我尝试在 OpenShift 中运行 OrientDB docker 容器。尝试部署时遇到权限错误。我使用的是 Mac。
这是错误:
/orientdb/bin/server.sh: line 114: can't create /orientdb/bin/orient.pid: Permission denied
这是官方 OrientDB-Docker GitHub 存储库附带的 Dockerfile。
FROM openjdk:8-jdk-alpine
MAINTAINER OrientDB LTD ([email protected])
# Override the orientdb download location with e.g.:
# docker build -t mine --build-arg ORIENTDB_DOWNLOAD_SERVER=http://repo1.maven.org/maven2/com/orientechnologies/ .
ARG ORIENTDB_DOWNLOAD_SERVER
ENV ORIENTDB_VERSION 3.0.2
ENV ORIENTDB_DOWNLOAD_MD5 145e4836a3066783f0d2545af17b9e56
ENV ORIENTDB_DOWNLOAD_SHA1 9aae978d9943af6e82fb4707519239e60054f652
ENV ORIENTDB_DOWNLOAD_URL ${ORIENTDB_DOWNLOAD_SERVER:-http://central.maven.org/maven2/com/orientechnologies}/orientdb-community/$ORIENTDB_VERSION/orientdb-community-$ORIENTDB_VERSION.tar.gz
#RUN adduser orientdb root
RUN apk add --update tar curl \
&& rm -rf /var/cache/apk/*
#download distribution tar, untar and delete databases
RUN mkdir /orientdb && \
wget $ORIENTDB_DOWNLOAD_URL \
&& echo "$ORIENTDB_DOWNLOAD_MD5 *orientdb-community-$ORIENTDB_VERSION.tar.gz" | md5sum -c - \
&& echo "$ORIENTDB_DOWNLOAD_SHA1 *orientdb-community-$ORIENTDB_VERSION.tar.gz" | sha1sum -c - \
&& tar -xvzf orientdb-community-$ORIENTDB_VERSION.tar.gz -C /orientdb --strip-components=1 \
&& rm orientdb-community-$ORIENTDB_VERSION.tar.gz \
&& rm -rf /orientdb/databases/*
ENV PATH /orientdb/bin:$PATH
VOLUME ["/orientdb/backup", "/orientdb/databases", "/orientdb/config"]
WORKDIR /orientdb
# new new
#RUN chmod -R g+rwx /orientdb
#OrientDb binary
EXPOSE 2424
#OrientDb http
EXPOSE 2480
USER 1000
# Default command start the server
CMD ["server.sh"]
答案1
该镜像以 root 身份构建,需要以 root 用户身份运行。默认情况下,OpenShift 不允许它以 root 身份运行,但您可以通过向运行容器的服务帐户添加权限来启用它:
oc adm 策略添加 scc 到用户 anyuid -z 默认
请注意,这是一个安全风险,建议的最佳做法是避免需要以 root 身份运行的容器。
https://blog.openshift.com/understanding-service-accounts-sccs/ https://blog.openshift.com/getting-any-docker-image-running-in-your-own-openshift-cluster/