detected number of CPU cores: 4
current working directory: /var/www
writing pidfile to /var/run/uwsgi.pid
detected binary path: /usr/local/bin/uwsgi
uWSGI running as root, you can use --uid/--gid/--chroot options
setgid() to 10000
setuid() to 10133
chdir(): Permission denied [core/uwsgi.c line 2121]
我错过了什么?
答案1
我在这里看到权限被拒绝错误,因为guid
容器内不存在。
改变线路guid=10000
来guid=root
修复它。