docker 具有卷权限,但 docker-compose 没有

tag-icon tag-icon amazon-ec2 docker amazon-ebs docker-compose
docker 具有卷权限,但 docker-compose 没有

我已经在 Amazon Linux 服务器上安装了 Docker,并授予它权限。当我从命令行sudo usermod -aG docker $USER启动我的 Jenkins docker 容器(其主目录位于 EBS 挂载卷上,挂载在)时;/var/lib/docker/volumes

docker run -d \
--restart=always \
--name=jenkins-core \
--hostname=jenkins-core \
-p 8080:8080 \
-p 50000:50000 \
--env JENKINS_OPTS="--prefix=/core" \
-v jenkins-core:/var/jenkins_home \
jenkins/jenkins:lts

一切正常。但是当我尝试从docker-compose up -d或启动它时,sudo docker-compose up -d我得到;

touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

docker 容器进入启动循环并尝试重新启动。我不明白为什么 上的权限错误docker-compose, 上的权限却正常docker

我试过了sudo chown $(whoami):$(whoami) /usr/local/bin/docker-compose,但是没用。我docker-compose从这里安装的;https://docs.docker.com/compose/install/

这里docker-compose.yml还有一个.env变量文件(未附加)

version: "3.6"
services:
  jenkins-core:
    image:           jenkins/jenkins:lts
    container_name:  jenkins-core
    restart:         always
    ports:
      - ${JENKINS_CORE_HOST_PORT_8080}:${JENKINS_PORT_8080}
      - ${JENKINS_CORE_HOST_PORT_50000}:${JENKINS_PORT_50000}
    environment:
      - JENKINS_OPTS=--prefix=${JENKINS_CORE_PREFIX}
      - JAVA_OPTS=-Duser.timezone=${TZ}
    volumes:
      - ${JENKINS_CORE_HOME_DIR}:/var/jenkins_home
  jenkins-integrations:
    image:           jenkins/jenkins:lts
    container_name:  jenkins-integrations
    restart:         always
    ports:
      - ${JENKINS_INTEGRATIONS_HOST_PORT_8080}:${JENKINS_PORT_8080}
      - ${JENKINS_INTEGRATIONS_HOST_PORT_50000}:${JENKINS_PORT_50000}
    environment:
      - JENKINS_OPTS=--prefix=${JENKINS_INTEGRATIONS_PREFIX}
      - JAVA_OPTS=-Duser.timezone=${TZ}
    volumes:
      - ${JENKINS_INTEGRATIONS_HOME_DIR}:/var/jenkins_home
  portainer:
    image:           portainer/portainer
    container_name:  portainer
    restart:         always
    environment:
      - TZ=${TZ}
    ports:
      - ${PORTAINER_PORT_9000}:9000
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock
      - ${DOCKERCONFDIR}/portainer:/data
    command:         -H unix:///var/run/docker.sock
  watchtower:
    image:           v2tec/watchtower
    container_name:  watchtower
    restart:         always
    environment:
      - TZ=${TZ}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command:         --schedule 0 0 4 * * * --cleanup

答案1

请看这里:https://github.com/jenkinsci/docker/blob/master/README.md在用法下。它说NOTE: Avoid using a bind mount from a folder on the host machine into /var/jenkins_home, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine)...

所以你之所以docker run能工作是因为docker卷在-v jenkins-core:/var/jenkins_home哪里jenkins-core。但是在compose中你使用绑定挂载到主机上的某个文件夹。

相关内容